@Generated(value="jsii-pacmak/1.74.0 (build 6d08790)", date="2023-05-19T23:08:46.006Z") @Stability(value=Stable) public class PolicyStatement extends software.amazon.jsii.JsiiObject
Example:
// Add gateway endpoints when creating the VPC Vpc vpc = Vpc.Builder.create(this, "MyVpc") .gatewayEndpoints(Map.of( "S3", GatewayVpcEndpointOptions.builder() .service(GatewayVpcEndpointAwsService.S3) .build())) .build(); // Alternatively gateway endpoints can be added on the VPC GatewayVpcEndpoint dynamoDbEndpoint = vpc.addGatewayEndpoint("DynamoDbEndpoint", GatewayVpcEndpointOptions.builder() .service(GatewayVpcEndpointAwsService.DYNAMODB) .build()); // This allows to customize the endpoint policy dynamoDbEndpoint.addToPolicy( PolicyStatement.Builder.create() // Restrict to listing and describing tables .principals(List.of(new AnyPrincipal())) .actions(List.of("dynamodb:DescribeTable", "dynamodb:ListTables")) .resources(List.of("*")).build()); // Add an interface endpoint vpc.addInterfaceEndpoint("EcrDockerEndpoint", InterfaceVpcEndpointOptions.builder() .service(InterfaceVpcEndpointAwsService.ECR_DOCKER) .build());
Modifier and Type | Class and Description |
---|---|
static class |
PolicyStatement.Builder
A fluent builder for
PolicyStatement . |
Modifier | Constructor and Description |
---|---|
|
PolicyStatement() |
protected |
PolicyStatement(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) |
protected |
PolicyStatement(software.amazon.jsii.JsiiObjectRef objRef) |
|
PolicyStatement(PolicyStatementProps props) |
Modifier and Type | Method and Description |
---|---|
void |
addAccountCondition(String accountId)
Add a condition that limits to a given account.
|
void |
addAccountRootPrincipal()
Adds an AWS account root user principal to this policy statement.
|
void |
addActions(String... actions)
Specify allowed actions into the "Action" section of the policy statement.
|
void |
addAllResources()
Adds a ``"*"`` resource to this statement.
|
void |
addAnyPrincipal()
Adds all identities in all accounts ("*") to this policy statement.
|
void |
addArnPrincipal(String arn)
Specify a principal using the ARN identifier of the principal.
|
void |
addAwsAccountPrincipal(String accountId)
Specify AWS account ID as the principal entity to the "Principal" section of a policy statement.
|
void |
addCanonicalUserPrincipal(String canonicalUserId)
Adds a canonical user ID principal to this policy document.
|
void |
addCondition(String key,
Object value)
Add a condition to the Policy.
|
void |
addConditions(Map<String,Object> conditions)
Add multiple conditions to the Policy.
|
void |
addFederatedPrincipal(Object federated,
Map<String,Object> conditions)
Adds a federated identity provider such as Amazon Cognito to this policy statement.
|
void |
addNotActions(String... notActions)
Explicitly allow all actions except the specified list of actions into the "NotAction" section of the policy document.
|
void |
addNotPrincipals(IPrincipal... notPrincipals)
Specify principals that is not allowed or denied access to the "NotPrincipal" section of a policy statement.
|
void |
addNotResources(String... arns)
Specify resources that this policy statement will not apply to in the "NotResource" section of this policy statement.
|
void |
addPrincipals(IPrincipal... principals)
Adds principals to the "Principal" section of a policy statement.
|
void |
addResources(String... arns)
Specify resources that this policy statement applies into the "Resource" section of this policy statement.
|
void |
addServicePrincipal(String service)
Adds a service principal to this policy statement.
|
void |
addServicePrincipal(String service,
ServicePrincipalOpts opts)
Adds a service principal to this policy statement.
|
PolicyStatement |
copy()
Create a new `PolicyStatement` with the same exact properties as this one, except for the overrides.
|
PolicyStatement |
copy(PolicyStatementProps overrides)
Create a new `PolicyStatement` with the same exact properties as this one, except for the overrides.
|
static PolicyStatement |
fromJson(Object obj)
Creates a new PolicyStatement based on the object provided.
|
List<String> |
getActions()
The Actions added to this statement.
|
Object |
getConditions()
The conditions added to this statement.
|
Effect |
getEffect()
Whether to allow or deny the actions in this statement.
|
Boolean |
getHasPrincipal()
Indicates if this permission has a "Principal" section.
|
Boolean |
getHasResource()
Indicates if this permission has at least one resource associated with it.
|
List<String> |
getNotActions()
The NotActions added to this statement.
|
List<IPrincipal> |
getNotPrincipals()
The NotPrincipals added to this statement.
|
List<String> |
getNotResources()
The NotResources added to this statement.
|
List<IPrincipal> |
getPrincipals()
The Principals added to this statement.
|
List<String> |
getResources()
The Resources added to this statement.
|
String |
getSid()
Statement ID for this statement.
|
void |
setEffect(Effect value)
Whether to allow or deny the actions in this statement.
|
void |
setSid(String value)
Statement ID for this statement.
|
Object |
toJSON()
JSON-ify the statement.
|
Object |
toStatementJson()
JSON-ify the policy statement.
|
String |
toString()
String representation of this policy statement.
|
List<String> |
validateForAnyPolicy()
Validate that the policy statement satisfies base requirements for a policy.
|
List<String> |
validateForIdentityPolicy()
Validate that the policy statement satisfies all requirements for an identity-based policy.
|
List<String> |
validateForResourcePolicy()
Validate that the policy statement satisfies all requirements for a resource-based policy.
