Effect
- class aws_cdk.aws_iam.Effect(*values)
Bases:
EnumThe Effect element of an IAM policy.
- See:
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_effect.html
- ExampleMetadata:
infused
Example:
from aws_cdk.aws_apigatewayv2_authorizers import WebSocketIamAuthorizer from aws_cdk.aws_apigatewayv2_integrations import WebSocketLambdaIntegration # This function handles your connect route # connect_handler: lambda.Function web_socket_api = apigwv2.WebSocketApi(self, "WebSocketApi") web_socket_api.add_route("$connect", integration=WebSocketLambdaIntegration("Integration", connect_handler), authorizer=WebSocketIamAuthorizer() ) # Create an IAM user (identity) user = iam.User(self, "User") web_socket_arn = Stack.of(self).format_arn( service="execute-api", resource=web_socket_api.api_id ) # Grant access to the IAM user user.attach_inline_policy(iam.Policy(self, "AllowInvoke", statements=[ iam.PolicyStatement( actions=["execute-api:Invoke"], effect=iam.Effect.ALLOW, resources=[web_socket_arn] ) ] ))
Attributes
- ALLOW
Allows access to a resource in an IAM policy statement.
By default, access to resources are denied.
- DENY
Explicitly deny access to a resource.
By default, all requests are denied implicitly.