PolicyDocument
- class aws_cdk.aws_iam.PolicyDocument(*, assign_sids=None, minimize=None, statements=None)
Bases:
objectA PolicyDocument is a collection of statements.
- ExampleMetadata:
infused
Example:
import aws_cdk.aws_iam as iam my_file_system_policy = iam.PolicyDocument( statements=[iam.PolicyStatement( actions=["elasticfilesystem:ClientWrite", "elasticfilesystem:ClientMount" ], principals=[iam.AccountRootPrincipal()], resources=["*"], conditions={ "Bool": { "elasticfilesystem:AccessedViaMountTarget": "true" } } )] ) file_system = efs.FileSystem(self, "MyEfsFileSystem", vpc=ec2.Vpc(self, "VPC"), file_system_policy=my_file_system_policy )
- Parameters:
assign_sids (
Optional[bool]) – Automatically assign Statement Ids to all statements. Default: falseminimize (
Optional[bool]) – Try to minimize the policy by merging statements. To avoid overrunning the maximum policy size, combine statements if they produce the same result. Merging happens according to the following rules: - The Effect of both statements is the same - Neither of the statements have a ‘Sid’ - Combine Principals if the rest of the statement is exactly the same. - Combine Resources if the rest of the statement is exactly the same. - Combine Actions if the rest of the statement is exactly the same. - We will never combine NotPrincipals, NotResources or NotActions, because doing so would change the meaning of the policy document. Default: - false, unless the feature flag@aws-cdk/aws-iam:minimizePoliciesis setstatements (
Optional[Sequence[PolicyStatement]]) – Initial statements to add to the policy document. Default: - No statements
Methods
- add_statements(*statement)
Adds a statement to the policy document.
- Parameters:
statement (
PolicyStatement) – the statement to add.- Return type:
None
- resolve(context)
Produce the Token’s value at resolution time.
- Parameters:
context (
IResolveContext) –- Return type:
Any
- to_json()
JSON-ify the document.
Used when JSON.stringify() is called
- Return type:
Any
- to_string()
Encode the policy document as a string.
- Return type:
str
- validate_for_any_policy()
Validate that all policy statements in the policy document satisfies the requirements for any policy.
- Return type:
List[str]- Returns:
An array of validation error messages, or an empty array if the document is valid.
- See:
- validate_for_identity_policy()
Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.
- Return type:
List[str]- Returns:
An array of validation error messages, or an empty array if the document is valid.
- See:
- validate_for_resource_policy()
Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.
- Return type:
List[str]- Returns:
An array of validation error messages, or an empty array if the document is valid.
- See:
Attributes
- creation_stack
The creation stack of this resolvable which will be appended to errors thrown during resolution.
This may return an array with a single informational element indicating how to get this property populated, if it was skipped for performance reasons.
- is_empty
Whether the policy document contains any statements.
- statement_count
The number of statements already added to this policy.
Can be used, for example, to generate unique “sid”s within the policy.
Static Methods
- classmethod from_json(obj)
Creates a new PolicyDocument based on the object provided.
This will accept an object created from the
.toJSON()call- Parameters:
obj (
Any) – the PolicyDocument in object form.- Return type: