interface PolicyStatementProps
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.IAM.PolicyStatementProps |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awsiam#PolicyStatementProps |
![]() | software.amazon.awscdk.services.iam.PolicyStatementProps |
![]() | aws_cdk.aws_iam.PolicyStatementProps |
![]() | aws-cdk-lib » aws_iam » PolicyStatementProps |
Interface for creating a policy statement.
Example
const accessLogsBucket = new s3.Bucket(this, 'AccessLogsBucket', {
objectOwnership: s3.ObjectOwnership.BUCKET_OWNER_ENFORCED,
});
accessLogsBucket.addToResourcePolicy(
new iam.PolicyStatement({
actions: ['s3:*'],
resources: [accessLogsBucket.bucketArn, accessLogsBucket.arnForObjects('*')],
principals: [new iam.AnyPrincipal()],
})
)
const bucket = new s3.Bucket(this, 'MyBucket', {
serverAccessLogsBucket: accessLogsBucket,
serverAccessLogsPrefix: 'logs',
});
Properties
Name | Type | Description |
---|---|---|
actions? | string[] | List of actions to add to the statement. |
conditions? | { [string]: any } | Conditions to add to the statement. |
effect? | Effect | Whether to allow or deny the actions in this statement. |
not | string[] | List of not actions to add to the statement. |
not | IPrincipal [] | List of not principals to add to the statement. |
not | string[] | NotResource ARNs to add to the statement. |
principals? | IPrincipal [] | List of principals to add to the statement. |
resources? | string[] | Resource ARNs to add to the statement. |
sid? | string | The Sid (statement ID) is an optional identifier that you provide for the policy statement. |
actions?
Type:
string[]
(optional, default: no actions)
List of actions to add to the statement.
conditions?
Type:
{ [string]: any }
(optional, default: no condition)
Conditions to add to the statement.
effect?
Type:
Effect
(optional, default: Effect.ALLOW)
Whether to allow or deny the actions in this statement.
notActions?
Type:
string[]
(optional, default: no not-actions)
List of not actions to add to the statement.
notPrincipals?
Type:
IPrincipal
[]
(optional, default: no not principals)
List of not principals to add to the statement.
notResources?
Type:
string[]
(optional, default: no not-resources)
NotResource ARNs to add to the statement.
principals?
Type:
IPrincipal
[]
(optional, default: no principals)
List of principals to add to the statement.
resources?
Type:
string[]
(optional, default: no resources)
Resource ARNs to add to the statement.
sid?
Type:
string
(optional, default: no sid)
The Sid (statement ID) is an optional identifier that you provide for the policy statement.
You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In IAM, the Sid value must be unique within a JSON policy.