interface ManagedPolicyProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.IAM.ManagedPolicyProps |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsiam#ManagedPolicyProps |
 Java | software.amazon.awscdk.services.iam.ManagedPolicyProps |
 Python | aws_cdk.aws_iam.ManagedPolicyProps |
 TypeScript (source) | aws-cdk-lib » aws_iam » ManagedPolicyProps |
Properties for defining an IAM managed policy.
Example
const policyDocument = {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "FirstStatement",
"Effect": "Allow",
"Action": ["iam:ChangePassword"],
"Resource": ["*"],
},
{
"Sid": "SecondStatement",
"Effect": "Allow",
"Action": ["s3:ListAllMyBuckets"],
"Resource": ["*"],
},
{
"Sid": "ThirdStatement",
"Effect": "Allow",
"Action": [
"s3:List*",
"s3:Get*",
],
"Resource": [
"arn:aws:s3:::confidential-data",
"arn:aws:s3:::confidential-data/*",
],
"Condition": {"Bool": {"aws:MultiFactorAuthPresent": "true"}},
},
],
};
const customPolicyDocument = iam.PolicyDocument.fromJson(policyDocument);
// You can pass this document as an initial document to a ManagedPolicy
// or inline Policy.
const newManagedPolicy = new iam.ManagedPolicy(this, 'MyNewManagedPolicy', {
document: customPolicyDocument,
});
const newPolicy = new iam.Policy(this, 'MyNewPolicy', {
document: customPolicyDocument,
});
Properties
| Name | Type | Description |
|---|---|---|
| description? | string | A description of the managed policy. |
| document? | Policy | Initial PolicyDocument to use for this ManagedPolicy. |
| groups? | IGroup[] | Groups to attach this policy to. |
| managed | string | The name of the managed policy. |
| path? | string | The path for the policy. |
| roles? | IRole[] | Roles to attach this policy to. |
| statements? | Policy[] | Initial set of permissions to add to this policy document. |
| users? | IUser[] | Users to attach this policy to. |
description?
Type:
string
(optional, default: empty)
A description of the managed policy.
Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." The policy description is immutable. After a value is assigned, it cannot be changed.
document?
Type:
Policy
(optional, default: An empty policy.)
Initial PolicyDocument to use for this ManagedPolicy.
If omited, any
PolicyStatement provided in the statements property will be applied
against the empty default PolicyDocument.
groups?
Type:
IGroup[]
(optional, default: No groups.)
Groups to attach this policy to.
You can also use attachToGroup(group) to attach this policy to a group.
managedPolicyName?
Type:
string
(optional, default: A name is automatically generated.)
The name of the managed policy.
If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name.
path?
Type:
string
(optional, default: "/")
The path for the policy.
This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
For more information about paths, see IAM Identifiers in the IAM User Guide.
roles?
Type:
IRole[]
(optional, default: No roles.)
Roles to attach this policy to.
You can also use attachToRole(role) to attach this policy to a role.
statements?
Type:
Policy[]
(optional, default: No statements.)
Initial set of permissions to add to this policy document.
You can also use addPermission(statement) to add permissions later.
users?
Type:
IUser[]
(optional, default: No users.)
Users to attach this policy to.
You can also use attachToUser(user) to attach this policy to a user.