AWS Native is in preview. AWS Classic is fully supported.
aws-native.verifiedpermissions.PolicyStore
Explore with Pulumi AI
AWS Native is in preview. AWS Classic is fully supported.
Represents a policy store that you can place schema, policies, and policy templates in to validate authorization requests
Example Usage
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var myPolicyStore = new AwsNative.VerifiedPermissions.PolicyStore("myPolicyStore", new()
{
Schema = new AwsNative.VerifiedPermissions.Inputs.PolicyStoreSchemaDefinitionArgs
{
CedarJson = "{\"PhotoApp\":{\"commonTypes\":{\"PersonType\":{\"type\":\"Record\",\"attributes\":{\"age\":{\"type\":\"Long\"},\"name\":{\"type\":\"String\"}}},\"ContextType\":{\"type\":\"Record\",\"attributes\":{\"ip\":{\"type\":\"Extension\",\"name\":\"ipaddr\",\"required\":false},\"authenticated\":{\"type\":\"Boolean\",\"required\":true}}}},\"entityTypes\":{\"User\":{\"shape\":{\"type\":\"Record\",\"attributes\":{\"userId\":{\"type\":\"String\"},\"personInformation\":{\"type\":\"PersonType\"}}},\"memberOfTypes\":[\"UserGroup\"]},\"UserGroup\":{\"shape\":{\"type\":\"Record\",\"attributes\":{}}},\"Photo\":{\"shape\":{\"type\":\"Record\",\"attributes\":{\"account\":{\"type\":\"Entity\",\"name\":\"Account\",\"required\":true},\"private\":{\"type\":\"Boolean\",\"required\":true}}},\"memberOfTypes\":[\"Album\",\"Account\"]},\"Album\":{\"shape\":{\"type\":\"Record\",\"attributes\":{}}},\"Account\":{\"shape\":{\"type\":\"Record\",\"attributes\":{}}}},\"actions\":{\"viewPhoto\":{\"appliesTo\":{\"principalTypes\":[\"User\",\"UserGroup\"],\"resourceTypes\":[\"Photo\"],\"context\":{\"type\":\"ContextType\"}}},\"createPhoto\":{\"appliesTo\":{\"principalTypes\":[\"User\",\"UserGroup\"],\"resourceTypes\":[\"Photo\"],\"context\":{\"type\":\"ContextType\"}}},\"listPhotos\":{\"appliesTo\":{\"principalTypes\":[\"User\",\"UserGroup\"],\"resourceTypes\":[\"Photo\"],\"context\":{\"type\":\"ContextType\"}}}}}}",
},
ValidationSettings = new AwsNative.VerifiedPermissions.Inputs.PolicyStoreValidationSettingsArgs
{
Mode = AwsNative.VerifiedPermissions.PolicyStoreValidationMode.Strict,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/verifiedpermissions"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := verifiedpermissions.NewPolicyStore(ctx, "myPolicyStore", &verifiedpermissions.PolicyStoreArgs{
Schema: &verifiedpermissions.PolicyStoreSchemaDefinitionArgs{
CedarJson: pulumi.String("{\"PhotoApp\":{\"commonTypes\":{\"PersonType\":{\"type\":\"Record\",\"attributes\":{\"age\":{\"type\":\"Long\"},\"name\":{\"type\":\"String\"}}},\"ContextType\":{\"type\":\"Record\",\"attributes\":{\"ip\":{\"type\":\"Extension\",\"name\":\"ipaddr\",\"required\":false},\"authenticated\":{\"type\":\"Boolean\",\"required\":true}}}},\"entityTypes\":{\"User\":{\"shape\":{\"type\":\"Record\",\"attributes\":{\"userId\":{\"type\":\"String\"},\"personInformation\":{\"type\":\"PersonType\"}}},\"memberOfTypes\":[\"UserGroup\"]},\"UserGroup\":{\"shape\":{\"type\":\"Record\",\"attributes\":{}}},\"Photo\":{\"shape\":{\"type\":\"Record\",\"attributes\":{\"account\":{\"type\":\"Entity\",\"name\":\"Account\",\"required\":true},\"private\":{\"type\":\"Boolean\",\"required\":true}}},\"memberOfTypes\":[\"Album\",\"Account\"]},\"Album\":{\"shape\":{\"type\":\"Record\",\"attributes\":{}}},\"Account\":{\"shape\":{\"type\":\"Record\",\"attributes\":{}}}},\"actions\":{\"viewPhoto\":{\"appliesTo\":{\"principalTypes\":[\"User\",\"UserGroup\"],\"resourceTypes\":[\"Photo\"],\"context\":{\"type\":\"ContextType\"}}},\"createPhoto\":{\"appliesTo\":{\"principalTypes\":[\"User\",\"UserGroup\"],\"resourceTypes\":[\"Photo\"],\"context\":{\"type\":\"ContextType\"}}},\"listPhotos\":{\"appliesTo\":{\"principalTypes\":[\"User\",\"UserGroup\"],\"resourceTypes\":[\"Photo\"],\"context\":{\"type\":\"ContextType\"}}}}}}"),
