Policy

Source: src/AWS/IAM/Policy.ts

A customer-managed IAM policy.

Policy owns the lifecycle of the policy metadata and its default version, rotating versions on updates while keeping the current document attached to a stable policy ARN.

Creating Policies

const policy = yield* Policy("AppPolicy", {
  policyDocument: {
    Version: "2012-10-17",
    Statement: [{
      Effect: "Allow",
      Action: ["s3:GetObject"],
      Resource: ["arn:aws:s3:::my-bucket/*"],
    }],
  },
});