Class ManagedPolicyProps
Properties for defining an IAM managed policy.
public class ManagedPolicyProps : IManagedPolicyProps- Inheritance
-
ManagedPolicyProps
- Implements
- Inherited Members
Examples
IDictionary<string, object> policyDocument = new Dictionary<string, object> {
{ "Version", "2012-10-17" },
{ "Statement", new [] { new Dictionary<string, object> {
{ "Sid", "FirstStatement" },
{ "Effect", "Allow" },
{ "Action", new [] { "iam:ChangePassword" } },
{ "Resource", "*" }
}, new Dictionary<string, string> {
{ "Sid", "SecondStatement" },
{ "Effect", "Allow" },
{ "Action", "s3:ListAllMyBuckets" },
{ "Resource", "*" }
}, new Dictionary<string, object> {
{ "Sid", "ThirdStatement" },
{ "Effect", "Allow" },
{ "Action", new [] { "s3:List*", "s3:Get*" } },
{ "Resource", new [] { "arn:aws:s3:::confidential-data", "arn:aws:s3:::confidential-data/*" } },
{ "Condition", new Dictionary<string, IDictionary<string, string>> { { "Bool", new Dictionary<string, string> { { "aws:MultiFactorAuthPresent", "true" } } } } }
} } }
};
var customPolicyDocument = PolicyDocument.FromJson(policyDocument);
// You can pass this document as an initial document to a ManagedPolicy
// or inline Policy.
var newManagedPolicy = new ManagedPolicy(this, "MyNewManagedPolicy", new ManagedPolicyProps {
Document = customPolicyDocument
});
var newPolicy = new Policy(this, "MyNewPolicy", new PolicyProps {
Document = customPolicyDocument
});Remarks
ExampleMetadata: infused
Constructors
ManagedPolicyProps()
public ManagedPolicyProps()Properties
Description
A description of the managed policy.
public string? Description { get; set; }Property Value
Remarks
Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." The policy description is immutable. After a value is assigned, it cannot be changed.
Default: - empty
Document
Initial PolicyDocument to use for this ManagedPolicy.
public PolicyDocument? Document { get; set; }Property Value
Remarks
If omited, any
PolicyStatement provided in the statements property will be applied
against the empty default PolicyDocument.
Default: - An empty policy.
Groups
Groups to attach this policy to.
public IGroup[]? Groups { get; set; }Property Value
- IGroup[]
Remarks
You can also use attachToGroup(group) to attach this policy to a group.
Default: - No groups.
ManagedPolicyName
The name of the managed policy.
public string? ManagedPolicyName { get; set; }Property Value
Remarks
If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name.
Default: - A name is automatically generated.
Path
The path for the policy.
public string? Path { get; set; }Property Value
Remarks
This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
For more information about paths, see IAM Identifiers in the IAM User Guide.
Default: - "/"
Roles
Roles to attach this policy to.
public IRole[]? Roles { get; set; }Property Value
- IRole[]
Remarks
You can also use attachToRole(role) to attach this policy to a role.
Default: - No roles.
Statements
Initial set of permissions to add to this policy document.
public PolicyStatement[]? Statements { get; set; }Property Value
Remarks
You can also use addPermission(statement) to add permissions later.
Default: - No statements.
Users
Users to attach this policy to.
public IUser[]? Users { get; set; }Property Value
- IUser[]
Remarks
You can also use attachToUser(user) to attach this policy to a user.
Default: - No users.