Interface IPolicyStatementProps

Namespace

Amazon.CDK.AWS.IAM

Assembly

Amazon.CDK.AWS.IAM.dll

Interface for creating a policy statement.

public interface IPolicyStatementProps

Examples

// Add gateway endpoints when creating the VPC
            var vpc = new Vpc(this, "MyVpc", new VpcProps {
                GatewayEndpoints = new Dictionary<string, GatewayVpcEndpointOptions> {
                    { "S3", new GatewayVpcEndpointOptions {
                        Service = GatewayVpcEndpointAwsService.S3
                    } }
                }
            });

            // Alternatively gateway endpoints can be added on the VPC
            var dynamoDbEndpoint = vpc.AddGatewayEndpoint("DynamoDbEndpoint", new GatewayVpcEndpointOptions {
                Service = GatewayVpcEndpointAwsService.DYNAMODB
            });

            // This allows to customize the endpoint policy
            dynamoDbEndpoint.AddToPolicy(
            new PolicyStatement(new PolicyStatementProps {  // Restrict to listing and describing tables
                Principals = new [] { new AnyPrincipal() },
                Actions = new [] { "dynamodb:DescribeTable", "dynamodb:ListTables" },
                Resources = new [] { "*" } }));

            // Add an interface endpoint
            vpc.AddInterfaceEndpoint("EcrDockerEndpoint", new InterfaceVpcEndpointOptions {
                Service = InterfaceVpcEndpointAwsService.ECR_DOCKER
            });

Remarks

ExampleMetadata: lit=test/integ.vpc-endpoint.lit.ts infused

Properties

Actions

List of actions to add to the statement.

string[]? Actions { get; }

Property Value

string[]

Remarks

Default: - no actions

Conditions

Conditions to add to the statement.

IDictionary<string, object>? Conditions { get; }

Property Value

IDictionary<string, object>

Remarks

Default: - no condition

Effect

Whether to allow or deny the actions in this statement.

Effect? Effect { get; }

Property Value

Effect?

Remarks

Default: Effect.ALLOW

NotActions

List of not actions to add to the statement.

string[]? NotActions { get; }

Property Value

string[]

Remarks

Default: - no not-actions

NotPrincipals

List of not principals to add to the statement.

IPrincipal[]? NotPrincipals { get; }

Property Value

IPrincipal[]

Remarks

Default: - no not principals

NotResources

NotResource ARNs to add to the statement.

string[]? NotResources { get; }

Property Value

string[]

Remarks

Default: - no not-resources

Principals

List of principals to add to the statement.

IPrincipal[]? Principals { get; }

Property Value

IPrincipal[]

Remarks

Default: - no principals

Resources

Resource ARNs to add to the statement.

string[]? Resources { get; }

Property Value

string[]

Remarks

Default: - no resources

Sid

The Sid (statement ID) is an optional identifier that you provide for the policy statement.

string? Sid { get; }

Property Value

string

Remarks

You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In IAM, the Sid value must be unique within a JSON policy.

Default: - no sid