Class Grant

Namespace

Amazon.CDK.AWS.IAM

Assembly

Amazon.CDK.AWS.IAM.dll

Result of a grant() operation.

public class Grant : DeputyBase, IDependable

Inheritance

object

Grant

Implements

IDependable

Examples

Instance instance;
             Volume volume;


             var attachGrant = volume.GrantAttachVolumeByResourceTag(instance.GrantPrincipal, new [] { instance });
             var detachGrant = volume.GrantDetachVolumeByResourceTag(instance.GrantPrincipal, new [] { instance });

Remarks

This class is not instantiable by consumers on purpose, so that they will be required to call the Grant factory functions.

ExampleMetadata: infused

Properties

PrincipalStatement

The statement that was added to the principal's policy.

public virtual PolicyStatement? PrincipalStatement { get; }

Property Value

PolicyStatement

Remarks

Can be accessed to (e.g.) add additional conditions to the statement.

ResourceStatement

The statement that was added to the resource policy.

public virtual PolicyStatement? ResourceStatement { get; }

Property Value

PolicyStatement

Remarks

Can be accessed to (e.g.) add additional conditions to the statement.

Success

Whether the grant operation was successful.

public virtual bool Success { get; }

Property Value

bool

Methods

AddToPrincipal(IGrantOnPrincipalOptions)

Try to grant the given permissions to the given principal.

public static Grant AddToPrincipal(IGrantOnPrincipalOptions options)

Parameters

options IGrantOnPrincipalOptions

Returns

Grant

Remarks

Absence of a principal leads to a warning, but failing to add the permissions to a present principal is not an error.

AddToPrincipalAndResource(IGrantOnPrincipalAndResourceOptions)

Add a grant both on the principal and on the resource.

public static Grant AddToPrincipalAndResource(IGrantOnPrincipalAndResourceOptions options)

Parameters

options IGrantOnPrincipalAndResourceOptions

Returns

Grant

Remarks

As long as any principal is given, granting on the principal may fail (in case of a non-identity principal), but granting on the resource will never fail.

Statement will be the resource statement.

AddToPrincipalOrResource(IGrantWithResourceOptions)

Grant the given permissions to the principal.

public static Grant AddToPrincipalOrResource(IGrantWithResourceOptions options)

Parameters

options IGrantWithResourceOptions

Returns

Grant

Remarks

The permissions will be added to the principal policy primarily, falling back to the resource policy if necessary. The permissions must be granted somewhere.

ApplyBefore(params IConstruct[])

Make sure this grant is applied before the given constructs are deployed.

public virtual void ApplyBefore(params IConstruct[] constructs)

Parameters

constructs IConstruct[]

Remarks

The same as construct.node.addDependency(grant), but slightly nicer to read.

AssertSuccess()

Throw an error if this grant wasn't successful.

public virtual void AssertSuccess()

Drop(IGrantable, string)

Returns a "no-op" Grant object which represents a "dropped grant".

public static Grant Drop(IGrantable grantee, string intent)

Parameters

grantee IGrantable

The intended grantee.

intent string

The user's intent (will be ignored at the moment).

Returns

Grant

Remarks

This can be used for e.g. imported resources where you may not be able to modify the resource's policy or some underlying policy which you don't know about.