Class LazyRole

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
All Implemented Interfaces:
IConstruct, IDependable, IResource, IGrantable, IIdentity, IPrincipal, IRole, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct

@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:29:57.325Z") @Stability(Stable) public class LazyRole extends Resource implements IRole
An IAM role that only gets attached to the construct tree once it gets used, not before.

This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.iam.*;
 import software.amazon.awscdk.core.*;
 ManagedPolicy managedPolicy;
 PolicyDocument policyDocument;
 IPrincipal principal;
 LazyRole lazyRole = LazyRole.Builder.create(this, "MyLazyRole")
         .assumedBy(principal)
         // the properties below are optional
         .description("description")
         .externalId("externalId")
         .externalIds(List.of("externalIds"))
         .inlinePolicies(Map.of(
                 "inlinePoliciesKey", policyDocument))
         .managedPolicies(List.of(managedPolicy))
         .maxSessionDuration(Duration.minutes(30))
         .path("path")
         .permissionsBoundary(managedPolicy)
         .roleName("roleName")
         .build();
 
  • Constructor Details

    • LazyRole

      protected LazyRole(software.amazon.jsii.JsiiObjectRef objRef)
    • LazyRole

      protected LazyRole(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
    • LazyRole

      @Stability(Stable) public LazyRole(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull LazyRoleProps props)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      props - This parameter is required.
  • Method Details

    • addManagedPolicy

      @Stability(Stable) public void addManagedPolicy(@NotNull IManagedPolicy policy)
      Attaches a managed policy to this role.

      Specified by:
      addManagedPolicy in interface IIdentity
      Parameters:
      policy - The managed policy to attach. This parameter is required.
    • addToPolicy

      @Stability(Stable) @NotNull public Boolean addToPolicy(@NotNull PolicyStatement statement)
      Add to the policy of this principal.

      Specified by:
      addToPolicy in interface IPrincipal
      Parameters:
      statement - This parameter is required.
      Returns:
      true if the statement was added, false if the principal in question does not have a policy document to add the statement to.
    • addToPrincipalPolicy

      @Stability(Stable) @NotNull public AddToPrincipalPolicyResult addToPrincipalPolicy(@NotNull PolicyStatement statement)
      Adds a permission to the role's default policy document.

      If there is no default policy attached to this role, it will be created.

      Specified by:
      addToPrincipalPolicy in interface IPrincipal
      Parameters:
      statement - The permission statement to add to the policy document. This parameter is required.
    • attachInlinePolicy

      @Stability(Stable) public void attachInlinePolicy(@NotNull Policy policy)
      Attaches a policy to this role.

      Specified by:
      attachInlinePolicy in interface IIdentity
      Parameters:
      policy - The policy to attach. This parameter is required.
    • grant

      @Stability(Stable) @NotNull public Grant grant(@NotNull IPrincipal identity, @NotNull @NotNull String... actions)
      Grant the actions defined in actions to the identity Principal on this resource.

      Specified by:
      grant in interface IRole
      Parameters:
      identity - This parameter is required.
      actions - This parameter is required.
    • grantAssumeRole

      @Stability(Stable) @NotNull public Grant grantAssumeRole(@NotNull IPrincipal identity)
      Grant permissions to the given principal to assume this role.

      Specified by:
      grantAssumeRole in interface IRole
      Parameters:
      identity - This parameter is required.
    • grantPassRole

      @Stability(Stable) @NotNull public Grant grantPassRole(@NotNull IPrincipal identity)
      Grant permissions to the given principal to pass this role.

      Specified by:
      grantPassRole in interface IRole
      Parameters:
      identity - This parameter is required.
    • getAssumeRoleAction

      @Stability(Stable) @NotNull public String getAssumeRoleAction()
      When this Principal is used in an AssumeRole policy, the action to use.
      Specified by:
      getAssumeRoleAction in interface IPrincipal
    • getGrantPrincipal

      @Stability(Stable) @NotNull public IPrincipal getGrantPrincipal()
      The principal to grant permissions to.
      Specified by:
      getGrantPrincipal in interface IGrantable
    • getPolicyFragment

      @Stability(Stable) @NotNull public PrincipalPolicyFragment getPolicyFragment()
      Return the policy fragment that identifies this principal in a Policy.
      Specified by:
      getPolicyFragment in interface IPrincipal
    • getRoleArn

      @Stability(Stable) @NotNull public String getRoleArn()
      Returns the ARN of this role.
      Specified by:
      getRoleArn in interface IRole
    • getRoleId

      @Stability(Stable) @NotNull public String getRoleId()
      Returns the stable and unique string identifying the role (i.e. AIDAJQABLZS4A3QDU576Q).
    • getRoleName

      @Stability(Stable) @NotNull public String getRoleName()
      Returns the name of this role.
      Specified by:
      getRoleName in interface IRole
    • getPrincipalAccount

      @Stability(Stable) @Nullable public String getPrincipalAccount()
      The AWS account ID of this principal.

      Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

      Specified by:
      getPrincipalAccount in interface IPrincipal