Package software.amazon.awscdk.services.iam

Class PrincipalBase

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.iam.PrincipalBase
All Implemented Interfaces:
IAssumeRolePrincipal, IComparablePrincipal, IGrantable, IPrincipal, software.amazon.jsii.JsiiSerializable
Direct Known Subclasses:
ArnPrincipal, CanonicalUserPrincipal, CompositePrincipal, FederatedPrincipal, OrganizationPrincipal, PrincipalWithConditions, ServicePrincipal, SessionTagsPrincipal, StarPrincipal, ViaServicePrincipal
@Generated(value="jsii-pacmak/1.74.0 (build 6d08790)", date="2023-05-31T18:43:31.421Z") @Stability(Stable) public abstract class PrincipalBase extends software.amazon.jsii.JsiiObject implements IAssumeRolePrincipal, IComparablePrincipal
Base class for policy principals.

Example: 

 CfnParameter tagParam = new CfnParameter(this, "TagName");
 CfnJson stringEquals = CfnJson.Builder.create(this, "ConditionJson")
         .value(Map.of(
                 String.format("aws:PrincipalTag/%s", tagParam.getValueAsString()), true))
         .build();
 PrincipalBase principal = new AccountRootPrincipal().withConditions(Map.of(
         "StringEquals", stringEquals));
 Role.Builder.create(this, "MyRole").assumedBy(principal).build();

  • Constructor Details

    • PrincipalBase

      protected PrincipalBase(software.amazon.jsii.JsiiObjectRef objRef)

    • PrincipalBase

      protected PrincipalBase(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • PrincipalBase

      @Stability(Stable) protected PrincipalBase()

  • Method Details

    • addToAssumeRolePolicy

      @Stability(Stable) public void addToAssumeRolePolicy(@NotNull PolicyDocument document)
      Add the princpial to the AssumeRolePolicyDocument.

      Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.

      Specified by:
      addToAssumeRolePolicy in interface IAssumeRolePrincipal
      Parameters:
      document - This parameter is required.

    • addToPolicy

      @Stability(Stable) @NotNull public Boolean addToPolicy(@NotNull PolicyStatement statement)
      Add to the policy of this principal.

      Specified by:
      addToPolicy in interface IPrincipal
      Parameters:
      statement - This parameter is required.
      Returns:
      true if the statement was added, false if the principal in question does not have a policy document to add the statement to.

    • addToPrincipalPolicy

      @Stability(Stable) @NotNull public AddToPrincipalPolicyResult addToPrincipalPolicy(@NotNull PolicyStatement _statement)
      Add to the policy of this principal.

      Specified by:
      addToPrincipalPolicy in interface IPrincipal
      Parameters:
      _statement - This parameter is required.

    • dedupeString

      @Stability(Stable) @Nullable public abstract String dedupeString()
      Return whether or not this principal is equal to the given principal.
      Specified by:
      dedupeString in interface IComparablePrincipal

    • toJSON

      @Stability(Stable) @NotNull public Map<String,List<String>> toJSON()
      JSON-ify the principal.

      Used when JSON.stringify() is called

    • toString

      @Stability(Stable) @NotNull public String toString()
      Returns a string representation of an object.
      Overrides:
      toString in class Object

    • withConditions

      @Stability(Stable) @NotNull public PrincipalBase withConditions(@NotNull Map<String,Object> conditions)
      Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.

      When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.

      Parameters:
      conditions - This parameter is required.
      Returns:
      a new PrincipalWithConditions object.

    • withSessionTags

      @Stability(Stable) @NotNull public PrincipalBase withSessionTags()
      Returns a new principal using this principal as the base, with session tags enabled.

      Returns:
      a new SessionTagsPrincipal object.

    • getAssumeRoleAction

      @Stability(Stable) @NotNull public String getAssumeRoleAction()
      When this Principal is used in an AssumeRole policy, the action to use.
      Specified by:
      getAssumeRoleAction in interface IPrincipal

    • getGrantPrincipal

      @Stability(Stable) @NotNull public IPrincipal getGrantPrincipal()
      The principal to grant permissions to.
      Specified by:
      getGrantPrincipal in interface IGrantable

    • getPolicyFragment

      @Stability(Stable) @NotNull public abstract PrincipalPolicyFragment getPolicyFragment()
      Return the policy fragment that identifies this principal in a Policy.
      Specified by:
      getPolicyFragment in interface IPrincipal

    • getPrincipalAccount

      @Stability(Stable) @Nullable public String getPrincipalAccount()
      The AWS account ID of this principal.

      Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

      Specified by:
      getPrincipalAccount in interface IPrincipal