Package software.amazon.awscdk.services.iam

Class Grant

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.iam.Grant
All Implemented Interfaces:
IDependable, software.amazon.jsii.JsiiSerializable
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:29:57.307Z") @Stability(Stable) public class Grant extends software.amazon.jsii.JsiiObject implements IDependable
Result of a grant() operation.

This class is not instantiable by consumers on purpose, so that they will be required to call the Grant factory functions.

Example: 

 Instance instance;
 Volume volume;
 Grant attachGrant = volume.grantAttachVolumeByResourceTag(instance.getGrantPrincipal(), List.of(instance));
 Grant detachGrant = volume.grantDetachVolumeByResourceTag(instance.getGrantPrincipal(), List.of(instance));

  • Constructor Details

    • Grant

      protected Grant(software.amazon.jsii.JsiiObjectRef objRef)

    • Grant

      protected Grant(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

  • Method Details

    • addToPrincipal

      @Stability(Stable) @NotNull public static Grant addToPrincipal(@NotNull GrantOnPrincipalOptions options)
      Try to grant the given permissions to the given principal.

      Absence of a principal leads to a warning, but failing to add the permissions to a present principal is not an error.

      Parameters:
      options - This parameter is required.

    • addToPrincipalAndResource

      @Stability(Stable) @NotNull public static Grant addToPrincipalAndResource(@NotNull GrantOnPrincipalAndResourceOptions options)
      Add a grant both on the principal and on the resource.

      As long as any principal is given, granting on the principal may fail (in case of a non-identity principal), but granting on the resource will never fail.

      Statement will be the resource statement.

      Parameters:
      options - This parameter is required.

    • addToPrincipalOrResource

      @Stability(Stable) @NotNull public static Grant addToPrincipalOrResource(@NotNull GrantWithResourceOptions options)
      Grant the given permissions to the principal.

      The permissions will be added to the principal policy primarily, falling back to the resource policy if necessary. The permissions must be granted somewhere.

      • Trying to grant permissions to a principal that does not admit adding to the principal policy while not providing a resource with a resource policy is an error.
      • Trying to grant permissions to an absent principal (possible in the case of imported resources) leads to a warning being added to the resource construct.

      Parameters:
      options - This parameter is required.

    • drop

      @Stability(Stable) @NotNull public static Grant drop(@NotNull IGrantable grantee, @NotNull String _intent)
      Returns a "no-op" Grant object which represents a "dropped grant".

      This can be used for e.g. imported resources where you may not be able to modify the resource's policy or some underlying policy which you don't know about.

      Parameters:
      grantee - The intended grantee. This parameter is required.
      _intent - The user's intent (will be ignored at the moment). This parameter is required.

    • applyBefore

      @Stability(Stable) public void applyBefore(@NotNull @NotNull IConstruct... constructs)
      Make sure this grant is applied before the given constructs are deployed.

      The same as construct.node.addDependency(grant), but slightly nicer to read.

      Parameters:
      constructs - This parameter is required.

    • assertSuccess

      @Stability(Stable) public void assertSuccess()
      Throw an error if this grant wasn't successful.

    • getSuccess

      @Stability(Stable) @NotNull public Boolean getSuccess()
      Whether the grant operation was successful.

    • getPrincipalStatement

      @Stability(Stable) @Nullable public PolicyStatement getPrincipalStatement()
      The statement that was added to the principal's policy.

      Can be accessed to (e.g.) add additional conditions to the statement.

    • getResourceStatement

      @Stability(Stable) @Nullable public PolicyStatement getResourceStatement()
      The statement that was added to the resource policy.

      Can be accessed to (e.g.) add additional conditions to the statement.