Package software.amazon.awscdk.services.iam

Class Policy

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.Resource
software.amazon.awscdk.services.iam.Policy
All Implemented Interfaces:
IResource, IGrantable, IPolicy, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.110.0 (build 336b265)", date="2025-04-24T21:15:54.395Z") @Stability(Stable) public class Policy extends Resource implements IPolicy, IGrantable
The AWS::IAM::Policy resource associates an inline IAM policy with IAM users, roles, or groups. For more information about IAM policies, see Overview of IAM Policies in the IAM User Guide guide.

Example: 

 Function postAuthFn;
 UserPool userpool = UserPool.Builder.create(this, "myuserpool")
         .lambdaTriggers(UserPoolTriggers.builder()
                 .postAuthentication(postAuthFn)
                 .build())
         .build();
 // provide permissions to describe the user pool scoped to the ARN the user pool
 postAuthFn.role.attachInlinePolicy(Policy.Builder.create(this, "userpool-policy")
         .statements(List.of(PolicyStatement.Builder.create()
                 .actions(List.of("cognito-idp:DescribeUserPool"))
                 .resources(List.of(userpool.getUserPoolArn()))
                 .build()))
         .build());

  • Constructor Details

    • Policy

      protected Policy(software.amazon.jsii.JsiiObjectRef objRef)

    • Policy

      protected Policy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • Policy

      @Stability(Stable) public Policy(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable PolicyProps props)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      props -

    • Policy

      @Stability(Stable) public Policy(@NotNull software.constructs.Construct scope, @NotNull String id)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.

  • Method Details

    • fromPolicyName

      @Stability(Stable) @NotNull public static IPolicy fromPolicyName(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String policyName)
      Import a policy in this app based on its name.

      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      policyName - This parameter is required.

    • addStatements

      @Stability(Stable) public void addStatements(@NotNull @NotNull PolicyStatement... statement)
      Adds a statement to the policy document.

      Parameters:
      statement - This parameter is required.

    • attachToGroup

      @Stability(Stable) public void attachToGroup(@NotNull IGroup group)
      Attaches this policy to a group.

      Parameters:
      group - This parameter is required.

    • attachToRole

      @Stability(Stable) public void attachToRole(@NotNull IRole role)
      Attaches this policy to a role.

      Parameters:
      role - This parameter is required.

    • attachToUser

      @Stability(Stable) public void attachToUser(@NotNull IUser user)
      Attaches this policy to a user.

      Parameters:
      user - This parameter is required.

    • getDocument

      @Stability(Stable) @NotNull public PolicyDocument getDocument()
      The policy document.

    • getGrantPrincipal

      @Stability(Stable) @NotNull public IPrincipal getGrantPrincipal()
      The principal to grant permissions to.
      Specified by:
      getGrantPrincipal in interface IGrantable

    • getPolicyName

      @Stability(Stable) @NotNull public String getPolicyName()
      The name of this policy.
      Specified by:
      getPolicyName in interface IPolicy