UNPKG

@aws-cdk/aws-iam

Version:

CDK routines for easily assigning correct and minimal IAM permissions

github.com/aws/aws-cdk

aws/aws-cdk

1 lines 442 kB
1
{"version":"2","toolVersion":"1.84.0","snippets":{"edabba41c5da9d9ee34bd56c11f3da159cc14f27a29dc722a4daf6cacd2c1050":{"translations":{"python":{"source":"role = Role(self, \"MyRole\",\n assumed_by=ServicePrincipal(\"sns.amazonaws.com\")\n)\n\nrole.add_to_policy(PolicyStatement(\n resources=[\"*\"],\n actions=[\"lambda:InvokeFunction\"]\n))","version":"2"},"csharp":{"source":"var role = new Role(this, \"MyRole\", new RoleProps {\n AssumedBy = new ServicePrincipal(\"sns.amazonaws.com\")\n});\n\nrole.AddToPolicy(new PolicyStatement(new PolicyStatementProps {\n Resources = new [] { \"*\" },\n Actions = new [] { \"lambda:InvokeFunction\" }\n}));","version":"1"},"java":{"source":"Role role = Role.Builder.create(this, \"MyRole\")\n .assumedBy(new ServicePrincipal(\"sns.amazonaws.com\"))\n .build();\n\nrole.addToPolicy(PolicyStatement.Builder.create()\n .resources(List.of(\"*\"))\n .actions(List.of(\"lambda:InvokeFunction\"))\n .build());","version":"1"},"go":{"source":"role := lib.NewRole(this, jsii.String(\"MyRole\"), &RoleProps{\n\tAssumedBy: *lib.NewServicePrincipal(jsii.String(\"sns.amazonaws.com\")),\n})\n\nrole.AddToPolicy(lib.NewPolicyStatement(&PolicyStatementProps{\n\tResources: []*string{\n\t\tjsii.String(\"*\"),\n\t},\n\tActions: []*string{\n\t\tjsii.String(\"lambda:InvokeFunction\"),\n\t},\n}))","version":"1"},"$":{"source":" const role = new Role(this, 'MyRole', {\n assumedBy: new ServicePrincipal('sns.amazonaws.com'),\n });\n\n role.addToPolicy(new PolicyStatement({\n resources: ['*'],\n actions: ['lambda:InvokeFunction'],\n }));","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":22}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-iam.IPrincipal","@aws-cdk/aws-iam.PolicyStatement","@aws-cdk/aws-iam.PolicyStatementProps","@aws-cdk/aws-iam.Role","@aws-cdk/aws-iam.Role#addToPolicy","@aws-cdk/aws-iam.RoleProps","@aws-cdk/aws-iam.ServicePrincipal","constructs.Construct"],"fullSource":"import * as constructs from 'constructs';\nimport { PolicyStatement, Role, ServicePrincipal } from '../lib';\n\n// keep this import separate from other imports to reduce chance for merge conflicts with v2-main\n// eslint-disable-next-line no-duplicate-imports, import/order\nimport { Construct } from '@aws-cdk/core';\n\nexport class ExampleConstruct extends Construct {\n constructor(scope: constructs.Construct, id: string) {\n super(scope, id);\n\n /// !show\n const role = new Role(this, 'MyRole', {\n assumedBy: new ServicePrincipal('sns.amazonaws.com'),\n });\n\n role.addToPolicy(new PolicyStatement({\n resources: ['*'],\n actions: ['lambda:InvokeFunction'],\n }));\n /// !hide\n }\n}\n","syntaxKindCounter":{"10":4,"75":9,"104":1,"192":2,"193":2,"194":1,"196":1,"197":3,"225":1,"226":1,"242":1,"243":1,"281":3},"fqnsFingerprint":"0097c36abcca2062ce3cb3a933268aaa973fe9cd2127ae577355c4ede846bd6a"},"38b37167723c4421f6f32a6cf5cb2af49ff47a60c0dcf3998015418ae0fc2a95":{"translations":{"python":{"source":"user = User(self, \"MyUser\", password=cdk.SecretValue.unsafe_plain_text(\"1234\"))\ngroup = Group(self, \"MyGroup\")\n\npolicy = Policy(self, \"MyPolicy\")\npolicy.attach_to_user(user)\ngroup.attach_inline_policy(policy)","version":"2"},"csharp":{"source":"var user = new User(this, \"MyUser\", new UserProps { Password = SecretValue.UnsafePlainText(\"1234\") });\nvar group = new Group(this, \"MyGroup\");\n\nvar policy = new Policy(this, \"MyPolicy\");\npolicy.AttachToUser(user);\ngroup.AttachInlinePolicy(policy);","version":"1"},"java":{"source":"User user = User.Builder.create(this, \"MyUser\").password(SecretValue.unsafePlainText(\"1234\")).build();\nGroup group = new Group(this, \"MyGroup\");\n\nPolicy policy = new Policy(this, \"MyPolicy\");\npolicy.attachToUser(user);\ngroup.attachInlinePolicy(policy);","version":"1"},"go":{"source":"user := lib.NewUser(this, jsii.String(\"MyUser\"), &UserProps{\n\tPassword: cdk.SecretValue_UnsafePlainText(jsii.String(\"1234\")),\n})\ngroup := lib.NewGroup(this, jsii.String(\"MyGroup\"))\n\npolicy := lib.NewPolicy(this, jsii.String(\"MyPolicy\"))\npolicy.AttachToUser(user)\ngroup.attachInlinePolicy(policy)","version":"1"},"$":{"source":" const user = new User(this, 'MyUser', { password: cdk.SecretValue.unsafePlainText('1234') });\n const group = new Group(this, 'MyGroup');\n\n const policy = new Policy(this, 'MyPolicy');\n policy.attachToUser(user);\n group.attachInlinePolicy(policy);","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":36}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-iam.Group","@aws-cdk/aws-iam.IUser","@aws-cdk/aws-iam.Policy","@aws-cdk/aws-iam.Policy#attachToUser","@aws-cdk/aws-iam.User","@aws-cdk/aws-iam.UserProps","@aws-cdk/core.SecretValue","@aws-cdk/core.SecretValue#unsafePlainText","constructs.Construct"],"fullSource":"import * as cdk from '@aws-cdk/core';\nimport * as constructs from 'constructs';\nimport { Group, Policy, User } from '../lib';\n\n// keep this import separate from other imports to reduce chance for merge conflicts with v2-main\n// eslint-disable-next-line no-duplicate-imports, import/order\nimport { Construct } from '@aws-cdk/core';\n\nexport class ExampleConstruct extends Construct {\n constructor(scope: constructs.Construct, id: string) {\n super(scope, id);\n\n /// !show\n const user = new User(this, 'MyUser', { password: cdk.SecretValue.unsafePlainText('1234') });\n const group = new Group(this, 'MyGroup');\n\n const policy = new Policy(this, 'MyPolicy');\n policy.attachToUser(user);\n group.attachInlinePolicy(policy);\n /// !hide\n }\n}\n","syntaxKindCounter":{"10":4,"75":16,"104":3,"193":1,"194":4,"196":3,"197":3,"225":3,"226":2,"242":3,"243":3,"281":1},"fqnsFingerprint":"13df7914459f4f8453db458eb281a08de7f32eb1d09e32f8cbdba51b7b8e92aa"},"fd41528b3cbd6b346e84f9eee59ae90ac0a3d9192aab58a04930b1ba8572c469":{"translations":{"python":{"source":"group = Group(self, \"MyGroup\")\ngroup.add_managed_policy(ManagedPolicy.from_aws_managed_policy_name(\"AdministratorAccess\"))","version":"2"},"csharp":{"source":"var group = new Group(this, \"MyGroup\");\ngroup.