Package software.amazon.awscdk.services.iam

Class Policy

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.Resource
software.amazon.awscdk.services.iam.Policy
All Implemented Interfaces:
IConstruct, IDependable, IResource, IPolicy, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:29:57.353Z") @Stability(Stable) public class Policy extends Resource implements IPolicy
The AWS::IAM::Policy resource associates an IAM policy with IAM users, roles, or groups.

For more information about IAM policies, see Overview of IAM Policies in the IAM User Guide guide.

Example: 

 Function postAuthFn;
 UserPool userpool = UserPool.Builder.create(this, "myuserpool")
         .lambdaTriggers(UserPoolTriggers.builder()
                 .postAuthentication(postAuthFn)
                 .build())
         .build();
 // provide permissions to describe the user pool scoped to the ARN the user pool
 postAuthFn.role.attachInlinePolicy(Policy.Builder.create(this, "userpool-policy")
         .statements(List.of(PolicyStatement.Builder.create()
                 .actions(List.of("cognito-idp:DescribeUserPool"))
                 .resources(List.of(userpool.getUserPoolArn()))
                 .build()))
         .build());

  • Constructor Details

    • Policy

      protected Policy(software.amazon.jsii.JsiiObjectRef objRef)

    • Policy

      protected Policy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • Policy

      @Stability(Stable) public Policy(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable PolicyProps props)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      props -

    • Policy

      @Stability(Stable) public Policy(@NotNull software.constructs.Construct scope, @NotNull String id)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.

  • Method Details

    • fromPolicyName

      @Stability(Stable) @NotNull public static IPolicy fromPolicyName(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String policyName)
      Import a policy in this app based on its name.

      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      policyName - This parameter is required.

    • addStatements

      @Stability(Stable) public void addStatements(@NotNull @NotNull PolicyStatement... statement)
      Adds a statement to the policy document.

      Parameters:
      statement - This parameter is required.

    • attachToGroup

      @Stability(Stable) public void attachToGroup(@NotNull IGroup group)
      Attaches this policy to a group.

      Parameters:
      group - This parameter is required.

    • attachToRole

      @Stability(Stable) public void attachToRole(@NotNull IRole role)
      Attaches this policy to a role.

      Parameters:
      role - This parameter is required.

    • attachToUser

      @Stability(Stable) public void attachToUser(@NotNull IUser user)
      Attaches this policy to a user.

      Parameters:
      user - This parameter is required.

    • validate

      @Stability(Stable) @NotNull protected List<String> validate()
      Validate the current construct.

      This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.

      Overrides:
      validate in class Construct
      Returns:
      An array of validation error messages, or an empty array if the construct is valid.

    • getDocument

      @Stability(Stable) @NotNull public PolicyDocument getDocument()
      The policy document.

    • getPolicyName

      @Stability(Stable) @NotNull public String getPolicyName()
      The name of this policy.
      Specified by:
      getPolicyName in interface IPolicy