class SessionTagsPrincipal
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.IAM.SessionTagsPrincipal |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsiam#SessionTagsPrincipal |
 Java | software.amazon.awscdk.services.iam.SessionTagsPrincipal |
 Python | aws_cdk.aws_iam.SessionTagsPrincipal |
 TypeScript (source) | aws-cdk-lib » aws_iam » SessionTagsPrincipal |
Implements
IAssume, IGrantable, IPrincipal, IComparable
Extends
Principal
Enables session tags on role assumptions from a principal.
For more information on session tags, see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_iam as iam } from 'aws-cdk-lib';
declare const principal: iam.IPrincipal;
const sessionTagsPrincipal = new iam.SessionTagsPrincipal(principal);
Initializer
new SessionTagsPrincipal(principal: IPrincipal)
Parameters
- principal
IPrincipal
Properties
| Name | Type | Description |
|---|---|---|
| assume | string | When this Principal is used in an AssumeRole policy, the action to use. |
| grant | IPrincipal | The principal to grant permissions to. |
| policy | Principal | Return the policy fragment that identifies this principal in a Policy. |
| principal | string | The AWS account ID of this principal. |
assumeRoleAction
Type:
string
When this Principal is used in an AssumeRole policy, the action to use.
grantPrincipal
Type:
IPrincipal
The principal to grant permissions to.
policyFragment
Type:
Principal
Return the policy fragment that identifies this principal in a Policy.
principalAccount?
Type:
string
(optional)
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
Methods
| Name | Description |
|---|---|
| add | Add the principal to the AssumeRolePolicyDocument. |
| add | Add to the policy of this principal. |
| add | Add to the policy of this principal. |
| dedupe | Return whether or not this principal is equal to the given principal. |
| to | JSON-ify the principal. |
| to | Returns a string representation of an object. |
| with | Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added. |
| with | Returns a new principal using this principal as the base, with session tags enabled. |
| protected append | Append the given string to the wrapped principal's dedupe string (if available). |
addToAssumeRolePolicy(doc)
public addToAssumeRolePolicy(doc: PolicyDocument): void
Parameters
- doc
PolicyDocument
Add the principal to the AssumeRolePolicyDocument.
Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.
addToPolicy(statement)
public addToPolicy(statement: PolicyStatement): boolean
Parameters
- statement
PolicyStatement
Returns
boolean
Add to the policy of this principal.
addToPrincipalPolicy(statement)
public addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult
Parameters
- statement
PolicyStatement
Returns
Add to the policy of this principal.
dedupeString()
public dedupeString(): string
Returns
string
Return whether or not this principal is equal to the given principal.
toJSON()
public toJSON(): { [string]: string[] }
Returns
{ [string]: string[] }
JSON-ify the principal.
Used when JSON.stringify() is called
toString()
public toString(): string
Returns
string
Returns a string representation of an object.
withConditions(conditions)
public withConditions(conditions: { [string]: any }): PrincipalBase
Parameters
- conditions
{ [string]: any }
Returns
Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.
withSessionTags()
public withSessionTags(): PrincipalBase
Returns
Returns a new principal using this principal as the base, with session tags enabled.
protected appendDedupe(append)
protected appendDedupe(append: string): string
Parameters
- append
string
Returns
string
Append the given string to the wrapped principal's dedupe string (if available).