AWS::VpcLattice::AuthPolicy - AWS CloudFormation

AWS::VpcLattice::AuthPolicy

Creates or updates the auth policy. The policy string in JSON must not contain newlines or blank lines.

For more information, see Auth policies in the Amazon VPC Lattice User Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::VpcLattice::AuthPolicy", "Properties" : { "Policy" : Json, "ResourceIdentifier" : String } }

YAML

Type: AWS::VpcLattice::AuthPolicy Properties: Policy: Json ResourceIdentifier: String

Properties

Policy

The auth policy.

Required: Yes

Type: Json

Update requires: No interruption

ResourceIdentifier

The ID or ARN of the service network or service for which the policy is created.

Required: Yes

Type: String

Pattern: ^((((sn)|(svc))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}))$

Minimum: 17

Maximum: 200

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Amazon Resource Name (ARN) of the auth policy.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

State

The state of the auth policy. The auth policy is only active when the auth type is set to AWS_IAM. If you provide a policy, then authentication and authorization decisions are made based on this policy and the client's IAM policy. If the auth type is NONE, then any auth policy you provide will remain inactive.