aws-cdk-lib.aws_iam.PermissionsBoundary

class PermissionsBoundary

LanguageType name
.NETAmazon.CDK.AWS.IAM.PermissionsBoundary
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsiam#PermissionsBoundary
Javasoftware.amazon.awscdk.services.iam.PermissionsBoundary
Pythonaws_cdk.aws_iam.PermissionsBoundary
TypeScript (source)aws-cdk-lib » aws_iam » PermissionsBoundary

Modify the Permissions Boundaries of Users and Roles in a construct tree.

const policy = iam.ManagedPolicy.fromAwsManagedPolicyName('ReadOnlyAccess');
iam.PermissionsBoundary.of(this).apply(policy);

Example

declare const project: codebuild.Project;
iam.PermissionsBoundary.of(project).apply(new codebuild.UntrustedCodeBoundaryPolicy(this, 'Boundary'));

Methods

NameDescription
apply(boundaryPolicy)Apply the given policy as Permissions Boundary to all Roles and Users in the scope.
clear()Remove previously applied Permissions Boundaries.
static of(scope)Access the Permissions Boundaries of a construct tree.

apply(boundaryPolicy)

public apply(boundaryPolicy: IManagedPolicy): void

Parameters

  • boundaryPolicy IManagedPolicy

Apply the given policy as Permissions Boundary to all Roles and Users in the scope.

Will override any Permissions Boundaries configured previously; in case a Permission Boundary is applied in multiple scopes, the Boundary applied closest to the Role wins.


clear()

public clear(): void

Remove previously applied Permissions Boundaries.


static of(scope)

public static of(scope: IConstruct): PermissionsBoundary

Parameters

  • scope IConstruct

Returns

  • PermissionsBoundary

Access the Permissions Boundaries of a construct tree.