Class PolicyProps

Namespace: Amazon.CDK.AWS.IAM

Assembly: Amazon.CDK.AWS.IAM.dll

Properties for defining an IAM inline policy document.

public class PolicyProps : IPolicyProps

Inheritance: object

PolicyProps

Implements: IPolicyProps

Inherited Members: object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Examples

Function postAuthFn;


            var userpool = new UserPool(this, "myuserpool", new UserPoolProps {
                LambdaTriggers = new UserPoolTriggers {
                    PostAuthentication = postAuthFn
                }
            });

            // provide permissions to describe the user pool scoped to the ARN the user pool
            postAuthFn.Role.AttachInlinePolicy(new Policy(this, "userpool-policy", new PolicyProps {
                Statements = new [] { new PolicyStatement(new PolicyStatementProps {
                    Actions = new [] { "cognito-idp:DescribeUserPool" },
                    Resources = new [] { userpool.UserPoolArn }
                }) }
            }));

Remarks

ExampleMetadata: infused

Constructors

PolicyProps()

public PolicyProps()

Properties

Document

Initial PolicyDocument to use for this Policy.

public PolicyDocument? Document { get; set; }

Property Value

PolicyDocument

Remarks

If omited, any PolicyStatement provided in the statements property will be applied against the empty default PolicyDocument.

Default: - An empty policy.

Force

Force creation of an AWS::IAM::Policy.

public bool? Force { get; set; }

Property Value

bool?

Remarks

Unless set to true, this Policy construct will not materialize to an AWS::IAM::Policy CloudFormation resource in case it would have no effect (for example, if it remains unattached to an IAM identity or if it has no statements). This is generally desired behavior, since it prevents creating invalid--and hence undeployable--CloudFormation templates.

In cases where you know the policy must be created and it is actually an error if no statements have been added to it, you can set this to true.

Default: false

Groups

Groups to attach this policy to.

public IGroup[]? Groups { get; set; }

Property Value

IGroup[]

Remarks

You can also use attachToGroup(group) to attach this policy to a group.

Default: - No groups.

PolicyName

The name of the policy.

public string? PolicyName { get; set; }

Property Value

string

Remarks

If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name.

Default: - Uses the logical ID of the policy resource, which is ensured to be unique within the stack.

Roles

Roles to attach this policy to.

public IRole[]? Roles { get; set; }

Property Value

IRole[]

Remarks

You can also use attachToRole(role) to attach this policy to a role.

Default: - No roles.

Statements

Initial set of permissions to add to this policy document.

public PolicyStatement[]? Statements { get; set; }

Property Value

PolicyStatement[]

Remarks

You can also use addStatements(...statement) to add permissions later.

Default: - No statements.

Users

Users to attach this policy to.

public IUser[]? Users { get; set; }

Property Value

IUser[]

Remarks

You can also use attachToUser(user) to attach this policy to a user.

Default: - No users.

Table of Contents

Class PolicyProps

Examples

Remarks

Constructors

PolicyProps()

Properties

Document

Property Value

Remarks

Force

Property Value

Remarks

Groups

Property Value

Remarks

PolicyName

Property Value

Remarks

Roles

Property Value

Remarks

Statements

Property Value

Remarks

Users

Property Value

Remarks