aws-native.verifiedpermissions.Policy

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi

pulumi/pulumi-aws-native

Example Usage

Example

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var policyStoreId = config.Require("policyStoreId");
    var description = config.Require("description");
    var statement = config.Require("statement");
    var staticPolicy = new AwsNative.VerifiedPermissions.Policy("staticPolicy", new()
    {
        PolicyStoreId = policyStoreId,
        Definition = new AwsNative.VerifiedPermissions.Inputs.PolicyDefinition0PropertiesArgs
        {
            Static = new AwsNative.VerifiedPermissions.Inputs.PolicyStaticPolicyDefinitionArgs
            {
                Description = description,
                Statement = statement,
            },
        },
    });

    return new Dictionary<string, object?>
    {
        ["policyId"] = staticPolicy.PolicyId,
    };
});

package main

import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/verifiedpermissions"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		policyStoreId := cfg.Require("policyStoreId")
		description := cfg.Require("description")
		statement := cfg.Require("statement")
		staticPolicy, err := verifiedpermissions.NewPolicy(ctx, "staticPolicy", &verifiedpermissions.PolicyArgs{
			PolicyStoreId: pulumi.String(policyStoreId),
			Definition: &verifiedpermissions.PolicyDefinition0PropertiesArgs{
				Static: &verifiedpermissions.PolicyStaticPolicyDefinitionArgs{
					Description: pulumi.String(description),
					Statement:   pulumi.String(statement),
				},
			},
		})
		if err != nil {
			return err
		}
		ctx.Export("policyId", staticPolicy.PolicyId)
		return nil
	})
}

Coming soon!

import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const config = new pulumi.Config();
const policyStoreId = config.require("policyStoreId");
const description = config.require("description");
const statement = config.require("statement");
const staticPolicy = new aws_native.verifiedpermissions.Policy("staticPolicy", {
    policyStoreId: policyStoreId,
    definition: {
        static: {
            description: description,
            statement: statement,
        },
    },
});
export const policyId = staticPolicy.policyId;

import pulumi
import pulumi_aws_native as aws_native

config = pulumi.Config()
policy_store_id = config.require("policyStoreId")
description = config.require("description")
statement = config.require("statement")
static_policy = aws_native.verifiedpermissions.Policy("staticPolicy",
    policy_store_id=policy_store_id,
    definition={
        "static": {
            "description": description,
            "statement": statement,
        },
    })
pulumi.export("policyId", static_policy.policy_id)

Coming soon!

Example

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var policyStoreId = config.Require("policyStoreId");
    var policyTemplateId = config.Require("policyTemplateId");
    var principalType = config.Require("principalType");
    var principalId = config.Require("principalId");
    var resourceType = config.Require("resourceType");
    var resourceId = config.Require("resourceId");
    var templateLinkedPolicy = new AwsNative.VerifiedPermissions.Policy("templateLinkedPolicy", new()
    {
        PolicyStoreId = policyStoreId,
        Definition = new AwsNative.VerifiedPermissions.Inputs.PolicyDefinition0PropertiesArgs
        {
            TemplateLinked = new AwsNative.VerifiedPermissions.Inputs.PolicyTemplateLinkedPolicyDefinitionArgs
            {
                PolicyTemplateId = policyTemplateId,
                Principal = new AwsNative.VerifiedPermissions.Inputs.PolicyEntityIdentifierArgs
                {
                    EntityType = principalType,
                    EntityId = principalId,
                },
                Resource = new AwsNative.VerifiedPermissions.Inputs.PolicyEntityIdentifierArgs
                {
                    EntityType = resourceType,
                    EntityId = resourceId,
                },
            },
        },
    });

    return new Dictionary<string, object?>
    {
        ["policyId"] = templateLinkedPolicy.PolicyId,
    };
});

package main

import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/verifiedpermissions"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		policyStoreId := cfg.Require("policyStoreId")
		policyTemplateId := cfg.Require("policyTemplateId")
		principalType := cfg.Require("principalType")
		principalId := cfg.Require("principalId")
		resourceType := cfg.Require("resourceType")
		resourceId := cfg.Require("resourceId")
		templateLinkedPolicy, err := verifiedpermissions.NewPolicy(ctx, "templateLinkedPolicy", &verifiedpermissions.PolicyArgs{
			PolicyStoreId: pulumi.String(policyStoreId),
			Definition: &verifiedpermissions.PolicyDefinition0PropertiesArgs{
				TemplateLinked: &verifiedpermissions.PolicyTemplateLinkedPolicyDefinitionArgs{
					PolicyTemplateId: pulumi.String(policyTemplateId),
					Principal: &verifiedpermissions.PolicyEntityIdentifierArgs{
						EntityType: pulumi.String(principalType),
						EntityId:   pulumi.String(principalId),
					},
					Resource: &verifiedpermissions.PolicyEntityIdentifierArgs{
						EntityType: pulumi.String(resourceType),
						EntityId:   pulumi.String(resourceId),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		ctx.Export("policyId", templateLinkedPolicy.PolicyId)
		return nil
	})
}

