@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)",
date="2023-01-25T18:28:57.816Z")
public class PolicyStatement
extends software.amazon.jsii.JsiiObject
Example:
// Add gateway endpoints when creating the VPC Vpc vpc = Vpc.Builder.create(this, "MyVpc") .gatewayEndpoints(Map.of( "S3", GatewayVpcEndpointOptions.builder() .service(GatewayVpcEndpointAwsService.S3) .build())) .build(); // Alternatively gateway endpoints can be added on the VPC GatewayVpcEndpoint dynamoDbEndpoint = vpc.addGatewayEndpoint("DynamoDbEndpoint", GatewayVpcEndpointOptions.builder() .service(GatewayVpcEndpointAwsService.DYNAMODB) .build()); // This allows to customize the endpoint policy dynamoDbEndpoint.addToPolicy( PolicyStatement.Builder.create() // Restrict to listing and describing tables .principals(List.of(new AnyPrincipal())) .actions(List.of("dynamodb:DescribeTable", "dynamodb:ListTables")) .resources(List.of("*")).build()); // Add an interface endpoint vpc.addInterfaceEndpoint("EcrDockerEndpoint", InterfaceVpcEndpointOptions.builder() .service(InterfaceVpcEndpointAwsService.ECR_DOCKER) .build());
Modifier and Type | Class and Description |
---|---|
static class |
PolicyStatement.Builder
A fluent builder for
PolicyStatement . |
Modifier | Constructor and Description |
---|---|
|
PolicyStatement() |
protected |
PolicyStatement(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) |
protected |
PolicyStatement(software.amazon.jsii.JsiiObjectRef objRef) |
Modifier and Type | Method and Description |
---|---|
void |
addAccountCondition(java.lang.String accountId)
Add a condition that limits to a given account.
|
void |
addAccountRootPrincipal()
Adds an AWS account root user principal to this policy statement.
|
void |
addActions(java.lang.String... actions)
Specify allowed actions into the "Action" section of the policy statement.
|
void |
addAllResources()
Adds a ``"*"`` resource to this statement.
|
void |
addAnyPrincipal()
Adds all identities in all accounts ("*") to this policy statement.
|
void |
addArnPrincipal(java.lang.String arn)
Specify a principal using the ARN identifier of the principal.
|
void |
addAwsAccountPrincipal(java.lang.String accountId)
Specify AWS account ID as the principal entity to the "Principal" section of a policy statement.
|
void |
addCanonicalUserPrincipal(java.lang.String canonicalUserId)
Adds a canonical user ID principal to this policy document.
|
void |
addCondition(java.lang.String key,
java.lang.Object value)
Add a condition to the Policy.
|
void |
addConditions(java.util.Map<java.lang.String,java.lang.Object> conditions)
Add multiple conditions to the Policy.
|
void |
addFederatedPrincipal(java.lang.Object federated,
java.util.Map<java.lang.String,java.lang.Object> conditions)
Adds a federated identity provider such as Amazon Cognito to this policy statement.
|
void |
addNotActions(java.lang.String... notActions)
Explicitly allow all actions except the specified list of actions into the "NotAction" section of the policy document.
|
void |
addNotPrincipals(IPrincipal... notPrincipals)
Specify principals that is not allowed or denied access to the "NotPrincipal" section of a policy statement.
|
void |
addNotResources(java.lang.String... arns)
Specify resources that this policy statement will not apply to in the "NotResource" section of this policy statement.
|
void |
addPrincipals(IPrincipal... principals)
Adds principals to the "Principal" section of a policy statement.
|
void |
addResources(java.lang.String... arns)
Specify resources that this policy statement applies into the "Resource" section of this policy statement.
|
void |
addServicePrincipal(java.lang.String service)
Adds a service principal to this policy statement.
|
void |
addServicePrincipal(java.lang.String service,
ServicePrincipalOpts opts)
Adds a service principal to this policy statement.
|
PolicyStatement |
copy()
Create a new `PolicyStatement` with the same exact properties as this one, except for the overrides.
|
PolicyStatement |
copy(PolicyStatementProps overrides)
Create a new `PolicyStatement` with the same exact properties as this one, except for the overrides.
|
static PolicyStatement |
fromJson(java.lang.Object obj)
Creates a new PolicyStatement based on the object provided.
|
java.util.List<java.lang.String> |
getActions()
The Actions added to this statement.
|
java.lang.Object |
getConditions()
The conditions added to this statement.
|
Effect |
getEffect()
Whether to allow or deny the actions in this statement.
|
java.lang.Boolean |
getHasPrincipal()
Indicates if this permission has a "Principal" section.
|
java.lang.Boolean |
getHasResource()
Indicates if this permission has at least one resource associated with it.
|
java.util.List<java.lang.String> |
getNotActions()
The NotActions added to this statement.
|
java.util.List<IPrincipal> |
getNotPrincipals()
The NotPrincipals added to this statement.
|
java.util.List<java.lang.String> |
getNotResources()
The NotResources added to this statement.
|
java.util.List<IPrincipal> |
getPrincipals()
The Principals added to this statement.
|
java.util.List<java.lang.String> |
getResources()
The Resources added to this statement.
