class AccountRootPrincipal
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.IAM.AccountRootPrincipal |
Java | software.amazon.awscdk.services.iam.AccountRootPrincipal |
Python | aws_cdk.aws_iam.AccountRootPrincipal |
TypeScript (source) | @aws-cdk/aws-iam » AccountRootPrincipal |
Implements
IAssume
, IGrantable
, IPrincipal
, IComparable
Extends
Account
Use the AWS account into which a stack is deployed as the principal entity in a policy.
Example
const bucket = new s3.Bucket(this, 'MyBucket');
const result = bucket.addToResourcePolicy(new iam.PolicyStatement({
actions: ['s3:GetObject'],
resources: [bucket.arnForObjects('file.txt')],
principals: [new iam.AccountRootPrincipal()],
}));
Initializer
new AccountRootPrincipal()
Properties
Name | Type | Description |
---|---|---|
account | any | AWS account ID (i.e. 123456789012). |
arn | string | Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name). |
assume | string | When this Principal is used in an AssumeRole policy, the action to use. |
grant | IPrincipal | The principal to grant permissions to. |
policy | Principal | Return the policy fragment that identifies this principal in a Policy. |
principal | string | The AWS account ID of this principal. |
accountId
Type:
any
AWS account ID (i.e. 123456789012).
arn
Type:
string
Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name).
assumeRoleAction
Type:
string
When this Principal is used in an AssumeRole policy, the action to use.
grantPrincipal
Type:
IPrincipal
The principal to grant permissions to.
policyFragment
Type:
Principal
Return the policy fragment that identifies this principal in a Policy.
principalAccount?
Type:
string
(optional)
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
Methods
Name | Description |
---|---|
add | Add the princpial to the AssumeRolePolicyDocument. |
add | Add to the policy of this principal. |
add | Add to the policy of this principal. |
dedupe | Return whether or not this principal is equal to the given principal. |
in | A convenience method for adding a condition that the principal is part of the specified AWS Organization. |
to | JSON-ify the principal. |
to | Returns a string representation of an object. |
with | Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added. |
with | Returns a new principal using this principal as the base, with session tags enabled. |
ToAssumeRolePolicy(document)
addpublic addToAssumeRolePolicy(document: PolicyDocument): void
Parameters
- document
Policy
Document
Add the princpial to the AssumeRolePolicyDocument.
Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.
ToPolicy(statement)
addpublic addToPolicy(statement: PolicyStatement): boolean
Parameters
- statement
Policy
Statement
Returns
boolean
Add to the policy of this principal.
ToPrincipalPolicy(_statement)
addpublic addToPrincipalPolicy(_statement: PolicyStatement): AddToPrincipalPolicyResult
Parameters
- _statement
Policy
Statement
Returns
Add to the policy of this principal.
String()
dedupepublic dedupeString(): string
Returns
string
Return whether or not this principal is equal to the given principal.
Organization(organizationId)
inpublic inOrganization(organizationId: string): PrincipalBase
Parameters
- organizationId
string
Returns
A convenience method for adding a condition that the principal is part of the specified AWS Organization.
JSON()
topublic toJSON(): { [string]: string[] }
Returns
{ [string]: string[] }
JSON-ify the principal.
Used when JSON.stringify() is called
String()
topublic toString(): string
Returns
string
Returns a string representation of an object.
Conditions(conditions)
withpublic withConditions(conditions: { [string]: any }): PrincipalBase
Parameters
- conditions
{ [string]: any }
Returns
Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.
SessionTags()
withpublic withSessionTags(): PrincipalBase
Returns
Returns a new principal using this principal as the base, with session tags enabled.