software.amazon.awscdk.services.iam

Class PrincipalBase

java.lang.Object

software.amazon.jsii.JsiiObject

software.amazon.awscdk.services.iam.PrincipalBase

All Implemented Interfaces:

IAssumeRolePrincipal, IGrantable, IPrincipal

Direct Known Subclasses:

ArnPrincipal, CanonicalUserPrincipal, CompositePrincipal, FederatedPrincipal, OrganizationPrincipal, PrincipalWithConditions, ServicePrincipal, SessionTagsPrincipal, StarPrincipal, ViaServicePrincipal

@Generated(value="jsii-pacmak/1.58.0 (build f8ba112)",
           date="2022-05-20T22:19:54.898Z")
public abstract class PrincipalBase
extends software.amazon.jsii.JsiiObject
implements IAssumeRolePrincipal

Base class for policy principals.

Example:

 CfnParameter tagParam = new CfnParameter(this, "TagName");
 CfnJson stringEquals = CfnJson.Builder.create(this, "ConditionJson")
         .value(Map.of(
                 String.format("aws:PrincipalTag/%s", tagParam.getValueAsString()), true))
         .build();
 PrincipalBase principal = new AccountRootPrincipal().withConditions(Map.of(
         "StringEquals", stringEquals));
 Role.Builder.create(this, "MyRole").assumedBy(principal).build();
 

Nested Class Summary

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IAssumeRolePrincipal

IAssumeRolePrincipal.Jsii$Default

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	PrincipalBase()
protected	PrincipalBase(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	PrincipalBase(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
void	addToAssumeRolePolicy(PolicyDocument document) Add the princpial to the AssumeRolePolicyDocument.
java.lang.Boolean	addToPolicy(PolicyStatement statement) Add to the policy of this principal.
AddToPrincipalPolicyResult	addToPrincipalPolicy(PolicyStatement _statement) Add to the policy of this principal.
java.lang.String	getAssumeRoleAction() When this Principal is used in an AssumeRole policy, the action to use.
IPrincipal	getGrantPrincipal() The principal to grant permissions to.
abstract PrincipalPolicyFragment	getPolicyFragment() Return the policy fragment that identifies this principal in a Policy.
java.lang.String	getPrincipalAccount() The AWS account ID of this principal.
java.util.Map<java.lang.String,java.util.List<java.lang.String>>	toJSON() JSON-ify the principal.
java.lang.String	toString() Returns a string representation of an object.
PrincipalBase	withConditions(java.util.Map<java.lang.String,java.lang.Object> conditions) Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
PrincipalBase	withSessionTags() Returns a new principal using this principal as the base, with session tags enabled.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

PrincipalBase

protected PrincipalBase(software.amazon.jsii.JsiiObjectRef objRef)

PrincipalBase

protected PrincipalBase(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

PrincipalBase

protected PrincipalBase()

Method Detail

addToAssumeRolePolicy

public void addToAssumeRolePolicy(PolicyDocument document)

Add the princpial to the AssumeRolePolicyDocument.

Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.

Specified by:

addToAssumeRolePolicy in interface IAssumeRolePrincipal

Parameters:

document - This parameter is required.

addToPolicy

public java.lang.Boolean addToPolicy(PolicyStatement statement)

Add to the policy of this principal.

Specified by:

addToPolicy in interface IPrincipal

Parameters:

statement - This parameter is required.

Returns:

true if the statement was added, false if the principal in question does not have a policy document to add the statement to.

addToPrincipalPolicy

public AddToPrincipalPolicyResult addToPrincipalPolicy(PolicyStatement _statement)

Add to the policy of this principal.

Specified by:

addToPrincipalPolicy in interface IPrincipal

Parameters:

_statement - This parameter is required.

toJSON

public java.util.Map<java.lang.String,java.util.List<java.lang.String>> toJSON()

JSON-ify the principal.

Used when JSON.stringify() is called

toString

public java.lang.String toString()

Returns a string representation of an object.

withConditions

public PrincipalBase withConditions(java.util.Map<java.lang.String,java.lang.Object> conditions)

Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.

When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.

Parameters:

conditions - This parameter is required.

Returns:

a new PrincipalWithConditions object.

withSessionTags

public PrincipalBase withSessionTags()

Returns a new principal using this principal as the base, with session tags enabled.

Returns:

a new SessionTagsPrincipal object.

getAssumeRoleAction

public java.lang.String getAssumeRoleAction()

When this Principal is used in an AssumeRole policy, the action to use.

Specified by:

getAssumeRoleAction in interface IPrincipal

getGrantPrincipal

public IPrincipal getGrantPrincipal()

The principal to grant permissions to.

Specified by:

getGrantPrincipal in interface IGrantable

getPolicyFragment

public abstract PrincipalPolicyFragment getPolicyFragment()

Return the policy fragment that identifies this principal in a Policy.

Specified by:

getPolicyFragment in interface IPrincipal

getPrincipalAccount

public java.lang.String getPrincipalAccount()

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

Specified by:

getPrincipalAccount in interface IPrincipal