class FederatedPrincipal

Language	Type name
.NET	Amazon.CDK.AWS.IAM.FederatedPrincipal
Java	software.amazon.awscdk.services.iam.FederatedPrincipal
Python	aws_cdk.aws_iam.FederatedPrincipal
TypeScript (source)	@aws-cdk/aws-iam » FederatedPrincipal

Implements IAssumeRolePrincipal, IGrantable, IPrincipal, IComparablePrincipal

Extends PrincipalBase

Principal entity that represents a federated identity provider such as Amazon Cognito, that can be used to provide temporary security credentials to users who have been authenticated.

Additional condition keys are available when the temporary security credentials are used to make a request. You can use these keys to write policies that limit the access of federated users.

See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import * as iam from '@aws-cdk/aws-iam';

declare const conditions: any;
const federatedPrincipal = new iam.FederatedPrincipal('federated', {
  conditionsKey: conditions,
}, /* all optional props */ 'assumeRoleAction');

Initializer

new FederatedPrincipal(federated: string, conditions: { [string]: any }, assumeRoleAction?: string)

Parameters

• federated string — federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito).
• conditions { [string]: any } — The conditions under which the policy is in effect.
• assumeRoleAction string

Properties

Name	Type	Description
assumeRoleAction	string	When this Principal is used in an AssumeRole policy, the action to use.
conditions	{ [string]: any }	The conditions under which the policy is in effect.
federated	string	federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito).
grantPrincipal	IPrincipal	The principal to grant permissions to.
policyFragment	PrincipalPolicyFragment	Return the policy fragment that identifies this principal in a Policy.
principalAccount?	string	The AWS account ID of this principal.

---

assumeRoleAction

Type: string

When this Principal is used in an AssumeRole policy, the action to use.

---

conditions

Type: { [string]: any }

The conditions under which the policy is in effect.

See the IAM documentation.

---

federated

Type: string

federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito).

---

grantPrincipal

Type: IPrincipal

The principal to grant permissions to.

---

policyFragment

Type: PrincipalPolicyFragment

Return the policy fragment that identifies this principal in a Policy.

---

principalAccount?

Type: string (optional)

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

Methods

Name	Description
addToAssumeRolePolicy(document)	Add the princpial to the AssumeRolePolicyDocument.
addToPolicy(statement)	Add to the policy of this principal.
addToPrincipalPolicy(_statement)	Add to the policy of this principal.
dedupeString()	Return whether or not this principal is equal to the given principal.
toJSON()	JSON-ify the principal.
toString()	Returns a string representation of an object.
withConditions(conditions)	Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
withSessionTags()	Returns a new principal using this principal as the base, with session tags enabled.

---

addToAssumeRolePolicy(document)

public addToAssumeRolePolicy(document: PolicyDocument): void

Parameters

• document PolicyDocument

Add the princpial to the AssumeRolePolicyDocument.

Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.

---

addToPolicy(statement)

public addToPolicy(statement: PolicyStatement): boolean

Parameters

• statement PolicyStatement

Returns

• boolean

Add to the policy of this principal.

---

addToPrincipalPolicy(_statement)

public addToPrincipalPolicy(_statement: PolicyStatement): AddToPrincipalPolicyResult

Parameters

• _statement PolicyStatement

Returns

• AddToPrincipalPolicyResult

Add to the policy of this principal.

---

dedupeString()

public dedupeString(): string

Returns

• string

Return whether or not this principal is equal to the given principal.

---

toJSON()

public toJSON(): { [string]: string[] }

Returns

• { [string]: string[] }

JSON-ify the principal.

Used when JSON.stringify() is called

---

toString()

public toString(): string

Returns

• string

Returns a string representation of an object.

---

withConditions(conditions)

public withConditions(conditions: { [string]: any }): PrincipalBase

Parameters

• conditions { [string]: any }

Returns

• PrincipalBase

Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.

When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.

---

withSessionTags()

public withSessionTags(): PrincipalBase

Returns

• PrincipalBase

Returns a new principal using this principal as the base, with session tags enabled.