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName(\"AdministratorAccess\"));","version":"1"},"java":{"source":"Group group = new Group(this, \"MyGroup\");\ngroup.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(\"AdministratorAccess\"));","version":"1"},"go":{"source":"group := lib.NewGroup(this, jsii.String(\"MyGroup\"))\ngroup.AddManagedPolicy(lib.ManagedPolicy_FromAwsManagedPolicyName(jsii.String(\"AdministratorAccess\")))","version":"1"},"$":{"source":"const group = new Group(this, 'MyGroup');\ngroup.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'));","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":47}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-iam.Group","@aws-cdk/aws-iam.Group#addManagedPolicy","@aws-cdk/aws-iam.IManagedPolicy","@aws-cdk/aws-iam.ManagedPolicy#fromAwsManagedPolicyName","constructs.Construct"],"fullSource":"import * as constructs from 'constructs';\nimport { Group, ManagedPolicy } from '../lib';\n\n// keep this import separate from other imports to reduce chance for merge conflicts with v2-main\n// eslint-disable-next-line no-duplicate-imports, import/order\nimport { Construct } from '@aws-cdk/core';\n\nexport class ExampleConstruct extends Construct {\n constructor(scope: constructs.Construct, id: string) {\n super(scope, id);\n\n /// !show\n const group = new Group(this, 'MyGroup');\n group.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'));\n /// !hide\n }\n}\n","syntaxKindCounter":{"10":2,"75":6,"104":1,"194":2,"196":2,"197":1,"225":1,"226":1,"242":1,"243":1},"fqnsFingerprint":"8cdbdfa4f1a0061979f1817be54bc9fda291cb5876955acbd179be2deb29b9f1"},"53fe6253cd9d35289ebc06b836e7a1a91e19da4c47eb8fb38cb71d6a6c99d5f3":{"translations":{"python":{"source":"# fn: lambda.Function\n# table: dynamodb.Table\n\n\ntable.grant_write_data(fn)","version":"2"},"csharp":{"source":"Function fn;\nTable table;\n\n\ntable.GrantWriteData(fn);","version":"1"},"java":{"source":"Function fn;\nTable table;\n\n\ntable.grantWriteData(fn);","version":"1"},"go":{"source":"var fn function\nvar table table\n\n\ntable.grantWriteData(fn)","version":"1"},"$":{"source":"declare const fn: lambda.Function;\ndeclare const table: dynamodb.Table;\n\ntable.grantWriteData(fn);","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":56}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-iam.IGrantable"],"fullSource":"// Hoisted imports begin after !show marker below\n/// !show\ndeclare const fn: lambda.Function;\ndeclare const table: dynamodb.Table;\n/// !hide\n// Hoisted imports ended before !hide marker above\nimport { Construct } from 'constructs';\nimport { CustomResource, Stack } from '@aws-cdk/core';\nimport * as codepipeline from '@aws-cdk/aws-codepipeline';\nimport * as dynamodb from '@aws-cdk/aws-dynamodb';\nimport * as lambda from '@aws-cdk/aws-lambda';\nimport * as iam from '@aws-cdk/aws-iam';\n\nclass Fixture extends Stack {\n constructor(scope: Construct, id: string) {\n super(scope, id);\n\n // Code snippet begins after !show marker below\n/// !show\n\n\ntable.grantWriteData(fn);\n/// !hide\n// Code snippet ended before !hide marker above\n }\n}\n","syntaxKindCounter":{"75":9,"130":2,"153":2,"169":2,"194":1,"196":1,"225":2,"226":1,"242":2,"243":2,"290":1},"fqnsFingerprint":"1323b60ab94a88d4cf4c7c846ab0af5927a24713050028234cb9426c28ace47b"},"7808076bfee1b7971cc05930d4cebf8507933ada771a07e618c45d2a7dcf081f":{"translations":{"python":{"source":"# fn: lambda.Function\n# table: dynamodb.Table\n\n\ntable.grant(fn, \"dynamodb:PutItem\")","version":"2"},"csharp":{"source":"Function fn;\nTable table;\n\n\ntable.Grant(fn, \"dynamodb:PutItem\");","version":"1"},"java":{"source":"Function fn;\nTable table;\n\n\ntable.grant(fn, \"dynamodb:PutItem\");","version":"1"},"go":{"source":"var fn function\nvar table table\n\n\ntable.grant(fn, jsii.String(\"dynamodb:PutItem\"))","version":"1"},"$":{"source":"declare const fn: lambda.Function;\ndeclare const table: dynamodb.Table;\n\ntable.grant(fn, 'dynamodb:PutItem');","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":65}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-iam.IGrantable"],"fullSource":"// Hoisted imports begin after !show marker below\n/// !show\ndeclare const fn: lambda.Function;\ndeclare const table: dynamodb.Table;\n/// !hide\n// Hoisted imports ended before !hide marker above\nimport { Construct } from 'constructs';\nimport { CustomResource, Stack } from '@aws-cdk/core';\nimport * as codepipeline from '@aws-cdk/aws-codepipeline';\nimport * as dynamodb from '@aws-cdk/aws-dynamodb';\nimport * as lambda from '@aws-cdk/aws-lambda';\nimport * as iam from '@aws-cdk/aws-iam';\n\nclass Fixture extends Stack {\n constructor(scope: Construct, id: string) {\n super(scope, id);\n\n // Code snippet begins after !show marker below\n/// !show\n\n\ntable.grant(fn, 'dynamodb:PutItem');\n/// !hide\n// Code snippet ended before !hide marker above\n }\n}\n","syntaxKindCounter":{"10":1,"75":9,"130":2,"153":2,"169":2,"194":1,"196":1,"225":2,"226":1,"242":2,"243":2,"290":1},"fqnsFingerprint":"1323b60ab94a88d4cf4c7c846ab0af5927a24713050028234cb9426c28ace47b"},"1afb0ac33880703dd032b083bc9d22bacd2581ea5480e33204c5f6689bad8cef":{"translations":{"python":{"source":"role = iam.Role(self, \"Role\",\n assumed_by=iam.ServicePrincipal(\"codepipeline.amazonaws.com\"),\n # custom description if desired\n description=\"This is a custom role...