AWS Fundamentals Logo
AWS Fundamentals
L1 ConstructAWS::VerifiedPermissions::PolicyStore

CfnPolicyStore

Creates a policy store. A policy store is a container for policy resources. You can create a separate policy store for each of your applications.

Import

import { CfnPolicyStore } from 'aws-cdk-lib/aws-verifiedpermissions';

Or use the module namespace:

import * as verifiedpermissions from 'aws-cdk-lib/aws-verifiedpermissions';
// verifiedpermissions.CfnPolicyStore

Properties

Configuration passed to the constructor as CfnPolicyStoreProps.

validationSettingsRequired
IResolvable | ValidationSettingsProperty

Specifies the validation setting for this policy store. Currently, the only valid and required value is `Mode` . > We recommend that you turn on `STRICT` mode only after you define a schema. If a schema doesn't exist, then `STRICT` mode causes any policy to fail validation, and Verified Permissions rejects the policy. You can turn off validation by using the [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) . Then, when you have a schema defined, use [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) again to turn validation back on.

deletionProtectionOptional
IResolvable | DeletionProtectionProperty

Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted. The default state is `DISABLED` .

descriptionOptional
string

Descriptive text that you can provide to help with identification of the current policy store.

encryptionSettingsOptional
IResolvable | EncryptionSettingsProperty
schemaOptional
IResolvable | SchemaDefinitionProperty

Creates or updates the policy schema in a policy store. Cedar can use the schema to validate any Cedar policies and policy templates submitted to the policy store. Any changes to the schema validate only policies and templates submitted after the schema change. Existing policies and templates are not re-evaluated against the changed schema. If you later update a policy, then it is evaluated against the new schema at that time.

tagsOptional
CfnTag[]

The list of key-value pairs to associate with the policy store.

CloudFormation Resource

This L1 construct maps directly to the following CloudFormation resource type.

AWS::VerifiedPermissions::PolicyStoreView in CloudFormation Explorer

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

LevelL1 (CloudFormation)
Moduleaws-verifiedpermissions
CFN TypeAWS::VerifiedPermissions::PolicyStore
Properties6

Related Constructs

Explore This Service

External Links