OpenIdConnectPrincipal

class aws_cdk.aws_iam.OpenIdConnectPrincipal(open_id_connect_provider, conditions=None)

Bases: WebIdentityPrincipal

A principal that represents a federated identity provider as from a OpenID Connect provider.

ExampleMetadata:

infused

Example:

provider = iam.OpenIdConnectProvider(self, "MyProvider",
    url="https://openid/connect",
    client_ids=["myclient1", "myclient2"]
)
principal = iam.OpenIdConnectPrincipal(provider)
Parameters:

Methods

add_to_assume_role_policy(document)

Add the princpial to the AssumeRolePolicyDocument.

Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.

Parameters:

document (PolicyDocument)

Return type:

None

add_to_policy(statement)

Add to the policy of this principal.

Parameters:

statement (PolicyStatement)

Return type:

bool

add_to_principal_policy(_statement)

Add to the policy of this principal.

Parameters:

_statement (PolicyStatement)

Return type:

AddToPrincipalPolicyResult

dedupe_string()

Return whether or not this principal is equal to the given principal.

Return type:

Optional[str]

to_json()

JSON-ify the principal.

Used when JSON.stringify() is called

Return type:

Mapping[str, List[str]]

to_string()

Returns a string representation of an object.

Return type:

str

with_conditions(conditions)

Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.

When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.

Parameters:

conditions (Mapping[str, Any])

Return type:

PrincipalBase

Returns:

a new PrincipalWithConditions object.

with_session_tags()

Returns a new principal using this principal as the base, with session tags enabled.

Return type:

PrincipalBase

Returns:

a new SessionTagsPrincipal object.

Attributes

assume_role_action

When this Principal is used in an AssumeRole policy, the action to use.

conditions

The conditions under which the policy is in effect.

See the IAM documentation.

federated

federated identity provider (i.e. ‘cognito-identity.amazonaws.com’ for users authenticated through Cognito).

grant_principal

The principal to grant permissions to.

policy_fragment

Return the policy fragment that identifies this principal in a Policy.

principal_account

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it’s assumed to be AWS::AccountId.