README
¶
AWS::VerifiedPermissions Construct Library
---
All classes with the
Cfnprefix in this module (CFN Resources) are always stable and safe to use.
This module is part of the AWS Cloud Development Kit project.
import verifiedpermissions "github.com/aws/aws-cdk-go/awscdk"
There are no official hand-written (L2) constructs for this service yet. Here are some suggestions on how to proceed:
- Search Construct Hub for VerifiedPermissions construct libraries
- Use the automatically generated L1 constructs, in the same way you would use the CloudFormation AWS::VerifiedPermissions resources directly.
There are no hand-written (L2) constructs for this service yet. However, you can still use the automatically generated L1 constructs, and use this service exactly as you would using CloudFormation directly.
For more information on the resources and properties available for this service, see the CloudFormation documentation for AWS::VerifiedPermissions.
(Read the CDK Contributing Guide and submit an RFC if you are interested in contributing to this construct library.)
Documentation
¶
Index ¶
- func CfnIdentitySource_CFN_RESOURCE_TYPE_NAME() *string
- func CfnIdentitySource_IsCfnElement(x interface{}) *bool
- func CfnIdentitySource_IsCfnResource(x interface{}) *bool
- func CfnIdentitySource_IsConstruct(x interface{}) *bool
- func CfnPolicyStore_CFN_RESOURCE_TYPE_NAME() *string
- func CfnPolicyStore_IsCfnElement(x interface{}) *bool
- func CfnPolicyStore_IsCfnResource(x interface{}) *bool
- func CfnPolicyStore_IsConstruct(x interface{}) *bool
- func CfnPolicyTemplate_CFN_RESOURCE_TYPE_NAME() *string
- func CfnPolicyTemplate_IsCfnElement(x interface{}) *bool
- func CfnPolicyTemplate_IsCfnResource(x interface{}) *bool
- func CfnPolicyTemplate_IsConstruct(x interface{}) *bool
- func CfnPolicy_CFN_RESOURCE_TYPE_NAME() *string
- func CfnPolicy_IsCfnElement(x interface{}) *bool
- func CfnPolicy_IsCfnResource(x interface{}) *bool
- func CfnPolicy_IsConstruct(x interface{}) *bool
- func NewCfnIdentitySource_Override(c CfnIdentitySource, scope constructs.Construct, id *string, ...)
- func NewCfnPolicyStore_Override(c CfnPolicyStore, scope constructs.Construct, id *string, ...)
- func NewCfnPolicyTemplate_Override(c CfnPolicyTemplate, scope constructs.Construct, id *string, ...)
- func NewCfnPolicy_Override(c CfnPolicy, scope constructs.Construct, id *string, props *CfnPolicyProps)
- type CfnIdentitySource
- type CfnIdentitySourceProps
- type CfnIdentitySource_CognitoGroupConfigurationProperty
- type CfnIdentitySource_CognitoUserPoolConfigurationProperty
- type CfnIdentitySource_IdentitySourceConfigurationProperty
- type CfnIdentitySource_IdentitySourceDetailsProperty
- type CfnIdentitySource_OpenIdConnectAccessTokenConfigurationProperty
- type CfnIdentitySource_OpenIdConnectConfigurationProperty
- type CfnIdentitySource_OpenIdConnectGroupConfigurationProperty
- type CfnIdentitySource_OpenIdConnectIdentityTokenConfigurationProperty
- type CfnIdentitySource_OpenIdConnectTokenSelectionProperty
- type CfnPolicy
- type CfnPolicyProps
- type CfnPolicyStore
- type CfnPolicyStoreProps
- type CfnPolicyStore_SchemaDefinitionProperty
- type CfnPolicyStore_ValidationSettingsProperty
- type CfnPolicyTemplate
- type CfnPolicyTemplateProps
- type CfnPolicy_EntityIdentifierProperty
- type CfnPolicy_PolicyDefinitionProperty
- type CfnPolicy_StaticPolicyDefinitionProperty
- type CfnPolicy_TemplateLinkedPolicyDefinitionProperty
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CfnIdentitySource_CFN_RESOURCE_TYPE_NAME ¶
func CfnIdentitySource_CFN_RESOURCE_TYPE_NAME() *string
func CfnIdentitySource_IsCfnElement ¶
func CfnIdentitySource_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnIdentitySource_IsCfnResource ¶
func CfnIdentitySource_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnIdentitySource_IsConstruct ¶
func CfnIdentitySource_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnPolicyStore_CFN_RESOURCE_TYPE_NAME ¶
func CfnPolicyStore_CFN_RESOURCE_TYPE_NAME() *string
func CfnPolicyStore_IsCfnElement ¶
func CfnPolicyStore_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnPolicyStore_IsCfnResource ¶
func CfnPolicyStore_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnPolicyStore_IsConstruct ¶
func CfnPolicyStore_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnPolicyTemplate_CFN_RESOURCE_TYPE_NAME ¶
func CfnPolicyTemplate_CFN_RESOURCE_TYPE_NAME() *string
func CfnPolicyTemplate_IsCfnElement ¶
func CfnPolicyTemplate_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnPolicyTemplate_IsCfnResource ¶
func CfnPolicyTemplate_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnPolicyTemplate_IsConstruct ¶
func CfnPolicyTemplate_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnPolicy_CFN_RESOURCE_TYPE_NAME ¶
func CfnPolicy_CFN_RESOURCE_TYPE_NAME() *string
func CfnPolicy_IsCfnElement ¶
func CfnPolicy_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnPolicy_IsCfnResource ¶
func CfnPolicy_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnPolicy_IsConstruct ¶
func CfnPolicy_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func NewCfnIdentitySource_Override ¶
func NewCfnIdentitySource_Override(c CfnIdentitySource, scope constructs.Construct, id *string, props *CfnIdentitySourceProps)
func NewCfnPolicyStore_Override ¶
func NewCfnPolicyStore_Override(c CfnPolicyStore, scope constructs.Construct, id *string, props *CfnPolicyStoreProps)
func NewCfnPolicyTemplate_Override ¶
func NewCfnPolicyTemplate_Override(c CfnPolicyTemplate, scope constructs.Construct, id *string, props *CfnPolicyTemplateProps)
func NewCfnPolicy_Override ¶
func NewCfnPolicy_Override(c CfnPolicy, scope constructs.Construct, id *string, props *CfnPolicyProps)
Types ¶
type CfnIdentitySource ¶
type CfnIdentitySource interface {
awscdk.CfnResource
awscdk.IInspectable
AttrDetails() awscdk.IResolvable
AttrDetailsClientIds() *[]*string
AttrDetailsDiscoveryUrl() *string
AttrDetailsOpenIdIssuer() *string
AttrDetailsUserPoolArn() *string
// The unique ID of the new or updated identity store.
