class FederatedPrincipal
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.IAM.FederatedPrincipal |
Java | software.amazon.awscdk.services.iam.FederatedPrincipal |
Python | aws_cdk.aws_iam.FederatedPrincipal |
TypeScript (source) | @aws-cdk/aws-iam » FederatedPrincipal |
Implements
IAssume
, IGrantable
, IPrincipal
, IComparable
Extends
Principal
Principal entity that represents a federated identity provider such as Amazon Cognito, that can be used to provide temporary security credentials to users who have been authenticated.
Additional condition keys are available when the temporary security credentials are used to make a request. You can use these keys to write policies that limit the access of federated users.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import * as iam from '@aws-cdk/aws-iam';
declare const conditions: any;
const federatedPrincipal = new iam.FederatedPrincipal('federated', {
conditionsKey: conditions,
}, /* all optional props */ 'assumeRoleAction');
Initializer
new FederatedPrincipal(federated: string, conditions: { [string]: any }, assumeRoleAction?: string)
Parameters
- federated
string
— federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito). - conditions
{ [string]: any }
— The conditions under which the policy is in effect. - assumeRoleAction
string
Properties
Name | Type | Description |
---|---|---|
assume | string | When this Principal is used in an AssumeRole policy, the action to use. |
conditions | { [string]: any } | The conditions under which the policy is in effect. |
federated | string | federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito). |
grant | IPrincipal | The principal to grant permissions to. |
policy | Principal | Return the policy fragment that identifies this principal in a Policy. |
principal | string | The AWS account ID of this principal. |
assumeRoleAction
Type:
string
When this Principal is used in an AssumeRole policy, the action to use.
conditions
Type:
{ [string]: any }
The conditions under which the policy is in effect.
federated
Type:
string
federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito).
grantPrincipal
Type:
IPrincipal
The principal to grant permissions to.
policyFragment
Type:
Principal
Return the policy fragment that identifies this principal in a Policy.
principalAccount?
Type:
string
(optional)
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
Methods
Name | Description |
---|---|
add | Add the princpial to the AssumeRolePolicyDocument. |
add | Add to the policy of this principal. |
add | Add to the policy of this principal. |
dedupe | Return whether or not this principal is equal to the given principal. |
to | JSON-ify the principal. |
to | Returns a string representation of an object. |
with | Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added. |
with | Returns a new principal using this principal as the base, with session tags enabled. |
ToAssumeRolePolicy(document)
addpublic addToAssumeRolePolicy(document: PolicyDocument): void
Parameters
- document
Policy
Document
Add the princpial to the AssumeRolePolicyDocument.
Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.
ToPolicy(statement)
addpublic addToPolicy(statement: PolicyStatement): boolean
Parameters
- statement
Policy
Statement
Returns
boolean
Add to the policy of this principal.
ToPrincipalPolicy(_statement)
addpublic addToPrincipalPolicy(_statement: PolicyStatement): AddToPrincipalPolicyResult
Parameters
- _statement
Policy
Statement
Returns
Add to the policy of this principal.
String()
dedupepublic dedupeString(): string
Returns
string
Return whether or not this principal is equal to the given principal.
JSON()
topublic toJSON(): { [string]: string[] }
Returns
{ [string]: string[] }
JSON-ify the principal.
Used when JSON.stringify() is called
String()
topublic toString(): string
Returns
string
Returns a string representation of an object.
Conditions(conditions)
withpublic withConditions(conditions: { [string]: any }): PrincipalBase
Parameters
- conditions
{ [string]: any }
Returns
Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.
SessionTags()
withpublic withSessionTags(): PrincipalBase
Returns
Returns a new principal using this principal as the base, with session tags enabled.