User

class aws_cdk.aws_iam.User(scope, id, *, groups=None, managed_policies=None, password=None, password_reset_required=None, path=None, permissions_boundary=None, user_name=None)

Bases: aws_cdk.core.Resource

Define a new IAM user.

Parameters
  • scope (Construct) –

  • id (str) –

  • groups (Optional[List[IGroup]]) – Groups to add this user to. You can also use addToGroup to add this user to a group. Default: - No groups.

  • managed_policies (Optional[List[IManagedPolicy]]) – A list of managed policies associated with this role. You can add managed policies later using addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName)). Default: - No managed policies.

  • password (Optional[SecretValue]) – The password for the user. This is required so the user can access the AWS Management Console. You can use SecretValue.plainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager. Default: - User won’t be able to access the management console without a password.

  • password_reset_required (Optional[bool]) – Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console. If this is set to ‘true’, you must also specify “initialPassword”. Default: false

  • path (Optional[str]) – The path for the user name. For more information about paths, see IAM Identifiers in the IAM User Guide. Default: /

  • permissions_boundary (Optional[IManagedPolicy]) – AWS supports permissions boundaries for IAM entities (users or roles). A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity’s permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries. Default: - No permissions boundary.

  • user_name (Optional[str]) – A name for the IAM user. For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don’t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template’s capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates. Default: - Generated by CloudFormation (recommended)

Methods

add_managed_policy(policy)

Attaches a managed policy to the user.

Parameters

policy (IManagedPolicy) – The managed policy to attach.

Return type

None

add_to_group(group)

Adds this user to a group.

Parameters

group (IGroup) –

Return type

None

add_to_policy(statement)

Add to the policy of this principal.

Parameters

statement (PolicyStatement) –

Return type

bool

add_to_principal_policy(statement)

Adds an IAM statement to the default policy.

Parameters

statement (PolicyStatement) –

Return type

AddToPrincipalPolicyResult

Returns

true

attach_inline_policy(policy)

Attaches a policy to this user.

Parameters

policy (Policy) –

Return type

None

to_string()

Returns a string representation of this construct.

Return type

str

Attributes

assume_role_action

When this Principal is used in an AssumeRole policy, the action to use.

Return type

str

env

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

Return type

ResourceEnvironment

grant_principal

The principal to grant permissions to.

Return type

IPrincipal

node

The construct tree node associated with this construct.

Return type

ConstructNode

permissions_boundary

Returns the permissions boundary attached to this user.

Return type

Optional[IManagedPolicy]

policy_fragment

Return the policy fragment that identifies this principal in a Policy.

Return type

PrincipalPolicyFragment

principal_account

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it’s assumed to be AWS::AccountId.

Return type

Optional[str]

stack

The stack in which this resource is defined.

Return type

Stack

user_arn

An attribute that represents the user’s ARN.

Attribute

true

Return type

str

user_name

An attribute that represents the user name.

Attribute

true

Return type

str

Static Methods

classmethod from_user_name(scope, id, user_name)

Import an existing user given a username.

Parameters
  • scope (Construct) – construct scope.

  • id (str) – construct id.

  • user_name (str) – the username of the existing user to import.

Return type

IUser

classmethod is_construct(x)

Return whether the given object is a Construct.

Parameters

x (Any) –

Return type

bool