@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)",
date="2023-01-31T18:36:46.906Z")
public interface RoleProps
Example:
Role lambdaRole = Role.Builder.create(this, "Role") .assumedBy(new ServicePrincipal("lambda.amazonaws.com")) .description("Example role...") .build(); Stream stream = Stream.Builder.create(this, "MyEncryptedStream") .encryption(StreamEncryption.KMS) .build(); // give lambda permissions to read stream stream.grantRead(lambdaRole);
Modifier and Type | Interface and Description |
---|---|
static class |
RoleProps.Builder
A builder for
RoleProps |
static class |
RoleProps.Jsii$Proxy
An implementation for
RoleProps |
Modifier and Type | Method and Description |
---|---|
static RoleProps.Builder |
builder() |
IPrincipal |
getAssumedBy()
The IAM principal (i.e.
|
default java.lang.String |
getDescription()
A description of the role.
|
default java.lang.String |
getExternalId()
Deprecated.
see
externalIds |
default java.util.List<java.lang.String> |
getExternalIds()
List of IDs that the role assumer needs to provide one of when assuming this role.
|
default java.util.Map<java.lang.String,PolicyDocument> |
getInlinePolicies()
A list of named policies to inline into this role.
|
default java.util.List<IManagedPolicy> |
getManagedPolicies()
A list of managed policies associated with this role.
|
default Duration |
getMaxSessionDuration()
The maximum session duration that you want to set for the specified role.
|
default java.lang.String |
getPath()
The path associated with this role.
|
default IManagedPolicy |
getPermissionsBoundary()
AWS supports permissions boundaries for IAM entities (users or roles).
|
default java.lang.String |
getRoleName()
A name for the IAM role.
|
IPrincipal getAssumedBy()
You can later modify the assume role policy document by accessing it via
the assumeRolePolicy
property.
default java.lang.String getDescription()
It can be up to 1000 characters long.
Default: - No description.
@Deprecated default java.lang.String getExternalId()
externalIds
If the configured and provided external IDs do not match, the AssumeRole operation will fail.
Default: No external ID required
default java.util.List<java.lang.String> getExternalIds()
If the configured and provided external IDs do not match, the AssumeRole operation will fail.
Default: No external ID required
default java.util.Map<java.lang.String,PolicyDocument> getInlinePolicies()
These policies will be
created with the role, whereas those added by addToPolicy
are added
using a separate CloudFormation resource (allowing a way around circular
dependencies that could otherwise be introduced).
Default: - No policy is inlined in the Role resource.
default java.util.List<IManagedPolicy> getManagedPolicies()
You can add managed policies later using
addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))
.
Default: - No managed policies.
default Duration getMaxSessionDuration()
This setting can have a value from 1 hour (3600sec) to 12 (43200sec) hours.
Anyone who assumes the role from the AWS CLI or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter.
If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL.
Default: Duration.hours(1)
default java.lang.String getPath()
For information about IAM paths, see Friendly Names and Paths in IAM User Guide.
Default: /
default IManagedPolicy getPermissionsBoundary()
A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.
Default: - No permissions boundary.
default java.lang.String getRoleName()
For valid values, see the RoleName parameter for the CreateRole action in the IAM API Reference.
IMPORTANT: If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.
Default: - AWS CloudFormation generates a unique physical ID and uses that ID for the role name.
static RoleProps.Builder builder()
RoleProps.Builder
of RoleProps