|
java.lang.String |
getSid()
Statement ID for this statement.
|
void |
setEffect(Effect value)
Whether to allow or deny the actions in this statement.
|
void |
setSid(java.lang.String value)
Statement ID for this statement.
|
java.lang.Object |
toJSON()
JSON-ify the statement.
|
java.lang.Object |
toStatementJson()
JSON-ify the policy statement.
|
java.lang.String |
toString()
String representation of this policy statement.
|
java.util.List<java.lang.String> |
validateForAnyPolicy()
Validate that the policy statement satisfies base requirements for a policy.
|
java.util.List<java.lang.String> |
validateForIdentityPolicy()
Validate that the policy statement satisfies all requirements for an identity-based policy.
|
java.util.List<java.lang.String> |
validateForResourcePolicy()
Validate that the policy statement satisfies all requirements for a resource-based policy.
|
protected PolicyStatement(software.amazon.jsii.JsiiObjectRef objRef)
protected PolicyStatement(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
public PolicyStatement()
public static PolicyStatement fromJson(java.lang.Object obj)
This will accept an object created from the .toJSON()
call
obj
- the PolicyStatement in object form. This parameter is required.public void addAccountCondition(java.lang.String accountId)
This method can only be called once: subsequent calls will overwrite earlier calls.
accountId
- This parameter is required.public void addAccountRootPrincipal()
public void addActions(java.lang.String... actions)
actions
- actions that will be allowed. This parameter is required.public void addAllResources()
public void addAnyPrincipal()
public void addArnPrincipal(java.lang.String arn)
You cannot specify IAM groups and instance profiles as principals.
arn
- ARN identifier of AWS account, IAM user, or IAM role (i.e. arn:aws:iam::123456789012:user/user-name). This parameter is required.public void addAwsAccountPrincipal(java.lang.String accountId)
accountId
- This parameter is required.public void addCanonicalUserPrincipal(java.lang.String canonicalUserId)
canonicalUserId
- unique identifier assigned by AWS for every account. This parameter is required.public void addCondition(java.lang.String key, java.lang.Object value)
If multiple calls are made to add a condition with the same operator and field, only the last one wins. For example:
PolicyStatement stmt; stmt.addCondition("StringEquals", Map.of("aws:SomeField", "1")); stmt.addCondition("StringEquals", Map.of("aws:SomeField", "2"));
Will end up with the single condition StringEquals: { 'aws:SomeField': '2' }
.
If you meant to add a condition to say that the field can be either 1
or 2
, write
this:
PolicyStatement stmt; stmt.addCondition("StringEquals", Map.of("aws:SomeField", List.of("1", "2")));
key
- This parameter is required.value
- This parameter is required.public void addConditions(java.util.Map<java.lang.String,java.lang.Object> conditions)
See the addCondition
function for a caveat on calling this method multiple times.
conditions
- This parameter is required.public void addFederatedPrincipal(java.lang.Object federated, java.util.Map<java.lang.String,java.lang.Object> conditions)
federated
- federated identity provider (i.e. 'cognito-identity.amazonaws.com'). This parameter is required.conditions
- The conditions under which the policy is in effect. This parameter is required.public void addNotActions(java.lang.String... notActions)
notActions
- actions that will be denied. This parameter is required.public void addNotPrincipals(IPrincipal... notPrincipals)
notPrincipals
- IAM principals that will be denied access. This parameter is required.public void addNotResources(java.lang.String... arns)
All resources except the specified list will be matched.
arns
- Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to. This parameter is required.public void addPrincipals(IPrincipal... principals)
principals
- IAM principals that will be added. This parameter is required.public void addResources(java.lang.String... arns)
arns
- Amazon Resource Names (ARNs) of the resources that this policy statement applies to. This parameter is required.public void addServicePrincipal(java.lang.String service, ServicePrincipalOpts opts)
service
- the service name for which a service principal is requested (e.g: `s3.amazonaws.com`). This parameter is required.opts
- options for adding the service principal (such as specifying a principal in a different region).public void addServicePrincipal(java.lang.String service)
service
- the service name for which a service principal is requested (e.g: `s3.amazonaws.com`). This parameter is required.public PolicyStatement copy(PolicyStatementProps overrides)
overrides
- public PolicyStatement copy()
public java.lang.Object toJSON()
Used when JSON.stringify() is called
public java.lang.Object toStatementJson()
Used when JSON.stringify() is called
public java.lang.String toString()
public java.util.List<java.lang.String> validateForAnyPolicy()
public java.util.List<java.lang.String> validateForIdentityPolicy()
public java.util.List<java.lang.String> validateForResourcePolicy()
public java.util.List<java.lang.String> getActions()
public java.lang.Object getConditions()
public java.lang.Boolean getHasPrincipal()
public java.lang.Boolean getHasResource()
public java.util.List<java.lang.String> getNotActions()
public java.util.List<IPrincipal> getNotPrincipals()
public java.util.List<java.lang.String> getNotResources()
public java.util.List<IPrincipal> getPrincipals()
public java.util.List<java.lang.String> getResources()
public Effect getEffect()
public void setEffect(Effect value)
public java.lang.String getSid()
public void setSid(java.lang.String value)