software.amazon.awscdk.services.iam

Class Policy

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.Resource

software.amazon.awscdk.services.iam.Policy

All Implemented Interfaces:

IConstruct, IDependable, IResource, IPolicy

@Generated(value="jsii-pacmak/1.63.2 (build a8a8833)",
           date="2022-08-17T17:31:10.072Z")
public class Policy
extends Resource
implements IPolicy

The AWS::IAM::Policy resource associates an IAM policy with IAM users, roles, or groups.

For more information about IAM policies, see Overview of IAM Policies in the IAM User Guide guide.

Example:

 Function postAuthFn;
 UserPool userpool = UserPool.Builder.create(this, "myuserpool")
         .lambdaTriggers(UserPoolTriggers.builder()
                 .postAuthentication(postAuthFn)
                 .build())
         .build();
 // provide permissions to describe the user pool scoped to the ARN the user pool
 postAuthFn.role.attachInlinePolicy(Policy.Builder.create(this, "userpool-policy")
         .statements(List.of(PolicyStatement.Builder.create()
                 .actions(List.of("cognito-idp:DescribeUserPool"))
                 .resources(List.of(userpool.getUserPoolArn()))
                 .build()))
         .build());
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Policy.Builder A fluent builder for Policy.

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IPolicy

IPolicy.Jsii$Default, IPolicy.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	Policy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	Policy(software.amazon.jsii.JsiiObjectRef objRef)
	Policy(software.constructs.Construct scope, java.lang.String id)
	Policy(software.constructs.Construct scope, java.lang.String id, PolicyProps props)

Method Summary

Modifier and Type	Method and Description
void	addStatements(PolicyStatement... statement) Adds a statement to the policy document.
void	attachToGroup(IGroup group) Attaches this policy to a group.
void	attachToRole(IRole role) Attaches this policy to a role.
void	attachToUser(IUser user) Attaches this policy to a user.
static IPolicy	fromPolicyName(software.constructs.Construct scope, java.lang.String id, java.lang.String policyName) Import a policy in this app based on its name.
PolicyDocument	getDocument() The policy document.
java.lang.String	getPolicyName() The name of this policy.
protected java.util.List<java.lang.String>	validate() Validate the current construct.

Methods inherited from class software.amazon.awscdk.core.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.core.IResource

applyRemovalPolicy, getEnv, getStack

Methods inherited from interface software.amazon.awscdk.core.IConstruct

getNode

Constructor Detail

Policy

protected Policy(software.amazon.jsii.JsiiObjectRef objRef)

Policy

protected Policy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

Policy

public Policy(software.constructs.Construct scope,
              java.lang.String id,
              PolicyProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props -

Policy

public Policy(software.constructs.Construct scope,
              java.lang.String id)

Parameters:

scope - This parameter is required.

id - This parameter is required.

Method Detail

fromPolicyName

public static IPolicy fromPolicyName(software.constructs.Construct scope,
                                     java.lang.String id,
                                     java.lang.String policyName)

Import a policy in this app based on its name.

Parameters:

scope - This parameter is required.

id - This parameter is required.

policyName - This parameter is required.

addStatements

public void addStatements(PolicyStatement... statement)

Adds a statement to the policy document.

Parameters:

statement - This parameter is required.

attachToGroup

public void attachToGroup(IGroup group)

Attaches this policy to a group.

Parameters:

group - This parameter is required.

attachToRole

public void attachToRole(IRole role)

Attaches this policy to a role.

Parameters:

role - This parameter is required.

attachToUser

public void attachToUser(IUser user)

Attaches this policy to a user.

Parameters:

user - This parameter is required.

validate

protected java.util.List<java.lang.String> validate()

Validate the current construct.

This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.

Overrides:

validate in class Construct

Returns:

An array of validation error messages, or an empty array if the construct is valid.

getDocument

public PolicyDocument getDocument()

The policy document.

getPolicyName

public java.lang.String getPolicyName()

The name of this policy.

Specified by:

getPolicyName in interface IPolicy