\"\n)\n\ncodepipeline.Pipeline(self, \"Pipeline\",\n # Give the Pipeline an immutable view of the Role\n role=role.without_policy_updates()\n)\n\n# You now have to manage the Role policies yourself\nrole.add_to_policy(iam.PolicyStatement(\n actions=[],\n resources=[]\n))","version":"2"},"csharp":{"source":"var role = new Role(this, \"Role\", new RoleProps {\n AssumedBy = new ServicePrincipal(\"codepipeline.amazonaws.com\"),\n // custom description if desired\n Description = \"This is a custom role...\"\n});\n\nnew Pipeline(this, \"Pipeline\", new PipelineProps {\n // Give the Pipeline an immutable view of the Role\n Role = role.WithoutPolicyUpdates()\n});\n\n// You now have to manage the Role policies yourself\nrole.AddToPolicy(new PolicyStatement(new PolicyStatementProps {\n Actions = new [] { },\n Resources = new [] { }\n}));","version":"1"},"java":{"source":"Role role = Role.Builder.create(this, \"Role\")\n .assumedBy(new ServicePrincipal(\"codepipeline.amazonaws.com\"))\n // custom description if desired\n .description(\"This is a custom role...\")\n .build();\n\nPipeline.Builder.create(this, \"Pipeline\")\n // Give the Pipeline an immutable view of the Role\n .role(role.withoutPolicyUpdates())\n .build();\n\n// You now have to manage the Role policies yourself\nrole.addToPolicy(PolicyStatement.Builder.create()\n .actions(List.of())\n .resources(List.of())\n .build());","version":"1"},"go":{"source":"role := iam.NewRole(this, jsii.String(\"Role\"), &RoleProps{\n\tAssumedBy: iam.NewServicePrincipal(jsii.String(\"codepipeline.amazonaws.com\")),\n\t// custom description if desired\n\tDescription: jsii.String(\"This is a custom role...\"),\n})\n\ncodepipeline.NewPipeline(this, jsii.String(\"Pipeline\"), &PipelineProps{\n\t// Give the Pipeline an immutable view of the Role\n\tRole: role.WithoutPolicyUpdates(),\n})\n\n// You now have to manage the Role policies yourself\nrole.AddToPolicy(iam.NewPolicyStatement(&PolicyStatementProps{\n\tActions: []*string{\n\t},\n\tResources: []*string{\n\t},\n}))","version":"1"},"$":{"source":"const role = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('codepipeline.amazonaws.com'),\n // custom description if desired\n description: 'This is a custom role...',\n});\n\nnew codepipeline.Pipeline(this, 'Pipeline', {\n // Give the Pipeline an immutable view of the Role\n role: role.withoutPolicyUpdates(),\n});\n\n// You now have to manage the Role policies yourself\nrole.addToPolicy(new iam.PolicyStatement({\n actions: [/* whatever actions you want */],\n resources: [/* whatever resources you intend to touch */],\n}));","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":113}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-codepipeline.Pipeline","@aws-cdk/aws-codepipeline.PipelineProps","@aws-cdk/aws-iam.IPrincipal","@aws-cdk/aws-iam.IRole","@aws-cdk/aws-iam.PolicyStatement","@aws-cdk/aws-iam.PolicyStatementProps","@aws-cdk/aws-iam.Role","@aws-cdk/aws-iam.Role#addToPolicy","@aws-cdk/aws-iam.Role#withoutPolicyUpdates","@aws-cdk/aws-iam.RoleProps","@aws-cdk/aws-iam.ServicePrincipal","constructs.Construct"],"fullSource":"import { Construct } from 'constructs';\nimport { CustomResource, Stack } from '@aws-cdk/core';\nimport * as codepipeline from '@aws-cdk/aws-codepipeline';\nimport * as dynamodb from '@aws-cdk/aws-dynamodb';\nimport * as lambda from '@aws-cdk/aws-lambda';\nimport * as iam from '@aws-cdk/aws-iam';\n\nclass Fixture extends Stack {\n constructor(scope: Construct, id: string) {\n super(scope, id);\n\n // Code snippet begins after !show marker below\n/// !show\nconst role = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('codepipeline.amazonaws.com'),\n // custom description if desired\n description: 'This is a custom role...',\n});\n\nnew codepipeline.Pipeline(this, 'Pipeline', {\n // Give the Pipeline an immutable view of the Role\n role: role.withoutPolicyUpdates(),\n});\n\n// You now have to manage the Role policies yourself\nrole.addToPolicy(new iam.PolicyStatement({\n actions: [/* whatever actions you want */],\n resources: [/* whatever resources you intend to touch */],\n}));\n/// !hide\n// Code snippet ended before !hide marker above\n }\n}\n","syntaxKindCounter":{"10":4,"75":18,"104":2,"192":2,"193":3,"194":6,"196":2,"197":4,"225":1,"226":2,"242":1,"243":1,"281":5},"fqnsFingerprint":"a5b1c3cfed5b10e83fe8c93baf71034d4933828a59e0f11361f35c6ceb4646c1"},"57f2aeb5a6ff0f3a68f45b3e37b6dcdc14ab44f9b3e7ab398a2cf91333033eba":{"translations":{"python":{"source":"role = iam.Role.from_role_arn(self, \"Role\", \"arn:aws:iam::123456789012:role/MyExistingRole\",\n # Set 'mutable' to 'false' to use the role as-is and prevent adding new\n # policies to it. The default is 'true', which means the role may be\n # modified as part of the deployment.\n mutable=False\n)","version":"2"},"csharp":{"source":"var role = Role.FromRoleArn(this, \"Role\", \"arn:aws:iam::123456789012:role/MyExistingRole\", new FromRoleArnOptions {\n // Set 'mutable' to 'false' to use the role as-is and prevent adding new\n // policies to it. The default is 'true', which means the role may be\n // modified as part of the deployment.\n Mutable = false\n});","version":"1"},"java":{"source":"IRole role = Role.fromRoleArn(this, \"Role\", \"arn:aws:iam::123456789012:role/MyExistingRole\", FromRoleArnOptions.builder()\n // Set 'mutable' to 'false' to use the role as-is and prevent adding new\n // policies to it. The default is 'true', which means the role may be\n // modified as part of the deployment.\n .mutable(false)\n .build());","version":"1"},"go":{"source":"role := iam.Role_FromRoleArn(this, jsii.String(\"Role\"), jsii.String(\"arn:aws:iam::123456789012:role/MyExistingRole\"), &FromRoleArnOptions{\n\t// Set 'mutable' to 'false' to use the role as-is and prevent adding new\n\t// policies to it. The default is 'true', which means the role may be\n\t// modified as part of the deployment.\n\tMutable: jsii.Boolean(false),\n})","version":"1"},"$":{"source":"const role = iam.Role.fromRoleArn(this, 'Role', 'arn:aws:iam::123456789012:role/MyExistingRole', {\n // Set 'mutable' to 'false' to use the role as-is and prevent adding new\n // policies to it. The default is 'true', which means the role may be\n // modified as part of the deployment.