Optional
Readonly
documentOptional
Readonly
forceForce creation of an AWS::IAM::Policy
Unless set to true
, this Policy
construct will not materialize to an
AWS::IAM::Policy
CloudFormation resource in case it would have no effect
(for example, if it remains unattached to an IAM identity or if it has no
statements). This is generally desired behavior, since it prevents
creating invalid--and hence undeployable--CloudFormation templates.
In cases where you know the policy must be created and it is actually
an error if no statements have been added to it or it remains unattached to
an IAM identity, you can set this to true
.
Optional
Readonly
groupsGroups to attach this policy to.
You can also use attachToGroup(group)
to attach this policy to a group.
Optional
pathsOptional
Readonly
policyThe name of the policy. If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name.
Optional
Readonly
rolesRoles to attach this policy to.
You can also use attachToRole(role)
to attach this policy to a role.
Optional
Readonly
usersUsers to attach this policy to.
You can also use attachToUser(user)
to attach this policy to a user.
Initial PolicyDocument to use for this Policy. If omited, any
PolicyStatement
provided in thestatements
property will be applied against the empty defaultPolicyDocument
.