Class AwsCustomResourcePolicy
The IAM Policy that will be applied to the different calls.
Inheritance
Namespace: Amazon.CDK.CustomResources
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class AwsCustomResourcePolicy : DeputyBase
Syntax (vb)
Public Class AwsCustomResourcePolicy
Inherits DeputyBase
Remarks
ExampleMetadata: infused
Examples
var getParameter = new AwsCustomResource(this, "GetParameter", new AwsCustomResourceProps {
OnUpdate = new AwsSdkCall { // will also be called for a CREATE event
Service = "SSM",
Action = "GetParameter",
Parameters = new Dictionary<string, object> {
{ "Name", "my-parameter" },
{ "WithDecryption", true }
},
PhysicalResourceId = PhysicalResourceId.Of(Date.Now().ToString()) },
Policy = AwsCustomResourcePolicy.FromSdkCalls(new SdkCallsPolicyOptions {
Resources = AwsCustomResourcePolicy.ANY_RESOURCE
})
});
// Use the value in another construct with
getParameter.GetResponseField("Parameter.Value");
Synopsis
Constructors
AwsCustomResourcePolicy(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
AwsCustomResourcePolicy(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
Properties
ANY_RESOURCE | Use this constant to configure access to any resource. |
Resources | resources for auto-generated from SDK calls. |
Statements | statements for explicit policy. |
Methods
FromSdkCalls(ISdkCallsPolicyOptions) | Generate IAM Policy Statements from the configured SDK calls. |
FromStatements(PolicyStatement[]) | Explicit IAM Policy Statements. |
Constructors
AwsCustomResourcePolicy(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected AwsCustomResourcePolicy(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
AwsCustomResourcePolicy(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected AwsCustomResourcePolicy(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
Properties
ANY_RESOURCE
Use this constant to configure access to any resource.
public static string[] ANY_RESOURCE { get; }
Property Value
System.String[]
Resources
resources for auto-generated from SDK calls.
public virtual string[] Resources { get; }
Property Value
System.String[]
Statements
statements for explicit policy.
public virtual PolicyStatement[] Statements { get; }
Property Value
Methods
FromSdkCalls(ISdkCallsPolicyOptions)
Generate IAM Policy Statements from the configured SDK calls.
public static AwsCustomResourcePolicy FromSdkCalls(ISdkCallsPolicyOptions options)
Parameters
- options ISdkCallsPolicyOptions
options for the policy generation.
Returns
Remarks
Each SDK call with be translated to an IAM Policy Statement in the form of: call.service:call.action
(e.g s3:PutObject
).
This policy generator assumes the IAM policy name has the same name as the API
call. This is true in 99% of cases, but there are exceptions (for example,
S3's PutBucketLifecycleConfiguration
requires
s3:PutLifecycleConfiguration
permissions, Lambda's Invoke
requires
lambda:InvokeFunction
permissions). Use fromStatements
if you want to
do a call that requires different IAM action names.
FromStatements(PolicyStatement[])
Explicit IAM Policy Statements.
public static AwsCustomResourcePolicy FromStatements(PolicyStatement[] statements)
Parameters
- statements PolicyStatement[]
the statements to propagate to the SDK calls.
Returns