GrantWithResourceOptions

class aws_cdk.aws_iam.GrantWithResourceOptions(*, actions, grantee, resource_arns, conditions=None, resource, resource_self_arns=None)

Bases: CommonGrantOptions

Options for a grant operation.

Parameters:
  • actions (Sequence[str]) – The actions to grant.

  • grantee (IGrantable) – The principal to grant to. Default: if principal is undefined, no work is done.

  • resource_arns (Sequence[str]) – The resource ARNs to grant to.

  • conditions (Optional[Mapping[str, Mapping[str, Any]]]) – Any conditions to attach to the grant. Default: - No conditions

  • resource (IResourceWithPolicy) – The resource with a resource policy. The statement will be added to the resource policy if it couldn’t be added to the principal policy.

  • resource_self_arns (Optional[Sequence[str]]) – When referring to the resource in a resource policy, use this as ARN. (Depending on the resource type, this needs to be ‘*’ in a resource policy). Default: Same as regular resource ARNs

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_iam as iam

# conditions: Any
# grantable: iam.IGrantable
# resource_with_policy: iam.IResourceWithPolicy

grant_with_resource_options = iam.GrantWithResourceOptions(
    actions=["actions"],
    grantee=grantable,
    resource=resource_with_policy,
    resource_arns=["resourceArns"],

    # the properties below are optional
    conditions={
        "conditions_key": {
            "conditions_key": conditions
        }
    },
    resource_self_arns=["resourceSelfArns"]
)

Attributes

actions

The actions to grant.

conditions

Any conditions to attach to the grant.

Default:
  • No conditions

grantee

The principal to grant to.

Default:

if principal is undefined, no work is done.

resource

The resource with a resource policy.

The statement will be added to the resource policy if it couldn’t be added to the principal policy.

resource_arns

The resource ARNs to grant to.

resource_self_arns

When referring to the resource in a resource policy, use this as ARN.

(Depending on the resource type, this needs to be ‘*’ in a resource policy).

Default:

Same as regular resource ARNs