How to use the @aws-cdk/aws-iam.Policy function in @aws-cdk/aws-iam

To help you get started, we’ve selected a few @aws-cdk/aws-iam examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github customink / activerecord-aurora-serverless-adapter / test / aurora-serverless / lib / aurora-serverless-stack.ts View on Github external
"Secret2",
      secretProps(aurora2, `${DB_CLUSTER_ID}2`)
    );
    secret.addDependsOn(aurora);
    secret2.addDependsOn(aurora2);
    new CfnOutput(this, "AASASecretArn", {
      value: secret.ref
    });
    new CfnOutput(this, "AASASecretArn2", {
      value: secret2.ref
    });

    // TEST USER

    const user = new User(this, "TestUser");
    const policy = new Policy(this, "TestUserPolicy", {
      statements: [
        new PolicyStatement({
          actions: ["rds-data:*"],
          resources: [
            `arn:aws:rds:${this.region}:${this.account}:cluster:${DB_CLUSTER_ID}*`,
            `arn:aws:rds:${this.region}:${this.account}:cluster:${DB_CLUSTER_ID}2*`
          ]
        }),
        new PolicyStatement({
          actions: ["secretsmanager:*"],
          resources: [`${secret.ref}*`, `${secret2.ref}*`]
        })
      ]
    });
    user.attachInlinePolicy(policy);
    const key = new CfnAccessKey(this, "TestUserKey", {
github aws / aws-cdk / packages / @aws-cdk / aws-apigateway / lib / authorizers / lambda.ts View on Github external
this.authorizerId = resource.ref;

    this.authorizerArn = Stack.of(this).formatArn({
      service: 'execute-api',
      resource: this.restApiId,
      resourceName: `authorizers/${this.authorizerId}`
    });

    if (!props.assumeRole) {
      props.handler.addPermission(`${this.node.uniqueId}:Permissions`, {
        principal: new iam.ServicePrincipal('apigateway.amazonaws.com'),
        sourceArn: this.authorizerArn
      });
    } else if (props.assumeRole instanceof iam.Role) { // i.e., not imported
      props.assumeRole.attachInlinePolicy(new iam.Policy(this, 'authorizerInvokePolicy', {
        statements: [
          new iam.PolicyStatement({
            resources: [ props.handler.functionArn ],
            actions: [ 'lambda:InvokeFunction' ],
          })
        ]
      }));
    }
  }
github aws / aws-cdk / packages / @aws-cdk / aws-codebuild / lib / project.ts View on Github external
}

    this.role.addToPolicy(new iam.PolicyStatement({
      resources: [`arn:aws:ec2:${Aws.REGION}:${Aws.ACCOUNT_ID}:network-interface/*`],
      actions: ['ec2:CreateNetworkInterfacePermission'],
      conditions: {
        StringEquals: {
          'ec2:Subnet': props.vpc
            .selectSubnets(props.subnetSelection).subnetIds
            .map(si => `arn:aws:ec2:${Aws.REGION}:${Aws.ACCOUNT_ID}:subnet/${si}`),
          'ec2:AuthorizedService': 'codebuild.amazonaws.com'
        },
      },
    }));

    const policy = new iam.Policy(this, 'PolicyDocument', {
      statements: [
        new iam.PolicyStatement({
          resources: ['*'],
          actions: [
            'ec2:CreateNetworkInterface',
            'ec2:DescribeNetworkInterfaces',
            'ec2:DeleteNetworkInterface',
            'ec2:DescribeSubnets',
            'ec2:DescribeSecurityGroups',
            'ec2:DescribeDhcpOptions',
            'ec2:DescribeVpcs',
          ],
        }),
      ],
    });
    this.role.attachInlinePolicy(policy);