Class PolicyDocument
A PolicyDocument is a collection of statements.
public class PolicyDocument : DeputyBase, IResolvable- Inheritance
-
PolicyDocument
- Implements
-
IResolvable
Examples
var myTrustedAdminRole = Role.FromRoleArn(this, "TrustedRole", "arn:aws:iam:....");
// Creates a limited admin policy and assigns to the account root.
var myCustomPolicy = new PolicyDocument(new PolicyDocumentProps {
Statements = new [] { new PolicyStatement(new PolicyStatementProps {
Actions = new [] { "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*" },
Principals = new [] { new AccountRootPrincipal() },
Resources = new [] { "*" }
}) }
});
var key = new Key(this, "MyKey", new KeyProps {
Policy = myCustomPolicy
});Remarks
ExampleMetadata: infused
Constructors
PolicyDocument(IPolicyDocumentProps?)
public PolicyDocument(IPolicyDocumentProps? props = null)Parameters
propsIPolicyDocumentProps
Properties
CreationStack
The creation stack of this resolvable which will be appended to errors thrown during resolution.
public virtual string[] CreationStack { get; }Property Value
- string[]
Remarks
This may return an array with a single informational element indicating how to get this property populated, if it was skipped for performance reasons.
IsEmpty
Whether the policy document contains any statements.
public virtual bool IsEmpty { get; }Property Value
StatementCount
The number of statements already added to this policy.
public virtual double StatementCount { get; }Property Value
Remarks
Can be used, for example, to generate unique "sid"s within the policy.
Methods
AddStatements(params PolicyStatement[])
Adds a statement to the policy document.
public virtual void AddStatements(params PolicyStatement[] statement)Parameters
statementPolicyStatement[]the statement to add.
FromJson(object)
Creates a new PolicyDocument based on the object provided.
public static PolicyDocument FromJson(object obj)Parameters
objobjectthe PolicyDocument in object form.
Returns
Remarks
This will accept an object created from the .toJSON() call
Resolve(IResolveContext)
Produce the Token's value at resolution time.
public virtual object Resolve(IResolveContext context)Parameters
contextIResolveContext
Returns
ToJSON()
JSON-ify the document.
public virtual object ToJSON()Returns
Remarks
Used when JSON.stringify() is called
ToString()
Encode the policy document as a string.
public override string ToString()Returns
ValidateForAnyPolicy()
Validate that all policy statements in the policy document satisfies the requirements for any policy.
public virtual string[] ValidateForAnyPolicy()Returns
- string[]
An array of validation error messages, or an empty array if the document is valid.
Remarks
ValidateForIdentityPolicy()
Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.
public virtual string[] ValidateForIdentityPolicy()Returns
- string[]
An array of validation error messages, or an empty array if the document is valid.
Remarks
ValidateForResourcePolicy()
Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.
public virtual string[] ValidateForResourcePolicy()Returns
- string[]
An array of validation error messages, or an empty array if the document is valid.