Class Policy

The AWS::IAM::Policy resource associates an inline IAM policy with IAM users, roles, or groups. For more information about IAM policies, see Overview of IAM Policies in the IAM User Guide guide.

Inheritance
object
Resource
Policy
Implements
IConstruct
IDependable
Inherited Members
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class Policy : Resource, IPolicy, IResource, IPolicyRef, IConstruct, IDependable, IEnvironmentAware, IGrantable
Syntax (vb)
Public Class Policy Inherits Resource Implements IPolicy, IResource, IPolicyRef, IConstruct, IDependable, IEnvironmentAware, IGrantable
Remarks

ExampleMetadata: infused

Examples
Function postAuthFn;


            var userpool = new UserPool(this, "myuserpool", new UserPoolProps {
                LambdaTriggers = new UserPoolTriggers {
                    PostAuthentication = postAuthFn
                }
            });

            // provide permissions to describe the user pool scoped to the ARN the user pool
            postAuthFn.Role.AttachInlinePolicy(new Policy(this, "userpool-policy", new PolicyProps {
                Statements = new [] { new PolicyStatement(new PolicyStatementProps {
                    Actions = new [] { "cognito-idp:DescribeUserPool" },
                    Resources = new [] { userpool.UserPoolArn }
                }) }
            }));

Synopsis

Constructors

Policy(Construct, string, IPolicyProps?)

The AWS::IAM::Policy resource associates an inline IAM policy with IAM users, roles, or groups. For more information about IAM policies, see Overview of IAM Policies in the IAM User Guide guide.

Properties

Document

The policy document.
GrantPrincipal

The principal to grant permissions to.
PROPERTY_INJECTION_ID

Uniquely identifies this class.
PolicyName

The name of this policy.
PolicyRef

A reference to a Policy resource.

Methods

AddStatements(params PolicyStatement[])

Adds a statement to the policy document.
AttachToGroup(IGroup)

Attaches this policy to a group.
AttachToRole(IRole)

Attaches this policy to a role.
AttachToUser(IUser)

Attaches this policy to a user.
FromPolicyName(Construct, string, string)

Import a policy in this app based on its name.

Constructors

Policy(Construct, string, IPolicyProps?)

The AWS::IAM::Policy resource associates an inline IAM policy with IAM users, roles, or groups. For more information about IAM policies, see Overview of IAM Policies in the IAM User Guide guide.

public Policy(Construct scope, string id, IPolicyProps? props = null)
Parameters
scope Construct
id string
props IPolicyProps
Remarks

ExampleMetadata: infused

Examples
Function postAuthFn;


            var userpool = new UserPool(this, "myuserpool", new UserPoolProps {
                LambdaTriggers = new UserPoolTriggers {
                    PostAuthentication = postAuthFn
                }
            });

            // provide permissions to describe the user pool scoped to the ARN the user pool
            postAuthFn.Role.AttachInlinePolicy(new Policy(this, "userpool-policy", new PolicyProps {
                Statements = new [] { new PolicyStatement(new PolicyStatementProps {
                    Actions = new [] { "cognito-idp:DescribeUserPool" },
                    Resources = new [] { userpool.UserPoolArn }
                }) }
            }));

Properties

Document

The policy document.

public virtual PolicyDocument Document { get; }
Property Value

PolicyDocument

Remarks

ExampleMetadata: infused

GrantPrincipal

The principal to grant permissions to.

public virtual IPrincipal GrantPrincipal { get; }
Property Value

IPrincipal

Remarks

ExampleMetadata: infused

PROPERTY_INJECTION_ID

Uniquely identifies this class.

public static string PROPERTY_INJECTION_ID { get; }
Property Value

string

Remarks

ExampleMetadata: infused

PolicyName

The name of this policy.

public virtual string PolicyName { get; }
Property Value

string

Remarks

Attribute: true

PolicyRef

A reference to a Policy resource.

public virtual IPolicyReference PolicyRef { get; }
Property Value

IPolicyReference

Remarks

ExampleMetadata: infused

Methods

AddStatements(params PolicyStatement[])

Adds a statement to the policy document.

public virtual void AddStatements(params PolicyStatement[] statement)
Parameters
statement PolicyStatement[]
Remarks

ExampleMetadata: infused

AttachToGroup(IGroup)

Attaches this policy to a group.

public virtual void AttachToGroup(IGroup group)
Parameters
group IGroup
Remarks

ExampleMetadata: infused

AttachToRole(IRole)

Attaches this policy to a role.

public virtual void AttachToRole(IRole role)
Parameters
role IRole
Remarks

ExampleMetadata: infused

AttachToUser(IUser)

Attaches this policy to a user.

public virtual void AttachToUser(IUser user)
Parameters
user IUser
Remarks

ExampleMetadata: infused

FromPolicyName(Construct, string, string)

Import a policy in this app based on its name.

public static IPolicy FromPolicyName(Construct scope, string id, string policyName)
Parameters
scope Construct
id string
policyName string
Returns

IPolicy

Remarks

ExampleMetadata: infused

Implements

Constructs.IConstruct
Constructs.IDependable