1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. verifiedpermissions
  5. Policy

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi

aws-native.verifiedpermissions.Policy

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi

Definition of AWS::VerifiedPermissions::Policy Resource Type

Example Usage

Example

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var policyStoreId = config.Require("policyStoreId");
    var description = config.Require("description");
    var statement = config.Require("statement");
    var staticPolicy = new AwsNative.VerifiedPermissions.Policy("staticPolicy", new()
    {
        PolicyStoreId = policyStoreId,
        Definition = new AwsNative.VerifiedPermissions.Inputs.PolicyDefinition0PropertiesArgs
        {
            Static = new AwsNative.VerifiedPermissions.Inputs.PolicyStaticPolicyDefinitionArgs
            {
                Description = description,
                Statement = statement,
            },
        },
    });

    return new Dictionary<string, object?>
    {
        ["policyId"] = staticPolicy.PolicyId,
    };
});
Copy
package main

import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/verifiedpermissions"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		policyStoreId := cfg.Require("policyStoreId")
		description := cfg.Require("description")
		statement := cfg.Require("statement")
		staticPolicy, err := verifiedpermissions.NewPolicy(ctx, "staticPolicy", &verifiedpermissions.PolicyArgs{
			PolicyStoreId: pulumi.String(policyStoreId),
			Definition: &verifiedpermissions.PolicyDefinition0PropertiesArgs{
				Static: &verifiedpermissions.PolicyStaticPolicyDefinitionArgs{
					Description: pulumi.String(description),
					Statement:   pulumi.String(statement),
				},
			},
		})
		if err != nil {
			return err
		}
		ctx.Export("policyId", staticPolicy.PolicyId)
		return nil
	})
}
Copy

Coming soon!

import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const config = new pulumi.Config();
const policyStoreId = config.require("policyStoreId");
const description = config.require("description");
const statement = config.require("statement");
const staticPolicy = new aws_native.verifiedpermissions.Policy("staticPolicy", {
    policyStoreId: policyStoreId,
    definition: {
        static: {
            description: description,
            statement: statement,
        },
    },
});
export const policyId = staticPolicy.policyId;
Copy
import pulumi
import pulumi_aws_native as aws_native

config = pulumi.Config()
policy_store_id = config.require("policyStoreId")
description = config.require("description")
statement = config.require("statement")
static_policy = aws_native.verifiedpermissions.Policy("staticPolicy",
    policy_store_id=policy_store_id,
    definition={
        "static": {
            "description": description,
            "statement": statement,
        },
    })
pulumi.export("policyId", static_policy.policy_id)
Copy

Coming soon!

Example

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var policyStoreId = config.Require("policyStoreId");
    var policyTemplateId = config.Require("policyTemplateId");
    var principalType = config.Require("principalType");
    var principalId = config.Require("principalId");
    var resourceType = config.Require("resourceType");
    var resourceId = config.Require("resourceId");
    var templateLinkedPolicy = new AwsNative.VerifiedPermissions.Policy("templateLinkedPolicy", new()
    {
        PolicyStoreId = policyStoreId,
        Definition = new AwsNative.VerifiedPermissions.Inputs.PolicyDefinition0PropertiesArgs
        {
            TemplateLinked = new AwsNative.VerifiedPermissions.Inputs.PolicyTemplateLinkedPolicyDefinitionArgs
            {
                PolicyTemplateId = policyTemplateId,
                Principal = new AwsNative.VerifiedPermissions.Inputs.PolicyEntityIdentifierArgs
                {
                    EntityType = principalType,
                    EntityId = principalId,
                },
                Resource = new AwsNative.VerifiedPermissions.Inputs.PolicyEntityIdentifierArgs
                {
                    EntityType = resourceType,
                    EntityId = resourceId,
                },
            },
        },
    });

    return new Dictionary<string, object?>
    {
        ["policyId"] = templateLinkedPolicy.PolicyId,
    };
});
Copy
package main

import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/verifiedpermissions"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		policyStoreId := cfg.Require("policyStoreId")
		policyTemplateId := cfg.Require("policyTemplateId")
		principalType := cfg.Require("principalType")
		principalId := cfg.Require("principalId")
		resourceType := cfg.Require("resourceType")
		resourceId := cfg.Require("resourceId")
		templateLinkedPolicy, err := verifiedpermissions.NewPolicy(ctx, "templateLinkedPolicy", &verifiedpermissions.PolicyArgs{
			PolicyStoreId: pulumi.String(policyStoreId),
			Definition: &verifiedpermissions.PolicyDefinition0PropertiesArgs{
				TemplateLinked: &verifiedpermissions.PolicyTemplateLinkedPolicyDefinitionArgs{
					PolicyTemplateId: pulumi.String(policyTemplateId),
					Principal: &verifiedpermissions.PolicyEntityIdentifierArgs{
						EntityType: pulumi.String(principalType),
						EntityId:   pulumi.String(principalId),
					},
					Resource: &verifiedpermissions.PolicyEntityIdentifierArgs{
						EntityType: pulumi.String(resourceType),
						EntityId:   pulumi.String(resourceId),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		ctx.Export("policyId", templateLinkedPolicy.PolicyId)
		return nil
	})
}
Copy

Coming soon!

import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const config = new pulumi.Config();
const policyStoreId = config.require("policyStoreId");
const policyTemplateId = config.require("policyTemplateId");
const principalType = config.require("principalType");
const principalId = config.require("principalId");
const resourceType = config.require("resourceType");
const resourceId = config.require("resourceId");
const templateLinkedPolicy = new aws_native.verifiedpermissions.Policy("templateLinkedPolicy", {
    policyStoreId: policyStoreId,
    definition: {
        templateLinked: {
            policyTemplateId: policyTemplateId,
            principal: {
                entityType: principalType,
                entityId: principalId,
            },
            resource: {
                entityType: resourceType,
                entityId: resourceId,
            },
        },
    },
});
export const policyId = templateLinkedPolicy.policyId;
Copy
import pulumi
import pulumi_aws_native as aws_native

config = pulumi.Config()
policy_store_id = config.require("policyStoreId")
policy_template_id = config.require("policyTemplateId")
principal_type = config.require("principalType")
principal_id = config.require("principalId")
resource_type = config.require("resourceType")
resource_id = config.require("resourceId")
template_linked_policy = aws_native.verifiedpermissions.Policy("templateLinkedPolicy",
    policy_store_id=policy_store_id,
    definition={
        "template_linked": {
            "policy_template_id": policy_template_id,
            "principal": {
                "entity_type": principal_type,
                "entity_id": principal_id,
            },
            "resource": {
                "entity_type": resource_type,
                "entity_id": resource_id,
            },
        },
    })
pulumi.export("policyId", template_linked_policy.policy_id)
Copy

Coming soon!

Create Policy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);
@overload
def Policy(resource_name: str,
           args: PolicyArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def Policy(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           definition: Optional[Union[PolicyDefinition0PropertiesArgs, PolicyDefinition1PropertiesArgs]] = None,
           policy_store_id: Optional[str] = None)
func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)
public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)
type: aws-native:verifiedpermissions:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. PolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. PolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. PolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. PolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. PolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Policy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Policy resource accepts the following input properties:

Definition This property is required. Pulumi.AwsNative.VerifiedPermissions.Inputs.PolicyDefinition0Properties | Pulumi.AwsNative.VerifiedPermissions.Inputs.PolicyDefinition1Properties
Specifies the policy type and content to use for the new or updated policy. The definition structure must include either a Static or a TemplateLinked element.
PolicyStoreId This property is required. string
Specifies the PolicyStoreId of the policy store you want to store the policy in.
Definition This property is required. PolicyDefinition0PropertiesArgs | PolicyDefinition1PropertiesArgs
Specifies the policy type and content to use for the new or updated policy. The definition structure must include either a Static or a TemplateLinked element.
PolicyStoreId This property is required. string
Specifies the PolicyStoreId of the policy store you want to store the policy in.
definition This property is required. PolicyDefinition0Properties | PolicyDefinition1Properties
Specifies the policy type and content to use for the new or updated policy. The definition structure must include either a Static or a TemplateLinked element.
policyStoreId This property is required. String
Specifies the PolicyStoreId of the policy store you want to store the policy in.
definition This property is required. PolicyDefinition0Properties | PolicyDefinition1Properties
Specifies the policy type and content to use for the new or updated policy. The definition structure must include either a Static or a TemplateLinked element.
policyStoreId This property is required. string
Specifies the PolicyStoreId of the policy store you want to store the policy in.
definition This property is required. PolicyDefinition0PropertiesArgs | PolicyDefinition1PropertiesArgs
Specifies the policy type and content to use for the new or updated policy. The definition structure must include either a Static or a TemplateLinked element.
policy_store_id This property is required. str
Specifies the PolicyStoreId of the policy store you want to store the policy in.
definition This property is required. Property Map | Property Map
Specifies the policy type and content to use for the new or updated policy. The definition structure must include either a Static or a TemplateLinked element.
policyStoreId This property is required. String
Specifies the PolicyStoreId of the policy store you want to store the policy in.

