Interface IPolicyDocumentProps

Namespace

Amazon.CDK.AWS.IAM

Assembly

Amazon.CDK.AWS.IAM.dll

Properties for a new PolicyDocument.

public interface IPolicyDocumentProps

Examples

var myTrustedAdminRole = Role.FromRoleArn(this, "TrustedRole", "arn:aws:iam:....");
            // Creates a limited admin policy and assigns to the account root.
            var myCustomPolicy = new PolicyDocument(new PolicyDocumentProps {
                Statements = new [] { new PolicyStatement(new PolicyStatementProps {
                    Actions = new [] { "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*" },
                    Principals = new [] { new AccountRootPrincipal() },
                    Resources = new [] { "*" }
                }) }
            });
            var key = new Key(this, "MyKey", new KeyProps {
                Policy = myCustomPolicy
            });

Remarks

ExampleMetadata: infused

Properties

AssignSids

Automatically assign Statement Ids to all statements.

bool? AssignSids { get; }

Property Value

bool?

Remarks

Default: false

Minimize

Try to minimize the policy by merging statements.

bool? Minimize { get; }

Property Value

bool?

Remarks

To avoid overrunning the maximum policy size, combine statements if they produce the same result. Merging happens according to the following rules:

Default: - false, unless the feature flag @aws-cdk/aws-iam:minimizePolicies is set

Statements

Initial statements to add to the policy document.

PolicyStatement[]? Statements { get; }

Property Value

PolicyStatement[]

Remarks

Default: - No statements