Class ReadParametersByName

This is helpful for accessing specific pieces of private configuration. For example, the play-secret-rotation library requires ssm:GetParameters permissions.

Hierarchy

  • PolicyStatement
    • ReadParametersByName

Constructors

constructor

Accessors

actions conditions effect frozen hasPrincipal hasResource notActions notPrincipals notResources principals resources sid

Methods

_estimateSize addAccountCondition addAccountRootPrincipal addActions addAllResources addAnyPrincipal addArnPrincipal addAwsAccountPrincipal addCanonicalUserPrincipal addCondition addConditions addFederatedPrincipal addNotActions addNotPrincipals addNotResources addPrincipals addResources addServicePrincipal addSourceAccountCondition addSourceArnCondition copy freeze toJSON toStatementJson toString validateForAnyPolicy validateForIdentityPolicy validateForResourcePolicy fromJson

Constructors

constructor

Accessors

actions

  • get actions(): string[]

  • The Actions added to this statement

    Returns string[]

conditions

  • get conditions(): any

  • The conditions added to this statement

    Returns any

effect

  • get effect(): Effect

  • Whether to allow or deny the actions in this statement

    Returns Effect

  • set effect(effect: Effect): void

  • Set effect for this statement

    Parameters

    • effect: Effect

    Returns void

frozen

  • get frozen(): boolean

  • Whether the PolicyStatement has been frozen

    The statement object is frozen when freeze() is called.

    Returns boolean

hasPrincipal

  • get hasPrincipal(): boolean

  • Indicates if this permission has a "Principal" section.

    Returns boolean

hasResource

  • get hasResource(): boolean

  • Indicates if this permission has at least one resource associated with it.

    Returns boolean

notActions

  • get notActions(): string[]

  • The NotActions added to this statement

    Returns string[]

notPrincipals

  • get notPrincipals(): IPrincipal[]

  • The NotPrincipals added to this statement

    Returns IPrincipal[]

notResources

  • get notResources(): string[]

  • The NotResources added to this statement

    Returns string[]

principals

  • get principals(): IPrincipal[]

  • The Principals added to this statement

    Returns IPrincipal[]

resources

  • get resources(): string[]

  • The Resources added to this statement

    Returns string[]

sid

  • get sid(): undefined | string

  • Statement ID for this statement

    Returns undefined | string

  • set sid(sid: undefined | string): void

  • Set Statement ID for this statement

    Parameters

    • sid: undefined | string

    Returns void

Methods

_estimateSize

  • _estimateSize(options: EstimateSizeOptions): number
  • Internal

    Estimate the size of this policy statement

    By necessity, this will not be accurate. We'll do our best to overestimate so we won't have nasty surprises.

    Parameters

    • options: EstimateSizeOptions

    Returns number

addAccountCondition

  • addAccountCondition(accountId: string): void

  • Add a StringEquals condition that limits to a given account from sts:ExternalId.

    This method can only be called once: subsequent calls will overwrite earlier calls.

    Parameters

    • accountId: string

    Returns void

    See

    https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

addAccountRootPrincipal

  • addAccountRootPrincipal(): void

  • Adds an AWS account root user principal to this policy statement

    Returns void

addActions

addAllResources

  • addAllResources(): void

  • Adds a "*" resource to this statement.

    Returns void

addAnyPrincipal

  • addAnyPrincipal(): void

  • Adds all identities in all accounts ("*") to this policy statement

    Returns void

addArnPrincipal

  • addArnPrincipal(arn: string): void

  • Specify a principal using the ARN identifier of the principal. You cannot specify IAM groups and instance profiles as principals.

    Parameters

    • arn: string

      ARN identifier of AWS account, IAM user, or IAM role (i.e. arn:aws:iam::123456789012:user/user-name)

    Returns void

addAwsAccountPrincipal

  • addAwsAccountPrincipal(accountId: string): void

  • Specify AWS account ID as the principal entity to the "Principal" section of a policy statement.

    Parameters

    • accountId: string

    Returns void

addCanonicalUserPrincipal

  • addCanonicalUserPrincipal(canonicalUserId: string): void

  • Adds a canonical user ID principal to this policy document

    Parameters

    • canonicalUserId: string

      unique identifier assigned by AWS for every account

    Returns void

addCondition

  • addCondition(key: string, value: unknown): void

  • Add a condition to the Policy

    If multiple calls are made to add a condition with the same operator and field, only the last one wins. For example:

    declare const stmt: iam.PolicyStatement;

    stmt.addCondition('StringEquals', { 'aws:SomeField': '1' });
    stmt.addCondition('StringEquals', { 'aws:SomeField': '2' });

    Will end up with the single condition StringEquals: { 'aws:SomeField': '2' }.

