software.amazon.awscdk.services.iam

Class ManagedPolicy

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.Resource

software.amazon.awscdk.services.iam.ManagedPolicy

All Implemented Interfaces:

IResource, IManagedPolicy, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

Direct Known Subclasses:

UntrustedCodeBoundaryPolicy

@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)",
           date="2022-09-19T20:26:39.775Z")
 @Stability(value=Stable)
public class ManagedPolicy
extends Resource
implements IManagedPolicy

Managed policy.

Example:

 Role myRole = Role.Builder.create(this, "My Role")
         .assumedBy(new ServicePrincipal("lambda.amazonaws.com"))
         .build();
 Function fn = Function.Builder.create(this, "MyFunction")
         .runtime(Runtime.NODEJS_16_X)
         .handler("index.handler")
         .code(Code.fromAsset(join(__dirname, "lambda-handler")))
         .role(myRole)
         .build();
 myRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"));
 myRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole"));
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	ManagedPolicy.Builder A fluent builder for ManagedPolicy.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IManagedPolicy

IManagedPolicy.Jsii$Default, IManagedPolicy.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource

IResource.Jsii$Default

Constructor Summary

Constructors

Modifier	Constructor and Description
	ManagedPolicy(software.constructs.Construct scope, String id)
	ManagedPolicy(software.constructs.Construct scope, String id, ManagedPolicyProps props)
protected	ManagedPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	ManagedPolicy(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
void	addStatements(PolicyStatement... statement) Adds a statement to the policy document.
void	attachToGroup(IGroup group) Attaches this policy to a group.
void	attachToRole(IRole role) Attaches this policy to a role.
void	attachToUser(IUser user) Attaches this policy to a user.
static IManagedPolicy	fromAwsManagedPolicyName(String managedPolicyName) Import a managed policy from one of the policies that AWS manages.
static IManagedPolicy	fromManagedPolicyArn(software.constructs.Construct scope, String id, String managedPolicyArn) Import an external managed policy by ARN.
static IManagedPolicy	fromManagedPolicyName(software.constructs.Construct scope, String id, String managedPolicyName) Import a customer managed policy from the managedPolicyName.
String	getDescription() The description of this policy.
PolicyDocument	getDocument() The policy document.
String	getManagedPolicyArn() Returns the ARN of this managed policy.
String	getManagedPolicyName() The name of this policy.
String	getPath() The path of this policy.

Methods inherited from class software.amazon.awscdk.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource

Methods inherited from class software.constructs.Construct

getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Methods inherited from interface software.constructs.IConstruct

getNode

Constructor Detail

ManagedPolicy

protected ManagedPolicy(software.amazon.jsii.JsiiObjectRef objRef)

ManagedPolicy

protected ManagedPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

ManagedPolicy

@Stability(value=Stable)
public ManagedPolicy(@NotNull
                                              software.constructs.Construct scope,
                                              @NotNull
                                              String id,
                                              @Nullable
                                              ManagedPolicyProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props -

ManagedPolicy

@Stability(value=Stable)
public ManagedPolicy(@NotNull
                                              software.constructs.Construct scope,
                                              @NotNull
                                              String id)

Parameters:

scope - This parameter is required.

id - This parameter is required.

Method Detail

fromAwsManagedPolicyName

@Stability(value=Stable)
 @NotNull
public static IManagedPolicy fromAwsManagedPolicyName(@NotNull
                                                                                         String managedPolicyName)

Import a managed policy from one of the policies that AWS manages.

For this managed policy, you only need to know the name to be able to use it.

Some managed policy names start with "service-role/", some start with "job-function/", and some don't start with anything. Include the prefix when constructing this object.

Parameters:

managedPolicyName - This parameter is required.

fromManagedPolicyArn

@Stability(value=Stable)
 @NotNull
public static IManagedPolicy fromManagedPolicyArn(@NotNull
                                                                                     software.constructs.Construct scope,
                                                                                     @NotNull
                                                                                     String id,
                                                                                     @NotNull
                                                                                     String managedPolicyArn)

Import an external managed policy by ARN.

For this managed policy, you only need to know the ARN to be able to use it. This can be useful if you got the ARN from a CloudFormation Export.

If the imported Managed Policy ARN is a Token (such as a CfnParameter.valueAsString or a Fn.importValue()) and the referenced managed policy has a path (like arn:...:policy/AdminPolicy/AdminAllow), the managedPolicyName property will not resolve to the correct value. Instead it will resolve to the first path component. We unfortunately cannot express the correct calculation of the full path name as a CloudFormation expression. In this scenario the Managed Policy ARN should be supplied without the path in order to resolve the correct managed policy resource.

Parameters:

scope - construct scope. This parameter is required.

id - construct id. This parameter is required.

managedPolicyArn - the ARN of the managed policy to import. This parameter is required.

fromManagedPolicyName

@Stability(value=Stable)
 @NotNull
public static IManagedPolicy fromManagedPolicyName(@NotNull
                                                                                      software.constructs.Construct scope,
                                                                                      @NotNull
                                                                                      String id,
                                                                                      @NotNull
                                                                                      String managedPolicyName)

Import a customer managed policy from the managedPolicyName.

For this managed policy, you only need to know the name to be able to use it.

Parameters:

scope - This parameter is required.

id - This parameter is required.

managedPolicyName - This parameter is required.

addStatements

@Stability(value=Stable)
public void addStatements(@NotNull
                                                   PolicyStatement... statement)

Adds a statement to the policy document.

Parameters:

statement - This parameter is required.

attachToGroup

@Stability(value=Stable)
public void attachToGroup(@NotNull
                                                   IGroup group)

Attaches this policy to a group.

Parameters:

group - This parameter is required.

attachToRole

@Stability(value=Stable)
public void attachToRole(@NotNull
                                                  IRole role)

Attaches this policy to a role.

Parameters:

role - This parameter is required.

attachToUser

@Stability(value=Stable)
public void attachToUser(@NotNull
                                                  IUser user)

Attaches this policy to a user.

Parameters:

user - This parameter is required.

getDescription

@Stability(value=Stable)
 @NotNull
public String getDescription()

The description of this policy.

getDocument

@Stability(value=Stable)
 @NotNull
public PolicyDocument getDocument()

The policy document.

getManagedPolicyArn

@Stability(value=Stable)
 @NotNull
public String getManagedPolicyArn()

Returns the ARN of this managed policy.

Specified by:

getManagedPolicyArn in interface IManagedPolicy

getManagedPolicyName

@Stability(value=Stable)
 @NotNull
public String getManagedPolicyName()

The name of this policy.

getPath

@Stability(value=Stable)
 @NotNull
public String getPath()

The path of this policy.