Package software.amazon.awscdk.services.iam

Interface PolicyStatementProps

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
PolicyStatementProps.Jsii$Proxy
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:29:57.362Z") @Stability(Stable) public interface PolicyStatementProps extends software.amazon.jsii.JsiiSerializable
Interface for creating a policy statement.

Example: 

 // Add gateway endpoints when creating the VPC
 Vpc vpc = Vpc.Builder.create(this, "MyVpc")
         .gatewayEndpoints(Map.of(
                 "S3", GatewayVpcEndpointOptions.builder()
                         .service(GatewayVpcEndpointAwsService.S3)
                         .build()))
         .build();
 // Alternatively gateway endpoints can be added on the VPC
 GatewayVpcEndpoint dynamoDbEndpoint = vpc.addGatewayEndpoint("DynamoDbEndpoint", GatewayVpcEndpointOptions.builder()
         .service(GatewayVpcEndpointAwsService.DYNAMODB)
         .build());
 // This allows to customize the endpoint policy
 dynamoDbEndpoint.addToPolicy(
 PolicyStatement.Builder.create() // Restrict to listing and describing tables
         .principals(List.of(new AnyPrincipal()))
         .actions(List.of("dynamodb:DescribeTable", "dynamodb:ListTables"))
         .resources(List.of("*")).build());
 // Add an interface endpoint
 vpc.addInterfaceEndpoint("EcrDockerEndpoint", InterfaceVpcEndpointOptions.builder()
         .service(InterfaceVpcEndpointAwsService.ECR_DOCKER)
         .build());

  • Method Details

    • getActions

      @Stability(Stable) @Nullable default List<String> getActions()
      List of actions to add to the statement.

      Default: - no actions

    • getConditions

      @Stability(Stable) @Nullable default Map<String,Object> getConditions()
      Conditions to add to the statement.

      Default: - no condition

    • getEffect

      @Stability(Stable) @Nullable default Effect getEffect()
      Whether to allow or deny the actions in this statement.

      Default: Effect.ALLOW

    • getNotActions

      @Stability(Stable) @Nullable default List<String> getNotActions()
      List of not actions to add to the statement.

      Default: - no not-actions

    • getNotPrincipals

      @Stability(Stable) @Nullable default List<IPrincipal> getNotPrincipals()
      List of not principals to add to the statement.

      Default: - no not principals

    • getNotResources

      @Stability(Stable) @Nullable default List<String> getNotResources()
      NotResource ARNs to add to the statement.

      Default: - no not-resources

    • getPrincipals

      @Stability(Stable) @Nullable default List<IPrincipal> getPrincipals()
      List of principals to add to the statement.

      Default: - no principals

    • getResources

      @Stability(Stable) @Nullable default List<String> getResources()
      Resource ARNs to add to the statement.

      Default: - no resources

    • getSid

      @Stability(Stable) @Nullable default String getSid()
      The Sid (statement ID) is an optional identifier that you provide for the policy statement.

      You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In IAM, the Sid value must be unique within a JSON policy.

      Default: - no sid

    • builder

      @Stability(Stable) static PolicyStatementProps.Builder builder()
      Returns:
      a PolicyStatementProps.Builder of PolicyStatementProps