\n mutable: false,\n});","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":138}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-iam.FromRoleArnOptions","@aws-cdk/aws-iam.IRole","@aws-cdk/aws-iam.Role","@aws-cdk/aws-iam.Role#fromRoleArn","constructs.Construct"],"fullSource":"import { Construct } from 'constructs';\nimport { CustomResource, Stack } from '@aws-cdk/core';\nimport * as codepipeline from '@aws-cdk/aws-codepipeline';\nimport * as dynamodb from '@aws-cdk/aws-dynamodb';\nimport * as lambda from '@aws-cdk/aws-lambda';\nimport * as iam from '@aws-cdk/aws-iam';\n\nclass Fixture extends Stack {\n constructor(scope: Construct, id: string) {\n super(scope, id);\n\n // Code snippet begins after !show marker below\n/// !show\nconst role = iam.Role.fromRoleArn(this, 'Role', 'arn:aws:iam::123456789012:role/MyExistingRole', {\n // Set 'mutable' to 'false' to use the role as-is and prevent adding new\n // policies to it. The default is 'true', which means the role may be\n // modified as part of the deployment.\n mutable: false,\n});\n/// !hide\n// Code snippet ended before !hide marker above\n }\n}\n","syntaxKindCounter":{"10":2,"75":5,"91":1,"104":1,"193":1,"194":2,"196":1,"225":1,"242":1,"243":1,"281":1},"fqnsFingerprint":"d59ead6b111c144ce48ba250d04b67747510348aae95424e9fc5531d081fc7e7"},"30dbf807e3c41b86a361ec7acaa98d45dfca7cef387e09f959c509d44336d21f":{"translations":{"python":{"source":"role = iam.Role(self, \"MyRole\",\n assumed_by=iam.AccountPrincipal(\"123456789012\"),\n external_ids=[\"SUPPLY-ME\"]\n)","version":"2"},"csharp":{"source":"var role = new Role(this, \"MyRole\", new RoleProps {\n AssumedBy = new AccountPrincipal(\"123456789012\"),\n ExternalIds = new [] { \"SUPPLY-ME\" }\n});","version":"1"},"java":{"source":"Role role = Role.Builder.create(this, \"MyRole\")\n .assumedBy(new AccountPrincipal(\"123456789012\"))\n .externalIds(List.of(\"SUPPLY-ME\"))\n .build();","version":"1"},"go":{"source":"role := iam.NewRole(this, jsii.String(\"MyRole\"), &RoleProps{\n\tAssumedBy: iam.NewAccountPrincipal(jsii.String(\"123456789012\")),\n\tExternalIds: []*string{\n\t\tjsii.String(\"SUPPLY-ME\"),\n\t},\n})","version":"1"},"$":{"source":"const role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.AccountPrincipal('123456789012'),\n externalIds: ['SUPPLY-ME'],\n});","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":153}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-iam.AccountPrincipal","@aws-cdk/aws-iam.IPrincipal","@aws-cdk/aws-iam.Role","@aws-cdk/aws-iam.RoleProps","constructs.Construct"],"fullSource":"import * as constructs from 'constructs';\nimport * as iam from '../lib';\n\n// keep this import separate from other imports to reduce chance for merge conflicts with v2-main\n// eslint-disable-next-line no-duplicate-imports, import/order\nimport { Construct } from '@aws-cdk/core';\n\nexport class ExampleConstruct extends Construct {\n constructor(scope: constructs.Construct, id: string) {\n super(scope, id);\n\n /// !show\n const role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.AccountPrincipal('123456789012'),\n externalIds: ['SUPPLY-ME'],\n });\n /// !hide\n\n Array.isArray(role);\n }\n}\n","syntaxKindCounter":{"10":3,"75":7,"104":1,"192":1,"193":1,"194":2,"197":2,"225":1,"242":1,"243":1,"281":2},"fqnsFingerprint":"1f8de24a0f27120fb3c9d517cd1c2e8e30670095fbfcd13299b8be26aaa36f71"},"fe5f92331f4a13ffac2fc300e8ef04d1348da847f50affdd14853f4495ca127f":{"translations":{"python":{"source":"statement = iam.PolicyStatement()\nstatement.add_service_principal(\"cloudwatch.amazonaws.com\")\nstatement.add_service_principal(\"ec2.amazonaws.com\")\nstatement.add_arn_principal(\"arn:aws:boom:boom\")","version":"2"},"csharp":{"source":"var statement = new PolicyStatement();\nstatement.AddServicePrincipal(\"cloudwatch.amazonaws.com\");\nstatement.AddServicePrincipal(\"ec2.amazonaws.com\");\nstatement.AddArnPrincipal(\"arn:aws:boom:boom\");","version":"1"},"java":{"source":"PolicyStatement statement = new PolicyStatement();\nstatement.addServicePrincipal(\"cloudwatch.amazonaws.com\");\nstatement.addServicePrincipal(\"ec2.amazonaws.com\");\nstatement.addArnPrincipal(\"arn:aws:boom:boom\");","version":"1"},"go":{"source":"statement := iam.NewPolicyStatement()\nstatement.AddServicePrincipal(jsii.String(\"cloudwatch.amazonaws.com\"))\nstatement.AddServicePrincipal(jsii.String(\"ec2.amazonaws.com\"))\nstatement.AddArnPrincipal(jsii.String(\"arn:aws:boom:boom\"))","version":"1"},"$":{"source":"const statement = new iam.PolicyStatement();\nstatement.addServicePrincipal('cloudwatch.amazonaws.com');\nstatement.addServicePrincipal('ec2.amazonaws.com');\nstatement.addArnPrincipal('arn:aws:boom:boom');","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":193}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-iam.PolicyStatement","@aws-cdk/aws-iam.PolicyStatement#addArnPrincipal","@aws-cdk/aws-iam.PolicyStatement#addServicePrincipal"],"fullSource":"import { Construct } from 'constructs';\nimport { CustomResource, Stack } from '@aws-cdk/core';\nimport * as codepipeline from '@aws-cdk/aws-codepipeline';\nimport * as dynamodb from '@aws-cdk/aws-dynamodb';\nimport * as lambda from '@aws-cdk/aws-lambda';\nimport * as iam from '@aws-cdk/aws-iam';\n\nclass Fixture extends Stack {\n constructor(scope: Construct, id: string) {\n super(scope, id);\n\n // Code snippet begins after !show marker below\n/// !show\nconst statement = new iam.PolicyStatement();\nstatement.addServicePrincipal('cloudwatch.amazonaws.com');\nstatement.addServicePrincipal('ec2.amazonaws.com');\nstatement.addArnPrincipal('arn:aws:boom:boom');\n/// !hide\n// Code snippet ended before !hide marker above\n }\n}\n","syntaxKindCounter":{"10":3,"75":9,"194":4,"196":3,"197":1,"225":1,"226":3,"242":1,"243":1},"fqnsFingerprint":"bb83b5ba714e8224519798a9b185ced6a3767f71b29aaf07e3381cb76da4a20b"},"93ab0d764e7e4d09aa521f42b8805b64417e055a8ad032f8cf6cdea622d1020b":{"translations":{"python":{"source":"role = iam.Role(self, \"MyRole\",\n assumed_by=iam.CompositePrincipal(\n iam.ServicePrincipal(\"ec2.amazonaws.com\"),\n iam.AccountPrincipal(\"1818188181818187272\"))\n)","version":"2"},"csharp":{"source":"var role = new Role(this, \"MyRole\", new RoleProps {\n AssumedBy = new CompositePrincipal(\n new ServicePrincipal(\"ec2.amazonaws.com\"),\n new AccountPrincipal(\"1818188181818187272\"))\n});","version":"1"},"java":{"source":"Role role = Role.Builder.create(this, \"MyRole\")\n .assumedBy(new CompositePrincipal(\n new ServicePrincipal(\"ec2.amazonaws.com\"),\n new AccountPrincipal(\"1818188181818187272\")))\n .build();","version":"1"},"go":{"source":"role := iam.NewRole(this, jsii.String(\"MyRole\"), &RoleProps{\n\tAssumedBy: iam.NewCompositePrincipal(\n\tiam.NewServicePrincipal(jsii.String(\"ec2.amazonaws.com\")),\n\tiam.NewAccountPrincipal(jsii.String(\"1818188181818187272\"))),\n})","version":"1"},"$":{"source":"const role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.CompositePrincipal(\n new iam.ServicePrincipal('ec2.amazonaws.com'),\n new iam.AccountPrincipal('1818188181818187272')\n ),\n});","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":213}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-iam.AccountPrincipal","@aws-cdk/aws-iam.CompositePrincipal","@aws-cdk/aws-iam.IPrincipal","@aws-cdk/aws-iam.Role","@aws-cdk/aws-iam.RoleProps","@aws-cdk/aws-iam.ServicePrincipal","constructs.Construct"],"fullSource":"import { Construct } from 'constructs';\nimport { CustomResource, Stack } from '@aws-cdk/core';\nimport * as codepipeline from '@aws-cdk/aws-codepipeline';\nimport * as dynamodb from '@aws-cdk/aws-dynamodb';\nimport * as lambda from '@aws-cdk/aws-lambda';\nimport * as iam from '@aws-cdk/aws-iam';\n\nclass Fixture extends Stack {\n constructor(scope: Construct, id: string) {\n super(scope, id);\n\n // Code snippet begins after !show marker below\n/// !show\nconst role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.CompositePrincipal(\n new iam.ServicePrincipal('ec2.amazonaws.com'),\n new iam.AccountPrincipal('1818188181818187272')\n ),\n});\n/// !hide\n// Code snippet ended before !hide marker above\n }\n}\n","syntaxKindCounter":{"10":3,"75":10,"104":1,"193":1,"194":4,"197":4,"225":1,"242":1,"243":1,"281":1},"fqnsFingerprint":"812186ece47a914ecb7375bfaa4f63f69d0ca69652d78f2087c589de45b4c2af"},"d6447173e9537c5ebbcdf340d784ef18d92896f6badf647a84c615e69a62def5":{"translations":{"python":{"source":"principal = iam.AccountPrincipal(\"123456789000\").with_conditions({\"StringEquals\": {\"foo\": \"baz\"}})","version":"2"},"csharp":{"source":"var principal = new AccountPrincipal(\"123456789000\").WithConditions(new Dictionary<string, object> { { \"StringEquals\", new Dictionary<string, string> { { \"foo\", \"baz\" } } } });","version":"1"},"java":{"source":"PrincipalBase principal = new AccountPrincipal(\"123456789000\").withConditions(Map.of(\"StringEquals\", Map.of(\"foo\", \"baz\")));","version":"1"},"go":{"source":"principal := iam.NewAccountPrincipal(jsii.String(\"123456789000\")).WithConditions(map[string]interface{}{\n\t\"StringEquals\": map[string]*string{\n\t\t\"foo\": jsii.String(\"baz\"),\n\t},\n})","version":"1"},"$":{"source":"const principal = new iam.AccountPrincipal('123456789000')\n .withConditions({ StringEquals: { foo: \"baz\" } });","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":227}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-iam.AccountPrincipal","@aws-cdk/aws-iam.PrincipalBase","@aws-cdk/aws-iam.PrincipalBase#withConditions"],"fullSource":"import { Construct } from 'constructs';\nimport { CustomResource, Stack } from '@aws-cdk/core';\nimport * as codepipeline from '@aws-cdk/aws-codepipeline';\nimport * as dynamodb from '@aws-cdk/aws-dynamodb';\nimport * as lambda from '@aws-cdk/aws-lambda';\nimport * as iam from '@aws-cdk/aws-iam';\n\nclass Fixture extends Stack {\n constructor(scope: Construct, id: string) {\n super(scope, id);\n\n // Code snippet begins after !show marker below\n/// !show\nconst principal = new iam.AccountPrincipal('123456789000')\n .withConditions({ StringEquals: { foo: \"baz\" } });\n/// !hide\n// Code snippet ended before !hide marker above\n }\n}\n","syntaxKindCounter":{"10":2,"75":6,"193":2,"194":2,"196":1,"197":1,"225":1,"242":1,"243":1,"281":2},"fqnsFingerprint":"2a37a90d9f8e931c307f96e44c72002ff817d01b6514d941d8f8b198ea821a64"},"e0255902d0378c5663752bf93e948274242709921bad9ce9e29da3b5ff37c609":{"translations":{"python":{"source":"principal = iam.WebIdentityPrincipal(\"cognito-identity.amazonaws.com\", {\n \"StringEquals\": {\"cognito-identity.amazonaws.com:aud\": \"us-east-2:12345678-abcd-abcd-abcd-123456\"},\n \"ForAnyValue:StringLike\": {\"cognito-identity.amazonaws.com:amr\": \"unauthenticated\"}\n})","version":"2"},"csharp":{"source":"var principal = new WebIdentityPrincipal(\"cognito-identity.amazonaws.com\", new Dictionary<string, object> {\n { \"StringEquals\", new Dictionary<string, string> { { \"cognito-identity.amazonaws.com:aud\", \"us-east-2:12345678-abcd-abcd-abcd-123456\" } } },\n { \"ForAnyValue:StringLike\", new Dictionary<string, string> { { \"cognito-identity.amazonaws.com:amr\", \"unauthenticated\" } } }\n});","version":"1"},"java":{"source":"WebIdentityPrincipal principal = new WebIdentityPrincipal(\"cognito-identity.amazonaws.com\", Map.of(\n \"StringEquals\", Map.of(\"cognito-identity.amazonaws.com:aud\", \"us-east-2:12345678-abcd-abcd-abcd-123456\"),\n \"ForAnyValue:StringLike\", Map.of(\"cognito-identity.amazonaws.com:amr\", \"unauthenticated\")));","version":"1"},"go":{"source":"principal := iam.NewWebIdentityPrincipal(jsii.String(\"cognito-identity.amazonaws.com\"), map[string]interface{}{\n\t\"StringEquals\": map[string]*string{\n\t\t\"cognito-identity.amazonaws.com:aud\": jsii.String(\"us-east-2:12345678-abcd-abcd-abcd-123456\"),\n\t},\n\t\"ForAnyValue:StringLike\": map[string]*string{\n\t\t\"cognito-identity.amazonaws.com:amr\": jsii.String(\"unauthenticated\"),\n\t},\n})","version":"1"},"$":{"source":"const principal = new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com', {\n 'StringEquals': { 'cognito-identity.amazonaws.com:aud': 'us-east-2:12345678-abcd-abcd-abcd-123456' },\n 'ForAnyValue:StringLike': {'cognito-identity.amazonaws.com:amr': 'unauthenticated' },\n});","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":240}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-iam.WebIdentityPrincipal"],"fullSource":"import { Construct } from 'constructs';\nimport { CustomResource, Stack } from '@aws-cdk/core';\nimport * as codepipeline from '@aws-cdk/aws-codepipeline';\nimport * as dynamodb from '@aws-cdk/aws-dynamodb';\nimport * as lambda from '@aws-cdk/aws-lambda';\nimport * as iam from '@aws-cdk/aws-iam';\n\nclass Fixture extends Stack {\n constructor(scope: Construct, id: string) {\n super(scope, id);\n\n // Code snippet begins after !show marker below\n/// !show\nconst principal = new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com', {\n 'StringEquals': { 'cognito-identity.amazonaws.com:aud': 'us-east-2:12345678-abcd-abcd-abcd-123456' },\n 'ForAnyValue:StringLike': {'cognito-identity.amazonaws.com:amr': 'unauthenticated' },\n});\n/// !hide\n// Code snippet ended before !hide marker above\n }\n}\n","syntaxKindCounter":{"10":7,"75":3,"193":3,"194":1,"197":1,"225":1,"242":1,"243":1,"281":4},"fqnsFingerprint":"0857ec53373f955628da1d4d15055069bd91dcc25d733a59366b3b0fe1b4eb40"},"799b98faca27f0d0360bf07646c6fef5ee7de16f94ff453ffe7176e2f97dc5b5":{"translations":{"python":{"source":"iam.Role(self, \"Role\",\n assumed_by=iam.WebIdentityPrincipal(\"cognito-identity.amazonaws.com\", {\n \"StringEquals\": {\n \"cognito-identity.amazonaws.com:aud\": \"us-east-2:12345678-abcd-abcd-abcd-123456\"\n },\n \"ForAnyValue:StringLike\": {\n \"cognito-identity.amazonaws.com:amr\": \"unauthenticated\"\n }\n }).with_session_tags()\n)","version":"2"},"csharp":{"source":"new Role(this, \"Role\", new RoleProps {\n AssumedBy = new WebIdentityPrincipal(\"cognito-identity.amazonaws.com\", new Dictionary<string, object> {\n { \"StringEquals\", new Dictionary<string, string> {\n { \"cognito-identity.amazonaws.com:aud\", \"us-east-2:12345678-abcd-abcd-abcd-123456\" }\n } },\n { \"ForAnyValue:StringLike\", new Dictionary<string, string> {\n { \"cognito-identity.amazonaws.com:amr\", \"unauthenticated\" }\n } }\n }).WithSessionTags()\n});","version":"1"},"java":{"source":"Role.Builder.create(this, \"Role\")\n .assumedBy(new WebIdentityPrincipal(\"cognito-identity.amazonaws.com\", Map.of(\n \"StringEquals\", Map.of(\n \"cognito-identity.amazonaws.com:aud\", \"us-east-2:12345678-abcd-abcd-abcd-123456\"),\n \"ForAnyValue:StringLike\", Map.of(\n \"cognito-identity.amazonaws.com:amr\", \"unauthenticated\"))).withSessionTags())\n .build();","version":"1"},"go":{"source":"iam.NewRole(this, jsii.String(\"Role\"), &RoleProps{\n\tAssumedBy: iam.NewWebIdentityPrincipal(jsii.String(\"cognito-identity.amazonaws.com\"), map[string]interface{}{\n\t\t\"StringEquals\": map[string]*string{\n\t\t\t\"cognito-identity.amazonaws.com:aud\": jsii.String(\"us-east-2:12345678-abcd-abcd-abcd-123456\"),\n\t\t},\n\t\t\"ForAnyValue:StringLike\": map[string]*string{\n\t\t\t\"cognito-identity.amazonaws.com:amr\": jsii.String(\"unauthenticated\"),\n\t\t},\n\t}).WithSessionTags(),\n})","version":"1"},"$":{"source":"new iam.Role(this, 'Role', {\n assumedBy: new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com', {\n 'StringEquals': {\n 'cognito-identity.amazonaws.com:aud': 'us-east-2:12345678-abcd-abcd-abcd-123456',\n },\n 'ForAnyValue:StringLike': {\n 'cognito-identity.amazonaws.com:amr': 'unauthenticated',\n },\n }).withSessionTags(),\n});","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":252}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-iam.IPrincipal","@aws-cdk/aws-iam.PrincipalBase#withSessionTags","@aws-cdk/aws-iam.Role","@aws-cdk/aws-iam.RoleProps","@aws-cdk/aws-iam.WebIdentityPrincipal","constructs.Construct"],"fullSource":"import { Construct } from 'constructs';\nimport { CustomResource, Stack } from '@aws-cdk/core';\nimport * as codepipeline from '@aws-cdk/aws-codepipeline';\nimport * as dynamodb from '@aws-cdk/aws-dynamodb';\nimport * as lambda from '@aws-cdk/aws-lambda';\nimport * as iam from '@aws-cdk/aws-iam';\n\nclass Fixture extends Stack {\n constructor(scope: Construct, id: string) {\n super(scope, id);\n\n // Code snippet begins after !show marker below\n/// !show\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com', {\n 'StringEquals': {\n 'cognito-identity.amazonaws.com:aud': 'us-east-2:12345678-abcd-abcd-abcd-123456',\n },\n 'ForAnyValue:StringLike': {\n 'cognito-identity.amazonaws.com:amr': 'unauthenticated',\n },\n }).withSessionTags(),\n});\n/// !hide\n// Code snippet ended before !hide marker above\n }\n}\n","syntaxKindCounter":{"10":8,"75":6,"104":1,"193":4,"194":3,"196":1,"197":2,"226":1,"281":5},"fqnsFingerprint":"66b3594d5969c3e7928dc9e3aaa2a7bc28f631e5507275444b6604bb12b4d7d8"},"5c214b1ace9c8a2d60cde42f5501251b159b85c9d3b8fcd3c38efab493d39657":{"translations":{"python":{"source":"policy_document = {\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Sid\": \"FirstStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\"iam:ChangePassword\"],\n \"Resource\": \"*\"\n }, {\n \"Sid\": \"SecondStatement\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListAllMyBuckets\",\n \"Resource\": \"*\"\n }, {\n \"Sid\": \"ThirdStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\"s3:List*\", \"s3:Get*\"\n ],\n \"Resource\": [\"arn:aws:s3:::confidential-data\", \"arn:aws:s3:::confidential-data/*\"\n ],\n \"Condition\": {\"Bool\": {\"aws:_multi_factor_auth_present\": \"true\"}}\n }\n ]\n}\n\ncustom_policy_document = iam.PolicyDocument.from_json(policy_document)\n\n# You can pass this document as an initial document to a ManagedPolicy\n# or inline Policy.