UNPKG

@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi.com

pulumi/pulumi-aws-native

59 lines (58 loc) 3.12 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
import * as pulumi from "@pulumi/pulumi"; import * as outputs from "../types/output"; /** * Represents a policy store that you can place schema, policies, and policy templates in to validate authorization requests */ export declare function getPolicyStore(args: GetPolicyStoreArgs, opts?: pulumi.InvokeOptions): Promise<GetPolicyStoreResult>; export interface GetPolicyStoreArgs { /** * The unique ID of the new or updated policy store. */ policyStoreId: string; } export interface GetPolicyStoreResult { /** * The [Amazon Resource Name (ARN)](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) of the new or updated policy store. */ readonly arn?: string; /** * Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted. * * The default state is `DISABLED` . */ readonly deletionProtection?: outputs.verifiedpermissions.PolicyStoreDeletionProtection; /** * Descriptive text that you can provide to help with identification of the current policy store. */ readonly description?: string; /** * The unique ID of the new or updated policy store. */ readonly policyStoreId?: string; /** * Creates or updates the policy schema in a policy store. Cedar can use the schema to validate any Cedar policies and policy templates submitted to the policy store. Any changes to the schema validate only policies and templates submitted after the schema change. Existing policies and templates are not re-evaluated against the changed schema. If you later update a policy, then it is evaluated against the new schema at that time. */ readonly schema?: outputs.verifiedpermissions.PolicyStoreSchemaDefinition; /** * The tags to add to the policy store */ readonly tags?: outputs.Tag[]; /** * Specifies the validation setting for this policy store. * * Currently, the only valid and required value is `Mode` . * * > We recommend that you turn on `STRICT` mode only after you define a schema. If a schema doesn't exist, then `STRICT` mode causes any policy to fail validation, and Verified Permissions rejects the policy. You can turn off validation by using the [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) . Then, when you have a schema defined, use [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) again to turn validation back on. */ readonly validationSettings?: outputs.verifiedpermissions.PolicyStoreValidationSettings; } /** * Represents a policy store that you can place schema, policies, and policy templates in to validate authorization requests */ export declare function getPolicyStoreOutput(args: GetPolicyStoreOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetPolicyStoreResult>; export interface GetPolicyStoreOutputArgs { /** * The unique ID of the new or updated policy store. */ policyStoreId: pulumi.Input<string>; }