interface GrantOnPrincipalAndResourceOptions
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.IAM.GrantOnPrincipalAndResourceOptions |
 Java | software.amazon.awscdk.services.iam.GrantOnPrincipalAndResourceOptions |
 Python | aws_cdk.aws_iam.GrantOnPrincipalAndResourceOptions |
 TypeScript (source) | @aws-cdk/aws-iam » GrantOnPrincipalAndResourceOptions |
Options for a grant operation to both identity and resource.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import * as iam from '@aws-cdk/aws-iam';
declare const grantable: iam.IGrantable;
declare const principal: iam.IPrincipal;
declare const resourceWithPolicy: iam.IResourceWithPolicy;
const grantOnPrincipalAndResourceOptions: iam.GrantOnPrincipalAndResourceOptions = {
actions: ['actions'],
grantee: grantable,
resource: resourceWithPolicy,
resourceArns: ['resourceArns'],
// the properties below are optional
resourcePolicyPrincipal: principal,
resourceSelfArns: ['resourceSelfArns'],
};
Properties
| Name | Type | Description |
|---|---|---|
| actions | string[] | The actions to grant. |
| grantee | IGrantable | The principal to grant to. |
| resource | IResource | The resource with a resource policy. |
| resource | string[] | The resource ARNs to grant to. |
| resource | IPrincipal | The principal to use in the statement for the resource policy. |
| resource | string[] | When referring to the resource in a resource policy, use this as ARN. |
actions
Type:
string[]
The actions to grant.
grantee
Type:
IGrantable
The principal to grant to.
resource
Type:
IResource
The resource with a resource policy.
The statement will always be added to the resource policy.
resourceArns
Type:
string[]
The resource ARNs to grant to.
resourcePolicyPrincipal?
Type:
IPrincipal
(optional, default: the principal of the grantee will be used)
The principal to use in the statement for the resource policy.
resourceSelfArns?
Type:
string[]
(optional, default: Same as regular resource ARNs)
When referring to the resource in a resource policy, use this as ARN.
(Depending on the resource type, this needs to be '*' in a resource policy).