Interface IGrantPolicyWithResourceOptions
Options for a grant operation that directly adds a policy statement to a resource.
Inherited Members
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface IGrantPolicyWithResourceOptions : IGrantWithResourceOptions, ICommonGrantOptionsSyntax (vb)
Public Interface IGrantPolicyWithResourceOptions Inherits IGrantWithResourceOptions, ICommonGrantOptionsRemarks
This differs from GrantWithResourceOptions in that it requires a pre-constructed PolicyStatement rather than constructing one from individual permissions. Use this when you need fine-grained control over the initial policy statement's contents.
ExampleMetadata: infused
Examples
IGrantable grantee;
string[] actions;
string[] resourceArns;
Bucket bucket;
var statement = new PolicyStatement(new PolicyStatementProps {
Effect = Effect.ALLOW,
Actions = actions,
Principals = new [] { new ServicePrincipal("lambda.amazonaws.com") },
Conditions = new Dictionary<string, object> {
{ "StringEquals", new Dictionary<string, string> {
{ "aws:SourceAccount", Stack.Of(this).Account }
} }
}
});
Grant.AddStatementToResourcePolicy(new GrantPolicyWithResourceOptions {
Grantee = grantee,
Actions = actions,
ResourceArns = resourceArns,
Resource = bucket,
Statement = statement
});Synopsis
Properties
| Statement | The policy statement to add to the resource's policy. |
Properties
Statement
The policy statement to add to the resource's policy.
PolicyStatement Statement { get; }Property Value
Remarks
This statement will be passed to the resource's addToResourcePolicy method. The actual handling of the statement depends on the specific IResourceWithPolicyV2 implementation.