IAM Policy

IAM Policy用于定义IAM User或IAM Group的访问授权。

一个典型的IAM Policy长这样：

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["iam: ChangePassword", "iam: GetUser"],
      "Resource": "arn:aws:iam::123456789012:user/${aws:username}"
    }
  ]
}

type IAMPolicy = {
    Id?: string; 
    Version: string;
    Statement: Statement[]
}
 
type Statement = {
    Sid?: string;
    Effect: 'Allow' | 'Deny';
    // Statement所修饰的操作
    Action: string[];
    // Statement所修饰的AWS资源
    Resource: string;
}