},
ValidationSettings: &verifiedpermissions.PolicyStoreValidationSettingsArgs{
Mode: verifiedpermissions.PolicyStoreValidationModeStrict,
},
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws_native as aws_native
my_policy_store = aws_native.verifiedpermissions.PolicyStore("myPolicyStore",
schema=aws_native.verifiedpermissions.PolicyStoreSchemaDefinitionArgs(
cedar_json="{\"PhotoApp\":{\"commonTypes\":{\"PersonType\":{\"type\":\"Record\",\"attributes\":{\"age\":{\"type\":\"Long\"},\"name\":{\"type\":\"String\"}}},\"ContextType\":{\"type\":\"Record\",\"attributes\":{\"ip\":{\"type\":\"Extension\",\"name\":\"ipaddr\",\"required\":false},\"authenticated\":{\"type\":\"Boolean\",\"required\":true}}}},\"entityTypes\":{\"User\":{\"shape\":{\"type\":\"Record\",\"attributes\":{\"userId\":{\"type\":\"String\"},\"personInformation\":{\"type\":\"PersonType\"}}},\"memberOfTypes\":[\"UserGroup\"]},\"UserGroup\":{\"shape\":{\"type\":\"Record\",\"attributes\":{}}},\"Photo\":{\"shape\":{\"type\":\"Record\",\"attributes\":{\"account\":{\"type\":\"Entity\",\"name\":\"Account\",\"required\":true},\"private\":{\"type\":\"Boolean\",\"required\":true}}},\"memberOfTypes\":[\"Album\",\"Account\"]},\"Album\":{\"shape\":{\"type\":\"Record\",\"attributes\":{}}},\"Account\":{\"shape\":{\"type\":\"Record\",\"attributes\":{}}}},\"actions\":{\"viewPhoto\":{\"appliesTo\":{\"principalTypes\":[\"User\",\"UserGroup\"],\"resourceTypes\":[\"Photo\"],\"context\":{\"type\":\"ContextType\"}}},\"createPhoto\":{\"appliesTo\":{\"principalTypes\":[\"User\",\"UserGroup\"],\"resourceTypes\":[\"Photo\"],\"context\":{\"type\":\"ContextType\"}}},\"listPhotos\":{\"appliesTo\":{\"principalTypes\":[\"User\",\"UserGroup\"],\"resourceTypes\":[\"Photo\"],\"context\":{\"type\":\"ContextType\"}}}}}}",
),
validation_settings=aws_native.verifiedpermissions.PolicyStoreValidationSettingsArgs(
mode=aws_native.verifiedpermissions.PolicyStoreValidationMode.STRICT,
))
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const myPolicyStore = new aws_native.verifiedpermissions.PolicyStore("myPolicyStore", {
schema: {
cedarJson: "{\"PhotoApp\":{\"commonTypes\":{\"PersonType\":{\"type\":\"Record\",\"attributes\":{\"age\":{\"type\":\"Long\"},\"name\":{\"type\":\"String\"}}},\"ContextType\":{\"type\":\"Record\",\"attributes\":{\"ip\":{\"type\":\"Extension\",\"name\":\"ipaddr\",\"required\":false},\"authenticated\":{\"type\":\"Boolean\",\"required\":true}}}},\"entityTypes\":{\"User\":{\"shape\":{\"type\":\"Record\",\"attributes\":{\"userId\":{\"type\":\"String\"},\"personInformation\":{\"type\":\"PersonType\"}}},\"memberOfTypes\":[\"UserGroup\"]},\"UserGroup\":{\"shape\":{\"type\":\"Record\",\"attributes\":{}}},\"Photo\":{\"shape\":{\"type\":\"Record\",\"attributes\":{\"account\":{\"type\":\"Entity\",\"name\":\"Account\",\"required\":true},\"private\":{\"type\":\"Boolean\",\"required\":true}}},\"memberOfTypes\":[\"Album\",\"Account\"]},\"Album\":{\"shape\":{\"type\":\"Record\",\"attributes\":{}}},\"Account\":{\"shape\":{\"type\":\"Record\",\"attributes\":{}}}},\"actions\":{\"viewPhoto\":{\"appliesTo\":{\"principalTypes\":[\"User\",\"UserGroup\"],\"resourceTypes\":[\"Photo\"],\"context\":{\"type\":\"ContextType\"}}},\"createPhoto\":{\"appliesTo\":{\"principalTypes\":[\"User\",\"UserGroup\"],\"resourceTypes\":[\"Photo\"],\"context\":{\"type\":\"ContextType\"}}},\"listPhotos\":{\"appliesTo\":{\"principalTypes\":[\"User\",\"UserGroup\"],\"resourceTypes\":[\"Photo\"],\"context\":{\"type\":\"ContextType\"}}}}}}",
