aws-cdk-lib.aws_iam.CfnPolicyProps

interface CfnPolicyProps

LanguageType name
.NETAmazon.CDK.AWS.IAM.CfnPolicyProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsiam#CfnPolicyProps
Javasoftware.amazon.awscdk.services.iam.CfnPolicyProps
Pythonaws_cdk.aws_iam.CfnPolicyProps
TypeScript aws-cdk-lib » aws_iam » CfnPolicyProps

Properties for defining a CfnPolicy.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_iam as iam } from 'aws-cdk-lib';

declare const policyDocument: any;
const cfnPolicyProps: iam.CfnPolicyProps = {
  policyDocument: policyDocument,
  policyName: 'policyName',

  // the properties below are optional
  groups: ['groups'],
  roles: ['roles'],
  users: ['users'],
};

Properties

NameTypeDescription
policyDocumentanyThe policy document.
policyNamestringThe name of the policy document.
groups?string[]The name of the group to associate the policy with.
roles?string[]The name of the role to associate the policy with.
users?string[]The name of the user to associate the policy with.

policyDocument

Type: any

The policy document.

You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character ( \ u0020 ) through the end of the ASCII character range
  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \ u00FF )
  • The special characters tab ( \ u0009 ), line feed ( \ u000A ), and carriage return ( \ u000D )

policyName

Type: string

The name of the policy document.

This parameter allows (through its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-


groups?

Type: string[] (optional)

The name of the group to associate the policy with.

This parameter allows (through its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.


roles?

Type: string[] (optional)

The name of the role to associate the policy with.

This parameter allows (per its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

If an external policy (such as AWS::IAM::Policy or AWS::IAM::ManagedPolicy ) has a Ref to a role and if a resource (such as AWS::ECS::Service ) also has a Ref to the same role, add a DependsOn attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an AWS::ECS::Service resource, the DependsOn attribute ensures that AWS CloudFormation deletes the AWS::ECS::Service resource before deleting its role's policy.


users?

Type: string[] (optional)

The name of the user to associate the policy with.

This parameter allows (through its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-