ReadonlydescriptionThe description of this policy.
ReadonlydocumentThe policy document.
ReadonlyenvThe environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
ReadonlygrantThe principal to grant permissions to
ReadonlymanagedReturns the ARN of this managed policy.
ReadonlymanagedThe name of this policy.
ReadonlynodeThe tree node.
ReadonlypathThe path of this policy.
Protected ReadonlyphysicalReturns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
"my-awesome-bucket")undefined, when a name should be generated by CloudFormationReadonlystackThe stack in which this resource is defined.
Static ReadonlyPROPERTY_Uniquely identifies this class.
A reference to a ManagedPolicy resource.
InternalCalled when this resource is referenced across environments (account/region) to order to request that a physical name will be generated for this resource during synthesis, so the resource can be referenced through its absolute name/arn.
Adds a statement to the policy document.
Apply the given removal policy to this resource
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
Attaches this policy to a group.
Attaches this policy to a role.
Attaches this policy to a user.
ProtectedgenerateProtectedgetReturns an environment-sensitive token that should be used for the
resource's "ARN" attribute (e.g. bucket.bucketArn).
Normally, this token will resolve to arnAttr, but if the resource is
referenced across environments, arnComponents will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName in arnComponents.
The CFN attribute which resolves to the ARN of the resource.
Commonly it will be called "Arn" (e.g. resource.attrArn), but sometimes
it's the CFN resource's ref.
The format of the ARN of this resource. You must
reference this.physicalName somewhere within the ARN in order for
cross-environment references to work.
ProtectedgetReturns an environment-sensitive token that should be used for the
resource's "name" attribute (e.g. bucket.bucketName).
Normally, this token will resolve to nameAttr, but if the resource is
referenced across environments, it will be resolved to this.physicalName,
which will be a concrete name.
The CFN attribute which resolves to the resource's name.
Commonly this is the resource's ref.
Returns a string representation of this construct.
StaticfromImport a managed policy from one of the policies that AWS manages.
For this managed policy, you only need to know the name to be able to use it.
Some managed policy names start with "service-role/", some start with "job-function/", and some don't start with anything. Include the prefix when constructing this object.
StaticfromStaticfromImport an external managed policy by ARN.
For this managed policy, you only need to know the ARN to be able to use it. This can be useful if you got the ARN from a CloudFormation Export.
If the imported Managed Policy ARN is a Token (such as a
CfnParameter.valueAsString or a Fn.importValue()) and the referenced
managed policy has a path (like arn:...:policy/AdminPolicy/AdminAllow), the
managedPolicyName property will not resolve to the correct value. Instead it
will resolve to the first path component. We unfortunately cannot express
the correct calculation of the full path name as a CloudFormation
expression. In this scenario the Managed Policy ARN should be supplied without the
path in order to resolve the correct managed policy resource.
construct scope
construct id
the ARN of the managed policy to import
StaticfromImport a customer managed policy from the managedPolicyName.
For this managed policy, you only need to know the name to be able to use it.
StaticisChecks if x is a construct.
Use this method instead of instanceof to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct in each copy of the constructs library
is seen as a different class, and an instance of one class will not test as
instanceof the other class. npm install will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof will behave
unpredictably. It is safest to avoid using instanceof, and using
this type-testing method instead.
Any object
true if x is an object created from a class which extends Construct.
StaticisReturns true if the construct was created by CDK, and false otherwise
StaticisCheck whether the given construct is a Resource
Construct for creating compliant IAM ManagedPolicys