Class Group
An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.AWS.IAM.dll
Syntax (csharp)
public class Group : Resource, IGroup, IIdentity, IPrincipal, IGrantable, IResource, IConstruct, IDependableSyntax (vb)
Public Class Group
Inherits Resource
Implements IGroup, IIdentity, IPrincipal, IGrantable, IResource, IConstruct, IDependableRemarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
Examples
var user = new User(this, "MyUser"); // or User.fromUserName(stack, 'User', 'johnsmith');
var group = new Group(this, "MyGroup"); // or Group.fromGroupArn(stack, 'Group', 'arn:aws:iam::account-id:group/group-name');
user.AddToGroup(group);
// or
group.AddUser(user);Synopsis
Constructors
| Group(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
| Group(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
| Group(Construct, String, IGroupProps) |
Properties
| AssumeRoleAction | When this Principal is used in an AssumeRole policy, the action to use. |
| GrantPrincipal | The principal to grant permissions to. |
| GroupArn | Returns the IAM Group ARN. |
| GroupName | Returns the IAM Group Name. |
| PolicyFragment | Return the policy fragment that identifies this principal in a Policy. |
| PrincipalAccount | The AWS account ID of this principal. |
Methods
| AddManagedPolicy(IManagedPolicy) | Attaches a managed policy to this group. |
| AddToPolicy(PolicyStatement) | Add to the policy of this principal. |
| AddToPrincipalPolicy(PolicyStatement) | Adds an IAM statement to the default policy. |
| AddUser(IUser) | Adds a user to this group. |
| AttachInlinePolicy(Policy) | Attaches a policy to this group. |
| FromGroupArn(Construct, String, String) | Import an external group by ARN. |
| FromGroupName(Construct, String, String) | Import an existing group by given name (with path). |
Constructors
Group(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected Group(ByRefValue reference)Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
Group(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected Group(DeputyBase.DeputyProps props)Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
Group(Construct, String, IGroupProps)
public Group(Construct scope, string id, IGroupProps props = null)Parameters
- scope Constructs.Construct
- id System.String
- props IGroupProps
Properties
AssumeRoleAction
When this Principal is used in an AssumeRole policy, the action to use.
public virtual string AssumeRoleAction { get; }Property Value
System.String
GrantPrincipal
The principal to grant permissions to.
public virtual IPrincipal GrantPrincipal { get; }Property Value
GroupArn
Returns the IAM Group ARN.
public virtual string GroupArn { get; }Property Value
System.String
GroupName
Returns the IAM Group Name.
public virtual string GroupName { get; }Property Value
System.String
PolicyFragment
Return the policy fragment that identifies this principal in a Policy.
public virtual PrincipalPolicyFragment PolicyFragment { get; }Property Value
PrincipalAccount
The AWS account ID of this principal.
public virtual string PrincipalAccount { get; }Property Value
System.String
Remarks
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
Methods
AddManagedPolicy(IManagedPolicy)
Attaches a managed policy to this group.
public virtual void AddManagedPolicy(IManagedPolicy policy)Parameters
- policy IManagedPolicy
The managed policy to attach.
AddToPolicy(PolicyStatement)
Add to the policy of this principal.
public virtual bool AddToPolicy(PolicyStatement statement)Parameters
- statement PolicyStatement
Returns
System.Boolean
AddToPrincipalPolicy(PolicyStatement)
Adds an IAM statement to the default policy.
public virtual IAddToPrincipalPolicyResult AddToPrincipalPolicy(PolicyStatement statement)Parameters
- statement PolicyStatement
Returns
AddUser(IUser)
AttachInlinePolicy(Policy)
Attaches a policy to this group.
public virtual void AttachInlinePolicy(Policy policy)Parameters
- policy Policy
The policy to attach.
FromGroupArn(Construct, String, String)
Import an external group by ARN.
public static IGroup FromGroupArn(Construct scope, string id, string groupArn)Parameters
- scope Constructs.Construct
construct scope.
- id System.String
construct id.
- groupArn System.String
the ARN of the group to import (e.g.
arn:aws:iam::account-id:group/group-name).
Returns
Remarks
If the imported Group ARN is a Token (such as a
CfnParameter.valueAsString or a Fn.importValue()) and the referenced
group has a path (like arn:...:group/AdminGroup/NetworkAdmin), the
groupName property will not resolve to the correct value. Instead it
will resolve to the first path component. We unfortunately cannot express
the correct calculation of the full path name as a CloudFormation
expression. In this scenario the Group ARN should be supplied without the
path in order to resolve the correct group resource.
FromGroupName(Construct, String, String)
Import an existing group by given name (with path).
public static IGroup FromGroupName(Construct scope, string id, string groupName)Parameters
- scope Constructs.Construct
construct scope.
- id System.String
construct id.
- groupName System.String
the groupName (path included) of the existing group to import.
Returns
Remarks
This method has same caveats of fromGroupArn