software.amazon.awscdk.services.iam

Class Group

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.Resource

software.amazon.awscdk.services.iam.Group

All Implemented Interfaces:

IConstruct, IDependable, IResource, IGrantable, IGroup, IIdentity, IPrincipal

@Generated(value="jsii-pacmak/1.63.2 (build a8a8833)",
           date="2022-08-09T19:16:32.845Z")
public class Group
extends Resource
implements IGroup

An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users.

Example:

 User user = new User(this, "MyUser"); // or User.fromUserName(stack, 'User', 'johnsmith');
 Group group = new Group(this, "MyGroup"); // or Group.fromGroupArn(stack, 'Group', 'arn:aws:iam::account-id:group/group-name');
 user.addToGroup(group);
 // or
 group.addUser(user);
 

See Also:

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Group.Builder A fluent builder for Group.

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IGroup

IGroup.Jsii$Default, IGroup.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	Group(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	Group(software.amazon.jsii.JsiiObjectRef objRef)
	Group(software.constructs.Construct scope, java.lang.String id)
	Group(software.constructs.Construct scope, java.lang.String id, GroupProps props)

Method Summary

Modifier and Type	Method and Description
void	addManagedPolicy(IManagedPolicy policy) Attaches a managed policy to this group.
java.lang.Boolean	addToPolicy(PolicyStatement statement) Add to the policy of this principal.
AddToPrincipalPolicyResult	addToPrincipalPolicy(PolicyStatement statement) Adds an IAM statement to the default policy.
void	addUser(IUser user) Adds a user to this group.
void	attachInlinePolicy(Policy policy) Attaches a policy to this group.
static IGroup	fromGroupArn(software.constructs.Construct scope, java.lang.String id, java.lang.String groupArn) Import an external group by ARN.
static IGroup	fromGroupName(software.constructs.Construct scope, java.lang.String id, java.lang.String groupName) Import an existing group by given name (with path).
java.lang.String	getAssumeRoleAction() When this Principal is used in an AssumeRole policy, the action to use.
IPrincipal	getGrantPrincipal() The principal to grant permissions to.
java.lang.String	getGroupArn() Returns the IAM Group ARN.
java.lang.String	getGroupName() Returns the IAM Group Name.
PrincipalPolicyFragment	getPolicyFragment() Return the policy fragment that identifies this principal in a Policy.
java.lang.String	getPrincipalAccount() The AWS account ID of this principal.

Methods inherited from class software.amazon.awscdk.core.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.core.IResource

applyRemovalPolicy, getEnv, getStack

Methods inherited from interface software.amazon.awscdk.core.IConstruct

getNode

Constructor Detail

Group

protected Group(software.amazon.jsii.JsiiObjectRef objRef)

Group

protected Group(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

Group

public Group(software.constructs.Construct scope,
             java.lang.String id,
             GroupProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props -

Group

public Group(software.constructs.Construct scope,
             java.lang.String id)

Parameters:

scope - This parameter is required.

id - This parameter is required.

Method Detail

fromGroupArn

public static IGroup fromGroupArn(software.constructs.Construct scope,
                                  java.lang.String id,
                                  java.lang.String groupArn)

Import an external group by ARN.

If the imported Group ARN is a Token (such as a CfnParameter.valueAsString or a Fn.importValue()) and the referenced group has a path (like arn:...:group/AdminGroup/NetworkAdmin), the groupName property will not resolve to the correct value. Instead it will resolve to the first path component. We unfortunately cannot express the correct calculation of the full path name as a CloudFormation expression. In this scenario the Group ARN should be supplied without the path in order to resolve the correct group resource.

Parameters:

scope - construct scope. This parameter is required.

id - construct id. This parameter is required.

groupArn - the ARN of the group to import (e.g. `arn:aws:iam::account-id:group/group-name`). This parameter is required.

fromGroupName

public static IGroup fromGroupName(software.constructs.Construct scope,
                                   java.lang.String id,
                                   java.lang.String groupName)

Import an existing group by given name (with path).

This method has same caveats of fromGroupArn

Parameters:

scope - construct scope. This parameter is required.

id - construct id. This parameter is required.

groupName - the groupName (path included) of the existing group to import. This parameter is required.

addManagedPolicy

public void addManagedPolicy(IManagedPolicy policy)

Attaches a managed policy to this group.

Specified by:

addManagedPolicy in interface IIdentity

Parameters:

policy - The managed policy to attach. This parameter is required.

addToPolicy

public java.lang.Boolean addToPolicy(PolicyStatement statement)

Add to the policy of this principal.

Specified by:

addToPolicy in interface IPrincipal

Parameters:

statement - This parameter is required.

Returns:

true if the statement was added, false if the principal in question does not have a policy document to add the statement to.

addToPrincipalPolicy

public AddToPrincipalPolicyResult addToPrincipalPolicy(PolicyStatement statement)

Adds an IAM statement to the default policy.

Specified by:

addToPrincipalPolicy in interface IPrincipal

Parameters:

statement - This parameter is required.

addUser

public void addUser(IUser user)

Adds a user to this group.

Parameters:

user - This parameter is required.

attachInlinePolicy

public void attachInlinePolicy(Policy policy)

Attaches a policy to this group.

Specified by:

attachInlinePolicy in interface IIdentity

Parameters:

policy - The policy to attach. This parameter is required.

getAssumeRoleAction

public java.lang.String getAssumeRoleAction()

When this Principal is used in an AssumeRole policy, the action to use.

Specified by:

getAssumeRoleAction in interface IPrincipal

getGrantPrincipal

public IPrincipal getGrantPrincipal()

The principal to grant permissions to.

Specified by:

getGrantPrincipal in interface IGrantable

getGroupArn

public java.lang.String getGroupArn()

Returns the IAM Group ARN.

Specified by:

getGroupArn in interface IGroup

getGroupName

public java.lang.String getGroupName()

Returns the IAM Group Name.

Specified by:

getGroupName in interface IGroup

getPolicyFragment

public PrincipalPolicyFragment getPolicyFragment()

Return the policy fragment that identifies this principal in a Policy.

Specified by:

getPolicyFragment in interface IPrincipal

getPrincipalAccount

public java.lang.String getPrincipalAccount()

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

Specified by:

getPrincipalAccount in interface IPrincipal