feat(iam): lookup ManagedPolicy via ARN

This new method allows users to create a ManagedPolicy object from an Arn. This can be useful if the Arn is defined in something like a Cloudformation Export. closes #6186
aws · Feb 11, 2020 · 2df2023 · 2df2023
2 parents 8c0c2b1 + 578bdfa
commit 2df2023
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/packages/@aws-cdk/aws-iam/lib/managed-policy.ts b/packages/@aws-cdk/aws-iam/lib/managed-policy.ts
@@ -106,6 +106,19 @@ export class ManagedPolicy extends Resource implements IManagedPolicy {
     return new Import(scope, id);
   }
 
+  /**
+   * Constructs a managed policy from an ARN.
+   *
+   * For this managed policy, you only need to know the ARN to be able to use it. This can be useful if you got the ARN in a Cloudformation Export.
+   *
+   */
+  public static fromManagedPolicyArn(scope: Construct, id: string, managedPolicyArn: string): IManagedPolicy {
+    class Import extends Resource implements IManagedPolicy {
+      public readonly managedPolicyArn = managedPolicyArn;
+    }
+    return new Import(scope, id);
+  }
+
   /**
    * Construct a managed policy from one of the policies that AWS manages
    *

diff --git a/packages/@aws-cdk/aws-iam/test/managed-policy.test.ts b/packages/@aws-cdk/aws-iam/test/managed-policy.test.ts
@@ -35,6 +35,12 @@ describe('managed policy', () => {
     });
   });
 
+  test('managed policy by arn', () => {
+    const mp = ManagedPolicy.fromManagedPolicyArn(stack, 'MyManagedPolicyByArn', "arn:aws:iam::1234:policy/my-policy");
+
+    expect(stack.resolve(mp.managedPolicyArn)).toEqual("arn:aws:iam::1234:policy/my-policy");
+  });
+
   test('managed policy with statements', () => {
     const policy = new ManagedPolicy(stack, 'MyManagedPolicy', { managedPolicyName: 'MyManagedPolicyName' });
     policy.addStatements(new PolicyStatement({ resources: ['*'], actions: ['sqs:SendMessage'] }));