AttrIdentitySourceId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Contains configuration information used when creating a new identity source.
Configuration() interface{}
SetConfiguration(val interface{})
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Specifies the ID of the policy store in which you want to store this identity source.
PolicyStoreId() *string
SetPolicyStoreId(val *string)
// Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
PrincipalEntityType() *string
SetPrincipalEntityType(val *string)
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Creates or updates a reference to Amazon Cognito as an external identity provider.
If you are creating a new identity source, then you must specify a `Configuration` . If you are updating an existing identity source, then you must specify an `UpdateConfiguration` .
After you create an identity source, you can use the identities provided by the IdP as proxies for the principal in authorization queries that use the [IsAuthorizedWithToken](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html) operation. These identities take the form of tokens that contain claims about the user, such as IDs, attributes and group memberships. Amazon Cognito provides both identity tokens and access tokens, and Verified Permissions can use either or both. Any combination of identity and access tokens results in the same Cedar principal. Verified Permissions automatically translates the information about the identities into the standard Cedar attributes that can be evaluated by your policies. Because the Amazon Cognito identity and access tokens can contain different information, the tokens you choose to use determine the attributes that are available to access in the Cedar principal from your policies.
Amazon Cognito Identity is not available in all of the same AWS Regions as Amazon Verified Permissions . Because of this, the `AWS::VerifiedPermissions::IdentitySource` type is not available to create from AWS CloudFormation in Regions where Amazon Cognito Identity is not currently available. Users can still create `AWS::VerifiedPermissions::IdentitySource` in those Regions, but only from the AWS CLI , Amazon Verified Permissions SDK, or from the AWS console.
> To reference a user from this identity source in your Cedar policies, use the following syntax. > > *IdentityType::"<CognitoUserPoolIdentifier>|<CognitoClientId>* > > Where `IdentityType` is the string that you provide to the `PrincipalEntityType` parameter for this operation. The `CognitoUserPoolId` and `CognitoClientId` are defined by the Amazon Cognito user pool.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnIdentitySource := awscdk.Aws_verifiedpermissions.NewCfnIdentitySource(this, jsii.String("MyCfnIdentitySource"), &CfnIdentitySourceProps{
Configuration: &IdentitySourceConfigurationProperty{
CognitoUserPoolConfiguration: &CognitoUserPoolConfigurationProperty{
UserPoolArn: jsii.String("userPoolArn"),
// the properties below are optional
ClientIds: []*string{
jsii.String("clientIds"),
},
GroupConfiguration: &CognitoGroupConfigurationProperty{
GroupEntityType: jsii.String("groupEntityType"),
},
},
OpenIdConnectConfiguration: &OpenIdConnectConfigurationProperty{
Issuer: jsii.String("issuer"),
TokenSelection: &OpenIdConnectTokenSelectionProperty{
AccessTokenOnly: &OpenIdConnectAccessTokenConfigurationProperty{
Audiences: []*string{
jsii.String("audiences"),
},
PrincipalIdClaim: jsii.String("principalIdClaim"),
},
IdentityTokenOnly: &OpenIdConnectIdentityTokenConfigurationProperty{
ClientIds: []*string{
jsii.String("clientIds"),
},
PrincipalIdClaim: jsii.String("principalIdClaim"),
},
},
// the properties below are optional
EntityIdPrefix: jsii.String("entityIdPrefix"),
GroupConfiguration: &OpenIdConnectGroupConfigurationProperty{
GroupClaim: jsii.String("groupClaim"),
GroupEntityType: jsii.String("groupEntityType"),
},
},
},
PolicyStoreId: jsii.String("policyStoreId"),
// the properties below are optional
PrincipalEntityType: jsii.String("principalEntityType"),
})
func NewCfnIdentitySource ¶
func NewCfnIdentitySource(scope constructs.Construct, id *string, props *CfnIdentitySourceProps) CfnIdentitySource
type CfnIdentitySourceProps ¶
type CfnIdentitySourceProps struct {
// Contains configuration information used when creating a new identity source.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-identitysource.html#cfn-verifiedpermissions-identitysource-configuration
//
Configuration interface{} `field:"required" json:"configuration" yaml:"configuration"`
// Specifies the ID of the policy store in which you want to store this identity source.