    If you meant to add a condition to say that the field can be either 1 or 2, write this:

    declare const stmt: iam.PolicyStatement;

    stmt.addCondition('StringEquals', { 'aws:SomeField': ['1', '2'] });

    Parameters

    • key: string
    • value: unknown

    Returns void

addConditions

  • addConditions(conditions: Conditions): void

  • Add multiple conditions to the Policy

    See the addCondition function for a caveat on calling this method multiple times.

    Parameters

    • conditions: Conditions

    Returns void

addFederatedPrincipal

  • addFederatedPrincipal(federated: any, conditions: Conditions): void

  • Adds a federated identity provider such as Amazon Cognito to this policy statement.

    Parameters

    Returns void

addNotActions

  • addNotActions(...notActions: string[]): void

  • Explicitly allow all actions except the specified list of actions into the "NotAction" section of the policy document.

    Parameters

    • ...notActions: string[]

      actions that will be denied. All other actions will be permitted.

    Returns void

    See

    https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html

addNotPrincipals

  • addNotPrincipals(...notPrincipals: IPrincipal[]): void

  • Specify principals that is not allowed or denied access to the "NotPrincipal" section of a policy statement.

    Parameters

    • ...notPrincipals: IPrincipal[]

      IAM principals that will be denied access

    Returns void

    See

    https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html

addNotResources

  • addNotResources(...arns: string[]): void

  • Specify resources that this policy statement will not apply to in the "NotResource" section of this policy statement. All resources except the specified list will be matched.

    Parameters

    • ...arns: string[]

      Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to

    Returns void

    See

    https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html

addPrincipals

addResources

  • addResources(...arns: string[]): void

  • Specify resources that this policy statement applies into the "Resource" section of this policy statement.

    Parameters

    • ...arns: string[]

      Amazon Resource Names (ARNs) of the resources that this policy statement applies to

    Returns void

    See

    https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html

addServicePrincipal

  • addServicePrincipal(service: string, opts?: ServicePrincipalOpts): void

  • Adds a service principal to this policy statement.

    Parameters

    • service: string

      the service name for which a service principal is requested (e.g: s3.amazonaws.com).

    • Optionalopts: ServicePrincipalOpts

      options for adding the service principal (such as specifying a principal in a different region)

    Returns void

addSourceAccountCondition

addSourceArnCondition

copy

  • copy(overrides?: PolicyStatementProps): PolicyStatement

  • Create a new PolicyStatement with the same exact properties as this one, except for the overrides

    Parameters

    • Optionaloverrides: PolicyStatementProps

    Returns PolicyStatement

freeze

  • freeze(): PolicyStatement

  • Make the PolicyStatement immutable

    After calling this, any of the addXxx() methods will throw an exception.

    Libraries that lazily generate statement bodies can override this method to fill the actual PolicyStatement fields. Be aware that this method may be called multiple times.

    Returns PolicyStatement

toJSON

  • toJSON(): any

  • JSON-ify the statement

    Used when JSON.stringify() is called

    Returns any

toStatementJson

  • toStatementJson(): any

  • JSON-ify the policy statement

    Used when JSON.stringify() is called

    Returns any

toString

  • toString(): string

  • String representation of this policy statement

    Returns string

validateForAnyPolicy

  • validateForAnyPolicy(): string[]

  • Validate that the policy statement satisfies base requirements for a policy.

    Returns string[]

    An array of validation error messages, or an empty array if the statement is valid.

validateForIdentityPolicy

  • validateForIdentityPolicy(): string[]

  • Validate that the policy statement satisfies all requirements for an identity-based policy.

    Returns string[]

    An array of validation error messages, or an empty array if the statement is valid.

validateForResourcePolicy

  • validateForResourcePolicy(): string[]

  • Validate that the policy statement satisfies all requirements for a resource-based policy.

    Returns string[]

    An array of validation error messages, or an empty array if the statement is valid.

StaticfromJson

  • fromJson(obj: any): PolicyStatement

  • Creates a new PolicyStatement based on the object provided. This will accept an object created from the .toJSON() call

    Parameters

    • obj: any

      the PolicyStatement in object form.

    Returns PolicyStatement

Settings

Member Visibility

On This Page

Constructors
Accessors
Methods