Class Policy

Namespace

Amazon.CDK.AWS.IAM

Assembly

Amazon.CDK.AWS.IAM.dll

The AWS::IAM::Policy resource associates an IAM policy with IAM users, roles, or groups.

public class Policy : Resource, IPolicy, IResource, IConstruct, IConstruct, IDependable

Inheritance

object

Policy

Implements

IPolicy

IResource

IConstruct

IConstruct

IDependable

Examples

Function postAuthFn;


             var userpool = new UserPool(this, "myuserpool", new UserPoolProps {
                 LambdaTriggers = new UserPoolTriggers {
                     PostAuthentication = postAuthFn
                 }
             });

             // provide permissions to describe the user pool scoped to the ARN the user pool
             postAuthFn.Role.AttachInlinePolicy(new Policy(this, "userpool-policy", new PolicyProps {
                 Statements = new [] { new PolicyStatement(new PolicyStatementProps {
                     Actions = new [] { "cognito-idp:DescribeUserPool" },
                     Resources = new [] { userpool.UserPoolArn }
                 }) }
             }));

Remarks

For more information about IAM policies, see Overview of IAM Policies in the IAM User Guide guide.

ExampleMetadata: infused

Constructors

Policy(Construct, string, IPolicyProps?)

public Policy(Construct scope, string id, IPolicyProps? props = null)

Parameters

scope Construct

id string

props IPolicyProps

Properties

Document

The policy document.

public virtual PolicyDocument Document { get; }

Property Value

PolicyDocument

PolicyName

The name of this policy.

public virtual string PolicyName { get; }

Property Value

string

Remarks

Attribute: true

Methods

AddStatements(params PolicyStatement[])

Adds a statement to the policy document.

public virtual void AddStatements(params PolicyStatement[] statement)

Parameters

statement PolicyStatement[]

AttachToGroup(IGroup)

Attaches this policy to a group.

public virtual void AttachToGroup(IGroup group)

Parameters

group IGroup

AttachToRole(IRole)

Attaches this policy to a role.

public virtual void AttachToRole(IRole role)

Parameters

role IRole

AttachToUser(IUser)

Attaches this policy to a user.

public virtual void AttachToUser(IUser user)

Parameters

user IUser

FromPolicyName(Construct, string, string)

Import a policy in this app based on its name.

public static IPolicy FromPolicyName(Construct scope, string id, string policyName)

Parameters

scope Construct

id string

policyName string

Returns

IPolicy

Validate()

Validate the current construct.

protected override string[] Validate()

Returns

string[]

Remarks

This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.