//
// Only policies and requests made using this policy store can reference identities from the identity provider configured in the new identity source.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-identitysource.html#cfn-verifiedpermissions-identitysource-policystoreid
//
PolicyStoreId *string `field:"required" json:"policyStoreId" yaml:"policyStoreId"`
// Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-identitysource.html#cfn-verifiedpermissions-identitysource-principalentitytype
//
PrincipalEntityType *string `field:"optional" json:"principalEntityType" yaml:"principalEntityType"`
}
Properties for defining a `CfnIdentitySource`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnIdentitySourceProps := &CfnIdentitySourceProps{
Configuration: &IdentitySourceConfigurationProperty{
CognitoUserPoolConfiguration: &CognitoUserPoolConfigurationProperty{
UserPoolArn: jsii.String("userPoolArn"),
// the properties below are optional
ClientIds: []*string{
jsii.String("clientIds"),
},
GroupConfiguration: &CognitoGroupConfigurationProperty{
GroupEntityType: jsii.String("groupEntityType"),
},
},
OpenIdConnectConfiguration: &OpenIdConnectConfigurationProperty{
Issuer: jsii.String("issuer"),
TokenSelection: &OpenIdConnectTokenSelectionProperty{
AccessTokenOnly: &OpenIdConnectAccessTokenConfigurationProperty{
Audiences: []*string{
jsii.String("audiences"),
},
PrincipalIdClaim: jsii.String("principalIdClaim"),
},
IdentityTokenOnly: &OpenIdConnectIdentityTokenConfigurationProperty{
ClientIds: []*string{
jsii.String("clientIds"),
},
PrincipalIdClaim: jsii.String("principalIdClaim"),
},
},
// the properties below are optional
EntityIdPrefix: jsii.String("entityIdPrefix"),
GroupConfiguration: &OpenIdConnectGroupConfigurationProperty{
GroupClaim: jsii.String("groupClaim"),
GroupEntityType: jsii.String("groupEntityType"),
},
},
},
PolicyStoreId: jsii.String("policyStoreId"),
// the properties below are optional
PrincipalEntityType: jsii.String("principalEntityType"),
}
type CfnIdentitySource_CognitoGroupConfigurationProperty ¶ added in v2.138.0
type CfnIdentitySource_CognitoGroupConfigurationProperty struct {
// The name of the schema entity type that's mapped to the user pool group.
//
// Defaults to `AWS::CognitoGroup` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-cognitogroupconfiguration.html#cfn-verifiedpermissions-identitysource-cognitogroupconfiguration-groupentitytype
//
GroupEntityType *string `field:"required" json:"groupEntityType" yaml:"groupEntityType"`
}
The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cognitoGroupConfigurationProperty := &CognitoGroupConfigurationProperty{
GroupEntityType: jsii.String("groupEntityType"),
}
type CfnIdentitySource_CognitoUserPoolConfigurationProperty ¶
type CfnIdentitySource_CognitoUserPoolConfigurationProperty struct {
// The [Amazon Resource Name (ARN)](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) of the Amazon Cognito user pool that contains the identities to be authorized.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-cognitouserpoolconfiguration.html#cfn-verifiedpermissions-identitysource-cognitouserpoolconfiguration-userpoolarn
//
UserPoolArn *string `field:"required" json:"userPoolArn" yaml:"userPoolArn"`
// The unique application client IDs that are associated with the specified Amazon Cognito user pool.
//
// Example: `"ClientIds": ["&ExampleCogClientId;"]`.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-cognitouserpoolconfiguration.html#cfn-verifiedpermissions-identitysource-cognitouserpoolconfiguration-clientids
//
ClientIds *[]*string `field:"optional" json:"clientIds" yaml:"clientIds"`
// The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-cognitouserpoolconfiguration.html#cfn-verifiedpermissions-identitysource-cognitouserpoolconfiguration-groupconfiguration
//
GroupConfiguration interface{} `field:"optional" json:"groupConfiguration" yaml:"groupConfiguration"`
}
A structure that contains configuration information used when creating or updating an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cognitoUserPoolConfigurationProperty := &CognitoUserPoolConfigurationProperty{
UserPoolArn: jsii.String("userPoolArn"),
// the properties below are optional
ClientIds: []*string{
jsii.String("clientIds"),
},
GroupConfiguration: &CognitoGroupConfigurationProperty{
GroupEntityType: jsii.String("groupEntityType"),
},
}
type CfnIdentitySource_IdentitySourceConfigurationProperty ¶
type CfnIdentitySource_IdentitySourceConfigurationProperty struct {
// A structure that contains configuration information used when creating or updating an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-identitysourceconfiguration.html#cfn-verifiedpermissions-identitysource-identitysourceconfiguration-cognitouserpoolconfiguration
//
CognitoUserPoolConfiguration interface{} `field:"optional" json:"cognitoUserPoolConfiguration" yaml:"cognitoUserPoolConfiguration"`
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-identitysourceconfiguration.html#cfn-verifiedpermissions-identitysource-identitysourceconfiguration-openidconnectconfiguration
//
OpenIdConnectConfiguration interface{} `field:"optional" json:"openIdConnectConfiguration" yaml:"openIdConnectConfiguration"`
}
A structure that contains configuration information used when creating or updating a new identity source.
