Interface ManagedPolicyProps
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
ManagedPolicyProps.Jsii$Proxy
Example:
Map<String, Object> policyDocument = Map.of(
"Version", "2012-10-17",
"Statement", List.of(Map.of(
"Sid", "FirstStatement",
"Effect", "Allow",
"Action", List.of("iam:ChangePassword"),
"Resource", List.of("*")), Map.of(
"Sid", "SecondStatement",
"Effect", "Allow",
"Action", List.of("s3:ListAllMyBuckets"),
"Resource", List.of("*")), Map.of(
"Sid", "ThirdStatement",
"Effect", "Allow",
"Action", List.of("s3:List*", "s3:Get*"),
"Resource", List.of("arn:aws:s3:::confidential-data", "arn:aws:s3:::confidential-data/*"),
"Condition", Map.of("Bool", Map.of("aws:MultiFactorAuthPresent", "true")))));
PolicyDocument customPolicyDocument = PolicyDocument.fromJson(policyDocument);
// You can pass this document as an initial document to a ManagedPolicy
// or inline Policy.
ManagedPolicy newManagedPolicy = ManagedPolicy.Builder.create(this, "MyNewManagedPolicy")
.document(customPolicyDocument)
.build();
Policy newPolicy = Policy.Builder.create(this, "MyNewPolicy")
.document(customPolicyDocument)
.build();
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forManagedPolicyPropsstatic final classAn implementation forManagedPolicyProps -
Method Summary
Modifier and TypeMethodDescriptionstatic ManagedPolicyProps.Builderbuilder()default StringA description of the managed policy.default PolicyDocumentInitial PolicyDocument to use for this ManagedPolicy.Groups to attach this policy to.default StringThe name of the managed policy.default StringgetPath()The path for the policy.getRoles()Roles to attach this policy to.default List<PolicyStatement>Initial set of permissions to add to this policy document.getUsers()Users to attach this policy to.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getDescription
A description of the managed policy.Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." The policy description is immutable. After a value is assigned, it cannot be changed.
Default: - empty
-
getDocument
Initial PolicyDocument to use for this ManagedPolicy.If omited, any
PolicyStatementprovided in thestatementsproperty will be applied against the empty defaultPolicyDocument.Default: - An empty policy.
-
getGroups
Groups to attach this policy to.You can also use
attachToGroup(group)to attach this policy to a group.Default: - No groups.
-
getManagedPolicyName
The name of the managed policy.If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name.
Default: - A name is automatically generated.
-
getPath
The path for the policy.This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL character (), including most punctuation characters, digits, and upper and lowercased letters.
For more information about paths, see IAM Identifiers in the IAM User Guide.
Default: - "/"
-
getRoles
Roles to attach this policy to.You can also use
attachToRole(role)to attach this policy to a role.Default: - No roles.
-
getStatements
Initial set of permissions to add to this policy document.You can also use
addPermission(statement)to add permissions later.Default: - No statements.
-
getUsers
Users to attach this policy to.You can also use
attachToUser(user)to attach this policy to a user.Default: - No users.
-
builder
- Returns:
- a
ManagedPolicyProps.BuilderofManagedPolicyProps
-