PolicyDocumentProps

class aws_cdk.aws_iam.PolicyDocumentProps(*, assign_sids=None, statements=None)

Bases: object

Properties for a new PolicyDocument.

Parameters
  • assign_sids (Optional[bool]) – Automatically assign Statement Ids to all statements. Default: false

  • statements (Optional[Sequence[PolicyStatement]]) – Initial statements to add to the policy document. Default: - No statements

ExampleMetadata

infused

Example:

my_trusted_admin_role = iam.Role.from_role_arn(self, "TrustedRole", "arn:aws:iam:....")
# Creates a limited admin policy and assigns to the account root.
my_custom_policy = iam.PolicyDocument(
    statements=[iam.PolicyStatement(
        actions=["kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*"
        ],
        principals=[iam.AccountRootPrincipal()],
        resources=["*"]
    )]
)
key = kms.Key(self, "MyKey",
    policy=my_custom_policy
)

Attributes

assign_sids

Automatically assign Statement Ids to all statements.

Default

false

Return type

Optional[bool]

statements

Initial statements to add to the policy document.

Default
  • No statements

Return type

Optional[List[PolicyStatement]]