resource_policies
Creates, updates, deletes or gets a resource_policy resource or lists resource_policies in a region
Overview
| Name | resource_policies |
| Type | Resource |
| Description | Resource Type definition for AWS::APS::ResourcePolicy |
| Id | awscc.aps.resource_policies |
Fields
| Name | Datatype | Description |
|---|---|---|
workspace_arn | string | The Arn of an APS Workspace that the PolicyDocument will be attached to. |
policy_document | string | The JSON to use as the Resource-based Policy. |
region | string | AWS region. |
For more information, see AWS::APS::ResourcePolicy.
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | WorkspaceArn, PolicyDocument, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all properties from an individual resource_policy.
SELECT
region,
workspace_arn,
policy_document
FROM awscc.aps.resource_policies
WHERE region = 'us-east-1' AND data__Identifier = '<WorkspaceArn>';
INSERT example
Use the following StackQL query and manifest file to create a new resource_policy resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.aps.resource_policies (
WorkspaceArn,
PolicyDocument,
region
)
SELECT
'{{ WorkspaceArn }}',
'{{ PolicyDocument }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.aps.resource_policies (
WorkspaceArn,
PolicyDocument,
region
)
SELECT
'{{ WorkspaceArn }}',
'{{ PolicyDocument }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: resource_policy
props:
- name: WorkspaceArn
value: '{{ WorkspaceArn }}'
- name: PolicyDocument
value: '{{ PolicyDocument }}'
DELETE example
/*+ delete */
DELETE FROM awscc.aps.resource_policies
WHERE data__Identifier = '<WorkspaceArn>'
AND region = 'us-east-1';
Permissions
To operate on the resource_policies resource, the following permissions are required:
Create
aps:PutResourcePolicy,
aps:DescribeResourcePolicy
Read
aps:DescribeResourcePolicy
Update
aps:PutResourcePolicy,
aps:DescribeResourcePolicy
Delete
aps:DeleteResourcePolicy,
aps:DescribeResourcePolicy
List
aps:DescribeResourcePolicy,
aps:ListWorkspaces