Package software.amazon.awscdk.services.iam

Class ArnPrincipal

java.lang.Object

software.amazon.jsii.JsiiObject

software.amazon.awscdk.services.iam.PrincipalBase

software.amazon.awscdk.services.iam.ArnPrincipal

All Implemented Interfaces:

IAssumeRolePrincipal, IComparablePrincipal, IGrantable, IPrincipal, software.amazon.jsii.JsiiSerializable

Direct Known Subclasses:

AccountPrincipal, AnyPrincipal

@Generated(value="jsii-pacmak/1.97.0 (build 729de35)",
           date="2024-04-18T17:54:18.013Z")
@Stability(Stable)
public class ArnPrincipal
extends PrincipalBase

Specify a principal by the Amazon Resource Name (ARN).

You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. You cannot specify IAM groups or instance profiles as principals

Example:

 // Option 2: create your custom mastersRole with scoped assumeBy arn as the Cluster prop. Switch to this role from the AWS console.
 import software.amazon.awscdk.cdk.lambdalayer.kubectl.v29.KubectlV29Layer;
 Vpc vpc;
 Role mastersRole = Role.Builder.create(this, "MastersRole")
         .assumedBy(new ArnPrincipal("arn_for_trusted_principal"))
         .build();
 Cluster cluster = Cluster.Builder.create(this, "EksCluster")
         .vpc(vpc)
         .version(KubernetesVersion.V1_29)
         .kubectlLayer(new KubectlV29Layer(this, "KubectlLayer"))
         .mastersRole(mastersRole)
         .build();
 mastersRole.addToPolicy(PolicyStatement.Builder.create()
         .actions(List.of("eks:AccessKubernetesApi", "eks:Describe*", "eks:List*"))
         .resources(List.of(cluster.getClusterArn()))
         .build());
 

See Also:

• https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

Nested Class Summary

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IAssumeRolePrincipal

IAssumeRolePrincipal.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IComparablePrincipal

IComparablePrincipal.Jsii$Default

Constructor Summary

Constructors

Modifier	Constructor	Description
	ArnPrincipal(String arn)
protected	ArnPrincipal(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	ArnPrincipal(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method	Description
String	dedupeString()	Return whether or not this principal is equal to the given principal.
String	getArn()	Amazon Resource Name (ARN) of the principal entity (i.e.
PrincipalPolicyFragment	getPolicyFragment()	Return the policy fragment that identifies this principal in a Policy.
PrincipalBase	inOrganization(String organizationId)	A convenience method for adding a condition that the principal is part of the specified AWS Organization.
String	toString()	Returns a string representation of an object.

Methods inherited from class software.amazon.awscdk.services.iam.PrincipalBase

addToAssumeRolePolicy, addToPolicy, addToPrincipalPolicy, getAssumeRoleAction, getGrantPrincipal, getPrincipalAccount, toJSON, withConditions, withSessionTags

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Constructor Details

ArnPrincipal

protected ArnPrincipal(software.amazon.jsii.JsiiObjectRef objRef)

ArnPrincipal

protected ArnPrincipal(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

ArnPrincipal

@Stability(Stable)
public ArnPrincipal(@NotNull
 String arn)

Parameters:

arn - Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name). This parameter is required.

Method Details

dedupeString

@Stability(Stable)
@Nullable
public String dedupeString()

Return whether or not this principal is equal to the given principal.

Specified by:

dedupeString in interface IComparablePrincipal

Specified by:

dedupeString in class PrincipalBase

inOrganization

@Stability(Stable)
@NotNull
public PrincipalBase inOrganization(@NotNull
 String organizationId)

A convenience method for adding a condition that the principal is part of the specified AWS Organization.

Parameters:

organizationId - This parameter is required.

toString

@Stability(Stable)
@NotNull
public String toString()

Returns a string representation of an object.

Overrides:

toString in class PrincipalBase

getArn

@Stability(Stable)
@NotNull
public String getArn()

Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name).

getPolicyFragment

@Stability(Stable)
@NotNull
public PrincipalPolicyFragment getPolicyFragment()

Return the policy fragment that identifies this principal in a Policy.

Specified by:

getPolicyFragment in interface IPrincipal

Specified by:

getPolicyFragment in class PrincipalBase