aws-cdk-lib.aws_iam.GrantOnPrincipalAndResourceOptions

interface GrantOnPrincipalAndResourceOptions

LanguageType name
.NETAmazon.CDK.AWS.IAM.GrantOnPrincipalAndResourceOptions
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsiam#GrantOnPrincipalAndResourceOptions
Javasoftware.amazon.awscdk.services.iam.GrantOnPrincipalAndResourceOptions
Pythonaws_cdk.aws_iam.GrantOnPrincipalAndResourceOptions
TypeScript (source)aws-cdk-lib » aws_iam » GrantOnPrincipalAndResourceOptions

Options for a grant operation to both identity and resource.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_iam as iam } from 'aws-cdk-lib';

declare const conditions: any;
declare const grantable: iam.IGrantable;
declare const principal: iam.IPrincipal;
declare const resourceWithPolicy: iam.IResourceWithPolicy;
const grantOnPrincipalAndResourceOptions: iam.GrantOnPrincipalAndResourceOptions = {
  actions: ['actions'],
  grantee: grantable,
  resource: resourceWithPolicy,
  resourceArns: ['resourceArns'],

  // the properties below are optional
  conditions: {
    conditionsKey: {
      conditionsKey: conditions,
    },
  },
  resourcePolicyPrincipal: principal,
  resourceSelfArns: ['resourceSelfArns'],
};

Properties

NameTypeDescription
actionsstring[]The actions to grant.
granteeIGrantableThe principal to grant to.
resourceIResourceWithPolicyThe resource with a resource policy.
resourceArnsstring[]The resource ARNs to grant to.
conditions?{ [string]: { [string]: any } }Any conditions to attach to the grant.
resourcePolicyPrincipal?IPrincipalThe principal to use in the statement for the resource policy.
resourceSelfArns?string[]When referring to the resource in a resource policy, use this as ARN.

actions

Type: string[]

The actions to grant.


grantee

Type: IGrantable

The principal to grant to.


resource

Type: IResourceWithPolicy

The resource with a resource policy.

The statement will always be added to the resource policy.


resourceArns

Type: string[]

The resource ARNs to grant to.


conditions?

Type: { [string]: { [string]: any } } (optional, default: No conditions)

Any conditions to attach to the grant.


resourcePolicyPrincipal?

Type: IPrincipal (optional, default: the principal of the grantee will be used)

The principal to use in the statement for the resource policy.


resourceSelfArns?

Type: string[] (optional, default: Same as regular resource ARNs)

When referring to the resource in a resource policy, use this as ARN.

(Depending on the resource type, this needs to be '*' in a resource policy).