@guardian/cdk
    Preparing search index...

    Class GuGetDistributablePolicyStatement

    Hierarchy

    • PolicyStatement
      • GuGetDistributablePolicyStatement
    Index

    Constructors

    Accessors

    • get actions(): string[]

      The Actions added to this statement

      Returns string[]

    • get conditions(): any

      The conditions added to this statement

      Returns any

    • get effect(): Effect

      Whether to allow or deny the actions in this statement

      Returns Effect

    • set effect(effect: Effect): void

      Set effect for this statement

      Parameters

      • effect: Effect

      Returns void

    • get frozen(): boolean

      Whether the PolicyStatement has been frozen

      The statement object is frozen when freeze() is called.

      Returns boolean

    • get hasPrincipal(): boolean

      Indicates if this permission has a "Principal" section.

      Returns boolean

    • get hasResource(): boolean

      Indicates if this permission has at least one resource associated with it.

      Returns boolean

    • get notActions(): string[]

      The NotActions added to this statement

      Returns string[]

    • get notPrincipals(): IPrincipal[]

      The NotPrincipals added to this statement

      Returns IPrincipal[]

    • get notResources(): string[]

      The NotResources added to this statement

      Returns string[]

    • get principals(): IPrincipal[]

      The Principals added to this statement

      Returns IPrincipal[]

    • get resources(): string[]

      The Resources added to this statement

      Returns string[]

    • get sid(): undefined | string

      Statement ID for this statement

      Returns undefined | string

    • set sid(sid: undefined | string): void

      Set Statement ID for this statement

      Parameters

      • sid: undefined | string

      Returns void

    Methods

    • Internal

      Estimate the size of this policy statement

      By necessity, this will not be accurate. We'll do our best to overestimate so we won't have nasty surprises.

      Parameters

      • options: EstimateSizeOptions

      Returns number

    • Add a StringEquals condition that limits to a given account from sts:ExternalId.

      This method can only be called once: subsequent calls will overwrite earlier calls.

      Parameters

      • accountId: string

      Returns void

    • Adds an AWS account root user principal to this policy statement

      Returns void

    • Adds a "*" resource to this statement.

      Returns void

    • Adds all identities in all accounts ("*") to this policy statement

      Returns void

    • Specify a principal using the ARN identifier of the principal. You cannot specify IAM groups and instance profiles as principals.

      Parameters

      • arn: string

        ARN identifier of AWS account, IAM user, or IAM role (i.e. arn:aws:iam::123456789012:user/user-name)

      Returns void

    • Specify AWS account ID as the principal entity to the "Principal" section of a policy statement.

      Parameters

      • accountId: string

      Returns void

    • Adds a canonical user ID principal to this policy document

      Parameters

      • canonicalUserId: string

        unique identifier assigned by AWS for every account

      Returns void

    • Add a condition to the Policy

      If multiple calls are made to add a condition with the same operator and field, only the last one wins. For example:

      declare const stmt: iam.PolicyStatement;

      stmt.addCondition('StringEquals', { 'aws:SomeField': '1' });
      stmt.addCondition('StringEquals', { 'aws:SomeField': '2' });

      Will end up with the single condition StringEquals: { 'aws:SomeField': '2' }.

      If you meant to add a condition to say that the field can be either 1 or 2, write this:

      declare const stmt: iam.PolicyStatement;

      stmt.addCondition('StringEquals', { 'aws:SomeField': ['1', '2'] });

      Parameters

      • key: string
      • value: unknown

      Returns void

    • Add multiple conditions to the Policy

      See the addCondition function for a caveat on calling this method multiple times.

      Parameters

      • conditions: Conditions

      Returns void

    • Adds a federated identity provider such as Amazon Cognito to this policy statement.

      Parameters

      Returns void

    • Explicitly allow all actions except the specified list of actions into the "NotAction" section of the policy document.

      Parameters

      • ...notActions: string[]

        actions that will be denied. All other actions will be permitted.

      Returns void

    • Specify principals that is not allowed or denied access to the "NotPrincipal" section of a policy statement.

      Parameters

      • ...notPrincipals: IPrincipal[]

        IAM principals that will be denied access

      Returns void

    • Specify resources that this policy statement will not apply to in the "NotResource" section of this policy statement. All resources except the specified list will be matched.

      Parameters

      • ...arns: string[]

        Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to

      Returns void

    • Specify resources that this policy statement applies into the "Resource" section of this policy statement.

      Parameters

      • ...arns: string[]

        Amazon Resource Names (ARNs) of the resources that this policy statement applies to

      Returns void

    • Adds a service principal to this policy statement.

      Parameters

      • service: string

        the service name for which a service principal is requested (e.g: s3.amazonaws.com).

      • Optionalopts: ServicePrincipalOpts

        options for adding the service principal (such as specifying a principal in a different region)

      Returns void

    • Create a new PolicyStatement with the same exact properties as this one, except for the overrides

      Parameters

      • Optionaloverrides: PolicyStatementProps

      Returns PolicyStatement

    • Make the PolicyStatement immutable

      After calling this, any of the addXxx() methods will throw an exception.

      Libraries that lazily generate statement bodies can override this method to fill the actual PolicyStatement fields. Be aware that this method may be called multiple times.

      Returns PolicyStatement

    • JSON-ify the statement

      Used when JSON.stringify() is called

      Returns any

    • JSON-ify the policy statement

      Used when JSON.stringify() is called

      Returns any

    • String representation of this policy statement

      Returns string

    • Validate that the policy statement satisfies base requirements for a policy.

      Returns string[]

      An array of validation error messages, or an empty array if the statement is valid.

    • Validate that the policy statement satisfies all requirements for an identity-based policy.

      Returns string[]

      An array of validation error messages, or an empty array if the statement is valid.

    • Validate that the policy statement satisfies all requirements for a resource-based policy.

      Returns string[]

      An array of validation error messages, or an empty array if the statement is valid.

    • Creates a new PolicyStatement based on the object provided. This will accept an object created from the .toJSON() call

      Parameters

      • obj: any

        the PolicyStatement in object form.

      Returns PolicyStatement