Alchemy

Appearance

PolicyStatement ​

The PolicyStatement resource allows you to define and manage IAM policies that specify permissions for actions in AWS Entity Resolution. For more information, refer to the AWS EntityResolution PolicyStatements.

Minimal Example ​

Create a basic PolicyStatement with required properties and a common optional property.

ts
import AWS from "alchemy/aws/control";

const basicPolicyStatement = await AWS.EntityResolution.PolicyStatement("basicPolicy", {
  StatementId: "AllowS3Access",
  Action: ["s3:ListBucket", "s3:GetObject"],
  Effect: "Allow",
  Condition: "aws:RequestTag/Owner = 'admin'",
  Arn: "arn:aws:entityresolution:us-west-2:123456789012:policy/AllowS3Access"
});

Advanced Configuration ​

Configure a more complex PolicyStatement with multiple actions and principals.

ts
const advancedPolicyStatement = await AWS.EntityResolution.PolicyStatement("advancedPolicy", {
  StatementId: "CrossAccountS3Access",
  Action: [
    "s3:PutObject",
    "s3:DeleteObject"
  ],
  Effect: "Allow",
  Principal: ["arn:aws:iam::098765432109:user/OtherAccountUser"],
  Condition: "aws:SourceArn = 'arn:aws:s3:::my-bucket'",
  Arn: "arn:aws:entityresolution:us-west-2:123456789012:policy/CrossAccountS3Access"
});

Resource Adoption ​

Create a PolicyStatement that will adopt an existing resource if it already exists.

ts
const adoptPolicyStatement = await AWS.EntityResolution.PolicyStatement("adoptPolicy", {
  StatementId: "AdoptExistingPolicy",
  Action: ["sqs:SendMessage"],
  Effect: "Allow",
  Arn: "arn:aws:entityresolution:us-west-2:123456789012:policy/AdoptExistingPolicy",
  adopt: true
});

Policy with Multiple Conditions ​

Define a PolicyStatement with multiple conditions for fine-grained access control.

ts
const conditionalPolicyStatement = await AWS.EntityResolution.PolicyStatement("conditionalPolicy", {
  StatementId: "ConditionalAccess",
  Action: ["dynamodb:GetItem"],
  Effect: "Allow",
  Condition: JSON.stringify({
    "StringEquals": {
      "dynamodb:LeadingKeys": "userId"
    },
    "NumericLessThan": {
      "dynamodb:ReadCapacityUnits": 5
    }
  }),
  Arn: "arn:aws:entityresolution:us-west-2:123456789012:policy/ConditionalAccess"
});