policy_statements
Creates, updates, deletes or gets a policy_statement resource or lists policy_statements in a region
Overview
| Name | policy_statements |
| Type | Resource |
| Description | Policy Statement defined in AWS Entity Resolution Service |
| Id | awscc.entityresolution.policy_statements |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
arn | string | Arn of the resource to which the policy statement is being attached. |
statement_id | string | The Statement Id of the policy statement that is being attached. |
effect | string | |
action | array | |
principal | array | |
condition | string | |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
arn | string | Arn of the resource to which the policy statement is being attached. |
statement_id | string | The Statement Id of the policy statement that is being attached. |
region | string | AWS region. |
For more information, see AWS::EntityResolution::PolicyStatement.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | policy_statements | INSERT | Arn, StatementId, region |
delete_resource | policy_statements | DELETE | Identifier, region |
update_resource | policy_statements | UPDATE | Identifier, PatchDocument, region |
list_resources | policy_statements_list_only | SELECT | region |
get_resource | policy_statements | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual policy_statement.
SELECT
region,
arn,
statement_id,
effect,
action,
principal,
condition
FROM awscc.entityresolution.policy_statements
WHERE
region = 'us-east-1' AND
Identifier = '{{ arn }}|{{ statement_id }}';
Lists all policy_statements in a region.
SELECT
region,
arn,
statement_id
FROM awscc.entityresolution.policy_statements_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new policy_statement resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.entityresolution.policy_statements (
Arn,
StatementId,
region
)
SELECT
'{{ arn }}',
'{{ statement_id }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.entityresolution.policy_statements (
Arn,
StatementId,
Effect,
Action,
Principal,
Condition,
region
)
SELECT
'{{ arn }}',
'{{ statement_id }}',
'{{ effect }}',
'{{ action }}',
'{{ principal }}',
'{{ condition }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: policy_statement
props:
- name: arn
value: '{{ arn }}'
- name: statement_id
value: '{{ statement_id }}'
- name: effect
value: '{{ effect }}'
- name: action
value:
- '{{ action[0] }}'
- name: principal
value:
- '{{ principal[0] }}'
- name: condition
value: '{{ condition }}'
UPDATE example
Use the following StackQL query and manifest file to update a policy_statement resource, using stack-deploy.
/*+ update */
UPDATE awscc.entityresolution.policy_statements
SET PatchDocument = string('{{ {
"Effect": effect,
"Action": action,
"Principal": principal,
"Condition": condition
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ arn }}|{{ statement_id }}';
DELETE example
/*+ delete */
DELETE FROM awscc.entityresolution.policy_statements
WHERE
Identifier = '{{ arn }}|{{ statement_id }}' AND
region = 'us-east-1';
Permissions
To operate on the policy_statements resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
entityresolution:AddPolicyStatement
entityresolution:GetPolicy
entityresolution:AddPolicyStatement,
entityresolution:DeletePolicyStatement
entityresolution:DeletePolicyStatement,
entityresolution:GetPolicy
entityresolution:GetPolicy