Package software.amazon.awscdk.customresources

Class AwsCustomResourcePolicy

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.customresources.AwsCustomResourcePolicy
All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable
@Generated(value="jsii-pacmak/1.98.0 (build 00b106d)", date="2024-05-08T21:35:15.207Z") @Stability(Stable) public class AwsCustomResourcePolicy extends software.amazon.jsii.JsiiObject
The IAM Policy that will be applied to the different calls.

Example: 

 AwsCustomResource getParameter = AwsCustomResource.Builder.create(this, "GetParameter")
         .onUpdate(AwsSdkCall.builder() // will also be called for a CREATE event
                 .service("SSM")
                 .action("GetParameter")
                 .parameters(Map.of(
                         "Name", "my-parameter",
                         "WithDecryption", true))
                 .physicalResourceId(PhysicalResourceId.of(Date.now().toString())).build())
         .policy(AwsCustomResourcePolicy.fromSdkCalls(SdkCallsPolicyOptions.builder()
                 .resources(AwsCustomResourcePolicy.ANY_RESOURCE)
                 .build()))
         .build();
 // Use the value in another construct with
 getParameter.getResponseField("Parameter.Value");

  • Field Details

    • ANY_RESOURCE

      @Stability(Stable) public static final List<String> ANY_RESOURCE
      Use this constant to configure access to any resource.

  • Constructor Details

    • AwsCustomResourcePolicy

      protected AwsCustomResourcePolicy(software.amazon.jsii.JsiiObjectRef objRef)

    • AwsCustomResourcePolicy

      protected AwsCustomResourcePolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

  • Method Details

    • fromSdkCalls

      @Stability(Stable) @NotNull public static AwsCustomResourcePolicy fromSdkCalls(@NotNull SdkCallsPolicyOptions options)
      Generate IAM Policy Statements from the configured SDK calls.

      Each SDK call with be translated to an IAM Policy Statement in the form of: call.service:call.action (e.g s3:PutObject).

      This policy generator assumes the IAM policy name has the same name as the API call. This is true in 99% of cases, but there are exceptions (for example, S3's PutBucketLifecycleConfiguration requires s3:PutLifecycleConfiguration permissions, Lambda's Invoke requires lambda:InvokeFunction permissions). Use fromStatements if you want to do a call that requires different IAM action names.

      Parameters:
      options - options for the policy generation. This parameter is required.

    • fromStatements

      @Stability(Stable) @NotNull public static AwsCustomResourcePolicy fromStatements(@NotNull List<? extends PolicyStatement> statements)
      Explicit IAM Policy Statements.

      Parameters:
      statements - the statements to propagate to the SDK calls. This parameter is required.

    • getStatements

      @Stability(Stable) @NotNull public List<PolicyStatement> getStatements()
      statements for explicit policy.

    • getResources

      @Stability(Stable) @Nullable public List<String> getResources()
      resources for auto-generated from SDK calls.