Interface IPolicyStatementProps
Interface for creating a policy statement.
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface IPolicyStatementPropsSyntax (vb)
Public Interface IPolicyStatementPropsRemarks
ExampleMetadata: lit=aws-ec2/test/integ.vpc-endpoint.lit.ts infused
Examples
// Add gateway endpoints when creating the VPC
var vpc = new Vpc(this, "MyVpc", new VpcProps {
GatewayEndpoints = new Dictionary<string, GatewayVpcEndpointOptions> {
{ "S3", new GatewayVpcEndpointOptions {
Service = GatewayVpcEndpointAwsService.S3
} }
}
});
// Alternatively gateway endpoints can be added on the VPC
var dynamoDbEndpoint = vpc.AddGatewayEndpoint("DynamoDbEndpoint", new GatewayVpcEndpointOptions {
Service = GatewayVpcEndpointAwsService.DYNAMODB
});
// This allows to customize the endpoint policy
dynamoDbEndpoint.AddToPolicy(
new PolicyStatement(new PolicyStatementProps { // Restrict to listing and describing tables
Principals = new [] { new AnyPrincipal() },
Actions = new [] { "dynamodb:DescribeTable", "dynamodb:ListTables" },
Resources = new [] { "*" } }));
// Add an interface endpoint
vpc.AddInterfaceEndpoint("EcrDockerEndpoint", new InterfaceVpcEndpointOptions {
Service = InterfaceVpcEndpointAwsService.ECR_DOCKER
});Synopsis
Properties
| Actions | List of actions to add to the statement. |
| Conditions | Conditions to add to the statement. |
| Effect | Whether to allow or deny the actions in this statement. |
| NotActions | List of not actions to add to the statement. |
| NotPrincipals | List of not principals to add to the statement. |
| NotResources | NotResource ARNs to add to the statement. |
| Principals | List of principals to add to the statement. |
| Resources | Resource ARNs to add to the statement. |
| Sid | The Sid (statement ID) is an optional identifier that you provide for the policy statement. |
Properties
Actions
List of actions to add to the statement.
string[]? Actions { get; }Property Value
string[]
Remarks
Default: - no actions
Conditions
Conditions to add to the statement.
IDictionary<string, object>? Conditions { get; }Property Value
Remarks
Default: - no condition
Effect
Whether to allow or deny the actions in this statement.
Effect? Effect { get; }Property Value
Remarks
Default: Effect.ALLOW
NotActions
List of not actions to add to the statement.
string[]? NotActions { get; }Property Value
string[]
Remarks
Default: - no not-actions
NotPrincipals
List of not principals to add to the statement.
IPrincipal[]? NotPrincipals { get; }Property Value
Remarks
Default: - no not principals
NotResources
NotResource ARNs to add to the statement.
string[]? NotResources { get; }Property Value
string[]
Remarks
Default: - no not-resources
Principals
List of principals to add to the statement.
IPrincipal[]? Principals { get; }Property Value
Remarks
Default: - no principals
Resources
Resource ARNs to add to the statement.
string[]? Resources { get; }Property Value
string[]
Remarks
Default: - no resources
Sid
The Sid (statement ID) is an optional identifier that you provide for the policy statement.
string? Sid { get; }Property Value
Remarks
You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In IAM, the Sid value must be unique within a JSON policy.
Default: - no sid