Coming soon!

import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const config = new pulumi.Config();
const policyStoreId = config.require("policyStoreId");
const policyTemplateId = config.require("policyTemplateId");
const principalType = config.require("principalType");
const principalId = config.require("principalId");
const resourceType = config.require("resourceType");
const resourceId = config.require("resourceId");
const templateLinkedPolicy = new aws_native.verifiedpermissions.Policy("templateLinkedPolicy", {
    policyStoreId: policyStoreId,
    definition: {
        templateLinked: {
            policyTemplateId: policyTemplateId,
            principal: {
                entityType: principalType,
                entityId: principalId,
            },
            resource: {
                entityType: resourceType,
                entityId: resourceId,
            },
        },
    },
});
export const policyId = templateLinkedPolicy.policyId;

import pulumi
import pulumi_aws_native as aws_native

config = pulumi.Config()
policy_store_id = config.require("policyStoreId")
policy_template_id = config.require("policyTemplateId")
principal_type = config.require("principalType")
principal_id = config.require("principalId")
resource_type = config.require("resourceType")
resource_id = config.require("resourceId")
template_linked_policy = aws_native.verifiedpermissions.Policy("templateLinkedPolicy",
    policy_store_id=policy_store_id,
    definition={
        "template_linked": {
            "policy_template_id": policy_template_id,
            "principal": {
                "entity_type": principal_type,
                "entity_id": principal_id,
            },
            "resource": {
                "entity_type": resource_type,
                "entity_id": resource_id,
            },
        },
    })
pulumi.export("policyId", template_linked_policy.policy_id)

Coming soon!

Create Policy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);

@overload
def Policy(resource_name: str,
           args: PolicyArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def Policy(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           definition: Optional[Union[PolicyDefinition0PropertiesArgs, PolicyDefinition1PropertiesArgs]] = None,
           policy_store_id: Optional[str] = None)

func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)

public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)

public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)

type: aws-native:verifiedpermissions:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Policy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Policy resource accepts the following input properties:

Definition Pulumi.AwsNative.VerifiedPermissions.Inputs.PolicyDefinition0Properties | Pulumi.AwsNative.VerifiedPermissions.Inputs.PolicyDefinition1Properties: Specifies the policy type and content to use for the new or updated policy. The definition structure must include either a Static or a TemplateLinked element.
PolicyStoreId string: Specifies the PolicyStoreId of the policy store you want to store the policy in.

Definition PolicyDefinition0PropertiesArgs | PolicyDefinition1PropertiesArgs: Specifies the policy type and content to use for the new or updated policy. The definition structure must include either a Static or a TemplateLinked element.
PolicyStoreId string: Specifies the PolicyStoreId of the policy store you want to store the policy in.

definition PolicyDefinition0Properties | PolicyDefinition1Properties: Specifies the policy type and content to use for the new or updated policy. The definition structure must include either a Static or a TemplateLinked element.
policyStoreId String: Specifies the PolicyStoreId of the policy store you want to store the policy in.

definition PolicyDefinition0Properties | PolicyDefinition1Properties: Specifies the policy type and content to use for the new or updated policy. The definition structure must include either a Static or a TemplateLinked element.
policyStoreId string: Specifies the PolicyStoreId of the policy store you want to store the policy in.

definition PolicyDefinition0PropertiesArgs | PolicyDefinition1PropertiesArgs: Specifies the policy type and content to use for the new or updated policy. The definition structure must include either a Static or a TemplateLinked element.
policy_store_id str: Specifies the PolicyStoreId of the policy store you want to store the policy in.

definition Property Map | Property Map: Specifies the policy type and content to use for the new or updated policy. The definition structure must include either a Static or a TemplateLinked element.
policyStoreId String: Specifies the PolicyStoreId of the policy store you want to store the policy in.