class PrincipalBase
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.IAM.PrincipalBase |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsiam#PrincipalBase |
 Java | software.amazon.awscdk.services.iam.PrincipalBase |
 Python | aws_cdk.aws_iam.PrincipalBase |
 TypeScript (source) | aws-cdk-lib » aws_iam » PrincipalBase |
Implements
IAssume, IGrantable, IPrincipal, IComparable
Implemented by
Account, Account, Any, Arn, Canonical, Composite, Federated, Open, Organization, Principal, Saml, Saml, Service, Session, Star, Web, Via
Obtainable from
Arn.inOrganization()
Base class for policy principals.
Example
const tagParam = new CfnParameter(this, 'TagName');
const stringEquals = new CfnJson(this, 'ConditionJson', {
value: {
[`aws:PrincipalTag/${tagParam.valueAsString}`]: true,
},
});
const principal = new iam.AccountRootPrincipal().withConditions({
StringEquals: stringEquals,
});
new iam.Role(this, 'MyRole', { assumedBy: principal });
Initializer
new PrincipalBase()
Properties
| Name | Type | Description |
|---|---|---|
| assume | string | When this Principal is used in an AssumeRole policy, the action to use. |
| grant | IPrincipal | The principal to grant permissions to. |
| policy | Principal | Return the policy fragment that identifies this principal in a Policy. |
| principal | string | The AWS account ID of this principal. |
assumeRoleAction
Type:
string
When this Principal is used in an AssumeRole policy, the action to use.
grantPrincipal
Type:
IPrincipal
The principal to grant permissions to.
policyFragment
Type:
Principal
Return the policy fragment that identifies this principal in a Policy.
principalAccount?
Type:
string
(optional)
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
Methods
| Name | Description |
|---|---|
| add | Add the principal to the AssumeRolePolicyDocument. |
| add | Add to the policy of this principal. |
| add | Add to the policy of this principal. |
| dedupe | Return whether or not this principal is equal to the given principal. |
| to | JSON-ify the principal. |
| to | Returns a string representation of an object. |
| with | Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added. |
| with | Returns a new principal using this principal as the base, with session tags enabled. |
addToAssumeRolePolicy(document)
public addToAssumeRolePolicy(document: PolicyDocument): void
Parameters
- document
PolicyDocument
Add the principal to the AssumeRolePolicyDocument.
Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.
addToPolicy(statement)
public addToPolicy(statement: PolicyStatement): boolean
Parameters
- statement
PolicyStatement
Returns
boolean
Add to the policy of this principal.
addToPrincipalPolicy(_statement)
public addToPrincipalPolicy(_statement: PolicyStatement): AddToPrincipalPolicyResult
Parameters
- _statement
PolicyStatement
Returns
Add to the policy of this principal.
dedupeString()
public dedupeString(): string
Returns
string
Return whether or not this principal is equal to the given principal.
toJSON()
public toJSON(): { [string]: string[] }
Returns
{ [string]: string[] }
JSON-ify the principal.
Used when JSON.stringify() is called
toString()
public toString(): string
Returns
string
Returns a string representation of an object.
withConditions(conditions)
public withConditions(conditions: { [string]: any }): PrincipalBase
Parameters
- conditions
{ [string]: any }
Returns
Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.
withSessionTags()
public withSessionTags(): PrincipalBase
Returns
Returns a new principal using this principal as the base, with session tags enabled.