> At this time, the only valid member of this structure is a Amazon Cognito user pool configuration. > > You must specify a `userPoolArn` , and optionally, a `ClientId` .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
identitySourceConfigurationProperty := &IdentitySourceConfigurationProperty{
CognitoUserPoolConfiguration: &CognitoUserPoolConfigurationProperty{
UserPoolArn: jsii.String("userPoolArn"),
// the properties below are optional
ClientIds: []*string{
jsii.String("clientIds"),
},
GroupConfiguration: &CognitoGroupConfigurationProperty{
GroupEntityType: jsii.String("groupEntityType"),
},
},
OpenIdConnectConfiguration: &OpenIdConnectConfigurationProperty{
Issuer: jsii.String("issuer"),
TokenSelection: &OpenIdConnectTokenSelectionProperty{
AccessTokenOnly: &OpenIdConnectAccessTokenConfigurationProperty{
Audiences: []*string{
jsii.String("audiences"),
},
PrincipalIdClaim: jsii.String("principalIdClaim"),
},
IdentityTokenOnly: &OpenIdConnectIdentityTokenConfigurationProperty{
ClientIds: []*string{
jsii.String("clientIds"),
},
PrincipalIdClaim: jsii.String("principalIdClaim"),
},
},
// the properties below are optional
EntityIdPrefix: jsii.String("entityIdPrefix"),
GroupConfiguration: &OpenIdConnectGroupConfigurationProperty{
GroupClaim: jsii.String("groupClaim"),
GroupEntityType: jsii.String("groupEntityType"),
},
},
}
type CfnIdentitySource_IdentitySourceDetailsProperty ¶
type CfnIdentitySource_IdentitySourceDetailsProperty struct {
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-identitysourcedetails.html#cfn-verifiedpermissions-identitysource-identitysourcedetails-clientids
//
ClientIds *[]*string `field:"optional" json:"clientIds" yaml:"clientIds"`
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-identitysourcedetails.html#cfn-verifiedpermissions-identitysource-identitysourcedetails-discoveryurl
//
DiscoveryUrl *string `field:"optional" json:"discoveryUrl" yaml:"discoveryUrl"`
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-identitysourcedetails.html#cfn-verifiedpermissions-identitysource-identitysourcedetails-openidissuer
//
OpenIdIssuer *string `field:"optional" json:"openIdIssuer" yaml:"openIdIssuer"`
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-identitysourcedetails.html#cfn-verifiedpermissions-identitysource-identitysourcedetails-userpoolarn
//
UserPoolArn *string `field:"optional" json:"userPoolArn" yaml:"userPoolArn"`
}
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
identitySourceDetailsProperty := &IdentitySourceDetailsProperty{
ClientIds: []*string{
jsii.String("clientIds"),
},
DiscoveryUrl: jsii.String("discoveryUrl"),
OpenIdIssuer: jsii.String("openIdIssuer"),
UserPoolArn: jsii.String("userPoolArn"),
}
type CfnIdentitySource_OpenIdConnectAccessTokenConfigurationProperty ¶ added in v2.148.0
type CfnIdentitySource_OpenIdConnectAccessTokenConfigurationProperty struct {
// The access token `aud` claim values that you want to accept in your policy store.
//
// For example, `https://myapp.example.com, https://myapp2.example.com` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectaccesstokenconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectaccesstokenconfiguration-audiences
//
Audiences *[]*string `field:"optional" json:"audiences" yaml:"audiences"`
// The claim that determines the principal in OIDC access tokens.
//
// For example, `sub` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectaccesstokenconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectaccesstokenconfiguration-principalidclaim
//
// Default: - "sub".
//
PrincipalIdClaim *string `field:"optional" json:"principalIdClaim" yaml:"principalIdClaim"`
}
The configuration of an OpenID Connect (OIDC) identity source for handling access token claims.
Contains the claim that you want to identify as the principal in an authorization request, and the values of the `aud` claim, or audiences, that you want to accept.
This data type is part of a [OpenIdConnectTokenSelection](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelection.html) structure, which is a parameter of [CreateIdentitySource](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html) .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
openIdConnectAccessTokenConfigurationProperty := &OpenIdConnectAccessTokenConfigurationProperty{
Audiences: []*string{
jsii.String("audiences"),
},
PrincipalIdClaim: jsii.String("principalIdClaim"),
}
type CfnIdentitySource_OpenIdConnectConfigurationProperty ¶ added in v2.148.0
type CfnIdentitySource_OpenIdConnectConfigurationProperty struct {
// The issuer URL of an OIDC identity provider.
//
// This URL must have an OIDC discovery endpoint at the path `.well-known/openid-configuration` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectconfiguration-issuer
//
Issuer *string `field:"required" json:"issuer" yaml:"issuer"`
// The token type that you want to process from your OIDC identity provider.
//
// Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectconfiguration-tokenselection
//
TokenSelection interface{} `field:"required" json:"tokenSelection" yaml:"tokenSelection"`
// A descriptive string that you want to prefix to user entities from your OIDC identity provider.
//
// For example, if you set an `entityIdPrefix` of `MyOIDCProvider` , you can reference principals in your policies in the format `MyCorp::User::MyOIDCProvider|Carlos` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectconfiguration-entityidprefix
//
EntityIdPrefix *string `field:"optional" json:"entityIdPrefix" yaml:"entityIdPrefix"`
// The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to.
//
// For example, this object can map the contents of a `groups` claim to `MyCorp::UserGroup` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectconfiguration-groupconfiguration
//
GroupConfiguration interface{} `field:"optional" json:"groupConfiguration" yaml:"groupConfiguration"`
}
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities.
It specifies the issuer URL, token type that you want to use, and policy store entity details.
This data type is part of a [Configuration](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html) structure, which is a parameter to [CreateIdentitySource](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html) .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
openIdConnectConfigurationProperty := &OpenIdConnectConfigurationProperty{
Issuer: jsii.String("issuer"),
TokenSelection: &OpenIdConnectTokenSelectionProperty{
AccessTokenOnly: &OpenIdConnectAccessTokenConfigurationProperty{
Audiences: []*string{
jsii.String("audiences"),
},
PrincipalIdClaim: jsii.String("principalIdClaim"),
},
IdentityTokenOnly: &OpenIdConnectIdentityTokenConfigurationProperty{
ClientIds: []*string{
jsii.String("clientIds"),
},
PrincipalIdClaim: jsii.String("principalIdClaim"),
},
},
// the properties below are optional
EntityIdPrefix: jsii.String("entityIdPrefix"),
GroupConfiguration: &OpenIdConnectGroupConfigurationProperty{
GroupClaim: jsii.String("groupClaim"),
GroupEntityType: jsii.String("groupEntityType"),
},
}
type CfnIdentitySource_OpenIdConnectGroupConfigurationProperty ¶ added in v2.148.0
type CfnIdentitySource_OpenIdConnectGroupConfigurationProperty struct {
// The token claim that you want Verified Permissions to interpret as group membership.
