Package software.amazon.awscdk.services.verifiedpermissions

Class CfnPolicy

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.verifiedpermissions.CfnPolicy
All Implemented Interfaces:
IInspectable, IPolicyRef, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.116.0 (build 0eddcff)", date="2025-10-29T11:15:50.183Z") @Stability(Stable) public class CfnPolicy extends CfnResource implements IInspectable, IPolicyRef
Creates or updates a Cedar policy and saves it in the specified policy store.

You can create either a static policy or a policy linked to a policy template.

You can directly update only static policies. To update a template-linked policy, you must update its linked policy template instead.

  • To create a static policy, in the Definition include a Static element that includes the Cedar policy text in the Statement element.
  • To create a policy that is dynamically linked to a policy template, in the Definition include a Templatelinked element that specifies the policy template ID and the principal and resource to associate with this policy. If the policy template is ever updated, any policies linked to the policy template automatically use the updated template.

  • If policy validation is enabled in the policy store, then updating a static policy causes Verified Permissions to validate the policy against the schema in the policy store. If the updated static policy doesn't pass validation, the operation fails and the update isn't stored.
  • When you edit a static policy, You can change only certain elements of a static policy:
  • The action referenced by the policy.
  • A condition clause, such as when and unless.

You can't change these elements of a static policy:

  • Changing a policy from a static policy to a template-linked policy.
  • Changing the effect of a static policy from permit or forbid.
  • The principal referenced by a static policy.
  • The resource referenced by a static policy.
  • To update a template-linked policy, you must update the template instead.

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.verifiedpermissions.*;
 CfnPolicy cfnPolicy = CfnPolicy.Builder.create(this, "MyCfnPolicy")
         .definition(PolicyDefinitionProperty.builder()
                 .static(StaticPolicyDefinitionProperty.builder()
                         .statement("statement")
                         // the properties below are optional
                         .description("description")
                         .build())
                 .templateLinked(TemplateLinkedPolicyDefinitionProperty.builder()
                         .policyTemplateId("policyTemplateId")
                         // the properties below are optional
                         .principal(EntityIdentifierProperty.builder()
                                 .entityId("entityId")
                                 .entityType("entityType")
                                 .build())
                         .resource(EntityIdentifierProperty.builder()
                                 .entityId("entityId")
                                 .entityType("entityType")
                                 .build())
                         .build())
                 .build())
         .policyStoreId("policyStoreId")
         .build();

See Also:

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnPolicy

      protected CfnPolicy(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnPolicy

      protected CfnPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnPolicy

      @Stability(Stable) public CfnPolicy(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnPolicyProps props)
      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      props - Resource properties. This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector - tree inspector to collect and process attributes. This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrPolicyId

      @Stability(Stable) @NotNull public String getAttrPolicyId()
      The unique ID of the new or updated policy.

    • getAttrPolicyType

      @Stability(Stable) @NotNull public String getAttrPolicyType()
      The type of the policy. This is one of the following values:.

      • Static
      • TemplateLinked

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getPolicyRef

      @Stability(Stable) @NotNull public PolicyReference getPolicyRef()
      A reference to a Policy resource.
      Specified by:
      getPolicyRef in interface IPolicyRef

    • getDefinition

      @Stability(Stable) @NotNull public Object getDefinition()
      Specifies the policy type and content to use for the new or updated policy.

      Returns union: either IResolvable or CfnPolicy.PolicyDefinitionProperty

    • setDefinition

      @Stability(Stable) public void setDefinition(@NotNull IResolvable value)
      Specifies the policy type and content to use for the new or updated policy.

    • setDefinition

      @Stability(Stable) public void setDefinition(@NotNull CfnPolicy.PolicyDefinitionProperty value)
      Specifies the policy type and content to use for the new or updated policy.

    • getPolicyStoreId

      @Stability(Stable) @NotNull public String getPolicyStoreId()
      Specifies the PolicyStoreId of the policy store you want to store the policy in.

    • setPolicyStoreId

      @Stability(Stable) public void setPolicyStoreId(@NotNull String value)
      Specifies the PolicyStoreId of the policy store you want to store the policy in.