class CfnPolicyPropsMixin
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.Mixins.Preview.AWS.VerifiedPermissions.Mixins.CfnPolicyPropsMixin |
 Go | github.com/aws/aws-cdk-go/awscdkmixinspreview/v2/awsverifiedpermissions/mixins#CfnPolicyPropsMixin |
 Java | software.amazon.awscdk.mixins.preview.services.verifiedpermissions.mixins.CfnPolicyPropsMixin |
 Python | aws_cdk.mixins_preview.aws_verifiedpermissions.mixins.CfnPolicyPropsMixin |
 TypeScript | @aws-cdk/mixins-preview » aws_verifiedpermissions » mixins » CfnPolicyPropsMixin |
Implements
IMixin
Extends
Mixin
Creates or updates a Cedar policy and saves it in the specified policy store.
You can create either a static policy or a policy linked to a policy template.
You can directly update only static policies. To update a template-linked policy, you must update its linked policy template instead.
- To create a static policy, in the
Definitioninclude aStaticelement that includes the Cedar policy text in theStatementelement. - To create a policy that is dynamically linked to a policy template, in the
Definitioninclude aTemplatelinkedelement that specifies the policy template ID and the principal and resource to associate with this policy. If the policy template is ever updated, any policies linked to the policy template automatically use the updated template.
If policy validation is enabled in the policy store, then updating a static policy causes Verified Permissions to validate the policy against the schema in the policy store. If the updated static policy doesn't pass validation, the operation fails and the update isn't stored.
When you edit a static policy, You can change only certain elements of a static policy:
The action referenced by the policy.
A condition clause, such as when and unless.
You can't change these elements of a static policy:
- Changing a policy from a static policy to a template-linked policy.
- Changing the effect of a static policy from permit or forbid.
- The principal referenced by a static policy.
- The resource referenced by a static policy.
- To update a template-linked policy, you must update the template instead.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { mixins } from '@aws-cdk/mixins-preview';
import { mixins as verifiedpermissions_mixins } from '@aws-cdk/mixins-preview/aws-verifiedpermissions';
const cfnPolicyPropsMixin = new verifiedpermissions_mixins.CfnPolicyPropsMixin({
definition: {
static: {
description: 'description',
statement: 'statement',
},
templateLinked: {
policyTemplateId: 'policyTemplateId',
principal: {
entityId: 'entityId',
entityType: 'entityType',
},
resource: {
entityId: 'entityId',
entityType: 'entityType',
},
},
},
policyStoreId: 'policyStoreId',
}, /* all optional props */ {
strategy: mixins.PropertyMergeStrategy.OVERRIDE,
});
Initializer
new CfnPolicyPropsMixin(props: CfnPolicyMixinProps, options?: CfnPropertyMixinOptions)
Parameters
- props
Cfn— L1 properties to apply.Policy Mixin Props - options
Cfn— Mixin options.Property Mixin Options
Create a mixin to apply properties to AWS::VerifiedPermissions::Policy.
Properties
| Name | Type | Description |
|---|---|---|
| props | Cfn | |
| strategy | Property | |
| static CFN_PROPERTY_KEYS | string[] |
props
Type:
Cfn
strategy
Type:
Property
static CFN_PROPERTY_KEYS
Type:
string[]
Methods
| Name | Description |
|---|---|
| apply | Apply the mixin properties to the construct. |
| supports(construct) | Check if this mixin supports the given construct. |
applyTo(construct)
public applyTo(construct: IConstruct): void
Parameters
- construct
IConstruct
Apply the mixin properties to the construct.
supports(construct)
public supports(construct: IConstruct): boolean
Parameters
- construct
IConstruct
Returns
boolean
Check if this mixin supports the given construct.