The AwsManagedPolicy
class provides an up-to-date collection of AWS managed policies. This helps adding managed policies to IAM roles and users in a type-safe way.
The class provides the names of the policies. If you instead need the ARN, prefix the string with arn:aws:iam::aws:policy/
.
The package cdk-iam-floyd
additionally provides methods for directly creating aws_iam.IManagedPolicy
objects.
First import AwsManagedPolicy
:
.. tabs:: .. code-tab:: ts // for use without AWS CDK use the iam-floyd package import { AwsManagedPolicy } from 'iam-floyd'; // for use with CDK use the cdk-iam-floyd package import { AwsManagedPolicy } from 'cdk-iam-floyd'; .. code-tab:: js // for use without AWS CDK use the iam-floyd package const { AwsManagedPolicy } = require('iam-floyd'); // for use with CDK use the cdk-iam-floyd package const { AwsManagedPolicy } = require('cdk-iam-floyd');
Usage in aws-sdk v3 and aws-cdk:
.. tabs:: .. code-tab:: ts aws-cdk readOnlyRole.addManagedPolicy( new AwsManagedPolicy().ReadOnlyAccess(), ); .. code-tab:: ts aws-sdk await iamClient.send( new AttachRolePolicyCommand({ RoleName: 'ReadOnlyRole', PolicyArn: `arn:aws:iam::aws:policy/${AwsManagedPolicy.ReadOnlyAccess}`, }), );