class PolicyDocument
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.IAM.PolicyDocument |
Go | github.com/aws/aws-cdk-go/awscdk/v2/awsiam#PolicyDocument |
Java | software.amazon.awscdk.services.iam.PolicyDocument |
Python | aws_cdk.aws_iam.PolicyDocument |
TypeScript (source) | aws-cdk-lib » aws_iam » PolicyDocument |
Implements
IResolvable
A PolicyDocument is a collection of statements.
Example
import * as iam from 'aws-cdk-lib/aws-iam';
const myFileSystemPolicy = new iam.PolicyDocument({
statements: [new iam.PolicyStatement({
actions: [
'elasticfilesystem:ClientWrite',
'elasticfilesystem:ClientMount',
],
principals: [new iam.AccountRootPrincipal()],
resources: ['*'],
conditions: {
Bool: {
'elasticfilesystem:AccessedViaMountTarget': 'true',
},
},
})],
});
const fileSystem = new efs.FileSystem(this, 'MyEfsFileSystem', {
vpc: new ec2.Vpc(this, 'VPC'),
fileSystemPolicy: myFileSystemPolicy,
});
Initializer
new PolicyDocument(props?: PolicyDocumentProps)
Parameters
- props
Policy
Document Props
Properties
Name | Type | Description |
---|---|---|
creation | string[] | The creation stack of this resolvable which will be appended to errors thrown during resolution. |
is | boolean | Whether the policy document contains any statements. |
statement | number | The number of statements already added to this policy. |
creationStack
Type:
string[]
The creation stack of this resolvable which will be appended to errors thrown during resolution.
This may return an array with a single informational element indicating how to get this property populated, if it was skipped for performance reasons.
isEmpty
Type:
boolean
Whether the policy document contains any statements.
statementCount
Type:
number
The number of statements already added to this policy.
Can be used, for example, to generate unique "sid"s within the policy.
Methods
Name | Description |
---|---|
add | Adds a statement to the policy document. |
resolve(context) | Produce the Token's value at resolution time. |
to | JSON-ify the document. |
to | Encode the policy document as a string. |
validate | Validate that all policy statements in the policy document satisfies the requirements for any policy. |
validate | Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy. |
validate | Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy. |
static from | Creates a new PolicyDocument based on the object provided. |
Statements(...statement)
addpublic addStatements(...statement: PolicyStatement[]): void
Parameters
- statement
Policy
— the statement to add.Statement
Adds a statement to the policy document.
resolve(context)
public resolve(context: IResolveContext): any
Parameters
- context
IResolve
Context
Returns
any
Produce the Token's value at resolution time.
JSON()
topublic toJSON(): any
Returns
any
JSON-ify the document.
Used when JSON.stringify() is called
String()
topublic toString(): string
Returns
string
Encode the policy document as a string.
ForAnyPolicy()
validatepublic validateForAnyPolicy(): string[]
Returns
string[]
Validate that all policy statements in the policy document satisfies the requirements for any policy.
See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json
ForIdentityPolicy()
validatepublic validateForIdentityPolicy(): string[]
Returns
string[]
Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.
See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json
ForResourcePolicy()
validatepublic validateForResourcePolicy(): string[]
Returns
string[]
Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.
See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json
Json(obj)
static frompublic static fromJson(obj: any): PolicyDocument
Parameters
- obj
any
— the PolicyDocument in object form.
Returns
Creates a new PolicyDocument based on the object provided.
This will accept an object created from the .toJSON()
call