Effect

class aws_cdk.aws_iam.Effect(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: Enum

The Effect element of an IAM policy.

See:

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_effect.html

ExampleMetadata:

infused

Example:

# books: apigateway.Resource
# iam_user: iam.User


get_books = books.add_method("GET", apigateway.HttpIntegration("http://amazon.com"),
    authorization_type=apigateway.AuthorizationType.IAM
)

iam_user.attach_inline_policy(iam.Policy(self, "AllowBooks",
    statements=[
        iam.PolicyStatement(
            actions=["execute-api:Invoke"],
            effect=iam.Effect.ALLOW,
            resources=[get_books.method_arn]
        )
    ]
))

Attributes

ALLOW

Allows access to a resource in an IAM policy statement.

By default, access to resources are denied.

DENY

Explicitly deny access to a resource.

By default, all requests are denied implicitly.

See:

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html