UserProps

class aws_cdk.aws_iam.UserProps(*, groups=None, managed_policies=None, password=None, password_reset_required=None, path=None, permissions_boundary=None, user_name=None)

Bases: object

Properties for defining an IAM user.

Parameters
  • groups (Optional[Sequence[IGroup]]) – Groups to add this user to. You can also use addToGroup to add this user to a group. Default: - No groups.

  • managed_policies (Optional[Sequence[IManagedPolicy]]) – A list of managed policies associated with this role. You can add managed policies later using addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName)). Default: - No managed policies.

  • password (Optional[SecretValue]) – The password for the user. This is required so the user can access the AWS Management Console. You can use SecretValue.unsafePlainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager. Default: - User won’t be able to access the management console without a password.

  • password_reset_required (Optional[bool]) – Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console. If this is set to ‘true’, you must also specify “initialPassword”. Default: false

  • path (Optional[str]) – The path for the user name. For more information about paths, see IAM Identifiers in the IAM User Guide. Default: /

  • permissions_boundary (Optional[IManagedPolicy]) – AWS supports permissions boundaries for IAM entities (users or roles). A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity’s permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries. Default: - No permissions boundary.

  • user_name (Optional[str]) – A name for the IAM user. For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don’t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template’s capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates. Default: - Generated by CloudFormation (recommended)

ExampleMetadata

lit=test/example.attaching.lit.ts infused

Example:

user = User(self, "MyUser", password=cdk.SecretValue.unsafe_plain_text("1234"))
group = Group(self, "MyGroup")

policy = Policy(self, "MyPolicy")
policy.attach_to_user(user)
group.attach_inline_policy(policy)

Attributes

groups

Groups to add this user to.

You can also use addToGroup to add this user to a group.

Default
  • No groups.

managed_policies

A list of managed policies associated with this role.

You can add managed policies later using addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName)).

Default
  • No managed policies.

password

The password for the user. This is required so the user can access the AWS Management Console.

You can use SecretValue.unsafePlainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager.

Default
  • User won’t be able to access the management console without a password.

password_reset_required

Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.

If this is set to ‘true’, you must also specify “initialPassword”.

Default

false

path

The path for the user name.

For more information about paths, see IAM Identifiers in the IAM User Guide.

Default

/

permissions_boundary

AWS supports permissions boundaries for IAM entities (users or roles).

A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity’s permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.

Default
  • No permissions boundary.

Link

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html

user_name

A name for the IAM user.

For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don’t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.

If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template’s capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.

Default
  • Generated by CloudFormation (recommended)