Policy

Initial PolicyDocument to use for this Policy. If omited, any `PolicyStatement` provided in the `statements` property will be applied against the empty default `PolicyDocument`.

Default: - An empty policy.

Force creation of an `AWS::IAM::Policy`. Unless set to `true`, this `Policy` construct will not materialize to an `AWS::IAM::Policy` CloudFormation resource in case it would have no effect (for example, if it remains unattached to an IAM identity or if it has no statements). This is generally desired behavior, since it prevents creating invalid--and hence undeployable--CloudFormation templates. In cases where you know the policy must be created and it is actually an error if no statements have been added to it or it remains unattached to an IAM identity, you can set this to `true`.

Default: false

Groups to attach this policy to. You can also use `attachToGroup(group)` to attach this policy to a group.

Default: - No groups.

The name of the policy. If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name.

Default: - Uses the logical ID of the policy resource, which is ensured to be unique within the stack.

Roles to attach this policy to. You can also use `attachToRole(role)` to attach this policy to a role.

Default: - No roles.

Initial set of permissions to add to this policy document. You can also use `addStatements(...statement)` to add permissions later.

Default: - No statements.

Users to attach this policy to. You can also use `attachToUser(user)` to attach this policy to a user.

Default: - No users.