java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.Resource

software.amazon.awscdk.services.iam.Policy

All Implemented Interfaces:: IPolicyRef, IEnvironmentAware, IResource, IGrantable, IPolicy, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.119.0 (build 1634eac)", date="2025-11-20T23:37:23.005Z") @Stability(Stable) public class Policy extends Resource implements IPolicy, IGrantable

The AWS::IAM::Policy resource associates an inline IAM policy with IAM users, roles, or groups. For more information about IAM policies, see Overview of IAM Policies in the IAM User Guide guide.

Example:

 Function postAuthFn;
 UserPool userpool = UserPool.Builder.create(this, "myuserpool")
         .lambdaTriggers(UserPoolTriggers.builder()
                 .postAuthentication(postAuthFn)
                 .build())
         .build();
 // provide permissions to describe the user pool scoped to the ARN the user pool
 postAuthFn.role.attachInlinePolicy(Policy.Builder.create(this, "userpool-policy")
         .statements(List.of(PolicyStatement.Builder.create()
                 .actions(List.of("cognito-idp:DescribeUserPool"))
                 .resources(List.of(userpool.getUserPoolArn()))
                 .build()))
         .build());

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

static final class

Policy.Builder

A fluent builder for Policy.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IGrantable
IGrantable.Jsii$Default, IGrantable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IPolicy
IPolicy.Jsii$Default, IPolicy.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource
IResource.Jsii$Default
Field Summary

Fields

Modifier and Type

Field

Description

static final String

PROPERTY_INJECTION_ID

Uniquely identifies this class.
Constructor Summary

Constructors

Modifier

Constructor

Description

protected

Policy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

protected

Policy(software.amazon.jsii.JsiiObjectRef objRef)

Policy(software.constructs.Construct scope, String id)

Policy(software.constructs.Construct scope, String id, PolicyProps props)
Method Summary

Modifier and Type

Method

Description

void

addStatements(PolicyStatement... statement)

Adds a statement to the policy document.

void

attachToGroup(IGroup group)

Attaches this policy to a group.

void

attachToRole(IRole role)

Attaches this policy to a role.

void

attachToUser(IUser user)

Attaches this policy to a user.

static IPolicy

fromPolicyName(software.constructs.Construct scope, String id, String policyName)

Import a policy in this app based on its name.

PolicyDocument

getDocument()

The policy document.

IPrincipal

getGrantPrincipal()

The principal to grant permissions to.

String

getPolicyName()

The name of this policy.

PolicyReference

getPolicyRef()

A reference to a Policy resource.

Methods inherited from class software.amazon.awscdk.Resource
applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource

Methods inherited from class software.constructs.Construct
getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.services.iam.IPolicy
getEnv, getNode

Methods inherited from interface software.amazon.awscdk.IResource
applyRemovalPolicy, getStack

Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson

Field Details
- PROPERTY_INJECTION_ID
  
  @Stability(Stable) public static final String PROPERTY_INJECTION_ID
  
  Uniquely identifies this class.
Constructor Details
- Policy
  
  protected Policy(software.amazon.jsii.JsiiObjectRef objRef)
- Policy
  
  protected Policy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
- Policy
  
  @Stability(Stable) public Policy(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable PolicyProps props)
  
  Parameters:
  
  scope - This parameter is required.
  
  id - This parameter is required.
  
  props -
- Policy
  
  @Stability(Stable) public Policy(@NotNull software.constructs.Construct scope, @NotNull String id)
  
  Parameters:
  
  scope - This parameter is required.
  
  id - This parameter is required.
Method Details
- fromPolicyName
  
  @Stability(Stable) @NotNull public static IPolicy fromPolicyName(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String policyName)
  
  Import a policy in this app based on its name.
  
  Parameters:
  
  scope - This parameter is required.
  
  id - This parameter is required.
  
  policyName - This parameter is required.
- addStatements
  
  @Stability(Stable) public void addStatements(@NotNull PolicyStatement... statement)
  
  Adds a statement to the policy document.
  
  Parameters:
  
  statement - This parameter is required.
- attachToGroup
  
  @Stability(Stable) public void attachToGroup(@NotNull IGroup group)
  
  Attaches this policy to a group.
  
  Parameters:
  
  group - This parameter is required.
- attachToRole
  
  @Stability(Stable) public void attachToRole(@NotNull IRole role)
  
  Attaches this policy to a role.
  
  Parameters:
  
  role - This parameter is required.
- attachToUser
  
  @Stability(Stable) public void attachToUser(@NotNull IUser user)
  
  Attaches this policy to a user.
  
  Parameters:
  
  user - This parameter is required.
- getDocument
  
  @Stability(Stable) @NotNull public PolicyDocument getDocument()
  
  The policy document.
- getGrantPrincipal
  
  @Stability(Stable) @NotNull public IPrincipal getGrantPrincipal()
  
  The principal to grant permissions to.
  
  Specified by:
  
  getGrantPrincipal in interface IGrantable
- getPolicyName
  
  @Stability(Stable) @NotNull public String getPolicyName()
  
  The name of this policy.
  
  Specified by:
  
  getPolicyName in interface IPolicy
- getPolicyRef
  
  @Stability(Stable) @NotNull public PolicyReference getPolicyRef()
  
  A reference to a Policy resource.
  
  Specified by:
  
  getPolicyRef in interface IPolicyRef

Class Policy

Nested Class Summary

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

Nested classes/interfaces inherited from interface software.constructs.IConstruct

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IGrantable

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IPolicy

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource

Field Summary

Constructor Summary

Method Summary

Methods inherited from class software.amazon.awscdk.Resource

Methods inherited from class software.constructs.Construct

Methods inherited from class software.amazon.jsii.JsiiObject

Methods inherited from class java.lang.Object

Methods inherited from interface software.amazon.awscdk.services.iam.IPolicy

Methods inherited from interface software.amazon.awscdk.IResource

Methods inherited from interface software.amazon.jsii.JsiiSerializable

Field Details

PROPERTY_INJECTION_ID

Constructor Details

Policy

Policy

Policy

Policy

Method Details

fromPolicyName

addStatements

attachToGroup

attachToRole

attachToUser

getDocument

getGrantPrincipal

getPolicyName

getPolicyRef