Permission ​
The Permission resource allows you to manage AWS QBusiness Permissions for controlling access to specific actions within QBusiness applications.
Minimal Example ​
Create a basic QBusiness permission with required properties.
ts
import AWS from "alchemy/aws/control";
const basicPermission = await AWS.QBusiness.Permission("basicPermission", {
Actions: ["qbusiness:StartConversation", "qbusiness:StopConversation"],
StatementId: "unique-statement-id-123",
ApplicationId: "my-application-id",
Principal: "arn:aws:iam::123456789012:user/my-iam-user"
});Advanced Configuration ​
Configure a permission that adopts an existing resource if it already exists.
ts
const advancedPermission = await AWS.QBusiness.Permission("advancedPermission", {
Actions: ["qbusiness:SendMessage", "qbusiness:ReceiveMessage"],
StatementId: "advanced-statement-id-456",
ApplicationId: "my-application-id",
Principal: "arn:aws:iam::123456789012:user/my-iam-user",
adopt: true // Adopt existing resource if it already exists
});Permission for Multiple Actions ​
Create a permission that grants access to a wider range of actions within the QBusiness application.
ts
const multiActionPermission = await AWS.QBusiness.Permission("multiActionPermission", {
Actions: [
"qbusiness:StartConversation",
"qbusiness:SendMessage",
"qbusiness:ReceiveMessage",
"qbusiness:StopConversation"
],
StatementId: "multi-action-statement-id-789",
ApplicationId: "my-application-id",
Principal: "arn:aws:iam::123456789012:user/my-iam-user"
});Restricting Access by Principal ​
Demonstrate how to restrict permission to a specific IAM role.
ts
const roleBasedPermission = await AWS.QBusiness.Permission("roleBasedPermission", {
Actions: ["qbusiness:ManageSettings"],
StatementId: "role-based-statement-id-101",
ApplicationId: "my-application-id",
Principal: "arn:aws:iam::123456789012:role/my-iam-role"
});