GrantOnPrincipalAndResourceOptions
- class aws_cdk.aws_iam.GrantOnPrincipalAndResourceOptions(*, actions, grantee, resource_arns, resource, resource_policy_principal=None, resource_self_arns=None)
Bases:
CommonGrantOptions
Options for a grant operation to both identity and resource.
- Parameters:
actions (
Sequence
[str
]) – The actions to grant.grantee (
IGrantable
) – The principal to grant to. Default: if principal is undefined, no work is done.resource_arns (
Sequence
[str
]) – The resource ARNs to grant to.resource (
IResourceWithPolicy
) – The resource with a resource policy. The statement will always be added to the resource policy.resource_policy_principal (
Optional
[IPrincipal
]) – The principal to use in the statement for the resource policy. Default: - the principal of the grantee will be usedresource_self_arns (
Optional
[Sequence
[str
]]) – When referring to the resource in a resource policy, use this as ARN. (Depending on the resource type, this needs to be ‘*’ in a resource policy). Default: Same as regular resource ARNs
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_iam as iam # grantable: iam.IGrantable # principal: iam.IPrincipal # resource_with_policy: iam.IResourceWithPolicy grant_on_principal_and_resource_options = iam.GrantOnPrincipalAndResourceOptions( actions=["actions"], grantee=grantable, resource=resource_with_policy, resource_arns=["resourceArns"], # the properties below are optional resource_policy_principal=principal, resource_self_arns=["resourceSelfArns"] )
Attributes
- actions
The actions to grant.
- grantee
The principal to grant to.
- Default:
if principal is undefined, no work is done.
- resource
The resource with a resource policy.
The statement will always be added to the resource policy.
- resource_arns
The resource ARNs to grant to.
- resource_policy_principal
The principal to use in the statement for the resource policy.
- Default:
the principal of the grantee will be used
- resource_self_arns
When referring to the resource in a resource policy, use this as ARN.
(Depending on the resource type, this needs to be ‘*’ in a resource policy).
- Default:
Same as regular resource ARNs