The Actions added to this statement
The conditions added to this statement
Whether to allow or deny the actions in this statement
Set effect for this statement
Whether the PolicyStatement has been frozen
The statement object is frozen when freeze()
is called.
Indicates if this permission has a "Principal" section.
Indicates if this permission has at least one resource associated with it.
The NotActions added to this statement
The NotPrincipals added to this statement
The NotResources added to this statement
The Principals added to this statement
The Resources added to this statement
Statement ID for this statement
Set Statement ID for this statement
Add a condition to the Policy
If multiple calls are made to add a condition with the same operator and field, only the last one wins. For example:
declare const stmt: iam.PolicyStatement;
stmt.addCondition('StringEquals', { 'aws:SomeField': '1' });
stmt.addCondition('StringEquals', { 'aws:SomeField': '2' });
Will end up with the single condition StringEquals: { 'aws:SomeField': '2' }
.
If you meant to add a condition to say that the field can be either 1
or 2
, write
this:
declare const stmt: iam.PolicyStatement;
stmt.addCondition('StringEquals', { 'aws:SomeField': ['1', '2'] });
Adds a federated identity provider such as Amazon Cognito to this policy statement.
federated identity provider (i.e. 'cognito-identity.amazonaws.com')
The conditions under which the policy is in effect. See the IAM documentation.
Specify resources that this policy statement will not apply to in the "NotResource" section of this policy statement. All resources except the specified list will be matched.
Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to
Adds a service principal to this policy statement.
the service name for which a service principal is requested (e.g: s3.amazonaws.com
).
Optional
opts: ServicePrincipalOptsoptions for adding the service principal (such as specifying a principal in a different region)
Make the PolicyStatement immutable
After calling this, any of the addXxx()
methods will throw an exception.
Libraries that lazily generate statement bodies can override this method to fill the actual PolicyStatement fields. Be aware that this method may be called multiple times.
Static
from
This is helpful for reading all private configuration for a given app. For example, the simple-configuration library requires these permissions.