UserProps

class aws_cdk.aws_iam.UserProps(*, groups=None, managed_policies=None, password=None, password_reset_required=None, path=None, permissions_boundary=None, user_name=None)

Bases: object

Properties for defining an IAM user.

Parameters:

  • groups (Optional[Sequence[IGroup]]) – Groups to add this user to. You can also use addToGroup to add this user to a group. Default: - No groups.

  • managed_policies (Optional[Sequence[IManagedPolicy]]) – A list of managed policies associated with this role. You can add managed policies later using addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName)). Default: - No managed policies.

  • password (Optional[SecretValue]) – The password for the user. This is required so the user can access the AWS Management Console. You can use SecretValue.unsafePlainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager. Default: - User won’t be able to access the management console without a password.

  • password_reset_required (Optional[bool]) – Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console. If this is set to ‘true’, you must also specify “initialPassword”. Default: false

  • path (Optional[str]) – The path for the user name. For more information about paths, see IAM Identifiers in the IAM User Guide. Default: /

  • permissions_boundary (Optional[IManagedPolicy]) – AWS supports permissions boundaries for IAM entities (users or roles). A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity’s permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries. Default: - No permissions boundary.

  • user_name (Optional[str]) – A name for the IAM user. For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don’t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template’s capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates. Default: - Generated by CloudFormation (recommended)

ExampleMetadata:

lit=test/example.attaching.lit.ts infused

Example:

user = User(self, "MyUser", password=cdk.SecretValue.unsafe_plain_text("1234"))
group = Group(self, "MyGroup")

policy = Policy(self, "MyPolicy")
policy.attach_to_user(user)
group.attach_inline_policy(policy)

Attributes

groups

Groups to add this user to.

You can also use addToGroup to add this user to a group.

Default:

  • No groups.

managed_policies

A list of managed policies associated with this role.

You can add managed policies later using addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName)).

Default:

  • No managed policies.

password

The password for the user. This is required so the user can access the AWS Management Console.

You can use SecretValue.unsafePlainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager.

Default:

  • User won’t be able to access the management console without a password.

password_reset_required

Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.

If this is set to ‘true’, you must also specify “initialPassword”.

Default:

false

path

The path for the user name.

For more information about paths, see IAM Identifiers in the IAM User Guide.

Default:

/

permissions_boundary

AWS supports permissions boundaries for IAM entities (users or roles).

A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity’s permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.

Default:

  • No permissions boundary.

Link:

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html

user_name

A name for the IAM user.

For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don’t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.

If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template’s capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.

Default:

  • Generated by CloudFormation (recommended)