Class AwsCustomResourcePolicy

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.customresources.AwsCustomResourcePolicy
All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable

@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:30:42.046Z") @Stability(Stable) public class AwsCustomResourcePolicy extends software.amazon.jsii.JsiiObject
The IAM Policy that will be applied to the different calls.

Example:

 AwsCustomResource awsCustom = AwsCustomResource.Builder.create(this, "aws-custom")
         .onCreate(AwsSdkCall.builder()
                 .service("...")
                 .action("...")
                 .parameters(Map.of(
                         "text", "..."))
                 .physicalResourceId(PhysicalResourceId.of("..."))
                 .build())
         .onUpdate(AwsSdkCall.builder()
                 .service("...")
                 .action("...")
                 .parameters(Map.of(
                         "text", "...",
                         "resourceId", new PhysicalResourceIdReference()))
                 .build())
         .policy(AwsCustomResourcePolicy.fromSdkCalls(SdkCallsPolicyOptions.builder()
                 .resources(AwsCustomResourcePolicy.ANY_RESOURCE)
                 .build()))
         .build();
 
  • Field Details

    • ANY_RESOURCE

      @Stability(Stable) public static final List<String> ANY_RESOURCE
      Use this constant to configure access to any resource.
  • Constructor Details

    • AwsCustomResourcePolicy

      protected AwsCustomResourcePolicy(software.amazon.jsii.JsiiObjectRef objRef)
    • AwsCustomResourcePolicy

      protected AwsCustomResourcePolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
  • Method Details

    • fromSdkCalls

      @Stability(Stable) @NotNull public static AwsCustomResourcePolicy fromSdkCalls(@NotNull SdkCallsPolicyOptions options)
      Generate IAM Policy Statements from the configured SDK calls.

      Each SDK call with be translated to an IAM Policy Statement in the form of: call.service:call.action (e.g s3:PutObject).

      This policy generator assumes the IAM policy name has the same name as the API call. This is true in 99% of cases, but there are exceptions (for example, S3's PutBucketLifecycleConfiguration requires s3:PutLifecycleConfiguration permissions, Lambda's Invoke requires lambda:InvokeFunction permissions). Use fromStatements if you want to do a call that requires different IAM action names.

      Parameters:
      options - options for the policy generation. This parameter is required.
    • fromStatements

      @Stability(Stable) @NotNull public static AwsCustomResourcePolicy fromStatements(@NotNull List<? extends PolicyStatement> statements)
      Explicit IAM Policy Statements.

      Parameters:
      statements - the statements to propagate to the SDK calls. This parameter is required.
    • getStatements

      @Stability(Stable) @NotNull public List<PolicyStatement> getStatements()
      statements for explicit policy.
    • getResources

      @Stability(Stable) @Nullable public List<String> getResources()
      resources for auto-generated from SDK calls.