Class PolicyDocument

A PolicyDocument is a collection of statements.

Inheritance

System.Object

PolicyDocument

Implements

IResolvable

Namespace: Amazon.CDK.AWS.IAM

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public class PolicyDocument : DeputyBase, IResolvable

Syntax (vb)

Public Class PolicyDocument
    Inherits DeputyBase
    Implements IResolvable

Remarks

ExampleMetadata: infused

Examples

IRole myTrustedAdminRole = Role.FromRoleArn(this, "TrustedRole", "arn:aws:iam:....");
// Creates a limited admin policy and assigns to the account root.
PolicyDocument myCustomPolicy = new PolicyDocument(new PolicyDocumentProps {
    Statements = new [] { new PolicyStatement(new PolicyStatementProps {
        Actions = new [] { "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*" },
        Principals = new [] { new AccountRootPrincipal() },
        Resources = new [] { "*" }
    }) }
});
Key key = new Key(this, "MyKey", new KeyProps {
    Policy = myCustomPolicy
});

Synopsis

Constructors

PolicyDocument(IPolicyDocumentProps)
PolicyDocument(ByRefValue)	Used by jsii to construct an instance of this class from a Javascript-owned object reference
PolicyDocument(DeputyBase.DeputyProps)	Used by jsii to construct an instance of this class from DeputyProps

Properties

CreationStack	The creation stack of this resolvable which will be appended to errors thrown during resolution.
IsEmpty	Whether the policy document contains any statements.
StatementCount	The number of statements already added to this policy.

Methods

AddStatements(PolicyStatement[])	Adds a statement to the policy document.
FromJson(Object)	Creates a new PolicyDocument based on the object provided.
Resolve(IResolveContext)	Produce the Token's value at resolution time.
ToJSON()	JSON-ify the document.
ToString()	Encode the policy document as a string.
ValidateForAnyPolicy()	Validate that all policy statements in the policy document satisfies the requirements for any policy.
ValidateForIdentityPolicy()	Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.
ValidateForResourcePolicy()	Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.

Constructors

PolicyDocument(IPolicyDocumentProps)

public PolicyDocument(IPolicyDocumentProps props = null)

Parameters

props IPolicyDocumentProps

PolicyDocument(ByRefValue)

Used by jsii to construct an instance of this class from a Javascript-owned object reference

protected PolicyDocument(ByRefValue reference)

Parameters

reference Amazon.JSII.Runtime.Deputy.ByRefValue

The Javascript-owned object reference

PolicyDocument(DeputyBase.DeputyProps)

Used by jsii to construct an instance of this class from DeputyProps

protected PolicyDocument(DeputyBase.DeputyProps props)

Parameters

props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps

The deputy props

Properties

CreationStack

The creation stack of this resolvable which will be appended to errors thrown during resolution.

public virtual string[] CreationStack { get; }

Property Value

System.String[]

Remarks

This may return an array with a single informational element indicating how to get this property populated, if it was skipped for performance reasons.

IsEmpty

Whether the policy document contains any statements.

public virtual bool IsEmpty { get; }

Property Value

System.Boolean

StatementCount

The number of statements already added to this policy.

public virtual double StatementCount { get; }

Property Value

System.Double

Remarks

Can be used, for example, to generate unique "sid"s within the policy.

Methods

AddStatements(PolicyStatement[])

Adds a statement to the policy document.

public virtual void AddStatements(params PolicyStatement[] statement)

Parameters

statement PolicyStatement[]

the statement to add.

FromJson(Object)

Creates a new PolicyDocument based on the object provided.

public static PolicyDocument FromJson(object obj)

Parameters

obj System.Object

the PolicyDocument in object form.

Returns

PolicyDocument

Remarks

This will accept an object created from the .toJSON() call

Resolve(IResolveContext)

Produce the Token's value at resolution time.

public virtual object Resolve(IResolveContext context)

Parameters

context IResolveContext

Returns

System.Object

ToJSON()

JSON-ify the document.

public virtual object ToJSON()

Returns

System.Object

Remarks

Used when JSON.stringify() is called

ToString()

Encode the policy document as a string.

public override string ToString()

Returns

System.String

ValidateForAnyPolicy()

Validate that all policy statements in the policy document satisfies the requirements for any policy.

public virtual string[] ValidateForAnyPolicy()

Returns

System.String[]

An array of validation error messages, or an empty array if the document is valid.

Remarks

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json

ValidateForIdentityPolicy()

Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.

public virtual string[] ValidateForIdentityPolicy()

Returns

System.String[]

An array of validation error messages, or an empty array if the document is valid.

Remarks

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json

ValidateForResourcePolicy()

Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.

public virtual string[] ValidateForResourcePolicy()

Returns

System.String[]

An array of validation error messages, or an empty array if the document is valid.

Remarks

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json

Implements

IResolvable