software.amazon.awscdk.services.iam

Class PolicyDocument

java.lang.Object

software.amazon.jsii.JsiiObject

software.amazon.awscdk.services.iam.PolicyDocument

All Implemented Interfaces:

IResolvable

@Generated(value="jsii-pacmak/1.50.0 (build d1830a4)",
           date="2022-01-11T17:58:41.923Z")
public class PolicyDocument
extends software.amazon.jsii.JsiiObject
implements IResolvable

A PolicyDocument is a collection of statements.

Example:

 IRole myTrustedAdminRole = Role.fromRoleArn(this, "TrustedRole", "arn:aws:iam:....");
 // Creates a limited admin policy and assigns to the account root.
 PolicyDocument myCustomPolicy = PolicyDocument.Builder.create()
         .statements(List.of(PolicyStatement.Builder.create()
                 .actions(List.of("kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*"))
                 .principals(List.of(new AccountRootPrincipal()))
                 .resources(List.of("*"))
                 .build()))
         .build();
 Key key = Key.Builder.create(this, "MyKey")
         .policy(myCustomPolicy)
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	PolicyDocument.Builder A fluent builder for PolicyDocument.

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IResolvable

IResolvable.Jsii$Default, IResolvable.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor and Description
	PolicyDocument()
protected	PolicyDocument(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	PolicyDocument(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
void	addStatements(PolicyStatement... statement) Adds a statement to the policy document.
static PolicyDocument	fromJson(java.lang.Object obj) Creates a new PolicyDocument based on the object provided.
java.util.List<java.lang.String>	getCreationStack() The creation stack of this resolvable which will be appended to errors thrown during resolution.
java.lang.Boolean	getIsEmpty() Whether the policy document contains any statements.
java.lang.Number	getStatementCount() The number of statements already added to this policy.
java.lang.Object	resolve(IResolveContext context) Produce the Token's value at resolution time.
java.lang.Object	toJSON() JSON-ify the document.
java.lang.String	toString() Encode the policy document as a string.
java.util.List<java.lang.String>	validateForAnyPolicy() Validate that all policy statements in the policy document satisfies the requirements for any policy.
java.util.List<java.lang.String>	validateForIdentityPolicy() Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.
java.util.List<java.lang.String>	validateForResourcePolicy() Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

PolicyDocument

protected PolicyDocument(software.amazon.jsii.JsiiObjectRef objRef)

PolicyDocument

protected PolicyDocument(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

PolicyDocument

public PolicyDocument()

Method Detail

fromJson

public static PolicyDocument fromJson(java.lang.Object obj)

Creates a new PolicyDocument based on the object provided.

This will accept an object created from the .toJSON() call

Parameters:

obj - the PolicyDocument in object form. This parameter is required.

addStatements

public void addStatements(PolicyStatement... statement)

Adds a statement to the policy document.

Parameters:

statement - the statement to add. This parameter is required.

resolve

public java.lang.Object resolve(IResolveContext context)

Produce the Token's value at resolution time.

Specified by:

resolve in interface IResolvable

Parameters:

context - This parameter is required.

toJSON

public java.lang.Object toJSON()

JSON-ify the document.

Used when JSON.stringify() is called

toString

public java.lang.String toString()

Encode the policy document as a string.

Specified by:

toString in interface IResolvable

validateForAnyPolicy

public java.util.List<java.lang.String> validateForAnyPolicy()

Validate that all policy statements in the policy document satisfies the requirements for any policy.

See Also:

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json

validateForIdentityPolicy

public java.util.List<java.lang.String> validateForIdentityPolicy()

Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.

See Also:

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json

validateForResourcePolicy

public java.util.List<java.lang.String> validateForResourcePolicy()

Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.

See Also:

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json

getCreationStack

public java.util.List<java.lang.String> getCreationStack()

The creation stack of this resolvable which will be appended to errors thrown during resolution.

This may return an array with a single informational element indicating how to get this property populated, if it was skipped for performance reasons.

Specified by:

getCreationStack in interface IResolvable

getIsEmpty

public java.lang.Boolean getIsEmpty()

Whether the policy document contains any statements.

getStatementCount

public java.lang.Number getStatementCount()

The number of statements already added to this policy.

Can be used, for example, to generate unique "sid"s within the policy.