Package software.amazon.awscdk.services.iam

Class Policy

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.Resource
software.amazon.awscdk.services.iam.Policy
All Implemented Interfaces:
IResource, IGrantable, IPolicy, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.93.0 (build 1706ca5)", date="2024-01-03T18:29:27.475Z") @Stability(Stable) public class Policy extends Resource implements IPolicy, IGrantable
The AWS::IAM::Policy resource associates an IAM policy with IAM users, roles, or groups.

For more information about IAM policies, see Overview of IAM Policies in the IAM User Guide guide.

Example: 

 Function postAuthFn;
 UserPool userpool = UserPool.Builder.create(this, "myuserpool")
         .lambdaTriggers(UserPoolTriggers.builder()
                 .postAuthentication(postAuthFn)
                 .build())
         .build();
 // provide permissions to describe the user pool scoped to the ARN the user pool
 postAuthFn.role.attachInlinePolicy(Policy.Builder.create(this, "userpool-policy")
         .statements(List.of(PolicyStatement.Builder.create()
                 .actions(List.of("cognito-idp:DescribeUserPool"))
                 .resources(List.of(userpool.getUserPoolArn()))
                 .build()))
         .build());

  • Constructor Details

    • Policy

      protected Policy(software.amazon.jsii.JsiiObjectRef objRef)

    • Policy

      protected Policy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • Policy

      @Stability(Stable) public Policy(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable PolicyProps props)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      props -

    • Policy

      @Stability(Stable) public Policy(@NotNull software.constructs.Construct scope, @NotNull String id)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.

  • Method Details

    • fromPolicyName

      @Stability(Stable) @NotNull public static IPolicy fromPolicyName(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String policyName)
      Import a policy in this app based on its name.

      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      policyName - This parameter is required.

    • addStatements

      @Stability(Stable) public void addStatements(@NotNull @NotNull PolicyStatement... statement)
      Adds a statement to the policy document.

      Parameters:
      statement - This parameter is required.

    • attachToGroup

      @Stability(Stable) public void attachToGroup(@NotNull IGroup group)
      Attaches this policy to a group.

      Parameters:
      group - This parameter is required.

    • attachToRole

      @Stability(Stable) public void attachToRole(@NotNull IRole role)
      Attaches this policy to a role.

      Parameters:
      role - This parameter is required.

    • attachToUser

      @Stability(Stable) public void attachToUser(@NotNull IUser user)
      Attaches this policy to a user.

      Parameters:
      user - This parameter is required.

    • getDocument

      @Stability(Stable) @NotNull public PolicyDocument getDocument()
      The policy document.

    • getGrantPrincipal

      @Stability(Stable) @NotNull public IPrincipal getGrantPrincipal()
      The principal to grant permissions to.
      Specified by:
      getGrantPrincipal in interface IGrantable

    • getPolicyName

      @Stability(Stable) @NotNull public String getPolicyName()
      The name of this policy.
      Specified by:
      getPolicyName in interface IPolicy