aws-cdk-lib.aws_iam.PolicyDocument

class PolicyDocument

LanguageType name
.NETAmazon.CDK.AWS.IAM.PolicyDocument
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsiam#PolicyDocument
Javasoftware.amazon.awscdk.services.iam.PolicyDocument
Pythonaws_cdk.aws_iam.PolicyDocument
TypeScript (source)aws-cdk-lib » aws_iam » PolicyDocument

Implements IResolvable

A PolicyDocument is a collection of statements.

Example

import * as iam from 'aws-cdk-lib/aws-iam';

const myFileSystemPolicy = new iam.PolicyDocument({
  statements: [new iam.PolicyStatement({
    actions: [
      'elasticfilesystem:ClientWrite',
      'elasticfilesystem:ClientMount',
    ],
    principals: [new iam.AccountRootPrincipal()],
    resources: ['*'],
    conditions: {
      Bool: {
        'elasticfilesystem:AccessedViaMountTarget': 'true',
      },
    },
  })],
});

const fileSystem = new efs.FileSystem(this, 'MyEfsFileSystem', {
  vpc: new ec2.Vpc(this, 'VPC'),
  fileSystemPolicy: myFileSystemPolicy,
});

Initializer

new PolicyDocument(props?: PolicyDocumentProps)

Parameters

  • props PolicyDocumentProps

Properties

NameTypeDescription
creationStackstring[]The creation stack of this resolvable which will be appended to errors thrown during resolution.
isEmptybooleanWhether the policy document contains any statements.
statementCountnumberThe number of statements already added to this policy.

creationStack

Type: string[]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

This may return an array with a single informational element indicating how to get this property populated, if it was skipped for performance reasons.


isEmpty

Type: boolean

Whether the policy document contains any statements.


statementCount

Type: number

The number of statements already added to this policy.

Can be used, for example, to generate unique "sid"s within the policy.

Methods

NameDescription
addStatements(...statement)Adds a statement to the policy document.
resolve(context)Produce the Token's value at resolution time.
toJSON()JSON-ify the document.
toString()Encode the policy document as a string.
validateForAnyPolicy()Validate that all policy statements in the policy document satisfies the requirements for any policy.
validateForIdentityPolicy()Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.
validateForResourcePolicy()Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.
static fromJson(obj)Creates a new PolicyDocument based on the object provided.

addStatements(...statement)

public addStatements(...statement: PolicyStatement[]): void

Parameters

  • statement PolicyStatement — the statement to add.

Adds a statement to the policy document.


resolve(context)

public resolve(context: IResolveContext): any

Parameters

  • context IResolveContext

Returns

  • any

Produce the Token's value at resolution time.


toJSON()

public toJSON(): any

Returns

  • any

JSON-ify the document.

Used when JSON.stringify() is called


toString()

public toString(): string

Returns

  • string

Encode the policy document as a string.


validateForAnyPolicy()

public validateForAnyPolicy(): string[]

Returns

  • string[]

Validate that all policy statements in the policy document satisfies the requirements for any policy.

See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json


validateForIdentityPolicy()

public validateForIdentityPolicy(): string[]

Returns

  • string[]

Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.

See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json


validateForResourcePolicy()

public validateForResourcePolicy(): string[]

Returns

  • string[]

Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.

See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json


static fromJson(obj)

public static fromJson(obj: any): PolicyDocument

Parameters

  • obj any — the PolicyDocument in object form.

Returns

  • PolicyDocument

Creates a new PolicyDocument based on the object provided.

This will accept an object created from the .toJSON() call