PolicyStatementProps
- class aws_cdk.aws_iam.PolicyStatementProps(*, actions=None, conditions=None, effect=None, not_actions=None, not_principals=None, not_resources=None, principals=None, resources=None, sid=None)
Bases:
object
Interface for creating a policy statement.
- Parameters:
actions (
Optional
[Sequence
[str
]]) – List of actions to add to the statement. Default: - no actionsconditions (
Optional
[Mapping
[str
,Any
]]) – Conditions to add to the statement. Default: - no conditioneffect (
Optional
[Effect
]) – Whether to allow or deny the actions in this statement. Default: Effect.ALLOWnot_actions (
Optional
[Sequence
[str
]]) – List of not actions to add to the statement. Default: - no not-actionsnot_principals (
Optional
[Sequence
[IPrincipal
]]) – List of not principals to add to the statement. Default: - no not principalsnot_resources (
Optional
[Sequence
[str
]]) – NotResource ARNs to add to the statement. Default: - no not-resourcesprincipals (
Optional
[Sequence
[IPrincipal
]]) – List of principals to add to the statement. Default: - no principalsresources (
Optional
[Sequence
[str
]]) – Resource ARNs to add to the statement. Default: - no resourcessid (
Optional
[str
]) – The Sid (statement ID) is an optional identifier that you provide for the policy statement. You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document’s ID. In IAM, the Sid value must be unique within a JSON policy. Default: - no sid
- ExampleMetadata:
lit=test/integ.vpc-endpoint.lit.ts infused
Example:
# Add gateway endpoints when creating the VPC vpc = ec2.Vpc(self, "MyVpc", gateway_endpoints={ "S3": ec2.GatewayVpcEndpointOptions( service=ec2.GatewayVpcEndpointAwsService.S3 ) } ) # Alternatively gateway endpoints can be added on the VPC dynamo_db_endpoint = vpc.add_gateway_endpoint("DynamoDbEndpoint", service=ec2.GatewayVpcEndpointAwsService.DYNAMODB ) # This allows to customize the endpoint policy dynamo_db_endpoint.add_to_policy( iam.PolicyStatement( # Restrict to listing and describing tables principals=[iam.AnyPrincipal()], actions=["dynamodb:DescribeTable", "dynamodb:ListTables"], resources=["*"])) # Add an interface endpoint vpc.add_interface_endpoint("EcrDockerEndpoint", service=ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER )
Attributes
- actions
List of actions to add to the statement.
- Default:
no actions
- conditions
Conditions to add to the statement.
- Default:
no condition
- effect
Whether to allow or deny the actions in this statement.
- Default:
Effect.ALLOW
- not_actions
List of not actions to add to the statement.
- Default:
no not-actions
- not_principals
List of not principals to add to the statement.
- Default:
no not principals
- not_resources
NotResource ARNs to add to the statement.
- Default:
no not-resources
- principals
List of principals to add to the statement.
- Default:
no principals
- resources
Resource ARNs to add to the statement.
- Default:
no resources
- sid
The Sid (statement ID) is an optional identifier that you provide for the policy statement.
You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document’s ID. In IAM, the Sid value must be unique within a JSON policy.
- Default:
no sid