//
// For example, `groups` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectgroupconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectgroupconfiguration-groupclaim
//
GroupClaim *string `field:"required" json:"groupClaim" yaml:"groupClaim"`
// The policy store entity type that you want to map your users' group claim to.
//
// For example, `MyCorp::UserGroup` . A group entity type is an entity that can have a user entity type as a member.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectgroupconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectgroupconfiguration-groupentitytype
//
GroupEntityType *string `field:"required" json:"groupEntityType" yaml:"groupEntityType"`
}
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to.
For example, this object can map the contents of a `groups` claim to `MyCorp::UserGroup` .
This data type is part of a [OpenIdConnectConfiguration](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfiguration.html) structure, which is a parameter of [CreateIdentitySource](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html) .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
openIdConnectGroupConfigurationProperty := &OpenIdConnectGroupConfigurationProperty{
GroupClaim: jsii.String("groupClaim"),
GroupEntityType: jsii.String("groupEntityType"),
}
type CfnIdentitySource_OpenIdConnectIdentityTokenConfigurationProperty ¶ added in v2.148.0
type CfnIdentitySource_OpenIdConnectIdentityTokenConfigurationProperty struct {
// The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider.
//
// For example, `1example23456789, 2example10111213` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectidentitytokenconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectidentitytokenconfiguration-clientids
//
ClientIds *[]*string `field:"optional" json:"clientIds" yaml:"clientIds"`
// The claim that determines the principal in OIDC access tokens.
//
// For example, `sub` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectidentitytokenconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectidentitytokenconfiguration-principalidclaim
//
// Default: - "sub".
//
PrincipalIdClaim *string `field:"optional" json:"principalIdClaim" yaml:"principalIdClaim"`
}
The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims.
Contains the claim that you want to identify as the principal in an authorization request, and the values of the `aud` claim, or audiences, that you want to accept.
This data type is part of a [OpenIdConnectTokenSelection](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelection.html) structure, which is a parameter of [CreateIdentitySource](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html) .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
openIdConnectIdentityTokenConfigurationProperty := &OpenIdConnectIdentityTokenConfigurationProperty{
ClientIds: []*string{
jsii.String("clientIds"),
},
PrincipalIdClaim: jsii.String("principalIdClaim"),
}
type CfnIdentitySource_OpenIdConnectTokenSelectionProperty ¶ added in v2.148.0
type CfnIdentitySource_OpenIdConnectTokenSelectionProperty struct {
// The OIDC configuration for processing access tokens.
//
// Contains allowed audience claims, for example `https://auth.example.com` , and the claim that you want to map to the principal, for example `sub` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnecttokenselection.html#cfn-verifiedpermissions-identitysource-openidconnecttokenselection-accesstokenonly
//
AccessTokenOnly interface{} `field:"optional" json:"accessTokenOnly" yaml:"accessTokenOnly"`
// The OIDC configuration for processing identity (ID) tokens.
//
// Contains allowed client ID claims, for example `1example23456789` , and the claim that you want to map to the principal, for example `sub` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnecttokenselection.html#cfn-verifiedpermissions-identitysource-openidconnecttokenselection-identitytokenonly
//
IdentityTokenOnly interface{} `field:"optional" json:"identityTokenOnly" yaml:"identityTokenOnly"`
}
The token type that you want to process from your OIDC identity provider.
Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
This data type is part of a [OpenIdConnectConfiguration](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfiguration.html) structure, which is a parameter of [CreateIdentitySource](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html) .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
openIdConnectTokenSelectionProperty := &OpenIdConnectTokenSelectionProperty{
AccessTokenOnly: &OpenIdConnectAccessTokenConfigurationProperty{
Audiences: []*string{
jsii.String("audiences"),
},
PrincipalIdClaim: jsii.String("principalIdClaim"),
},
IdentityTokenOnly: &OpenIdConnectIdentityTokenConfigurationProperty{
ClientIds: []*string{
jsii.String("clientIds"),
},
PrincipalIdClaim: jsii.String("principalIdClaim"),
},
}
type CfnPolicy ¶
type CfnPolicy interface {
awscdk.CfnResource
awscdk.IInspectable
// The unique ID of the new or updated policy.
AttrPolicyId() *string
// The type of the policy. This is one of the following values:.
//
// - Static
// - TemplateLinked.
AttrPolicyType() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// Specifies the policy type and content to use for the new or updated policy.
Definition() interface{}
SetDefinition(val interface{})
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Specifies the `PolicyStoreId` of the policy store you want to store the policy in.
PolicyStoreId() *string
SetPolicyStoreId(val *string)
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Creates or updates a Cedar policy and saves it in the specified policy store.
You can create either a static policy or a policy linked to a policy template.
You can directly update only static policies. To update a template-linked policy, you must update its linked policy template instead.
- To create a static policy, in the `Definition` include a `Static` element that includes the Cedar policy text in the `Statement` element. - To create a policy that is dynamically linked to a policy template, in the `Definition` include a `Templatelinked` element that specifies the policy template ID and the principal and resource to associate with this policy. If the policy template is ever updated, any policies linked to the policy template automatically use the updated template.
