GrantWithResourceOptions
- class aws_cdk.aws_iam.GrantWithResourceOptions(*, actions, grantee, resource_arns, conditions=None, resource, resource_self_arns=None)
Bases:
CommonGrantOptions
Options for a grant operation.
- Parameters:
actions (
Sequence
[str
]) – The actions to grant.grantee (
IGrantable
) – The principal to grant to. Default: if principal is undefined, no work is done.resource_arns (
Sequence
[str
]) – The resource ARNs to grant to.conditions (
Optional
[Mapping
[str
,Mapping
[str
,Any
]]]) – Any conditions to attach to the grant. Default: - No conditionsresource (
IResourceWithPolicy
) – The resource with a resource policy. The statement will be added to the resource policy if it couldn’t be added to the principal policy.resource_self_arns (
Optional
[Sequence
[str
]]) – When referring to the resource in a resource policy, use this as ARN. (Depending on the resource type, this needs to be ‘*’ in a resource policy). Default: Same as regular resource ARNs
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_iam as iam # conditions: Any # grantable: iam.IGrantable # resource_with_policy: iam.IResourceWithPolicy grant_with_resource_options = iam.GrantWithResourceOptions( actions=["actions"], grantee=grantable, resource=resource_with_policy, resource_arns=["resourceArns"], # the properties below are optional conditions={ "conditions_key": { "conditions_key": conditions } }, resource_self_arns=["resourceSelfArns"] )
Attributes
- actions
The actions to grant.
- conditions
Any conditions to attach to the grant.
- Default:
No conditions
- grantee
The principal to grant to.
- Default:
if principal is undefined, no work is done.
- resource
The resource with a resource policy.
The statement will be added to the resource policy if it couldn’t be added to the principal policy.
- resource_arns
The resource ARNs to grant to.
- resource_self_arns
When referring to the resource in a resource policy, use this as ARN.
(Depending on the resource type, this needs to be ‘*’ in a resource policy).
- Default:
Same as regular resource ARNs