\nnew_managed_policy = iam.ManagedPolicy(self, \"MyNewManagedPolicy\",\n document=custom_policy_document\n)\nnew_policy = iam.Policy(self, \"MyNewPolicy\",\n document=custom_policy_document\n)","version":"2"},"csharp":{"source":"IDictionary<string, object> policyDocument = new Dictionary<string, object> {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new [] { new Dictionary<string, object> {\n { \"Sid\", \"FirstStatement\" },\n { \"Effect\", \"Allow\" },\n { \"Action\", new [] { \"iam:ChangePassword\" } },\n { \"Resource\", \"*\" }\n }, new Dictionary<string, string> {\n { \"Sid\", \"SecondStatement\" },\n { \"Effect\", \"Allow\" },\n { \"Action\", \"s3:ListAllMyBuckets\" },\n { \"Resource\", \"*\" }\n }, new Dictionary<string, object> {\n { \"Sid\", \"ThirdStatement\" },\n { \"Effect\", \"Allow\" },\n { \"Action\", new [] { \"s3:List*\", \"s3:Get*\" } },\n { \"Resource\", new [] { \"arn:aws:s3:::confidential-data\", \"arn:aws:s3:::confidential-data/*\" } },\n { \"Condition\", new Dictionary<string, IDictionary<string, string>> { { \"Bool\", new Dictionary<string, string> { { \"aws:MultiFactorAuthPresent\", \"true\" } } } } }\n } } }\n};\n\nvar customPolicyDocument = PolicyDocument.FromJson(policyDocument);\n\n// You can pass this document as an initial document to a ManagedPolicy\n// or inline Policy.\nvar newManagedPolicy = new ManagedPolicy(this, \"MyNewManagedPolicy\", new ManagedPolicyProps {\n Document = customPolicyDocument\n});\nvar newPolicy = new Policy(this, \"MyNewPolicy\", new PolicyProps {\n Document = customPolicyDocument\n});","version":"1"},"java":{"source":"Map<String, Object> policyDocument = Map.of(\n \"Version\", \"2012-10-17\",\n \"Statement\", List.of(Map.of(\n \"Sid\", \"FirstStatement\",\n \"Effect\", \"Allow\",\n \"Action\", List.of(\"iam:ChangePassword\"),\n \"Resource\", \"*\"), Map.of(\n \"Sid\", \"SecondStatement\",\n \"Effect\", \"Allow\",\n \"Action\", \"s3:ListAllMyBuckets\",\n \"Resource\", \"*\"), Map.of(\n \"Sid\", \"ThirdStatement\",\n \"Effect\", \"Allow\",\n \"Action\", List.of(\"s3:List*\", \"s3:Get*\"),\n \"Resource\", List.of(\"arn:aws:s3:::confidential-data\", \"arn:aws:s3:::confidential-data/*\"),\n \"Condition\", Map.of(\"Bool\", Map.of(\"aws:MultiFactorAuthPresent\", \"true\")))));\n\nPolicyDocument customPolicyDocument = PolicyDocument.fromJson(policyDocument);\n\n// You can pass this document as an initial document to a ManagedPolicy\n// or inline Policy.\nManagedPolicy newManagedPolicy = ManagedPolicy.Builder.create(this, \"MyNewManagedPolicy\")\n .document(customPolicyDocument)\n .build();\nPolicy newPolicy = Policy.Builder.create(this, \"MyNewPolicy\")\n .document(customPolicyDocument)\n .build();","version":"1"},"go":{"source":"policyDocument := map[string]interface{}{\n\t\"Version\": jsii.String(\"2012-10-17\"),\n\t\"Statement\": []interface{}{\n\t\tmap[string]interface{}{\n\t\t\t\"Sid\": jsii.String(\"FirstStatement\"),\n\t\t\t\"Effect\": jsii.String(\"Allow\"),\n\t\t\t\"Action\": []*string{\n\t\t\t\tjsii.String(\"iam:ChangePassword\"),\n\t\t\t},\n\t\t\t\"Resource\": jsii.String(\"*\"),\n\t\t},\n\t\tmap[string]*string{\n\t\t\t\"Sid\": jsii.String(\"SecondStatement\"),\n\t\t\t\"Effect\": jsii.String(\"Allow\"),\n\t\t\t\"Action\": jsii.String(\"s3:ListAllMyBuckets\"),\n\t\t\t\"Resource\": jsii.String(\"*\"),\n\t\t},\n\t\tmap[string]interface{}{\n\t\t\t\"Sid\": jsii.String(\"ThirdStatement\"),\n\t\t\t\"Effect\": jsii.String(\"Allow\"),\n\t\t\t\"Action\": []*string{\n\t\t\t\tjsii.String(\"s3:List*\"),\n\t\t\t\tjsii.String(\"s3:Get*\"),\n\t\t\t},\n\t\t\t\"Resource\": []*string{\n\t\t\t\tjsii.String(\"arn:aws:s3:::confidential-data\"),\n\t\t\t\tjsii.String(\"arn:aws:s3:::confidential-data/*\"),\n\t\t\t},\n\t\t\t\"Condition\": map[string]map[string]*string{\n\t\t\t\t\"Bool\": map[string]*string{\n\t\t\t\t\t\"aws:MultiFactorAuthPresent\": jsii.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n}\n\ncustomPolicyDocument := iam.PolicyDocument_FromJson(policyDocument)\n\n// You can pass this document as an initial document to a ManagedPolicy\n// or inline Policy.\nnewManagedPolicy := iam.NewManagedPolicy(this, jsii.String(\"MyNewManagedPolicy\"), &ManagedPolicyProps{\n\tDocument: customPolicyDocument,\n})\nnewPolicy := iam.NewPolicy(this, jsii.String(\"MyNewPolicy\"), &PolicyProps{\n\tDocument: customPolicyDocument,\n})","version":"1"},"$":{"source":"const policyDocument = {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"FirstStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\"iam:ChangePassword\"],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"SecondStatement\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListAllMyBuckets\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"ThirdStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:List*\",\n \"s3:Get*\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::confidential-data\",\n \"arn:aws:s3:::confidential-data/*\"\n ],\n \"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": \"true\"}}\n }\n ]\n};\n\nconst customPolicyDocument = iam.PolicyDocument.fromJson(policyDocument);\n\n// You can pass this document as an initial document to a ManagedPolicy\n// or inline Policy.