PolicyTemplate
The PolicyTemplate resource allows you to create and manage AWS VerifiedPermissions PolicyTemplates that define permission policies for your applications.
Minimal Example
Section titled “Minimal Example”Create a basic policy template with required properties and a description.
import AWS from "alchemy/aws/control";
const basicPolicyTemplate = await AWS.VerifiedPermissions.PolicyTemplate("basicPolicyTemplate", { Description: "Basic policy template for user permissions", Statement: JSON.stringify({ Version: "2012-10-17", Statement: [ { Effect: "Allow", Action: "s3:GetObject", Resource: "arn:aws:s3:::my-bucket/*" } ] }), PolicyStoreId: "myPolicyStore"});Advanced Configuration
Section titled “Advanced Configuration”Define a more complex policy template with additional permissions and a longer description.
const advancedPolicyTemplate = await AWS.VerifiedPermissions.PolicyTemplate("advancedPolicyTemplate", { Description: "Advanced policy template for managing user access to S3 and DynamoDB", Statement: JSON.stringify({ Version: "2012-10-17", Statement: [ { Effect: "Allow", Action: [ "s3:GetObject", "s3:PutObject" ], Resource: "arn:aws:s3:::my-advanced-bucket/*" }, { Effect: "Allow", Action: "dynamodb:Query", Resource: "arn:aws:dynamodb:us-east-1:123456789012:table/MyTable" } ] }), PolicyStoreId: "myAdvancedPolicyStore"});Adopt Existing Resource
Section titled “Adopt Existing Resource”Create a policy template that adopts an existing resource instead of failing if the resource already exists.
const adoptPolicyTemplate = await AWS.VerifiedPermissions.PolicyTemplate("adoptPolicyTemplate", { Description: "Adopt existing policy template", Statement: JSON.stringify({ Version: "2012-10-17", Statement: [ { Effect: "Allow", Action: "lambda:InvokeFunction", Resource: "arn:aws:lambda:us-east-1:123456789012:function:myFunction" } ] }), PolicyStoreId: "myAdoptPolicyStore", adopt: true});