Interface IPrincipal

All Superinterfaces:
IGrantable, software.amazon.jsii.JsiiSerializable
All Known Subinterfaces:
IAssumeRolePrincipal, IAssumeRolePrincipal.Jsii$Default, IComparablePrincipal, IComparablePrincipal.Jsii$Default, IGroup, IGroup.Jsii$Default, IIdentity, IIdentity.Jsii$Default, IPrincipal.Jsii$Default, IRole, IRole.Jsii$Default, IUser, IUser.Jsii$Default
All Known Implementing Classes:
AccountPrincipal, AccountRootPrincipal, Anyone, AnyPrincipal, ArnPrincipal, CanonicalUserPrincipal, CompositePrincipal, FederatedPrincipal, Group, IAssumeRolePrincipal.Jsii$Proxy, IComparablePrincipal.Jsii$Proxy, IGroup.Jsii$Proxy, IIdentity.Jsii$Proxy, IPrincipal.Jsii$Proxy, IRole.Jsii$Proxy, IUser.Jsii$Proxy, LazyRole, OpenIdConnectPrincipal, OrganizationPrincipal, PrincipalBase, PrincipalWithConditions, Role, SamlConsolePrincipal, SamlPrincipal, ServiceAccount, ServicePrincipal, SessionTagsPrincipal, StarPrincipal, UnknownPrincipal, User, ViaServicePrincipal, WebIdentityPrincipal

@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:29:57.318Z") @Stability(Stable) public interface IPrincipal extends software.amazon.jsii.JsiiSerializable, IGrantable
Represents a logical IAM principal.

An IPrincipal describes a logical entity that can perform AWS API calls against sets of resources, optionally under certain conditions.

Examples of simple principals are IAM objects that you create, such as Users or Roles.

An example of a more complex principals is a ServicePrincipal (such as new ServicePrincipal("sns.amazonaws.com"), which represents the Simple Notifications Service).

A single logical Principal may also map to a set of physical principals. For example, new OrganizationPrincipal('o-1234') represents all identities that are part of the given AWS Organization.

  • Method Details

    • getAssumeRoleAction

      @Stability(Stable) @NotNull String getAssumeRoleAction()
      When this Principal is used in an AssumeRole policy, the action to use.
    • getPolicyFragment

      @Stability(Stable) @NotNull PrincipalPolicyFragment getPolicyFragment()
      Return the policy fragment that identifies this principal in a Policy.
    • getPrincipalAccount

      @Stability(Stable) @Nullable default String getPrincipalAccount()
      The AWS account ID of this principal.

      Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

    • addToPolicy

      @Stability(Deprecated) @Deprecated @NotNull Boolean addToPolicy(@NotNull PolicyStatement statement)
      Deprecated.
      Use addToPrincipalPolicy instead.
      (deprecated) Add to the policy of this principal.

      Parameters:
      statement - This parameter is required.
      Returns:
      true if the statement was added, false if the principal in question does not have a policy document to add the statement to.
    • addToPrincipalPolicy

      @Stability(Stable) @NotNull AddToPrincipalPolicyResult addToPrincipalPolicy(@NotNull PolicyStatement statement)
      Add to the policy of this principal.

      Parameters:
      statement - This parameter is required.