Package software.amazon.awscdk.services.secretsmanager

Class CfnResourcePolicy

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.CfnElement
software.amazon.awscdk.core.CfnRefElement
software.amazon.awscdk.core.CfnResource
software.amazon.awscdk.services.secretsmanager.CfnResourcePolicy
All Implemented Interfaces:
IConstruct, IDependable, IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:30:41.247Z") @Stability(Stable) public class CfnResourcePolicy extends CfnResource implements IInspectable
A CloudFormation AWS::SecretsManager::ResourcePolicy.

Attaches a resource-based permission policy to a secret. A resource-based policy is optional. For more information, see Authentication and access control for Secrets Manager

For information about attaching a policy in the console, see Attach a permissions policy to a secret .

Required permissions: secretsmanager:PutResourcePolicy . For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager .

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.secretsmanager.*;
 Object resourcePolicy;
 CfnResourcePolicy cfnResourcePolicy = CfnResourcePolicy.Builder.create(this, "MyCfnResourcePolicy")
         .resourcePolicy(resourcePolicy)
         .secretId("secretId")
         // the properties below are optional
         .blockPublicPolicy(false)
         .build();

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnResourcePolicy

      protected CfnResourcePolicy(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnResourcePolicy

      protected CfnResourcePolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnResourcePolicy

      @Stability(Stable) public CfnResourcePolicy(@NotNull Construct scope, @NotNull String id, @NotNull CfnResourcePolicyProps props)
      Create a new AWS::SecretsManager::ResourcePolicy.

      Parameters:
      scope -
      • scope in which this resource is defined.
      This parameter is required.
      id -
      • scoped id of the resource.
      This parameter is required.
      props -
      • resource properties.
      This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector -
      • tree inspector to collect and process attributes.
      This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getResourcePolicy

      @Stability(Stable) @NotNull public Object getResourcePolicy()
      A JSON-formatted string for an AWS resource-based policy.

      For example policies, see Permissions policy examples .

    • setResourcePolicy

      @Stability(Stable) public void setResourcePolicy(@NotNull Object value)
      A JSON-formatted string for an AWS resource-based policy.

      For example policies, see Permissions policy examples .

    • getSecretId

      @Stability(Stable) @NotNull public String getSecretId()
      The ARN or name of the secret to attach the resource-based policy.

      For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.

    • setSecretId

      @Stability(Stable) public void setSecretId(@NotNull String value)
      The ARN or name of the secret to attach the resource-based policy.

      For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.

    • getBlockPublicPolicy

      @Stability(Stable) @Nullable public Object getBlockPublicPolicy()
      Specifies whether to block resource-based policies that allow broad access to the secret.

      By default, Secrets Manager blocks policies that allow broad access, for example those that use a wildcard for the principal.

    • setBlockPublicPolicy

      @Stability(Stable) public void setBlockPublicPolicy(@Nullable Boolean value)
      Specifies whether to block resource-based policies that allow broad access to the secret.

      By default, Secrets Manager blocks policies that allow broad access, for example those that use a wildcard for the principal.

    • setBlockPublicPolicy

      @Stability(Stable) public void setBlockPublicPolicy(@Nullable IResolvable value)
      Specifies whether to block resource-based policies that allow broad access to the secret.

      By default, Secrets Manager blocks policies that allow broad access, for example those that use a wildcard for the principal.