Groups |
String
|
Required: Conditional. The names of groups to which you want to add the policy.Update requires: No interruption |
PolicyDocument |
Object
|
Required: Yes. A policy document that contains permissions to add to the specified users or
groups.Update requires: No interruption |
PolicyName |
String
|
Required: Yes. The name of the policy. If you specify multiple policies for an entity, specify
unique names. For example, if you specify a list of policies for an IAM role,
each policy must have a unique name.Update requires: No interruption |
Roles |
String
|
Required: Conditional. The names of AWS::IAM::Roles to
attach to this policy.NoteIf a policy has a Ref to a role and if a resource (such as
AWS::ECS::Service) also has a Ref to the same
role, add a DependsOn attribute to the resource so that the
resource depends on the policy. This dependency ensures that the role's policy
is available throughout the resource's lifecycle. For example, when you delete
a stack with an AWS::ECS::Service resource, the
DependsOn attribute ensures that the
AWS::ECS::Service resource can complete its deletion before its
role's policy is deleted.Update requires: No interruption |
Users |
String
|
Required: Conditional. The names of users for whom you want to add the policy.Update requires: No interruption |