class TopicPolicy (construct)
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.SNS.TopicPolicy |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awssns#TopicPolicy |
![]() | software.amazon.awscdk.services.sns.TopicPolicy |
![]() | aws_cdk.aws_sns.TopicPolicy |
![]() | aws-cdk-lib » aws_sns » TopicPolicy |
Implements
IConstruct
, IDependable
, IResource
The policy for an SNS Topic.
Policies define the operations that are allowed on this resource.
You almost never need to define this construct directly.
All AWS resources that support resource policies have a method called
addToResourcePolicy()
, which will automatically create a new resource
policy if one doesn't exist yet, otherwise it will add to the existing
policy.
Prefer to use addToResourcePolicy()
instead.
Example
const topic = new sns.Topic(this, 'Topic');
const policyDocument = new iam.PolicyDocument({
assignSids: true,
statements: [
new iam.PolicyStatement({
actions: ["sns:Subscribe"],
principals: [new iam.AnyPrincipal()],
resources: [topic.topicArn],
}),
],
});
const topicPolicy = new sns.TopicPolicy(this, 'Policy', {
topics: [topic],
policyDocument,
});
Initializer
new TopicPolicy(scope: Construct, id: string, props: TopicPolicyProps)
Parameters
- scope
Construct
- id
string
- props
Topic
Policy Props
Construct Props
Name | Type | Description |
---|---|---|
topics | ITopic [] | The set of topics this policy applies to. |
enforce | boolean | Adds a statement to enforce encryption of data in transit when publishing to the topic. |
policy | Policy | IAM policy document to apply to topic(s). |
topics
Type:
ITopic
[]
The set of topics this policy applies to.
enforceSSL?
Type:
boolean
(optional, default: false)
Adds a statement to enforce encryption of data in transit when publishing to the topic.
For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit.
policyDocument?
Type:
Policy
(optional, default: empty policy document)
IAM policy document to apply to topic(s).
Properties
Name | Type | Description |
---|---|---|
document | Policy | The IAM policy document for this policy. |
env | Resource | The environment this resource belongs to. |
node | Node | The tree node. |
stack | Stack | The stack in which this resource is defined. |
document
Type:
Policy
The IAM policy document for this policy.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
node
Type:
Node
The tree node.
stack
Type:
Stack
The stack in which this resource is defined.
Methods
Name | Description |
---|---|
apply | Apply the given removal policy to this resource. |
to | Returns a string representation of this construct. |
protected create | Adds a statement to enforce encryption of data in transit when publishing to the topic. |
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
Removal
Policy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY
), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN
).
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
protected createSSLPolicyDocument(topicArn)
protected createSSLPolicyDocument(topicArn: string): PolicyStatement
Parameters
- topicArn
string
Returns
Adds a statement to enforce encryption of data in transit when publishing to the topic.
For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit.