How to use the aws-cdk.PolicyStatement function in aws-cdk
To help you get started, we’ve selected a few aws-cdk examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
aws / aws-cdk / packages / aws-cdk-sns / lib / topic-ref.ts View on Github 
const subscriptionName = queue.name + 'Subscription';
if (this.tryFindChild(subscriptionName)) {
throw new Error(`A subscription between the topic ${this.name} and the queue ${queue.name} already exists`);
}
// we use the queue name as the subscription's. there's no meaning to subscribing
// the same queue twice on the same topic.
const sub = new Subscription(this, subscriptionName, {
topic: this,
endpoint: queue.queueArn,
protocol: SubscriptionProtocol.Sqs
});
// add a statement to the queue resource policy which allows this topic
// to send messages to the queue.
queue.addToResourcePolicy(new PolicyStatement()
.addResource(queue.queueArn)
.addAction('sqs:SendMessage')
.addServicePrincipal('sns.amazonaws.com')
.setCondition('ArnEquals', { 'aws:SourceArn': this.topicArn }));
return sub;
}public get eventRuleTarget(): EventRuleTarget {
if (!this.eventRuleTargetPolicyAdded) {
this.addToResourcePolicy(new PolicyStatement()
.addAction('sns:Publish')
.addPrincipal(new ServicePrincipal('events.amazonaws.com'))
.addResource(this.topicArn));
this.eventRuleTargetPolicyAdded = true;
}
return {
id: this.name,
arn: this.topicArn,
};
}
}public grantPublish(identity?: IIdentityResource) {
if (!identity) {
return;
}
identity.addToPolicy(new PolicyStatement()
.addResource(this.topicArn)
.addActions('sns:Publish'));
this.addToResourcePolicy(new PolicyStatement()
.addResource('*')
.addPrincipal(identity.principal)
.addActions('sns:Publish'));
}aws-cdk
CDK Toolkit, the command line tool for CDK apps
