ManagedPolicyProps
- class aws_cdk.aws_iam.ManagedPolicyProps(*, description=None, document=None, groups=None, managed_policy_name=None, path=None, roles=None, statements=None, users=None)
Bases:
object
Properties for defining an IAM managed policy.
- Parameters:
description (
Optional
[str
]) – A description of the managed policy. Typically used to store information about the permissions defined in the policy. For example, “Grants access to production DynamoDB tables.” The policy description is immutable. After a value is assigned, it cannot be changed. Default: - emptydocument (
Optional
[PolicyDocument
]) – Initial PolicyDocument to use for this ManagedPolicy. If omited, anyPolicyStatement
provided in thestatements
property will be applied against the empty defaultPolicyDocument
. Default: - An empty policy.groups (
Optional
[Sequence
[IGroup
]]) – Groups to attach this policy to. You can also useattachToGroup(group)
to attach this policy to a group. Default: - No groups.managed_policy_name (
Optional
[str
]) – The name of the managed policy. If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name. Default: - A name is automatically generated.path (
Optional
[str
]) – The path for the policy. This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (u0021) through the DEL character (u007F), including most punctuation characters, digits, and upper and lowercased letters. For more information about paths, see IAM Identifiers in the IAM User Guide. Default: - “/”roles (
Optional
[Sequence
[IRole
]]) – Roles to attach this policy to. You can also useattachToRole(role)
to attach this policy to a role. Default: - No roles.statements (
Optional
[Sequence
[PolicyStatement
]]) – Initial set of permissions to add to this policy document. You can also useaddPermission(statement)
to add permissions later. Default: - No statements.users (
Optional
[Sequence
[IUser
]]) – Users to attach this policy to. You can also useattachToUser(user)
to attach this policy to a user. Default: - No users.
- ExampleMetadata:
infused
Example:
policy_document = { "Version": "2012-10-17", "Statement": [{ "Sid": "FirstStatement", "Effect": "Allow", "Action": ["iam:ChangePassword"], "Resource": "*" }, { "Sid": "SecondStatement", "Effect": "Allow", "Action": "s3:ListAllMyBuckets", "Resource": "*" }, { "Sid": "ThirdStatement", "Effect": "Allow", "Action": ["s3:List*", "s3:Get*" ], "Resource": ["arn:aws:s3:::confidential-data", "arn:aws:s3:::confidential-data/*" ], "Condition": {"Bool": {"aws:_multi_factor_auth_present": "true"}} } ] } custom_policy_document = iam.PolicyDocument.from_json(policy_document) # You can pass this document as an initial document to a ManagedPolicy # or inline Policy. new_managed_policy = iam.ManagedPolicy(self, "MyNewManagedPolicy", document=custom_policy_document ) new_policy = iam.Policy(self, "MyNewPolicy", document=custom_policy_document )
Attributes
- description
A description of the managed policy.
Typically used to store information about the permissions defined in the policy. For example, “Grants access to production DynamoDB tables.” The policy description is immutable. After a value is assigned, it cannot be changed.
- Default:
empty
- document
Initial PolicyDocument to use for this ManagedPolicy.
If omited, any
PolicyStatement
provided in thestatements
property will be applied against the empty defaultPolicyDocument
.- Default:
An empty policy.
- groups
Groups to attach this policy to.
You can also use
attachToGroup(group)
to attach this policy to a group.- Default:
No groups.
- managed_policy_name
The name of the managed policy.
If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name.
- Default:
A name is automatically generated.
- path
The path for the policy.
This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (u0021) through the DEL character (u007F), including most punctuation characters, digits, and upper and lowercased letters.
For more information about paths, see IAM Identifiers in the IAM User Guide.
- Default:
“/”
- roles
Roles to attach this policy to.
You can also use
attachToRole(role)
to attach this policy to a role.- Default:
No roles.
- statements
Initial set of permissions to add to this policy document.
You can also use
addPermission(statement)
to add permissions later.- Default:
No statements.
- users
Users to attach this policy to.
You can also use
attachToUser(user)
to attach this policy to a user.- Default:
No users.