interface IPrincipal
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.IAM.IPrincipal |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awsiam#IPrincipal |
![]() | software.amazon.awscdk.services.iam.IPrincipal |
![]() | aws_cdk.aws_iam.IPrincipal |
![]() | aws-cdk-lib » aws_iam » IPrincipal |
Implemented by
Service
, Account
, Account
, Any
, Arn
, Canonical
, Composite
, Federated
, Group
, Lazy
, Open
, Organization
, Principal
, Role
, Saml
, Saml
, Service
, Session
, Star
, Unknown
, User
, Web
, Via
, Service
Obtainable from
Base
.resourcePolicyPrincipal()
Represents a logical IAM principal.
An IPrincipal describes a logical entity that can perform AWS API calls against sets of resources, optionally under certain conditions.
Examples of simple principals are IAM objects that you create, such as Users or Roles.
An example of a more complex principals is a ServicePrincipal
(such as
new ServicePrincipal("sns.amazonaws.com")
, which represents the Simple
Notifications Service).
A single logical Principal may also map to a set of physical principals.
For example, new OrganizationPrincipal('o-1234')
represents all
identities that are part of the given AWS Organization.
Properties
Name | Type | Description |
---|---|---|
assume | string | When this Principal is used in an AssumeRole policy, the action to use. |
grant | IPrincipal | The principal to grant permissions to. |
policy | Principal | Return the policy fragment that identifies this principal in a Policy. |
principal | string | The AWS account ID of this principal. |
assumeRoleAction
Type:
string
When this Principal is used in an AssumeRole policy, the action to use.
grantPrincipal
Type:
IPrincipal
The principal to grant permissions to.
policyFragment
Type:
Principal
Return the policy fragment that identifies this principal in a Policy.
principalAccount?
Type:
string
(optional)
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
Methods
Name | Description |
---|---|
add | Add to the policy of this principal. |
addToPrincipalPolicy(statement)
public addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult
Parameters
- statement
Policy
Statement
Returns
Add to the policy of this principal.