interface PolicyStatementProps
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.IAM.PolicyStatementProps |
Go | github.com/aws/aws-cdk-go/awscdk/v2/awsiam#PolicyStatementProps |
Java | software.amazon.awscdk.services.iam.PolicyStatementProps |
Python | aws_cdk.aws_iam.PolicyStatementProps |
TypeScript (source) | aws-cdk-lib » aws_iam » PolicyStatementProps |
Interface for creating a policy statement.
Example
declare const destinationBucket: s3.Bucket;
const deployment = new s3deploy.BucketDeployment(this, 'DeployFiles', {
sources: [s3deploy.Source.asset(path.join(__dirname, 'source-files'))],
destinationBucket,
});
deployment.handlerRole.addToPolicy(
new iam.PolicyStatement({
actions: ['kms:Decrypt', 'kms:DescribeKey'],
effect: iam.Effect.ALLOW,
resources: ['<encryption key ARN>'],
}),
);
Properties
Name | Type | Description |
---|---|---|
actions? | string[] | List of actions to add to the statement. |
conditions? | { [string]: any } | Conditions to add to the statement. |
effect? | Effect | Whether to allow or deny the actions in this statement. |
not | string[] | List of not actions to add to the statement. |
not | IPrincipal [] | List of not principals to add to the statement. |
not | string[] | NotResource ARNs to add to the statement. |
principals? | IPrincipal [] | List of principals to add to the statement. |
resources? | string[] | Resource ARNs to add to the statement. |
sid? | string | The Sid (statement ID) is an optional identifier that you provide for the policy statement. |
actions?
Type:
string[]
(optional, default: no actions)
List of actions to add to the statement.
conditions?
Type:
{ [string]: any }
(optional, default: no condition)
Conditions to add to the statement.
effect?
Type:
Effect
(optional, default: Effect.ALLOW)
Whether to allow or deny the actions in this statement.
notActions?
Type:
string[]
(optional, default: no not-actions)
List of not actions to add to the statement.
notPrincipals?
Type:
IPrincipal
[]
(optional, default: no not principals)
List of not principals to add to the statement.
notResources?
Type:
string[]
(optional, default: no not-resources)
NotResource ARNs to add to the statement.
principals?
Type:
IPrincipal
[]
(optional, default: no principals)
List of principals to add to the statement.
resources?
Type:
string[]
(optional, default: no resources)
Resource ARNs to add to the statement.
sid?
Type:
string
(optional, default: no sid)
The Sid (statement ID) is an optional identifier that you provide for the policy statement.
You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In IAM, the Sid value must be unique within a JSON policy.