AWS::EntityResolution::PolicyStatement
Adds a policy statement object. To retrieve a list of existing policy statements, use
the GetPolicy
API.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::EntityResolution::PolicyStatement", "Properties" : { "Action" :
[ String, ... ]
, "Arn" :String
, "Condition" :String
, "Effect" :String
, "Principal" :[ String, ... ]
, "StatementId" :String
} }
YAML
Type: AWS::EntityResolution::PolicyStatement Properties: Action:
- String
Arn:String
Condition:String
Effect:String
Principal:- String
StatementId:String
Properties
Action
-
The action that the principal can use on the resource.
For example,
entityresolution:GetIdMappingJob
,entityresolution:GetMatchingJob
.Required: No
Type: Array of String
Update requires: No interruption
Arn
-
The Amazon Resource Name (ARN) of the resource that will be accessed by the principal.
Required: Yes
Type: String
Pattern:
^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:((schemamapping|matchingworkflow|idmappingworkflow|idnamespace)/[a-zA-Z_0-9-]{1,255})$
Update requires: Replacement
Condition
-
A set of condition keys that you can use in key policies.
Required: No
Type: String
Minimum:
1
Maximum:
40960
Update requires: No interruption
Effect
-
Determines whether the permissions specified in the policy are to be allowed (
Allow
) or denied (Deny
).Required: No
Type: String
Allowed values:
Allow | Deny
Update requires: No interruption
Principal
-
The Amazon service or Amazon account that can access the resource defined as ARN.
Required: No
Type: Array of String
Update requires: No interruption
StatementId
-
A statement identifier that differentiates the statement from others in the same policy.
Required: Yes
Type: String
Pattern:
^[0-9A-Za-z]+$
Minimum:
1
Maximum:
64
Update requires: Replacement