|
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
protected PolicyStatement(software.amazon.jsii.JsiiObjectRef objRef)
protected PolicyStatement(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
@Stability(value=Stable) public PolicyStatement(@Nullable PolicyStatementProps props)
props
- @Stability(value=Stable) public PolicyStatement()
@Stability(value=Stable) @NotNull public static PolicyStatement fromJson(@NotNull Object obj)
This will accept an object created from the .toJSON()
call
obj
- the PolicyStatement in object form. This parameter is required.@Stability(value=Stable) public void addAccountCondition(@NotNull String accountId)
This method can only be called once: subsequent calls will overwrite earlier calls.
accountId
- This parameter is required.@Stability(value=Stable) public void addAccountRootPrincipal()
@Stability(value=Stable) public void addActions(@NotNull String... actions)
actions
- actions that will be allowed. This parameter is required.@Stability(value=Stable) public void addAllResources()
@Stability(value=Stable) public void addAnyPrincipal()
@Stability(value=Stable) public void addArnPrincipal(@NotNull String arn)
You cannot specify IAM groups and instance profiles as principals.
arn
- ARN identifier of AWS account, IAM user, or IAM role (i.e. arn:aws:iam::123456789012:user/user-name). This parameter is required.@Stability(value=Stable) public void addAwsAccountPrincipal(@NotNull String accountId)
accountId
- This parameter is required.@Stability(value=Stable) public void addCanonicalUserPrincipal(@NotNull String canonicalUserId)
canonicalUserId
- unique identifier assigned by AWS for every account. This parameter is required.@Stability(value=Stable) public void addCondition(@NotNull String key, @NotNull Object value)
If multiple calls are made to add a condition with the same operator and field, only the last one wins. For example:
PolicyStatement stmt; stmt.addCondition("StringEquals", Map.of("aws:SomeField", "1")); stmt.addCondition("StringEquals", Map.of("aws:SomeField", "2"));
Will end up with the single condition StringEquals: { 'aws:SomeField': '2' }
.
If you meant to add a condition to say that the field can be either 1
or 2
, write
this:
PolicyStatement stmt; stmt.addCondition("StringEquals", Map.of("aws:SomeField", List.of("1", "2")));
key
- This parameter is required.value
- This parameter is required.@Stability(value=Stable) public void addConditions(@NotNull Map<String,Object> conditions)
See the addCondition
function for a caveat on calling this method multiple times.
conditions
- This parameter is required.@Stability(value=Stable) public void addFederatedPrincipal(@NotNull Object federated, @NotNull Map<String,Object> conditions)
federated
- federated identity provider (i.e. 'cognito-identity.amazonaws.com'). This parameter is required.conditions
- The conditions under which the policy is in effect. This parameter is required.@Stability(value=Stable) public void addNotActions(@NotNull String... notActions)
notActions
- actions that will be denied. This parameter is required.@Stability(value=Stable) public void addNotPrincipals(@NotNull IPrincipal... notPrincipals)
notPrincipals
- IAM principals that will be denied access. This parameter is required.@Stability(value=Stable) public void addNotResources(@NotNull String... arns)
All resources except the specified list will be matched.
arns
- Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to. This parameter is required.@Stability(value=Stable) public void addPrincipals(@NotNull IPrincipal... principals)
principals
- IAM principals that will be added. This parameter is required.@Stability(value=Stable) public void addResources(@NotNull String... arns)
arns
- Amazon Resource Names (ARNs) of the resources that this policy statement applies to. This parameter is required.@Stability(value=Stable) public void addServicePrincipal(@NotNull String service, @Nullable ServicePrincipalOpts opts)
service
- the service name for which a service principal is requested (e.g: `s3.amazonaws.com`). This parameter is required.opts
- options for adding the service principal (such as specifying a principal in a different region).@Stability(value=Stable) public void addServicePrincipal(@NotNull String service)
service
- the service name for which a service principal is requested (e.g: `s3.amazonaws.com`). This parameter is required.@Stability(value=Stable) @NotNull public PolicyStatement copy(@Nullable PolicyStatementProps overrides)
overrides
- @Stability(value=Stable) @NotNull public PolicyStatement copy()
@Stability(value=Stable) @NotNull public Object toJSON()
Used when JSON.stringify() is called
@Stability(value=Stable) @NotNull public Object toStatementJson()
Used when JSON.stringify() is called
@Stability(value=Stable) @NotNull public String toString()
@Stability(value=Stable) @NotNull public List<String> validateForAnyPolicy()
@Stability(value=Stable) @NotNull public List<String> validateForIdentityPolicy()
@Stability(value=Stable) @NotNull public List<String> validateForResourcePolicy()
@Stability(value=Stable) @NotNull public List<String> getActions()
@Stability(value=Stable) @NotNull public Object getConditions()
@Stability(value=Stable) @NotNull public Boolean getHasPrincipal()
@Stability(value=Stable) @NotNull public Boolean getHasResource()
@Stability(value=Stable) @NotNull public List<String> getNotActions()
@Stability(value=Stable) @NotNull public List<IPrincipal> getNotPrincipals()
@Stability(value=Stable) @NotNull public List<String> getNotResources()
@Stability(value=Stable) @NotNull public List<IPrincipal> getPrincipals()
@Stability(value=Stable) @NotNull public List<String> getResources()
@Stability(value=Stable) @NotNull public Effect getEffect()
@Stability(value=Stable) public void setEffect(@NotNull Effect value)
@Stability(value=Stable) @Nullable public String getSid()
@Stability(value=Stable) public void setSid(@Nullable String value)
Copyright © 2023. All rights reserved.