Class ManagedPolicy

Managed policy.

Inheritance
object
Resource
ManagedPolicy
UntrustedCodeBoundaryPolicy
Implements
IConstruct
IDependable
Inherited Members
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class ManagedPolicy : Resource, IResource, IConstruct, IDependable, IManagedPolicy, IGrantable
Syntax (vb)
Public Class ManagedPolicy Inherits Resource Implements IResource, IConstruct, IDependable, IManagedPolicy, IGrantable
Remarks

ExampleMetadata: infused

Examples
Build build;

            var role = new Role(this, "Role", new RoleProps {
                AssumedBy = new CompositePrincipal(new ServicePrincipal("gamelift.amazonaws.com"))
            });
            role.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName("CloudWatchAgentServerPolicy"));

            var fleet = new BuildFleet(this, "Game server fleet", new BuildFleetProps {
                FleetName = "test-fleet",
                Content = build,
                InstanceType = InstanceType.Of(InstanceClass.C5, InstanceSize.LARGE),
                RuntimeConfiguration = new RuntimeConfiguration {
                    ServerProcesses = new [] { new ServerProcess {
                        LaunchPath = "/local/game/GameLiftExampleServer.x86_64"
                    } }
                },
                Role = role
            });

            // Actions can also be grantted through dedicated method
            fleet.Grant(role, "gamelift:ListFleets");

Synopsis

Constructors

ManagedPolicy(Construct, string, IManagedPolicyProps?)

Managed policy.

Properties

Description

The description of this policy.
Document

The policy document.
GrantPrincipal

The principal to grant permissions to.
ManagedPolicyArn

Returns the ARN of this managed policy.
ManagedPolicyName

The name of this policy.
PROPERTY_INJECTION_ID

Uniquely identifies this class.
Path

The path of this policy.

Methods

AddStatements(params PolicyStatement[])

Adds a statement to the policy document.
AttachToGroup(IGroup)

Attaches this policy to a group.
AttachToRole(IRole)

Attaches this policy to a role.
AttachToUser(IUser)

Attaches this policy to a user.
FromAwsManagedPolicyName(string)

Import a managed policy from one of the policies that AWS manages.
FromManagedPolicyArn(Construct, string, string)

Import an external managed policy by ARN.
FromManagedPolicyName(Construct, string, string)

Import a customer managed policy from the managedPolicyName.

Constructors

ManagedPolicy(Construct, string, IManagedPolicyProps?)

Managed policy.

public ManagedPolicy(Construct scope, string id, IManagedPolicyProps? props = null)
Parameters
scope Construct
id string
props IManagedPolicyProps
Remarks

ExampleMetadata: infused

Examples
Build build;

            var role = new Role(this, "Role", new RoleProps {
                AssumedBy = new CompositePrincipal(new ServicePrincipal("gamelift.amazonaws.com"))
            });
            role.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName("CloudWatchAgentServerPolicy"));

            var fleet = new BuildFleet(this, "Game server fleet", new BuildFleetProps {
                FleetName = "test-fleet",
                Content = build,
                InstanceType = InstanceType.Of(InstanceClass.C5, InstanceSize.LARGE),
                RuntimeConfiguration = new RuntimeConfiguration {
                    ServerProcesses = new [] { new ServerProcess {
                        LaunchPath = "/local/game/GameLiftExampleServer.x86_64"
                    } }
                },
                Role = role
            });

            // Actions can also be grantted through dedicated method
            fleet.Grant(role, "gamelift:ListFleets");

Properties

Description

The description of this policy.

public virtual string Description { get; }
Property Value

string

Remarks

Attribute: true

Document

The policy document.

public virtual PolicyDocument Document { get; }
Property Value

PolicyDocument

Remarks

ExampleMetadata: infused

GrantPrincipal

The principal to grant permissions to.

public virtual IPrincipal GrantPrincipal { get; }
Property Value

IPrincipal

Remarks

ExampleMetadata: infused

ManagedPolicyArn

Returns the ARN of this managed policy.

public virtual string ManagedPolicyArn { get; }
Property Value

string

Remarks

Attribute: true

ManagedPolicyName

The name of this policy.

public virtual string ManagedPolicyName { get; }
Property Value

string

Remarks

Attribute: true

PROPERTY_INJECTION_ID

Uniquely identifies this class.

public static string PROPERTY_INJECTION_ID { get; }
Property Value

string

Remarks

ExampleMetadata: infused

Path

The path of this policy.

public virtual string Path { get; }
Property Value

string

Remarks

Attribute: true

Methods

AddStatements(params PolicyStatement[])

Adds a statement to the policy document.

public virtual void AddStatements(params PolicyStatement[] statement)
Parameters
statement PolicyStatement[]
Remarks

ExampleMetadata: infused

AttachToGroup(IGroup)

Attaches this policy to a group.

public virtual void AttachToGroup(IGroup group)
Parameters
group IGroup
Remarks

ExampleMetadata: infused

AttachToRole(IRole)

Attaches this policy to a role.

public virtual void AttachToRole(IRole role)
Parameters
role IRole
Remarks

ExampleMetadata: infused

AttachToUser(IUser)

Attaches this policy to a user.

public virtual void AttachToUser(IUser user)
Parameters
user IUser
Remarks

ExampleMetadata: infused

FromAwsManagedPolicyName(string)

Import a managed policy from one of the policies that AWS manages.

public static IManagedPolicy FromAwsManagedPolicyName(string managedPolicyName)
Parameters
managedPolicyName string
Returns

IManagedPolicy

Remarks

For this managed policy, you only need to know the name to be able to use it.

Some managed policy names start with "service-role/", some start with "job-function/", and some don't start with anything. Include the prefix when constructing this object.

FromManagedPolicyArn(Construct, string, string)

Import an external managed policy by ARN.

public static IManagedPolicy FromManagedPolicyArn(Construct scope, string id, string managedPolicyArn)
Parameters
scope Construct

construct scope.

id string

construct id.

managedPolicyArn string

the ARN of the managed policy to import.

Returns

IManagedPolicy

Remarks

For this managed policy, you only need to know the ARN to be able to use it. This can be useful if you got the ARN from a CloudFormation Export.

If the imported Managed Policy ARN is a Token (such as a CfnParameter.valueAsString or a Fn.importValue()) and the referenced managed policy has a path (like arn:...:policy/AdminPolicy/AdminAllow), the managedPolicyName property will not resolve to the correct value. Instead it will resolve to the first path component. We unfortunately cannot express the correct calculation of the full path name as a CloudFormation expression. In this scenario the Managed Policy ARN should be supplied without the path in order to resolve the correct managed policy resource.

FromManagedPolicyName(Construct, string, string)

Import a customer managed policy from the managedPolicyName.

public static IManagedPolicy FromManagedPolicyName(Construct scope, string id, string managedPolicyName)
Parameters
scope Construct
id string
managedPolicyName string
Returns

IManagedPolicy

Remarks

For this managed policy, you only need to know the name to be able to use it.

Implements

Constructs.IConstruct
Constructs.IDependable