PolicyStatementProps
- class aws_cdk.aws_iam.PolicyStatementProps(*, actions=None, conditions=None, effect=None, not_actions=None, not_principals=None, not_resources=None, principals=None, resources=None, sid=None)
Bases:
object
Interface for creating a policy statement.
- Parameters:
actions (
Optional
[Sequence
[str
]]) – List of actions to add to the statement. Default: - no actionsconditions (
Optional
[Mapping
[str
,Any
]]) – Conditions to add to the statement. Default: - no conditioneffect (
Optional
[Effect
]) – Whether to allow or deny the actions in this statement. Default: Effect.ALLOWnot_actions (
Optional
[Sequence
[str
]]) – List of not actions to add to the statement. Default: - no not-actionsnot_principals (
Optional
[Sequence
[IPrincipal
]]) – List of not principals to add to the statement. Default: - no not principalsnot_resources (
Optional
[Sequence
[str
]]) – NotResource ARNs to add to the statement. Default: - no not-resourcesprincipals (
Optional
[Sequence
[IPrincipal
]]) – List of principals to add to the statement. Default: - no principalsresources (
Optional
[Sequence
[str
]]) – Resource ARNs to add to the statement. Default: - no resourcessid (
Optional
[str
]) – The Sid (statement ID) is an optional identifier that you provide for the policy statement. You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document’s ID. In IAM, the Sid value must be unique within a JSON policy. Default: - no sid
- ExampleMetadata:
infused
Example:
# destination_bucket: s3.Bucket deployment = s3deploy.BucketDeployment(self, "DeployFiles", sources=[s3deploy.Source.asset(path.join(__dirname, "source-files"))], destination_bucket=destination_bucket ) deployment.handler_role.add_to_policy( iam.PolicyStatement( actions=["kms:Decrypt", "kms:DescribeKey"], effect=iam.Effect.ALLOW, resources=["<encryption key ARN>"] ))
Attributes
- actions
List of actions to add to the statement.
- Default:
no actions
- conditions
Conditions to add to the statement.
- Default:
no condition
- effect
Whether to allow or deny the actions in this statement.
- Default:
Effect.ALLOW
- not_actions
List of not actions to add to the statement.
- Default:
no not-actions
- not_principals
List of not principals to add to the statement.
- Default:
no not principals
- not_resources
NotResource ARNs to add to the statement.
- Default:
no not-resources
- principals
List of principals to add to the statement.
- Default:
no principals
- resources
Resource ARNs to add to the statement.
- Default:
no resources
- sid
The Sid (statement ID) is an optional identifier that you provide for the policy statement.
You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document’s ID. In IAM, the Sid value must be unique within a JSON policy.
- Default:
no sid