Package software.amazon.awscdk.services.verifiedpermissions

Class CfnPolicy

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.CfnElement

software.amazon.awscdk.CfnRefElement

software.amazon.awscdk.CfnResource

software.amazon.awscdk.services.verifiedpermissions.CfnPolicy

All Implemented Interfaces:

IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.104.0 (build e79254c)",
           date="2025-01-15T21:09:28.234Z")
@Stability(Stable)
public class CfnPolicy
extends CfnResource
implements IInspectable

Creates or updates a Cedar policy and saves it in the specified policy store.

You can create either a static policy or a policy linked to a policy template.

You can directly update only static policies. To update a template-linked policy, you must update its linked policy template instead.

• To create a static policy, in the Definition include a Static element that includes the Cedar policy text in the Statement element.
• To create a policy that is dynamically linked to a policy template, in the Definition include a Templatelinked element that specifies the policy template ID and the principal and resource to associate with this policy. If the policy template is ever updated, any policies linked to the policy template automatically use the updated template.

• If policy validation is enabled in the policy store, then updating a static policy causes Verified Permissions to validate the policy against the schema in the policy store. If the updated static policy doesn't pass validation, the operation fails and the update isn't stored.
• When you edit a static policy, You can change only certain elements of a static policy:
• The action referenced by the policy.
• A condition clause, such as when and unless.

You can't change these elements of a static policy:

• Changing a policy from a static policy to a template-linked policy.
• Changing the effect of a static policy from permit or forbid.
• The principal referenced by a static policy.
• The resource referenced by a static policy.
• To update a template-linked policy, you must update the template instead.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.verifiedpermissions.*;
 CfnPolicy cfnPolicy = CfnPolicy.Builder.create(this, "MyCfnPolicy")
         .definition(PolicyDefinitionProperty.builder()
                 .static(StaticPolicyDefinitionProperty.builder()
                         .statement("statement")
                         // the properties below are optional
                         .description("description")
                         .build())
                 .templateLinked(TemplateLinkedPolicyDefinitionProperty.builder()
                         .policyTemplateId("policyTemplateId")
                         // the properties below are optional
                         .principal(EntityIdentifierProperty.builder()
                                 .entityId("entityId")
                                 .entityType("entityType")
                                 .build())
                         .resource(EntityIdentifierProperty.builder()
                                 .entityId("entityId")
                                 .entityType("entityType")
                                 .build())
                         .build())
                 .build())
         .policyStoreId("policyStoreId")
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-policy.html

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	CfnPolicy.Builder	A fluent builder for CfnPolicy.
static interface	CfnPolicy.EntityIdentifierProperty	Contains the identifier of an entity in a policy, including its ID and type.
static interface	CfnPolicy.PolicyDefinitionProperty	A structure that defines a Cedar policy.
static interface	CfnPolicy.StaticPolicyDefinitionProperty	A structure that defines a static policy.
static interface	CfnPolicy.TemplateLinkedPolicyDefinitionProperty	A structure that describes a policy created by instantiating a policy template.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CFN_RESOURCE_TYPE_NAME	The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	CfnPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnPolicy(software.amazon.jsii.JsiiObjectRef objRef)
	CfnPolicy(software.constructs.Construct scope, String id, CfnPolicyProps props)

Method Summary

Modifier and Type	Method	Description
String	getAttrPolicyId()	The unique ID of the new or updated policy.
String	getAttrPolicyType()	The type of the policy.
protected Map<String,Object>	getCfnProperties()
Object	getDefinition()	Specifies the policy type and content to use for the new or updated policy.
String	getPolicyStoreId()	Specifies the PolicyStoreId of the policy store you want to store the policy in.
void	inspect(TreeInspector inspector)	Examines the CloudFormation resource and discloses attributes.
protected Map<String,Object>	renderProperties(Map<String,Object> props)
void	setDefinition(IResolvable value)	Specifies the policy type and content to use for the new or updated policy.
void	setDefinition(CfnPolicy.PolicyDefinitionProperty value)	Specifies the policy type and content to use for the new or updated policy.
void	setPolicyStoreId(String value)	Specifies the PolicyStoreId of the policy store you want to store the policy in.

Methods inherited from class software.amazon.awscdk.CfnResource

addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.constructs.Construct

getNode, isConstruct

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Details

CFN_RESOURCE_TYPE_NAME

@Stability(Stable)
public static final String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Details

CfnPolicy

protected CfnPolicy(software.amazon.jsii.JsiiObjectRef objRef)

CfnPolicy

protected CfnPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnPolicy

@Stability(Stable)
public CfnPolicy(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 CfnPolicyProps props)

Parameters:

scope - Scope in which this resource is defined. This parameter is required.

id - Construct identifier for this resource (unique in its scope). This parameter is required.

props - Resource properties. This parameter is required.

Method Details

inspect

@Stability(Stable)
public void inspect(@NotNull
 TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - tree inspector to collect and process attributes. This parameter is required.

renderProperties

@Stability(Stable)
@NotNull
protected Map<String,Object> renderProperties(@NotNull
 Map<String,Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrPolicyId

@Stability(Stable)
@NotNull
public String getAttrPolicyId()

The unique ID of the new or updated policy.

getAttrPolicyType

@Stability(Stable)
@NotNull
public String getAttrPolicyType()

The type of the policy. This is one of the following values:.

• Static
• TemplateLinked

getCfnProperties

@Stability(Stable)
@NotNull
protected Map<String,Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getDefinition

@Stability(Stable)
@NotNull
public Object getDefinition()

Specifies the policy type and content to use for the new or updated policy.

setDefinition

@Stability(Stable)
public void setDefinition(@NotNull
 IResolvable value)

Specifies the policy type and content to use for the new or updated policy.

setDefinition

@Stability(Stable)
public void setDefinition(@NotNull
 CfnPolicy.PolicyDefinitionProperty value)

Specifies the policy type and content to use for the new or updated policy.

getPolicyStoreId

@Stability(Stable)
@NotNull
public String getPolicyStoreId()

Specifies the PolicyStoreId of the policy store you want to store the policy in.

setPolicyStoreId

@Stability(Stable)
public void setPolicyStoreId(@NotNull
 String value)

Specifies the PolicyStoreId of the policy store you want to store the policy in.