AWS::EntityResolution::PolicyStatement
Adds a policy statement object. To retrieve a list of existing policy statements, use
the GetPolicy API.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::EntityResolution::PolicyStatement", "Properties" : { "Action" :[ String, ... ], "Arn" :String, "Condition" :String, "Effect" :String, "Principal" :[ String, ... ], "StatementId" :String} }
YAML
Type: AWS::EntityResolution::PolicyStatement Properties: Action:- StringArn:StringCondition:StringEffect:StringPrincipal:- StringStatementId:String
Properties
Action-
The action that the principal can use on the resource.
For example,
entityresolution:GetIdMappingJob,entityresolution:GetMatchingJob.Required: No
Type: Array of String
Update requires: No interruption
Arn-
The Amazon Resource Name (ARN) of the resource that will be accessed by the principal.
Required: Yes
Type: String
Pattern:
^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:((schemamapping|matchingworkflow|idmappingworkflow|idnamespace)/[a-zA-Z_0-9-]{1,255})$Update requires: Replacement
Condition-
A set of condition keys that you can use in key policies.
Required: No
Type: String
Minimum:
1Maximum:
40960Update requires: No interruption
Effect-
Determines whether the permissions specified in the policy are to be allowed (
Allow) or denied (Deny).Important
If you set the value of the
effectparameter toDenyfor theAddPolicyStatementoperation, you must also set the value of theeffectparameter in thepolicytoDenyfor thePutPolicyoperation.Required: No
Type: String
Allowed values:
Allow | DenyUpdate requires: No interruption
Principal-
The AWS service or AWS account that can access the resource defined as ARN.
Required: No
Type: Array of String
Update requires: No interruption
StatementId-
A statement identifier that differentiates the statement from others in the same policy.
Required: Yes
Type: String
Pattern:
^[0-9A-Za-z]+$Minimum:
1Maximum:
64Update requires: Replacement
