Interface IPrincipal
- All Superinterfaces:
IGrantable
,software.amazon.jsii.JsiiSerializable
- All Known Subinterfaces:
IAssumeRolePrincipal
,IAssumeRolePrincipal.Jsii$Default
,IComparablePrincipal
,IComparablePrincipal.Jsii$Default
,IGroup
,IGroup.Jsii$Default
,IIdentity
,IIdentity.Jsii$Default
,IPrincipal.Jsii$Default
,IRole
,IRole.Jsii$Default
,IUser
,IUser.Jsii$Default
- All Known Implementing Classes:
AccountPrincipal
,AccountRootPrincipal
,Anyone
,AnyPrincipal
,ArnPrincipal
,CanonicalUserPrincipal
,CompositePrincipal
,FederatedPrincipal
,Group
,IAssumeRolePrincipal.Jsii$Proxy
,IComparablePrincipal.Jsii$Proxy
,IGroup.Jsii$Proxy
,IIdentity.Jsii$Proxy
,IPrincipal.Jsii$Proxy
,IRole.Jsii$Proxy
,IUser.Jsii$Proxy
,LazyRole
,OpenIdConnectPrincipal
,OrganizationPrincipal
,PrincipalBase
,PrincipalWithConditions
,Role
,SamlConsolePrincipal
,SamlPrincipal
,ServiceAccount
,ServicePrincipal
,SessionTagsPrincipal
,StarPrincipal
,UnknownPrincipal
,User
,ViaServicePrincipal
,WebIdentityPrincipal
An IPrincipal describes a logical entity that can perform AWS API calls against sets of resources, optionally under certain conditions.
Examples of simple principals are IAM objects that you create, such as Users or Roles.
An example of a more complex principals is a ServicePrincipal
(such as
new ServicePrincipal("sns.amazonaws.com")
, which represents the Simple
Notifications Service).
A single logical Principal may also map to a set of physical principals.
For example, new OrganizationPrincipal('o-1234')
represents all
identities that are part of the given AWS Organization.
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic interface
Internal default implementation forIPrincipal
.static final class
A proxy class which represents a concrete javascript instance of this type. -
Method Summary
Modifier and TypeMethodDescriptionaddToPolicy
(PolicyStatement statement) Deprecated.addToPrincipalPolicy
(PolicyStatement statement) Add to the policy of this principal.When this Principal is used in an AssumeRole policy, the action to use.Return the policy fragment that identifies this principal in a Policy.default String
The AWS account ID of this principal.Methods inherited from interface software.amazon.awscdk.services.iam.IGrantable
getGrantPrincipal
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getAssumeRoleAction
When this Principal is used in an AssumeRole policy, the action to use. -
getPolicyFragment
Return the policy fragment that identifies this principal in a Policy. -
getPrincipalAccount
The AWS account ID of this principal.Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
-
addToPolicy
Deprecated.UseaddToPrincipalPolicy
instead.(deprecated) Add to the policy of this principal.- Parameters:
statement
- This parameter is required.- Returns:
- true if the statement was added, false if the principal in question does not have a policy document to add the statement to.
-
addToPrincipalPolicy
@Stability(Stable) @NotNull AddToPrincipalPolicyResult addToPrincipalPolicy(@NotNull PolicyStatement statement) Add to the policy of this principal.- Parameters:
statement
- This parameter is required.
-
addToPrincipalPolicy
instead.