> - If policy validation is enabled in the policy store, then updating a static policy causes Verified Permissions to validate the policy against the schema in the policy store. If the updated static policy doesn't pass validation, the operation fails and the update isn't stored. > - When you edit a static policy, You can change only certain elements of a static policy: > > - The action referenced by the policy. > - A condition clause, such as when and unless. > > You can't change these elements of a static policy: > > - Changing a policy from a static policy to a template-linked policy. > - Changing the effect of a static policy from permit or forbid. > - The principal referenced by a static policy. > - The resource referenced by a static policy. > - To update a template-linked policy, you must update the template instead.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnPolicy := awscdk.Aws_verifiedpermissions.NewCfnPolicy(this, jsii.String("MyCfnPolicy"), &CfnPolicyProps{
Definition: &PolicyDefinitionProperty{
Static: &StaticPolicyDefinitionProperty{
Statement: jsii.String("statement"),
// the properties below are optional
Description: jsii.String("description"),
},
TemplateLinked: &TemplateLinkedPolicyDefinitionProperty{
PolicyTemplateId: jsii.String("policyTemplateId"),
// the properties below are optional
Principal: &EntityIdentifierProperty{
EntityId: jsii.String("entityId"),
EntityType: jsii.String("entityType"),
},
Resource: &EntityIdentifierProperty{
EntityId: jsii.String("entityId"),
EntityType: jsii.String("entityType"),
},
},
},
PolicyStoreId: jsii.String("policyStoreId"),
})
func NewCfnPolicy ¶
func NewCfnPolicy(scope constructs.Construct, id *string, props *CfnPolicyProps) CfnPolicy
type CfnPolicyProps ¶
type CfnPolicyProps struct {
// Specifies the policy type and content to use for the new or updated policy.
//
// The definition structure must include either a `Static` or a `TemplateLinked` element.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-policy.html#cfn-verifiedpermissions-policy-definition
//
Definition interface{} `field:"required" json:"definition" yaml:"definition"`
// Specifies the `PolicyStoreId` of the policy store you want to store the policy in.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-policy.html#cfn-verifiedpermissions-policy-policystoreid
//
PolicyStoreId *string `field:"required" json:"policyStoreId" yaml:"policyStoreId"`
}
Properties for defining a `CfnPolicy`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnPolicyProps := &CfnPolicyProps{
Definition: &PolicyDefinitionProperty{
Static: &StaticPolicyDefinitionProperty{
Statement: jsii.String("statement"),
// the properties below are optional
Description: jsii.String("description"),
},
TemplateLinked: &TemplateLinkedPolicyDefinitionProperty{
PolicyTemplateId: jsii.String("policyTemplateId"),
// the properties below are optional
Principal: &EntityIdentifierProperty{
EntityId: jsii.String("entityId"),
EntityType: jsii.String("entityType"),
},
Resource: &EntityIdentifierProperty{
EntityId: jsii.String("entityId"),
EntityType: jsii.String("entityType"),
},
},
},
PolicyStoreId: jsii.String("policyStoreId"),
}
type CfnPolicyStore ¶
type CfnPolicyStore interface {
awscdk.CfnResource
awscdk.IInspectable
// The [Amazon Resource Name (ARN)](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) of the new or updated policy store.
AttrArn() *string
// The unique ID of the new or updated policy store.
AttrPolicyStoreId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// Descriptive text that you can provide to help with identification of the current policy store.
Description() *string
SetDescription(val *string)
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// Creates or updates the policy schema in a policy store.
Schema() interface{}
SetSchema(val interface{})
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Specifies the validation setting for this policy store.
ValidationSettings() interface{}
SetValidationSettings(val interface{})
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Creates a policy store.
A policy store is a container for policy resources. You can create a separate policy store for each of your applications.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnPolicyStore := awscdk.Aws_verifiedpermissions.NewCfnPolicyStore(this, jsii.String("MyCfnPolicyStore"), &CfnPolicyStoreProps{
ValidationSettings: &ValidationSettingsProperty{
Mode: jsii.String("mode"),
},
// the properties below are optional
Description: jsii.String("description"),
Schema: &SchemaDefinitionProperty{
CedarJson: jsii.String("cedarJson"),
},
})
func NewCfnPolicyStore ¶
func NewCfnPolicyStore(scope constructs.Construct, id *string, props *CfnPolicyStoreProps) CfnPolicyStore
type CfnPolicyStoreProps ¶
type CfnPolicyStoreProps struct {
// Specifies the validation setting for this policy store.
//
// Currently, the only valid and required value is `Mode` .
//
// > We recommend that you turn on `STRICT` mode only after you define a schema. If a schema doesn't exist, then `STRICT` mode causes any policy to fail validation, and Verified Permissions rejects the policy. You can turn off validation by using the [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) . Then, when you have a schema defined, use [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) again to turn validation back on.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-policystore.html#cfn-verifiedpermissions-policystore-validationsettings
//
ValidationSettings interface{} `field:"required" json:"validationSettings" yaml:"validationSettings"`
// Descriptive text that you can provide to help with identification of the current policy store.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-policystore.html#cfn-verifiedpermissions-policystore-description
//
Description *string `field:"optional" json:"description" yaml:"description"`
// Creates or updates the policy schema in a policy store.
