resource_policies
Creates, updates, deletes or gets a resource_policy resource or lists resource_policies in a region
Overview
| Name | resource_policies |
| Type | Resource |
| Description | Resource Type definition for AWS::APS::ResourcePolicy |
| Id | awscc.aps.resource_policies |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
workspace_arn | string | The Arn of an APS Workspace that the PolicyDocument will be attached to. |
policy_document | string | The JSON to use as the Resource-based Policy. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
workspace_arn | string | The Arn of an APS Workspace that the PolicyDocument will be attached to. |
region | string | AWS region. |
For more information, see AWS::APS::ResourcePolicy.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | resource_policies | INSERT | WorkspaceArn, PolicyDocument, region |
delete_resource | resource_policies | DELETE | Identifier, region |
update_resource | resource_policies | UPDATE | Identifier, PatchDocument, region |
list_resources | resource_policies_list_only | SELECT | region |
get_resource | resource_policies | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual resource_policy.
SELECT
region,
workspace_arn,
policy_document
FROM awscc.aps.resource_policies
WHERE
region = 'us-east-1' AND
Identifier = '{{ workspace_arn }}';
Lists all resource_policies in a region.
SELECT
region,
workspace_arn
FROM awscc.aps.resource_policies_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new resource_policy resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.aps.resource_policies (
WorkspaceArn,
PolicyDocument,
region
)
SELECT
'{{ workspace_arn }}',
'{{ policy_document }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.aps.resource_policies (
WorkspaceArn,
PolicyDocument,
region
)
SELECT
'{{ workspace_arn }}',
'{{ policy_document }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: resource_policy
props:
- name: workspace_arn
value: '{{ workspace_arn }}'
- name: policy_document
value: '{{ policy_document }}'
UPDATE example
Use the following StackQL query and manifest file to update a resource_policy resource, using stack-deploy.
/*+ update */
UPDATE awscc.aps.resource_policies
SET PatchDocument = string('{{ {
"PolicyDocument": policy_document
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ workspace_arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.aps.resource_policies
WHERE
Identifier = '{{ workspace_arn }}' AND
region = 'us-east-1';
Permissions
To operate on the resource_policies resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
aps:PutResourcePolicy,
aps:DescribeResourcePolicy
aps:DescribeResourcePolicy
aps:PutResourcePolicy,
aps:DescribeResourcePolicy
aps:DeleteResourcePolicy,
aps:DescribeResourcePolicy
aps:DescribeResourcePolicy,
aps:ListWorkspaces