aws-cdk-lib.aws_verifiedpermissions.CfnPolicyStoreProps

interface CfnPolicyStoreProps

LanguageType name
.NETAmazon.CDK.aws_verifiedpermissions.CfnPolicyStoreProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsverifiedpermissions#CfnPolicyStoreProps
Javaservices.verifiedpermissions.CfnPolicyStoreProps
Pythonaws_cdk.aws_verifiedpermissions.CfnPolicyStoreProps
TypeScript aws-cdk-lib » aws_verifiedpermissions » CfnPolicyStoreProps

Properties for defining a CfnPolicyStore.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_verifiedpermissions as verifiedpermissions } from 'aws-cdk-lib';
const cfnPolicyStoreProps: verifiedpermissions.CfnPolicyStoreProps = {
  validationSettings: {
    mode: 'mode',
  },

  // the properties below are optional
  schema: {
    cedarJson: 'cedarJson',
  },
};

Properties

NameTypeDescription
validationSettingsIResolvable | ValidationSettingsPropertySpecifies the validation setting for this policy store.
schema?IResolvable | SchemaDefinitionPropertyCreates or updates the policy schema in a policy store.

validationSettings

Type: IResolvable | ValidationSettingsProperty

Specifies the validation setting for this policy store.

Currently, the only valid and required value is Mode .

We recommend that you turn on STRICT mode only after you define a schema. If a schema doesn't exist, then STRICT mode causes any policy to fail validation, and Verified Permissions rejects the policy. You can turn off validation by using the UpdatePolicyStore . Then, when you have a schema defined, use UpdatePolicyStore again to turn validation back on.


schema?

Type: IResolvable | SchemaDefinitionProperty (optional)

Creates or updates the policy schema in a policy store.

Cedar can use the schema to validate any Cedar policies and policy templates submitted to the policy store. Any changes to the schema validate only policies and templates submitted after the schema change. Existing policies and templates are not re-evaluated against the changed schema. If you later update a policy, then it is evaluated against the new schema at that time.