UserProps¶
-
class
aws_cdk.aws_iam.
UserProps
(*, groups=None, managed_policies=None, password=None, password_reset_required=None, path=None, permissions_boundary=None, user_name=None)¶ Bases:
object
Properties for defining an IAM user.
- Parameters
groups (
Optional
[List
[IGroup
]]) – Groups to add this user to. You can also useaddToGroup
to add this user to a group. Default: - No groups.managed_policies (
Optional
[List
[IManagedPolicy
]]) – A list of managed policies associated with this role. You can add managed policies later usingaddManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))
. Default: - No managed policies.password (
Optional
[SecretValue
]) – The password for the user. This is required so the user can access the AWS Management Console. You can useSecretValue.plainText
to specify a password in plain text or usesecretsmanager.Secret.fromSecretAttributes
to reference a secret in Secrets Manager. Default: - User won’t be able to access the management console without a password.password_reset_required (
Optional
[bool
]) – Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console. If this is set to ‘true’, you must also specify “initialPassword”. Default: falsepath (
Optional
[str
]) – The path for the user name. For more information about paths, see IAM Identifiers in the IAM User Guide. Default: /permissions_boundary (
Optional
[IManagedPolicy
]) – AWS supports permissions boundaries for IAM entities (users or roles). A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity’s permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries. Default: - No permissions boundary.user_name (
Optional
[str
]) – A name for the IAM user. For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don’t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template’s capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates. Default: - Generated by CloudFormation (recommended)
Attributes
-
groups
¶ Groups to add this user to.
You can also use
addToGroup
to add this user to a group.- Default
No groups.
- Return type
Optional
[List
[IGroup
]]
-
managed_policies
¶ A list of managed policies associated with this role.
You can add managed policies later using
addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))
.- Default
No managed policies.
- Return type
Optional
[List
[IManagedPolicy
]]
-
password
¶ The password for the user. This is required so the user can access the AWS Management Console.
You can use
SecretValue.plainText
to specify a password in plain text or usesecretsmanager.Secret.fromSecretAttributes
to reference a secret in Secrets Manager.- Default
User won’t be able to access the management console without a password.
- Return type
Optional
[SecretValue
]
-
password_reset_required
¶ Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.
If this is set to ‘true’, you must also specify “initialPassword”.
- Default
false
- Return type
Optional
[bool
]
-
path
¶ The path for the user name.
For more information about paths, see IAM Identifiers in the IAM User Guide.
- Default
/
- Return type
Optional
[str
]
-
permissions_boundary
¶ AWS supports permissions boundaries for IAM entities (users or roles).
A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity’s permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.
- Default
No permissions boundary.
- Link
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
- Return type
Optional
[IManagedPolicy
]
-
user_name
¶ A name for the IAM user.
For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don’t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template’s capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.
- Default
Generated by CloudFormation (recommended)
- Return type
Optional
[str
]