//
// Cedar can use the schema to validate any Cedar policies and policy templates submitted to the policy store. Any changes to the schema validate only policies and templates submitted after the schema change. Existing policies and templates are not re-evaluated against the changed schema. If you later update a policy, then it is evaluated against the new schema at that time.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-policystore.html#cfn-verifiedpermissions-policystore-schema
//
Schema interface{} `field:"optional" json:"schema" yaml:"schema"`
}
Properties for defining a `CfnPolicyStore`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnPolicyStoreProps := &CfnPolicyStoreProps{
ValidationSettings: &ValidationSettingsProperty{
Mode: jsii.String("mode"),
},
// the properties below are optional
Description: jsii.String("description"),
Schema: &SchemaDefinitionProperty{
CedarJson: jsii.String("cedarJson"),
},
}
type CfnPolicyStore_SchemaDefinitionProperty ¶
type CfnPolicyStore_SchemaDefinitionProperty struct {
// A JSON string representation of the schema supported by applications that use this policy store.
//
// For more information, see [Policy store schema](https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html) in the AVP User Guide.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policystore-schemadefinition.html#cfn-verifiedpermissions-policystore-schemadefinition-cedarjson
//
CedarJson *string `field:"optional" json:"cedarJson" yaml:"cedarJson"`
}
Contains a list of principal types, resource types, and actions that can be specified in policies stored in the same policy store.
If the validation mode for the policy store is set to `STRICT` , then policies that can't be validated by this schema are rejected by Verified Permissions and can't be stored in the policy store.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
schemaDefinitionProperty := &SchemaDefinitionProperty{
CedarJson: jsii.String("cedarJson"),
}
type CfnPolicyStore_ValidationSettingsProperty ¶
type CfnPolicyStore_ValidationSettingsProperty struct {
// The validation mode currently configured for this policy store. The valid values are:.
//
// - *OFF* – Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service.
// - *STRICT* – Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn't store them in the policy store.
//
// > If `Mode=STRICT` and the policy store doesn't contain a schema, Verified Permissions rejects all static policies and policy templates because there is no schema to validate against.
// >
// > To submit a static policy or policy template without a schema, you must turn off validation.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policystore-validationsettings.html#cfn-verifiedpermissions-policystore-validationsettings-mode
//
Mode *string `field:"required" json:"mode" yaml:"mode"`
}
A structure that contains Cedar policy validation settings for the policy store.
The validation mode determines which validation failures that Cedar considers serious enough to block acceptance of a new or edited static policy or policy template.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
validationSettingsProperty := &ValidationSettingsProperty{
Mode: jsii.String("mode"),
}
type CfnPolicyTemplate ¶
type CfnPolicyTemplate interface {
awscdk.CfnResource
awscdk.IInspectable
// The unique identifier of the new or modified policy template.
AttrPolicyTemplateId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The description to attach to the new or updated policy template.
Description() *string
SetDescription(val *string)
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// The unique identifier of the policy store that contains the template.
PolicyStoreId() *string
SetPolicyStoreId(val *string)
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Specifies the content that you want to use for the new policy template, written in the Cedar policy language.
Statement() *string
SetStatement(val *string)
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Creates a policy template.
A template can use placeholders for the principal and resource. A template must be instantiated into a policy by associating it with specific principals and resources to use for the placeholders. That instantiated policy can then be considered in authorization decisions. The instantiated policy works identically to any other policy, except that it is dynamically linked to the template. If the template changes, then any policies that are linked to that template are immediately updated as well.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnPolicyTemplate := awscdk.Aws_verifiedpermissions.NewCfnPolicyTemplate(this, jsii.String("MyCfnPolicyTemplate"), &CfnPolicyTemplateProps{
PolicyStoreId: jsii.String("policyStoreId"),
Statement: jsii.String("statement"),
// the properties below are optional
Description: jsii.String("description"),
})
func NewCfnPolicyTemplate ¶
func NewCfnPolicyTemplate(scope constructs.Construct, id *string, props *CfnPolicyTemplateProps) CfnPolicyTemplate
type CfnPolicyTemplateProps ¶
type CfnPolicyTemplateProps struct {
// The unique identifier of the policy store that contains the template.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-policytemplate.html#cfn-verifiedpermissions-policytemplate-policystoreid
//
PolicyStoreId *string `field:"required" json:"policyStoreId" yaml:"policyStoreId"`
// Specifies the content that you want to use for the new policy template, written in the Cedar policy language.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-policytemplate.html#cfn-verifiedpermissions-policytemplate-statement
//
Statement *string `field:"required" json:"statement" yaml:"statement"`
// The description to attach to the new or updated policy template.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-policytemplate.html#cfn-verifiedpermissions-policytemplate-description
//
Description *string `field:"optional" json:"description" yaml:"description"`
}
Properties for defining a `CfnPolicyTemplate`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnPolicyTemplateProps := &CfnPolicyTemplateProps{
PolicyStoreId: jsii.String("policyStoreId"),
Statement: jsii.String("statement"),
// the properties below are optional
Description: jsii.String("description"),
}
type CfnPolicy_EntityIdentifierProperty ¶
type CfnPolicy_EntityIdentifierProperty struct {
// The identifier of an entity.
//
// `"entityId":" *identifier* "`.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policy-entityidentifier.html#cfn-verifiedpermissions-policy-entityidentifier-entityid
//
EntityId *string `field:"required" json:"entityId" yaml:"entityId"`
// The type of an entity.
//
// Example: `"entityType":" *typeName* "`.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policy-entityidentifier.html#cfn-verifiedpermissions-policy-entityidentifier-entitytype
//
EntityType *string `field:"required" json:"entityType" yaml:"entityType"`
}
Contains the identifier of an entity in a policy, including its ID and type.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
entityIdentifierProperty := &EntityIdentifierProperty{
EntityId: jsii.String("entityId"),
EntityType: jsii.String("entityType"),
}
type CfnPolicy_PolicyDefinitionProperty ¶
type CfnPolicy_PolicyDefinitionProperty struct {
// A structure that describes a static policy.
