Class LazyRole
java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.Resource
software.amazon.awscdk.services.iam.LazyRole
- All Implemented Interfaces:
IConstruct
,IDependable
,IResource
,IGrantable
,IIdentity
,IPrincipal
,IRole
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)",
date="2023-06-19T16:29:57.325Z")
@Stability(Stable)
public class LazyRole
extends Resource
implements IRole
An IAM role that only gets attached to the construct tree once it gets used, not before.
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.iam.*; import software.amazon.awscdk.core.*; ManagedPolicy managedPolicy; PolicyDocument policyDocument; IPrincipal principal; LazyRole lazyRole = LazyRole.Builder.create(this, "MyLazyRole") .assumedBy(principal) // the properties below are optional .description("description") .externalId("externalId") .externalIds(List.of("externalIds")) .inlinePolicies(Map.of( "inlinePoliciesKey", policyDocument)) .managedPolicies(List.of(managedPolicy)) .maxSessionDuration(Duration.minutes(30)) .path("path") .permissionsBoundary(managedPolicy) .roleName("roleName") .build();
-
Nested Class Summary
Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct
IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IResource
IResource.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IRole
IRole.Jsii$Default, IRole.Jsii$Proxy
-
Constructor Summary
ModifierConstructorDescriptionprotected
LazyRole
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
LazyRole
(software.amazon.jsii.JsiiObjectRef objRef) LazyRole
(software.constructs.Construct scope, String id, LazyRoleProps props) -
Method Summary
Modifier and TypeMethodDescriptionvoid
addManagedPolicy
(IManagedPolicy policy) Attaches a managed policy to this role.addToPolicy
(PolicyStatement statement) Add to the policy of this principal.addToPrincipalPolicy
(PolicyStatement statement) Adds a permission to the role's default policy document.void
attachInlinePolicy
(Policy policy) Attaches a policy to this role.When this Principal is used in an AssumeRole policy, the action to use.The principal to grant permissions to.Return the policy fragment that identifies this principal in a Policy.The AWS account ID of this principal.Returns the ARN of this role.Returns the stable and unique string identifying the role (i.e.Returns the name of this role.grant
(IPrincipal identity, @NotNull String... actions) Grant the actions defined in actions to the identity Principal on this resource.grantAssumeRole
(IPrincipal identity) Grant permissions to the given principal to assume this role.grantPassRole
(IPrincipal identity) Grant permissions to the given principal to pass this role.Methods inherited from class software.amazon.awscdk.core.Resource
applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource
Methods inherited from class software.amazon.awscdk.core.Construct
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate
Methods inherited from class software.constructs.Construct
toString
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.awscdk.core.IConstruct
getNode
Methods inherited from interface software.amazon.awscdk.core.IResource
applyRemovalPolicy, getEnv, getStack
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Constructor Details
-
LazyRole
protected LazyRole(software.amazon.jsii.JsiiObjectRef objRef) -
LazyRole
protected LazyRole(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
LazyRole
@Stability(Stable) public LazyRole(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull LazyRoleProps props) - Parameters:
scope
- This parameter is required.id
- This parameter is required.props
- This parameter is required.
-
-
Method Details
-
addManagedPolicy
Attaches a managed policy to this role.- Specified by:
addManagedPolicy
in interfaceIIdentity
- Parameters:
policy
- The managed policy to attach. This parameter is required.
-
addToPolicy
Add to the policy of this principal.- Specified by:
addToPolicy
in interfaceIPrincipal
- Parameters:
statement
- This parameter is required.- Returns:
- true if the statement was added, false if the principal in question does not have a policy document to add the statement to.
-
addToPrincipalPolicy
@Stability(Stable) @NotNull public AddToPrincipalPolicyResult addToPrincipalPolicy(@NotNull PolicyStatement statement) Adds a permission to the role's default policy document.If there is no default policy attached to this role, it will be created.
- Specified by:
addToPrincipalPolicy
in interfaceIPrincipal
- Parameters:
statement
- The permission statement to add to the policy document. This parameter is required.
-
attachInlinePolicy
Attaches a policy to this role.- Specified by:
attachInlinePolicy
in interfaceIIdentity
- Parameters:
policy
- The policy to attach. This parameter is required.
-
grant
@Stability(Stable) @NotNull public Grant grant(@NotNull IPrincipal identity, @NotNull @NotNull String... actions) Grant the actions defined in actions to the identity Principal on this resource. -
grantAssumeRole
Grant permissions to the given principal to assume this role.- Specified by:
grantAssumeRole
in interfaceIRole
- Parameters:
identity
- This parameter is required.
-
grantPassRole
Grant permissions to the given principal to pass this role.- Specified by:
grantPassRole
in interfaceIRole
- Parameters:
identity
- This parameter is required.
-
getAssumeRoleAction
When this Principal is used in an AssumeRole policy, the action to use.- Specified by:
getAssumeRoleAction
in interfaceIPrincipal
-
getGrantPrincipal
The principal to grant permissions to.- Specified by:
getGrantPrincipal
in interfaceIGrantable
-
getPolicyFragment
Return the policy fragment that identifies this principal in a Policy.- Specified by:
getPolicyFragment
in interfaceIPrincipal
-
getRoleArn
Returns the ARN of this role.- Specified by:
getRoleArn
in interfaceIRole
-
getRoleId
Returns the stable and unique string identifying the role (i.e. AIDAJQABLZS4A3QDU576Q). -
getRoleName
Returns the name of this role.- Specified by:
getRoleName
in interfaceIRole
-
getPrincipalAccount
The AWS account ID of this principal.Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
- Specified by:
getPrincipalAccount
in interfaceIPrincipal
-