For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/infrastructure/resource_catalog/aws_verifiedpermissions_policy_store.md. A documentation index is available at /llms.txt.

aws_verifiedpermissions_policy_store

account_id

Type: STRING

arn

Type: STRING
Provider name: arn
Description: The Amazon Resource Name (ARN) of the policy store.

cedar_version

Type: STRING
Provider name: cedarVersion
Description: The version of the Cedar language used with policies, policy templates, and schemas in this policy store. For more information, see Amazon Verified Permissions upgrade to Cedar v4 FAQ.

created_date

Type: TIMESTAMP
Provider name: createdDate
Description: The date and time that the policy store was originally created.

deletion_protection

Type: STRING
Provider name: deletionProtection
Description: Specifies whether the policy store can be deleted. If enabled, the policy store can’t be deleted. The default state is DISABLED.

description

Type: STRING
Provider name: description
Description: Descriptive text that you can provide to help with identification of the current policy store.

encryption_state

Type: STRUCT
Provider name: encryptionState
Description: A structure that contains the encryption configuration for the policy store.

  • default
    Type: STRUCT
    Provider name: default
    Description: This is the default encryption state. The policy store is encrypted using an Amazon Web Services owned key.

  • kms_encryption_state
    Type: STRUCT
    Provider name: kmsEncryptionState
    Description: The KMS encryption settings currently configured for this policy store to encrypt data with. It contains the customer-managed KMS key, and a user-defined encryption context.

    • encryption_context
      Type: MAP_STRING_STRING
      Provider name: encryptionContext
      Description: User-defined, additional context added to encryption processes.
    • key
      Type: STRING
      Provider name: key
      Description: The customer-managed KMS key Amazon Resource Name (ARN) being used for encryption processes.

last_updated_date

Type: TIMESTAMP
Provider name: lastUpdatedDate
Description: The date and time that the policy store was last updated.

policy_store_id

Type: STRING
Provider name: policyStoreId
Description: The ID of the policy store;

tags

Type: UNORDERED_LIST_STRING

validation_settings

Type: STRUCT
Provider name: validationSettings
Description: The current validation settings for the policy store.

  • mode
    Type: STRING
    Provider name: mode
    Description: The validation mode currently configured for this policy store. The valid values are:
    • OFF – Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service.
    • STRICT – Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn’t store them in the policy store.
    If Mode=STRICT and the policy store doesn’t contain a schema, Verified Permissions rejects all static policies and policy templates because there is no schema to validate against. To submit a static policy or policy template without a schema, you must turn off validation.