},
validationSettings: {
mode: aws_native.verifiedpermissions.PolicyStoreValidationMode.Strict,
},
});
Coming soon!
Create PolicyStore Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyStore(name: string, args: PolicyStoreArgs, opts?: CustomResourceOptions);
@overload
def PolicyStore(resource_name: str,
args: PolicyStoreArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyStore(resource_name: str,
opts: Optional[ResourceOptions] = None,
validation_settings: Optional[PolicyStoreValidationSettingsArgs] = None,
description: Optional[str] = None,
schema: Optional[PolicyStoreSchemaDefinitionArgs] = None)
func NewPolicyStore(ctx *Context, name string, args PolicyStoreArgs, opts ...ResourceOption) (*PolicyStore, error)
public PolicyStore(string name, PolicyStoreArgs args, CustomResourceOptions? opts = null)
public PolicyStore(String name, PolicyStoreArgs args)
public PolicyStore(String name, PolicyStoreArgs args, CustomResourceOptions options)
type: aws-native:verifiedpermissions:PolicyStore
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyStoreArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyStoreArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyStoreArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyStoreArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyStoreArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
Coming soon!
Coming soon!
Coming soon!
Coming soon!
const policyStoreResource = new aws_native.verifiedpermissions.PolicyStore("policyStoreResource", {
validationSettings: {
mode: aws_native.verifiedpermissions.PolicyStoreValidationMode.Off,
},
description: "string",
schema: {
cedarJson: "string",
},
});
Coming soon!
PolicyStore Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The PolicyStore resource accepts the following input properties:
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyStore resource produces the following output properties:
- Arn string
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Store stringId
- Arn string
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Store stringId
- arn String
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Store StringId
- arn string
- id string
- The provider-assigned unique ID for this managed resource.
- policy
Store stringId
- arn str
- id str
- The provider-assigned unique ID for this managed resource.
- policy_
store_ strid
- arn String
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Store StringId
Supporting Types
PolicyStoreSchemaDefinition, PolicyStoreSchemaDefinitionArgs
- Cedar
Json string
- Cedar
Json string
- cedar
Json String
- cedar
Json string
- cedar_
json str
- cedar
Json String
PolicyStoreValidationMode, PolicyStoreValidationModeArgs
- Off
- OFF
- Strict
- STRICT
- Policy
Store Validation Mode Off - OFF
- Policy
Store Validation Mode Strict - STRICT
- Off
- OFF
- Strict
- STRICT
- Off
- OFF
- Strict
- STRICT
- OFF
- OFF
- STRICT
- STRICT
- "OFF"
- OFF
- "STRICT"
- STRICT
PolicyStoreValidationSettings, PolicyStoreValidationSettingsArgs
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
AWS Native is in preview. AWS Classic is fully supported.