Class PolicyDocument
A PolicyDocument is a collection of statements.
Implements
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class PolicyDocument : DeputyBase, IResolvableSyntax (vb)
Public Class PolicyDocument Inherits DeputyBase Implements IResolvableRemarks
ExampleMetadata: infused
Examples
using Amazon.CDK.AWS.IAM;
var myFileSystemPolicy = new PolicyDocument(new PolicyDocumentProps {
Statements = new [] { new PolicyStatement(new PolicyStatementProps {
Actions = new [] { "elasticfilesystem:ClientWrite", "elasticfilesystem:ClientMount" },
Principals = new [] { new AccountRootPrincipal() },
Resources = new [] { "*" },
Conditions = new Dictionary<string, object> {
{ "Bool", new Dictionary<string, string> {
{ "elasticfilesystem:AccessedViaMountTarget", "true" }
} }
}
}) }
});
var fileSystem = new FileSystem(this, "MyEfsFileSystem", new FileSystemProps {
Vpc = new Vpc(this, "VPC"),
FileSystemPolicy = myFileSystemPolicy
});Synopsis
Constructors
| PolicyDocument(IPolicyDocumentProps?) | A PolicyDocument is a collection of statements. |
Properties
| CreationStack | The creation stack of this resolvable which will be appended to errors thrown during resolution. |
| IsEmpty | Whether the policy document contains any statements. |
| StatementCount | The number of statements already added to this policy. |
Methods
| AddStatements(params PolicyStatement[]) | Adds a statement to the policy document. |
| FromJson(object) | Creates a new PolicyDocument based on the object provided. |
| Resolve(IResolveContext) | Produce the Token's value at resolution time. |
| ToJSON() | JSON-ify the document. |
| ToString() | Encode the policy document as a string. |
| ValidateForAnyPolicy() | Validate that all policy statements in the policy document satisfies the requirements for any policy. |
| ValidateForIdentityPolicy() | Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy. |
| ValidateForResourcePolicy() | Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy. |
Constructors
PolicyDocument(IPolicyDocumentProps?)
A PolicyDocument is a collection of statements.
public PolicyDocument(IPolicyDocumentProps? props = null)Parameters
- props IPolicyDocumentProps
Remarks
ExampleMetadata: infused
Examples
using Amazon.CDK.AWS.IAM;
var myFileSystemPolicy = new PolicyDocument(new PolicyDocumentProps {
Statements = new [] { new PolicyStatement(new PolicyStatementProps {
Actions = new [] { "elasticfilesystem:ClientWrite", "elasticfilesystem:ClientMount" },
Principals = new [] { new AccountRootPrincipal() },
Resources = new [] { "*" },
Conditions = new Dictionary<string, object> {
{ "Bool", new Dictionary<string, string> {
{ "elasticfilesystem:AccessedViaMountTarget", "true" }
} }
}
}) }
});
var fileSystem = new FileSystem(this, "MyEfsFileSystem", new FileSystemProps {
Vpc = new Vpc(this, "VPC"),
FileSystemPolicy = myFileSystemPolicy
});Properties
CreationStack
The creation stack of this resolvable which will be appended to errors thrown during resolution.
public virtual string[] CreationStack { get; }Property Value
string[]
Remarks
This may return an array with a single informational element indicating how to get this property populated, if it was skipped for performance reasons.
IsEmpty
Whether the policy document contains any statements.
public virtual bool IsEmpty { get; }Property Value
Remarks
ExampleMetadata: infused
StatementCount
The number of statements already added to this policy.
public virtual double StatementCount { get; }Property Value
Remarks
Can be used, for example, to generate unique "sid"s within the policy.
Methods
AddStatements(params PolicyStatement[])
Adds a statement to the policy document.
public virtual void AddStatements(params PolicyStatement[] statement)Parameters
- statement PolicyStatement[]
the statement to add.
Remarks
ExampleMetadata: infused
FromJson(object)
Creates a new PolicyDocument based on the object provided.
public static PolicyDocument FromJson(object obj)Parameters
- obj object
the PolicyDocument in object form.
Returns
Remarks
This will accept an object created from the .toJSON() call
Resolve(IResolveContext)
Produce the Token's value at resolution time.
public virtual object Resolve(IResolveContext context)Parameters
- context IResolveContext
Returns
Remarks
ExampleMetadata: infused
ToJSON()
JSON-ify the document.
public virtual object ToJSON()Returns
Remarks
Used when JSON.stringify() is called
ToString()
Encode the policy document as a string.
public override string ToString()Returns
Remarks
ExampleMetadata: infused
ValidateForAnyPolicy()
Validate that all policy statements in the policy document satisfies the requirements for any policy.
public virtual string[] ValidateForAnyPolicy()Returns
string[]
An array of validation error messages, or an empty array if the document is valid.
Remarks
ValidateForIdentityPolicy()
Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.
public virtual string[] ValidateForIdentityPolicy()Returns
string[]
An array of validation error messages, or an empty array if the document is valid.
Remarks
ValidateForResourcePolicy()
Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.
public virtual string[] ValidateForResourcePolicy()Returns
string[]
An array of validation error messages, or an empty array if the document is valid.