Outputs

All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
PolicyId string
The unique ID of the new or updated policy.
PolicyType Pulumi.AwsNative.VerifiedPermissions.PolicyType
The type of the policy. This is one of the following values:

  • Static
  • TemplateLinked
Id string
The provider-assigned unique ID for this managed resource.
PolicyId string
The unique ID of the new or updated policy.
PolicyType PolicyType
The type of the policy. This is one of the following values:

  • Static
  • TemplateLinked
id String
The provider-assigned unique ID for this managed resource.
policyId String
The unique ID of the new or updated policy.
policyType PolicyType
The type of the policy. This is one of the following values:

  • Static
  • TemplateLinked
id string
The provider-assigned unique ID for this managed resource.
policyId string
The unique ID of the new or updated policy.
policyType PolicyType
The type of the policy. This is one of the following values:

  • Static
  • TemplateLinked
id str
The provider-assigned unique ID for this managed resource.
policy_id str
The unique ID of the new or updated policy.
policy_type PolicyType
The type of the policy. This is one of the following values:

  • Static
  • TemplateLinked
id String
The provider-assigned unique ID for this managed resource.
policyId String
The unique ID of the new or updated policy.
policyType "STATIC" | "TEMPLATE_LINKED"
The type of the policy. This is one of the following values:

  • Static
  • TemplateLinked

Supporting Types

PolicyDefinition0Properties
, PolicyDefinition0PropertiesArgs

Static This property is required. PolicyStaticPolicyDefinition
static_ This property is required. PolicyStaticPolicyDefinition
static This property is required. PolicyStaticPolicyDefinition
static This property is required. PolicyStaticPolicyDefinition
static This property is required. Property Map

PolicyDefinition1Properties
, PolicyDefinition1PropertiesArgs

templateLinked This property is required. Property Map

PolicyEntityIdentifier
, PolicyEntityIdentifierArgs

EntityId This property is required. string
EntityType This property is required. string
EntityId This property is required. string
EntityType This property is required. string
entityId This property is required. String
entityType This property is required. String
entityId This property is required. string
entityType This property is required. string
entity_id This property is required. str
entity_type This property is required. str
entityId This property is required. String
entityType This property is required. String

PolicyStaticPolicyDefinition
, PolicyStaticPolicyDefinitionArgs

Statement This property is required. string
Description string
Statement This property is required. string
Description string
statement This property is required. String
description String
statement This property is required. string
description string
statement This property is required. str
description str
statement This property is required. String
description String

PolicyTemplateLinkedPolicyDefinition
, PolicyTemplateLinkedPolicyDefinitionArgs

PolicyType
, PolicyTypeArgs

Static
STATIC
TemplateLinked
TEMPLATE_LINKED
PolicyTypeStatic
STATIC
PolicyTypeTemplateLinked
TEMPLATE_LINKED
Static
STATIC
TemplateLinked
TEMPLATE_LINKED
Static
STATIC
TemplateLinked
TEMPLATE_LINKED
STATIC
STATIC
TEMPLATE_LINKED
TEMPLATE_LINKED
"STATIC"
STATIC
"TEMPLATE_LINKED"
TEMPLATE_LINKED

Package Details

Repository
AWS Native pulumi/pulumi-aws-native
License
Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi