forked from aws/aws-cdk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
policy.ts
47 lines (43 loc) · 1.29 KB
/
policy.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import { PolicyDocument, PolicyStatement } from '@aws-cdk/aws-iam';
import { Resource, Lazy, Names } from '@aws-cdk/core';
import { Construct } from 'constructs';
import { CfnResourcePolicy } from './logs.generated';
/**
* Properties to define Cloudwatch log group resource policy
*/
export interface ResourcePolicyProps {
/**
* Name of the log group resource policy
* @default - Uses a unique id based on the construct path
*/
readonly policyName?: string;
/**
* Initial statements to add to the resource policy
*
* @default - No statements
*/
readonly policyStatements?: PolicyStatement[];
}
/**
* Creates Cloudwatch log group resource policies
*/
export class ResourcePolicy extends Resource {
/**
* The IAM policy document for this resource policy.
*/
public readonly document = new PolicyDocument();
constructor(scope: Construct, id: string, props?: ResourcePolicyProps) {
super(scope, id);
new CfnResourcePolicy(this, 'Resource', {
policyName: Lazy.string({
produce: () => props?.policyName ?? Names.uniqueId(this),
}),
policyDocument: Lazy.string({
produce: () => JSON.stringify(this.document),
}),
});
if (props?.policyStatements) {
this.document.addStatements(...props.policyStatements);
}
}
}