Permission
The Permission resource allows you to manage AWS QBusiness Permissions for controlling access to specific actions within QBusiness applications.
Minimal Example
Section titled “Minimal Example”Create a basic QBusiness permission with required properties.
import AWS from "alchemy/aws/control";
const basicPermission = await AWS.QBusiness.Permission("basicPermission", { Actions: ["qbusiness:StartConversation", "qbusiness:StopConversation"], StatementId: "unique-statement-id-123", ApplicationId: "my-application-id", Principal: "arn:aws:iam::123456789012:user/my-iam-user"});Advanced Configuration
Section titled “Advanced Configuration”Configure a permission that adopts an existing resource if it already exists.
const advancedPermission = await AWS.QBusiness.Permission("advancedPermission", { Actions: ["qbusiness:SendMessage", "qbusiness:ReceiveMessage"], StatementId: "advanced-statement-id-456", ApplicationId: "my-application-id", Principal: "arn:aws:iam::123456789012:user/my-iam-user", adopt: true // Adopt existing resource if it already exists});Permission for Multiple Actions
Section titled “Permission for Multiple Actions”Create a permission that grants access to a wider range of actions within the QBusiness application.
const multiActionPermission = await AWS.QBusiness.Permission("multiActionPermission", { Actions: [ "qbusiness:StartConversation", "qbusiness:SendMessage", "qbusiness:ReceiveMessage", "qbusiness:StopConversation" ], StatementId: "multi-action-statement-id-789", ApplicationId: "my-application-id", Principal: "arn:aws:iam::123456789012:user/my-iam-user"});Restricting Access by Principal
Section titled “Restricting Access by Principal”Demonstrate how to restrict permission to a specific IAM role.
const roleBasedPermission = await AWS.QBusiness.Permission("roleBasedPermission", { Actions: ["qbusiness:ManageSettings"], StatementId: "role-based-statement-id-101", ApplicationId: "my-application-id", Principal: "arn:aws:iam::123456789012:role/my-iam-role"});