FederatedPrincipal¶

class aws_cdk.aws_iam.FederatedPrincipal(federated, conditions, assume_role_action=None)¶

Bases: aws_cdk.aws_iam.PrincipalBase

Principal entity that represents a federated identity provider such as Amazon Cognito, that can be used to provide temporary security credentials to users who have been authenticated.

Additional condition keys are available when the temporary security credentials are used to make a request. You can use these keys to write policies that limit the access of federated users.

see :see: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif

__init__(federated, conditions, assume_role_action=None)¶

Parameters

federated (str) – federated identity provider (i.e. ‘cognito-identity.amazonaws.com’ for users authenticated through Cognito).
conditions (Mapping[str, Any]) – The conditions under which the policy is in effect. See the IAM documentation.
assume_role_action (Optional[str]) –

Return type

None

Methods

add_to_policy(statement)¶

Add to the policy of this principal.

Parameters

statement (PolicyStatement) –

Return type

bool

add_to_principal_policy(_statement)¶

Add to the policy of this principal.

Parameters

_statement (PolicyStatement) –

Return type

AddToPrincipalPolicyResult

to_json()¶

JSON-ify the principal.

Used when JSON.stringify() is called

Return type: Mapping[str, List[str]]

to_string()¶

Returns a string representation of an object.

Return type: str

with_conditions(conditions)¶

Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.

When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.

Parameters

conditions (Mapping[str, Any]) –

return :rtype: IPrincipal :return: a new PrincipalWithConditions object.

Attributes

assume_role_action¶

When this Principal is used in an AssumeRole policy, the action to use.

Return type: str

conditions¶

The conditions under which the policy is in effect.

See the IAM documentation.

Return type: Mapping[str, Any]

federated¶

federated identity provider (i.e. ‘cognito-identity.amazonaws.com’ for users authenticated through Cognito).

Return type: str

grant_principal¶

The principal to grant permissions to.

Return type: IPrincipal

policy_fragment¶

Return the policy fragment that identifies this principal in a Policy.

Return type: PrincipalPolicyFragment