CfnPolicyStorePropsMixin

class aws_cdk.mixins_preview.aws_verifiedpermissions.mixins.CfnPolicyStorePropsMixin(props, *, strategy=None)

Bases: Mixin

Creates a policy store.

A policy store is a container for policy resources. You can create a separate policy store for each of your applications.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-policystore.html
CloudformationResource:: AWS::VerifiedPermissions::PolicyStore
Mixin:: true
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_verifiedpermissions import mixins as verifiedpermissions_mixins

cfn_policy_store_props_mixin = verifiedpermissions_mixins.CfnPolicyStorePropsMixin(verifiedpermissions_mixins.CfnPolicyStoreMixinProps(
    deletion_protection=verifiedpermissions_mixins.CfnPolicyStorePropsMixin.DeletionProtectionProperty(
        mode="mode"
    ),
    description="description",
    schema=verifiedpermissions_mixins.CfnPolicyStorePropsMixin.SchemaDefinitionProperty(
        cedar_format="cedarFormat",
        cedar_json="cedarJson"
    ),
    tags=[CfnTag(
        key="key",
        value="value"
    )],
    validation_settings=verifiedpermissions_mixins.CfnPolicyStorePropsMixin.ValidationSettingsProperty(
        mode="mode"
    )
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::VerifiedPermissions::PolicyStore.

Parameters:

props (Union[CfnPolicyStoreMixinProps, Dict[str, Any]]) – L1 properties to apply.
strategy (Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:: construct (IConstruct)
Return type:: IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:: construct (IConstruct)
Return type:: bool

Attributes

CFN_PROPERTY_KEYS = ['deletionProtection', 'description', 'schema', 'tags', 'validationSettings']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:: x (Any) – Any object.
Return type:: bool
Returns:: true if x is an object created from a class which extends Mixin.
Stability:: experimental

DeletionProtectionProperty

class CfnPolicyStorePropsMixin.DeletionProtectionProperty(*, mode=None)

Bases: object

Specifies whether the policy store can be deleted.

Parameters:: mode (Optional[str]) – Specifies whether the policy store can be deleted. If enabled, the policy store can’t be deleted. The default state is DISABLED . Default: - “DISABLED”
See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policystore-deletionprotection.html
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_verifiedpermissions import mixins as verifiedpermissions_mixins

deletion_protection_property = verifiedpermissions_mixins.CfnPolicyStorePropsMixin.DeletionProtectionProperty(
    mode="mode"
)

Attributes

mode

Specifies whether the policy store can be deleted. If enabled, the policy store can’t be deleted.

The default state is DISABLED .

Default:

“DISABLED”

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policystore-deletionprotection.html#cfn-verifiedpermissions-policystore-deletionprotection-mode

SchemaDefinitionProperty

class CfnPolicyStorePropsMixin.SchemaDefinitionProperty(*, cedar_format=None, cedar_json=None)

Bases: object

Contains a list of principal types, resource types, and actions that can be specified in policies stored in the same policy store.

If the validation mode for the policy store is set to STRICT , then policies that can’t be validated by this schema are rejected by Verified Permissions and can’t be stored in the policy store.

Parameters:

cedar_format (Optional[str])
cedar_json (Optional[str]) – A JSON string representation of the schema supported by applications that use this policy store. For more information, see Policy store schema in the AVP User Guide.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policystore-schemadefinition.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_verifiedpermissions import mixins as verifiedpermissions_mixins

schema_definition_property = verifiedpermissions_mixins.CfnPolicyStorePropsMixin.SchemaDefinitionProperty(
    cedar_format="cedarFormat",
    cedar_json="cedarJson"
)

Attributes

cedar_format

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policystore-schemadefinition.html#cfn-verifiedpermissions-policystore-schemadefinition-cedarformat

Type:: see

cedar_json

A JSON string representation of the schema supported by applications that use this policy store.

For more information, see Policy store schema in the AVP User Guide.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policystore-schemadefinition.html#cfn-verifiedpermissions-policystore-schemadefinition-cedarjson

ValidationSettingsProperty

class CfnPolicyStorePropsMixin.ValidationSettingsProperty(*, mode=None)

Bases: object

A structure that contains Cedar policy validation settings for the policy store.

The validation mode determines which validation failures that Cedar considers serious enough to block acceptance of a new or edited static policy or policy template.

Parameters:: mode (Optional[str]) – The validation mode currently configured for this policy store. The valid values are:. - OFF – Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service. - STRICT – Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn’t store them in the policy store. .. epigraph:: If Mode=STRICT and the policy store doesn’t contain a schema, Verified Permissions rejects all static policies and policy templates because there is no schema to validate against. To submit a static policy or policy template without a schema, you must turn off validation.
See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policystore-validationsettings.html
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_verifiedpermissions import mixins as verifiedpermissions_mixins

validation_settings_property = verifiedpermissions_mixins.CfnPolicyStorePropsMixin.ValidationSettingsProperty(
    mode="mode"
)

Attributes

mode

.

OFF – Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service.
STRICT – Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn’t store them in the policy store.

If Mode=STRICT and the policy store doesn’t contain a schema, Verified Permissions rejects all static policies and policy templates because there is no schema to validate against.

To submit a static policy or policy template without a schema, you must turn off validation.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policystore-validationsettings.html#cfn-verifiedpermissions-policystore-validationsettings-mode
Type:: The validation mode currently configured for this policy store. The valid values are