Class ManagedPolicy
Managed policy.
Inherited Members
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.AWS.IAM.dll
Syntax (csharp)
public class ManagedPolicy : Resource, IResource, IConstruct, IDependable, IManagedPolicySyntax (vb)
Public Class ManagedPolicy
Inherits Resource
Implements IResource, IConstruct, IDependable, IManagedPolicyRemarks
ExampleMetadata: infused
Examples
var myRole = new Role(this, "My Role", new RoleProps {
AssumedBy = new ServicePrincipal("lambda.amazonaws.com")
});
var fn = new Function(this, "MyFunction", new FunctionProps {
Runtime = Runtime.NODEJS_16_X,
Handler = "index.handler",
Code = Code.FromAsset(Join(__dirname, "lambda-handler")),
Role = myRole
});
myRole.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"));
myRole.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole"));Synopsis
Constructors
| ManagedPolicy(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
| ManagedPolicy(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
| ManagedPolicy(Construct, String, IManagedPolicyProps) |
Properties
| Description | The description of this policy. |
| Document | The policy document. |
| ManagedPolicyArn | Returns the ARN of this managed policy. |
| ManagedPolicyName | The name of this policy. |
| Path | The path of this policy. |
Methods
| AddStatements(PolicyStatement[]) | Adds a statement to the policy document. |
| AttachToGroup(IGroup) | Attaches this policy to a group. |
| AttachToRole(IRole) | Attaches this policy to a role. |
| AttachToUser(IUser) | Attaches this policy to a user. |
| FromAwsManagedPolicyName(String) | Import a managed policy from one of the policies that AWS manages. |
| FromManagedPolicyArn(Construct, String, String) | Import an external managed policy by ARN. |
| FromManagedPolicyName(Construct, String, String) | Import a customer managed policy from the managedPolicyName. |
| Validate() | Validate the current construct. |
Constructors
ManagedPolicy(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected ManagedPolicy(ByRefValue reference)Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
ManagedPolicy(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected ManagedPolicy(DeputyBase.DeputyProps props)Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
ManagedPolicy(Construct, String, IManagedPolicyProps)
public ManagedPolicy(Construct scope, string id, IManagedPolicyProps props = null)Parameters
- scope Constructs.Construct
- id System.String
- props IManagedPolicyProps
Properties
Description
The description of this policy.
public virtual string Description { get; }Property Value
System.String
Remarks
Attribute: true
Document
ManagedPolicyArn
Returns the ARN of this managed policy.
public virtual string ManagedPolicyArn { get; }Property Value
System.String
Remarks
Attribute: true
ManagedPolicyName
The name of this policy.
public virtual string ManagedPolicyName { get; }Property Value
System.String
Remarks
Attribute: true
Path
The path of this policy.
public virtual string Path { get; }Property Value
System.String
Remarks
Attribute: true
Methods
AddStatements(PolicyStatement[])
Adds a statement to the policy document.
public virtual void AddStatements(params PolicyStatement[] statement)Parameters
- statement PolicyStatement[]
AttachToGroup(IGroup)
Attaches this policy to a group.
public virtual void AttachToGroup(IGroup group)Parameters
- group IGroup
AttachToRole(IRole)
AttachToUser(IUser)
FromAwsManagedPolicyName(String)
Import a managed policy from one of the policies that AWS manages.
public static IManagedPolicy FromAwsManagedPolicyName(string managedPolicyName)Parameters
- managedPolicyName System.String
Returns
Remarks
For this managed policy, you only need to know the name to be able to use it.
Some managed policy names start with "service-role/", some start with "job-function/", and some don't start with anything. Include the prefix when constructing this object.
FromManagedPolicyArn(Construct, String, String)
Import an external managed policy by ARN.
public static IManagedPolicy FromManagedPolicyArn(Construct scope, string id, string managedPolicyArn)Parameters
- scope Constructs.Construct
construct scope.
- id System.String
construct id.
- managedPolicyArn System.String
the ARN of the managed policy to import.
Returns
Remarks
For this managed policy, you only need to know the ARN to be able to use it. This can be useful if you got the ARN from a CloudFormation Export.
If the imported Managed Policy ARN is a Token (such as a
CfnParameter.valueAsString or a Fn.importValue()) and the referenced
managed policy has a path (like arn:...:policy/AdminPolicy/AdminAllow), the
managedPolicyName property will not resolve to the correct value. Instead it
will resolve to the first path component. We unfortunately cannot express
the correct calculation of the full path name as a CloudFormation
expression. In this scenario the Managed Policy ARN should be supplied without the
path in order to resolve the correct managed policy resource.
FromManagedPolicyName(Construct, String, String)
Import a customer managed policy from the managedPolicyName.
public static IManagedPolicy FromManagedPolicyName(Construct scope, string id, string managedPolicyName)Parameters
- scope Constructs.Construct
- id System.String
- managedPolicyName System.String
Returns
Remarks
For this managed policy, you only need to know the name to be able to use it.
Validate()
Validate the current construct.
protected override string[] Validate()Returns
System.String[]
Overrides
Remarks
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.