class User (construct)
Define a new IAM user.
new User(scope: Construct, id: string, props?: UserProps)
|groups?||Groups to add this user to.|
|managed||A list of managed policies associated with this role.|
|password?||The password for the user. This is required so the user can access the AWS Management Console.|
|password||Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.|
|path?||The path for the user name.|
|permissions||AWS supports permissions boundaries for IAM entities (users or roles).|
|user||A name for the IAM user.|
(optional, default: No groups.)
Groups to add this user to.
You can also use
addToGroup to add this
user to a group.
(optional, default: No managed policies.)
A list of managed policies associated with this role.
You can add managed policies later using
(optional, default: User won't be able to access the management console without a password.)
The password for the user. This is required so the user can access the AWS Management Console.
You can use
SecretValue.plainText to specify a password in plain text or
secretsmanager.Secret.fromSecretAttributes to reference a secret in
(optional, default: false)
Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.
If this is set to 'true', you must also specify "initialPassword".
(optional, default: /)
The path for the user name.
For more information about paths, see IAM Identifiers in the IAM User Guide.
(optional, default: No permissions boundary.)
AWS supports permissions boundaries for IAM entities (users or roles).
A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.
(optional, default: Generated by CloudFormation (recommended))
A name for the IAM user.
For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.
|assume||When this Principal is used in an AssumeRole policy, the action to use.|
|env||The environment this resource belongs to.|
|grant||The principal to grant permissions to.|
|node||The construct tree node associated with this construct.|
|policy||Return the policy fragment that identifies this principal in a Policy.|
|stack||The stack in which this resource is defined.|
|user||An attribute that represents the user's ARN.|
|user||An attribute that represents the user name.|
|permissions||Returns the permissions boundary attached to this user.|
|principal||The AWS account ID of this principal.|
When this Principal is used in an AssumeRole policy, the action to use.
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
The principal to grant permissions to.
The construct tree node associated with this construct.
Return the policy fragment that identifies this principal in a Policy.
The stack in which this resource is defined.
An attribute that represents the user's ARN.
An attribute that represents the user name.
Returns the permissions boundary attached to this user.
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
|add||Attaches a managed policy to the user.|
|add||Adds this user to a group.|
|add||Add to the policy of this principal.|
|add||Adds an IAM statement to the default policy.|
|attach||Attaches a policy to this user.|
|to||Returns a string representation of this construct.|
|static from||Import an existing user given a username.|
public addManagedPolicy(policy: IManagedPolicy): void
IManaged— The managed policy to attach.
Attaches a managed policy to the user.
public addToGroup(group: IGroup): void
Adds this user to a group.
public addToPolicy(statement: PolicyStatement): boolean
Add to the policy of this principal.
To Principal Policy(statement)
public addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult
Adds an IAM statement to the default policy.
public attachInlinePolicy(policy: Policy): void
Attaches a policy to this user.
public toString(): string
Returns a string representation of this construct.
User Name(scope, id, userName)
public static fromUserName(scope: Construct, id: string, userName: string): IUser
Construct— construct scope.
string— construct id.
string— the username of the existing user to import.
Import an existing user given a username.