Class PolicyStatementProps
Interface for creating a policy statement.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class PolicyStatementProps : Object, IPolicyStatementProps
Syntax (vb)
Public Class PolicyStatementProps
Inherits Object
Implements IPolicyStatementProps
Remarks
ExampleMetadata: infused
Examples
Bucket destinationBucket;
var deployment = new BucketDeployment(this, "DeployFiles", new BucketDeploymentProps {
Sources = new [] { Source.Asset(Join(__dirname, "source-files")) },
DestinationBucket = destinationBucket
});
deployment.HandlerRole.AddToPolicy(
new PolicyStatement(new PolicyStatementProps {
Actions = new [] { "kms:Decrypt", "kms:DescribeKey" },
Effect = Effect.ALLOW,
Resources = new [] { "<encryption key ARN>" }
}));
Synopsis
Constructors
PolicyStatementProps() |
Properties
Actions | List of actions to add to the statement. |
Conditions | Conditions to add to the statement. |
Effect | Whether to allow or deny the actions in this statement. |
NotActions | List of not actions to add to the statement. |
NotPrincipals | List of not principals to add to the statement. |
NotResources | NotResource ARNs to add to the statement. |
Principals | List of principals to add to the statement. |
Resources | Resource ARNs to add to the statement. |
Sid | The Sid (statement ID) is an optional identifier that you provide for the policy statement. |
Constructors
PolicyStatementProps()
public PolicyStatementProps()
Properties
Actions
List of actions to add to the statement.
public string[] Actions { get; set; }
Property Value
System.String[]
Remarks
Default: - no actions
Conditions
Conditions to add to the statement.
public IDictionary<string, object> Conditions { get; set; }
Property Value
System.Collections.Generic.IDictionary<System.String, System.Object>
Remarks
Default: - no condition
Effect
Whether to allow or deny the actions in this statement.
public Nullable<Effect> Effect { get; set; }
Property Value
System.Nullable<Effect>
Remarks
Default: Effect.ALLOW
NotActions
List of not actions to add to the statement.
public string[] NotActions { get; set; }
Property Value
System.String[]
Remarks
Default: - no not-actions
NotPrincipals
List of not principals to add to the statement.
public IPrincipal[] NotPrincipals { get; set; }
Property Value
Remarks
Default: - no not principals
NotResources
NotResource ARNs to add to the statement.
public string[] NotResources { get; set; }
Property Value
System.String[]
Remarks
Default: - no not-resources
Principals
List of principals to add to the statement.
public IPrincipal[] Principals { get; set; }
Property Value
Remarks
Default: - no principals
Resources
Resource ARNs to add to the statement.
public string[] Resources { get; set; }
Property Value
System.String[]
Remarks
Default: - no resources
Sid
The Sid (statement ID) is an optional identifier that you provide for the policy statement.
public string Sid { get; set; }
Property Value
System.String
Remarks
You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In IAM, the Sid value must be unique within a JSON policy.
Default: - no sid