//
// An static policy doesn't use a template or allow placeholders for entities.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policy-policydefinition.html#cfn-verifiedpermissions-policy-policydefinition-static
//
Static interface{} `field:"optional" json:"static" yaml:"static"`
// A structure that describes a policy that was instantiated from a template.
//
// The template can specify placeholders for `principal` and `resource` . When you use [CreatePolicy](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html) to create a policy from a template, you specify the exact principal and resource to use for the instantiated policy.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policy-policydefinition.html#cfn-verifiedpermissions-policy-policydefinition-templatelinked
//
TemplateLinked interface{} `field:"optional" json:"templateLinked" yaml:"templateLinked"`
}
A structure that defines a Cedar policy.
It includes the policy type, a description, and a policy body. This is a top level data type used to create a policy.
This data type is used as a request parameter for the [CreatePolicy](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html) operation. This structure must always have either an `Static` or a `TemplateLinked` element.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
policyDefinitionProperty := &PolicyDefinitionProperty{
Static: &StaticPolicyDefinitionProperty{
Statement: jsii.String("statement"),
// the properties below are optional
Description: jsii.String("description"),
},
TemplateLinked: &TemplateLinkedPolicyDefinitionProperty{
PolicyTemplateId: jsii.String("policyTemplateId"),
// the properties below are optional
Principal: &EntityIdentifierProperty{
EntityId: jsii.String("entityId"),
EntityType: jsii.String("entityType"),
},
Resource: &EntityIdentifierProperty{
EntityId: jsii.String("entityId"),
EntityType: jsii.String("entityType"),
},
},
}
type CfnPolicy_StaticPolicyDefinitionProperty ¶
type CfnPolicy_StaticPolicyDefinitionProperty struct {
// The policy content of the static policy, written in the Cedar policy language.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policy-staticpolicydefinition.html#cfn-verifiedpermissions-policy-staticpolicydefinition-statement
//
Statement *string `field:"required" json:"statement" yaml:"statement"`
// The description of the static policy.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policy-staticpolicydefinition.html#cfn-verifiedpermissions-policy-staticpolicydefinition-description
//
Description *string `field:"optional" json:"description" yaml:"description"`
}
A structure that defines a static policy.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
staticPolicyDefinitionProperty := &StaticPolicyDefinitionProperty{
Statement: jsii.String("statement"),
// the properties below are optional
Description: jsii.String("description"),
}
type CfnPolicy_TemplateLinkedPolicyDefinitionProperty ¶
type CfnPolicy_TemplateLinkedPolicyDefinitionProperty struct {
// The unique identifier of the policy template used to create this policy.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policy-templatelinkedpolicydefinition.html#cfn-verifiedpermissions-policy-templatelinkedpolicydefinition-policytemplateid
//
PolicyTemplateId *string `field:"required" json:"policyTemplateId" yaml:"policyTemplateId"`
// The principal associated with this template-linked policy.
//
// Verified Permissions substitutes this principal for the `?principal` placeholder in the policy template when it evaluates an authorization request.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policy-templatelinkedpolicydefinition.html#cfn-verifiedpermissions-policy-templatelinkedpolicydefinition-principal
//
Principal interface{} `field:"optional" json:"principal" yaml:"principal"`
// The resource associated with this template-linked policy.
//
// Verified Permissions substitutes this resource for the `?resource` placeholder in the policy template when it evaluates an authorization request.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-policy-templatelinkedpolicydefinition.html#cfn-verifiedpermissions-policy-templatelinkedpolicydefinition-resource
//
Resource interface{} `field:"optional" json:"resource" yaml:"resource"`
}
A structure that describes a policy created by instantiating a policy template.
> You can't directly update a template-linked policy. You must update the associated policy template instead.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
templateLinkedPolicyDefinitionProperty := &TemplateLinkedPolicyDefinitionProperty{
PolicyTemplateId: jsii.String("policyTemplateId"),
// the properties below are optional
Principal: &EntityIdentifierProperty{
EntityId: jsii.String("entityId"),
EntityType: jsii.String("entityType"),
},
Resource: &EntityIdentifierProperty{
EntityId: jsii.String("entityId"),
EntityType: jsii.String("entityType"),
},
}
Source Files
¶
- CfnIdentitySource.go
- CfnIdentitySourceProps.go
- CfnIdentitySource_CognitoGroupConfigurationProperty.go
- CfnIdentitySource_CognitoUserPoolConfigurationProperty.go
- CfnIdentitySource_IdentitySourceConfigurationProperty.go
- CfnIdentitySource_IdentitySourceDetailsProperty.go
- CfnIdentitySource_OpenIdConnectAccessTokenConfigurationProperty.go
- CfnIdentitySource_OpenIdConnectConfigurationProperty.go
- CfnIdentitySource_OpenIdConnectGroupConfigurationProperty.go
- CfnIdentitySource_OpenIdConnectIdentityTokenConfigurationProperty.go
- CfnIdentitySource_OpenIdConnectTokenSelectionProperty.go
- CfnIdentitySource__checks.go
- CfnPolicy.go
- CfnPolicyProps.go
- CfnPolicyStore.go
- CfnPolicyStoreProps.go
- CfnPolicyStore_SchemaDefinitionProperty.go
- CfnPolicyStore_ValidationSettingsProperty.go
- CfnPolicyStore__checks.go
- CfnPolicyTemplate.go
- CfnPolicyTemplateProps.go
- CfnPolicyTemplate__checks.go
- CfnPolicy_EntityIdentifierProperty.go
- CfnPolicy_PolicyDefinitionProperty.go
- CfnPolicy_StaticPolicyDefinitionProperty.go
- CfnPolicy_TemplateLinkedPolicyDefinitionProperty.go
- CfnPolicy__checks.go
- main.go
Directories
Click to show internal directories.
Click to hide internal directories.