\nconst newManagedPolicy = new iam.ManagedPolicy(this, 'MyNewManagedPolicy', {\n document: customPolicyDocument,\n});\nconst newPolicy = new iam.Policy(this, 'MyNewPolicy', {\n document: customPolicyDocument,\n});","version":"0"}},"location":{"api":{"api":"moduleReadme","moduleFqn":"@aws-cdk/aws-iam"},"field":{"field":"markdown","line":270}},"didCompile":true,"fqnsReferenced":["@aws-cdk/aws-iam.ManagedPolicy","@aws-cdk/aws-iam.ManagedPolicyProps","@aws-cdk/aws-iam.Policy","@aws-cdk/aws-iam.PolicyDocument","@aws-cdk/aws-iam.PolicyDocument#fromJson","@aws-cdk/aws-iam.PolicyProps","constructs.Construct"],"fullSource":"import { Construct } from 'constructs';\nimport { CustomResource, Stack } from '@aws-cdk/core';\nimport * as codepipeline from '@aws-cdk/aws-codepipeline';\nimport * as dynamodb from '@aws-cdk/aws-dynamodb';\nimport * as lambda from '@aws-cdk/aws-lambda';\nimport * as iam from '@aws-cdk/aws-iam';\n\nclass Fixture extends Stack {\n constructor(scope: Construct, id: string) {\n super(scope, id);\n\n // Code snippet begins after !show marker below\n/// !show\nconst policyDocument = {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"FirstStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\"iam:ChangePassword\"],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"SecondStatement\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListAllMyBuckets\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"ThirdStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:List*\",\n \"s3:Get*\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::confidential-data\",\n \"arn:aws:s3:::confidential-data/*\"\n ],\n \"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": \"true\"}}\n }\n ]\n};\n\nconst customPolicyDocument = iam.PolicyDocument.fromJson(policyDocument);\n\n// You can pass this document as an initial document to a ManagedPolicy\n// or inline Policy.\nconst newManagedPolicy = new iam.ManagedPolicy(this, 'MyNewManagedPolicy', {\n document: customPolicyDocument,\n});\nconst newPolicy = new iam.Policy(this, 'MyNewPolicy', {\n document: customPolicyDocument,\n});\n/// !hide\n// Code snippet ended before !hide marker above\n }\n}\n","syntaxKindCounter":{"10":35,"75":16,"104":2,"192":4,"193":8,"194":4,"196":1,"197":2,"225":4,"242":4,"243":4,"281":19},"fqnsFingerprint":"e8fb9a7a30f64f5caaed1825f7d4b0778ca110aca7444d91662fd345f74b0d7f"},"0c9953cbe048ca635c01a235449f1f0a40abc671afa69c5155dcd933ac01ef47":{"translations":{"python":{"source":"# Directly apply the boundary to a Role you create\n# role: iam.Role\n\n# Apply the boundary to an Role that was implicitly created for you\n# fn: lambda.Function\n\n# Remove a Permissions Boundary that is inherited, for example from the Stack level\n# custom_resource: CustomResource\n# This imports an existing policy.\nboundary = iam.ManagedPolicy.from_managed_policy_arn(self, \"Boundary\", \"arn:aws:iam::123456789012:policy/boundary\")\n\n# This creates a new boundary\nboundary2 = iam.ManagedPolicy(self, \"Boundary2\",\n statements=[\n iam.PolicyStatement(\n effect=iam.Effect.DENY,\n actions=[\"iam:*\"],\n resources=[\"*\"]\n )\n ]\n)\niam.PermissionsBoundary.of(role).apply(boundary)\niam.PermissionsBoundary.of(fn).apply(boundary)\n\n# Apply the boundary to all Roles in a stack\niam.PermissionsBoundary.of(self).apply(boundary)\niam.PermissionsBoundary.of(custom_resource).clear()","version":"2"},"csharp":{"source":"// Directly apply the boundary to a Role you create\nRole role;\n\n// Apply the boundary to an Role that was implicitly created for you\nFunction fn;\n\n// Remove a Permissions Boundary that is inherited, for example from the Stack level\nCustomResource customResource;\n// This imports an existing policy.\nvar boundary = ManagedPolicy.FromManagedPolicyArn(this, \"Boundary\", \"arn:aws:iam::123456789012:policy/boundary\");\n\n// This creates a new boundary\nvar boundary2 = new ManagedPolicy(this, \"Boundary2\", new ManagedPolicyProps {\n Statements = new [] {\n new PolicyStatement(new PolicyStatementProps {\n Effect = Effect.DENY,\n Actions = new [] { \"iam:*\" },\n Resources = new [] { \"*\" }\n }) }\n});\nPermissionsBoundary.Of(role).Apply(boundary);\nPermissionsBoundary.Of(fn).Apply(boundary);\n\n// Apply the boundary to all Roles in a stack\nPermissionsBoundary.Of(this).Apply(boundary);\nPermissionsBoundary.Of(customResource).Clear();","version":"1"},"java":{"source":"// Directly apply the boundary to a Role you create\nRole role;\n\n// Apply the boundary to an Role that was implicitly created for you\nFunction fn;\n\n// Remove a Permissions Boundary that is inherited, for example from the Stack level\nCustomResource customResource;\n// This imports an existing policy.\nIManagedPolicy boundary = ManagedPolicy.fromManagedPolicyArn(this, \"Boundary\", \"arn:aws:iam::123456789012:policy/boundary\");\n\n// This creates a new boundary\nManagedPolicy boundary2 = ManagedPolicy.Builder.create(this, \"Boundary2\")\n .statements(List.of(\n PolicyStatement.Builder.create()\n .effect(Effect.DENY)\n .actions(List.of(\"iam:*\"))\n .resources(List.of(\"*\"))\n .build()))\n .build();\nPermissionsBoundary.of(role).apply(boundary);\nPermissionsBoundary.of(fn).apply(boundary);\n\n// Apply the boundary to all Roles in a stack\nPermissionsBoundary.of(this).apply(boundary);\nPermissionsBoundary.of(customResource).clear();","version":"1"},"go":{"source":"// Directly apply the boundary to a Role you create\nvar role role\n\n// Apply the boundary to an Role that was implicitly created for you\nvar fn function\n\n// Remove a Permissions Boundary that is inherited, for example from the Stack level\nvar customResource customResource\n// This imports an existing policy.\nboundary := iam.ManagedPolicy_FromManagedPolicyArn(this, jsii.String(\"Boundary\"), jsii.String(\"arn:aws:iam::123456789012:policy/boundary\"))\n\n// This creates a new boundary\nboundary2 := iam.NewManagedPolicy(this, jsii.String(\"Boundary2\"), &ManagedPolicyProps{\n\tStatements: []policyStatement{\n\t\tiam.NewPolicyStatement(&PolicyStatementProps{\n\t\t\tEffect: iam.Effect_DENY,\n\t\t\tActions: []*string{\n\t\t\t\tjsii.String(\"iam:*\"),\n\t\t\t},\n\t\t\tResources: []*string{\n\t\t\t\tjsii.String(\"*\"),\n\t\t\t},\n\t\t}),\n\t},\n})\niam.PermissionsBoundary_Of(role).Apply(boundary)\niam.PermissionsBoundary_Of(fn).Apply(boundary)\n\n// Apply the boundary to all Roles in a stack\niam.PermissionsBoundary_Of(this).Apply(boundary)\niam.PermissionsBoundary_O