-
Notifications
You must be signed in to change notification settings - Fork 17
/
ManagedPolicyProps.go
122 lines (119 loc) · 4.29 KB
/
ManagedPolicyProps.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package awsiam
// Properties for defining an IAM managed policy.
//
// Example:
// policyDocument := map[string]interface{}{
// "Version": jsii.String("2012-10-17"),
// "Statement": []interface{}{
// map[string]interface{}{
// "Sid": jsii.String("FirstStatement"),
// "Effect": jsii.String("Allow"),
// "Action": []*string{
// jsii.String("iam:ChangePassword"),
// },
// "Resource": []*string{
// jsii.String("*"),
// },
// },
// map[string]interface{}{
// "Sid": jsii.String("SecondStatement"),
// "Effect": jsii.String("Allow"),
// "Action": []*string{
// jsii.String("s3:ListAllMyBuckets"),
// },
// "Resource": []*string{
// jsii.String("*"),
// },
// },
// map[string]interface{}{
// "Sid": jsii.String("ThirdStatement"),
// "Effect": jsii.String("Allow"),
// "Action": []*string{
// jsii.String("s3:List*"),
// jsii.String("s3:Get*"),
// },
// "Resource": []*string{
// jsii.String("arn:aws:s3:::confidential-data"),
// jsii.String("arn:aws:s3:::confidential-data/*"),
// },
// "Condition": map[string]map[string]*string{
// "Bool": map[string]*string{
// "aws:MultiFactorAuthPresent": jsii.String("true"),
// },
// },
// },
// },
// }
//
// customPolicyDocument := iam.PolicyDocument_FromJson(policyDocument)
//
// // You can pass this document as an initial document to a ManagedPolicy
// // or inline Policy.
// newManagedPolicy := iam.NewManagedPolicy(this, jsii.String("MyNewManagedPolicy"), &ManagedPolicyProps{
// Document: customPolicyDocument,
// })
// newPolicy := iam.NewPolicy(this, jsii.String("MyNewPolicy"), &PolicyProps{
// Document: customPolicyDocument,
// })
//
type ManagedPolicyProps struct {
// A description of the managed policy.
//
// Typically used to store information about the
// permissions defined in the policy. For example, "Grants access to production DynamoDB tables."
// The policy description is immutable. After a value is assigned, it cannot be changed.
// Default: - empty.
//
Description *string `field:"optional" json:"description" yaml:"description"`
// Initial PolicyDocument to use for this ManagedPolicy.
//
// If omited, any
// `PolicyStatement` provided in the `statements` property will be applied
// against the empty default `PolicyDocument`.
// Default: - An empty policy.
//
Document PolicyDocument `field:"optional" json:"document" yaml:"document"`
// Groups to attach this policy to.
//
// You can also use `attachToGroup(group)` to attach this policy to a group.
// Default: - No groups.
//
Groups *[]IGroup `field:"optional" json:"groups" yaml:"groups"`
// The name of the managed policy.
//
// If you specify multiple policies for an entity,
// specify unique names. For example, if you specify a list of policies for
// an IAM role, each policy must have a unique name.
// Default: - A name is automatically generated.
//
ManagedPolicyName *string `field:"optional" json:"managedPolicyName" yaml:"managedPolicyName"`
// The path for the policy.
//
// This parameter allows (through its regex pattern) a string of characters
// consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
// In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F),
// including most punctuation characters, digits, and upper and lowercased letters.
//
// For more information about paths, see IAM Identifiers in the IAM User Guide.
// Default: - "/".
//
Path *string `field:"optional" json:"path" yaml:"path"`
// Roles to attach this policy to.
//
// You can also use `attachToRole(role)` to attach this policy to a role.
// Default: - No roles.
//
Roles *[]IRole `field:"optional" json:"roles" yaml:"roles"`
// Initial set of permissions to add to this policy document.
//
// You can also use `addPermission(statement)` to add permissions later.
// Default: - No statements.
//
Statements *[]PolicyStatement `field:"optional" json:"statements" yaml:"statements"`
// Users to attach this policy to.
//
// You can also use `attachToUser(user)` to attach this policy to a user.
// Default: - No users.
//
Users *[]IUser `field:"optional" json:"users" yaml:"users"`
}