Class ManagedPolicy

Namespace: Amazon.CDK.AWS.IAM

Assembly: Amazon.CDK.AWS.IAM.dll

Managed policy.

public class ManagedPolicy : Resource, IManagedPolicy

Inheritance: object

ManagedPolicy

Implements: IManagedPolicy

Examples

var myRole = new Role(this, "My Role", new RoleProps {
                AssumedBy = new ServicePrincipal("lambda.amazonaws.com")
            });

            var fn = new Function(this, "MyFunction", new FunctionProps {
                Runtime = Runtime.NODEJS_16_X,
                Handler = "index.handler",
                Code = Code.FromAsset(Join(__dirname, "lambda-handler")),
                Role = myRole
            });

            myRole.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"));
            myRole.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole"));

Remarks

ExampleMetadata: infused

Constructors

ManagedPolicy(Construct, string, IManagedPolicyProps?)

public ManagedPolicy(Construct scope, string id, IManagedPolicyProps? props = null)

Parameters

scope Construct
id string
props IManagedPolicyProps

Properties

Description

The description of this policy.

public virtual string Description { get; }

Property Value

string

Remarks

Attribute: true

Document

The policy document.

public virtual PolicyDocument Document { get; }

Property Value

PolicyDocument

ManagedPolicyArn

Returns the ARN of this managed policy.

public virtual string ManagedPolicyArn { get; }

Property Value

string

Remarks

Attribute: true

ManagedPolicyName

The name of this policy.

public virtual string ManagedPolicyName { get; }

Property Value

string

Remarks

Attribute: true

Path

The path of this policy.

public virtual string Path { get; }

Property Value

string

Remarks

Attribute: true

Methods

AddStatements(params PolicyStatement[])

Adds a statement to the policy document.

public virtual void AddStatements(params PolicyStatement[] statement)

Parameters

statement PolicyStatement[]

AttachToGroup(IGroup)

Attaches this policy to a group.

public virtual void AttachToGroup(IGroup group)

Parameters

group IGroup

AttachToRole(IRole)

Attaches this policy to a role.

public virtual void AttachToRole(IRole role)

Parameters

role IRole

AttachToUser(IUser)

Attaches this policy to a user.

public virtual void AttachToUser(IUser user)

Parameters

user IUser

FromAwsManagedPolicyName(string)

Import a managed policy from one of the policies that AWS manages.

public static IManagedPolicy FromAwsManagedPolicyName(string managedPolicyName)

Parameters

managedPolicyName string

Returns

IManagedPolicy

Remarks

For this managed policy, you only need to know the name to be able to use it.

Some managed policy names start with "service-role/", some start with "job-function/", and some don't start with anything. Include the prefix when constructing this object.

FromManagedPolicyArn(Construct, string, string)

Import an external managed policy by ARN.

public static IManagedPolicy FromManagedPolicyArn(Construct scope, string id, string managedPolicyArn)

Parameters

scope Construct: construct scope.
id string: construct id.
managedPolicyArn string: the ARN of the managed policy to import.

Returns

IManagedPolicy

Remarks

For this managed policy, you only need to know the ARN to be able to use it. This can be useful if you got the ARN from a CloudFormation Export.

If the imported Managed Policy ARN is a Token (such as a CfnParameter.valueAsString or a Fn.importValue()) and the referenced managed policy has a path (like arn:...:policy/AdminPolicy/AdminAllow), the managedPolicyName property will not resolve to the correct value. Instead it will resolve to the first path component. We unfortunately cannot express the correct calculation of the full path name as a CloudFormation expression. In this scenario the Managed Policy ARN should be supplied without the path in order to resolve the correct managed policy resource.

FromManagedPolicyName(Construct, string, string)

Import a customer managed policy from the managedPolicyName.

public static IManagedPolicy FromManagedPolicyName(Construct scope, string id, string managedPolicyName)

Parameters

scope Construct
id string
managedPolicyName string

Returns

IManagedPolicy

Remarks

For this managed policy, you only need to know the name to be able to use it.

Validate()

Validate the current construct.

protected override string[] Validate()

Returns

string[]

Remarks

This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.

Table of Contents

Class ManagedPolicy

Examples

Remarks

Constructors

ManagedPolicy(Construct, string, IManagedPolicyProps?)

Parameters

Properties

Description

Property Value

Remarks

Document

Property Value

ManagedPolicyArn

Property Value

Remarks

ManagedPolicyName

Property Value

Remarks

Path

Property Value

Remarks

Methods

AddStatements(params PolicyStatement[])

Parameters

AttachToGroup(IGroup)

Parameters

AttachToRole(IRole)

Parameters

AttachToUser(IUser)

Parameters

FromAwsManagedPolicyName(string)

Parameters

Returns

Remarks

FromManagedPolicyArn(Construct, string, string)

Parameters

Returns

Remarks

FromManagedPolicyName(Construct, string, string)

Parameters

Returns

Remarks

Validate()

Returns

Remarks