Class PolicyStatementProps

Namespace

Amazon.CDK.AWS.IAM

Assembly

Amazon.CDK.AWS.IAM.dll

Interface for creating a policy statement.

public class PolicyStatementProps : IPolicyStatementProps

Inheritance

object

PolicyStatementProps

Implements

IPolicyStatementProps

Inherited Members

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Examples

// Add gateway endpoints when creating the VPC
            var vpc = new Vpc(this, "MyVpc", new VpcProps {
                GatewayEndpoints = new Dictionary<string, GatewayVpcEndpointOptions> {
                    { "S3", new GatewayVpcEndpointOptions {
                        Service = GatewayVpcEndpointAwsService.S3
                    } }
                }
            });

            // Alternatively gateway endpoints can be added on the VPC
            var dynamoDbEndpoint = vpc.AddGatewayEndpoint("DynamoDbEndpoint", new GatewayVpcEndpointOptions {
                Service = GatewayVpcEndpointAwsService.DYNAMODB
            });

            // This allows to customize the endpoint policy
            dynamoDbEndpoint.AddToPolicy(
            new PolicyStatement(new PolicyStatementProps {  // Restrict to listing and describing tables
                Principals = new [] { new AnyPrincipal() },
                Actions = new [] { "dynamodb:DescribeTable", "dynamodb:ListTables" },
                Resources = new [] { "*" } }));

            // Add an interface endpoint
            vpc.AddInterfaceEndpoint("EcrDockerEndpoint", new InterfaceVpcEndpointOptions {
                Service = InterfaceVpcEndpointAwsService.ECR_DOCKER
            });

Remarks

ExampleMetadata: lit=test/integ.vpc-endpoint.lit.ts infused

Constructors

PolicyStatementProps()

public PolicyStatementProps()

Properties

Actions

List of actions to add to the statement.

public string[]? Actions { get; set; }

Property Value

string[]

Remarks

Default: - no actions

Conditions

Conditions to add to the statement.

public IDictionary<string, object>? Conditions { get; set; }

Property Value

IDictionary<string, object>

Remarks

Default: - no condition

Effect

Whether to allow or deny the actions in this statement.

public Effect? Effect { get; set; }

Property Value

Effect?

Remarks

Default: Effect.ALLOW

NotActions

List of not actions to add to the statement.

public string[]? NotActions { get; set; }

Property Value

string[]

Remarks

Default: - no not-actions

NotPrincipals

List of not principals to add to the statement.

public IPrincipal[]? NotPrincipals { get; set; }

Property Value

IPrincipal[]

Remarks

Default: - no not principals

NotResources

NotResource ARNs to add to the statement.

public string[]? NotResources { get; set; }

Property Value

string[]

Remarks

Default: - no not-resources

Principals

List of principals to add to the statement.

public IPrincipal[]? Principals { get; set; }

Property Value

IPrincipal[]

Remarks

Default: - no principals

Resources

Resource ARNs to add to the statement.

public string[]? Resources { get; set; }

Property Value

string[]

Remarks

Default: - no resources

Sid

The Sid (statement ID) is an optional identifier that you provide for the policy statement.

public string? Sid { get; set; }

Property Value

string

Remarks

You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In IAM, the Sid value must be unique within a JSON policy.

Default: - no sid