AWS::VpcLattice::AuthPolicy
Creates or updates the auth policy. The policy string in JSON must not contain newlines or blank lines.
For more information, see Auth policies in the Amazon VPC Lattice User Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::VpcLattice::AuthPolicy", "Properties" : { "Policy" :
Json
, "ResourceIdentifier" :String
} }
YAML
Type: AWS::VpcLattice::AuthPolicy Properties: Policy:
Json
ResourceIdentifier:String
Properties
Policy
-
The auth policy.
Required: Yes
Type: Json
Update requires: No interruption
ResourceIdentifier
-
The ID or ARN of the service network or service for which the policy is created.
Required: Yes
Type: String
Pattern:
^((((sn)|(svc))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}))$
Minimum:
17
Maximum:
200
Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the Amazon Resource Name (ARN) of the auth policy.
For more information about using the Ref
function, see Ref
.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt
intrinsic function, see Fn::GetAtt
.
State
-
The state of the auth policy. The auth policy is only active when the auth type is set to
AWS_IAM
. If you provide a policy, then authentication and authorization decisions are made based on this policy and the client's IAM policy. If the auth type isNONE
, then any auth policy you provide will remain inactive.