FederatedPrincipal¶
-
class
aws_cdk.aws_iam.
FederatedPrincipal
(federated, conditions, assume_role_action=None)¶ Bases:
aws_cdk.aws_iam.PrincipalBase
Principal entity that represents a federated identity provider such as Amazon Cognito, that can be used to provide temporary security credentials to users who have been authenticated.
Additional condition keys are available when the temporary security credentials are used to make a request. You can use these keys to write policies that limit the access of federated users.
- See
- Parameters
federated (
str
) – federated identity provider (i.e. ‘cognito-identity.amazonaws.com’ for users authenticated through Cognito).conditions (
Mapping
[str
,Any
]) – The conditions under which the policy is in effect. See the IAM documentation.assume_role_action (
Optional
[str
]) –
Methods
-
add_to_policy
(statement)¶ Add to the policy of this principal.
- Parameters
statement (
PolicyStatement
) –- Return type
bool
-
add_to_principal_policy
(_statement)¶ Add to the policy of this principal.
- Parameters
_statement (
PolicyStatement
) –- Return type
-
to_json
()¶ JSON-ify the principal.
Used when JSON.stringify() is called
- Return type
Mapping
[str
,List
[str
]]
-
to_string
()¶ Returns a string representation of an object.
- Return type
str
-
with_conditions
(conditions)¶ Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.
- Parameters
conditions (
Mapping
[str
,Any
]) –- Return type
- Returns
a new PrincipalWithConditions object.
Attributes
-
assume_role_action
¶ When this Principal is used in an AssumeRole policy, the action to use.
- Return type
str
-
conditions
¶ The conditions under which the policy is in effect.
- Return type
Mapping
[str
,Any
]
-
federated
¶ federated identity provider (i.e. ‘cognito-identity.amazonaws.com’ for users authenticated through Cognito).
- Return type
str
-
grant_principal
¶ The principal to grant permissions to.
- Return type
-
policy_fragment
¶ Return the policy fragment that identifies this principal in a Policy.
- Return type
-
principal_account
¶ The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it’s assumed to be AWS::AccountId.
- Return type
Optional
[str
]