interface UserProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.IAM.UserProps |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsiam#UserProps |
 Java | software.amazon.awscdk.services.iam.UserProps |
 Python | aws_cdk.aws_iam.UserProps |
 TypeScript (source) | aws-cdk-lib » aws_iam » UserProps |
Properties for defining an IAM user.
Example
const user = new User(this, 'MyUser', { password: SecretValue.plainText('1234') });
const group = new Group(this, 'MyGroup');
const policy = new Policy(this, 'MyPolicy');
policy.attachToUser(user);
group.attachInlinePolicy(policy);
Properties
| Name | Type | Description |
|---|---|---|
| groups? | IGroup[] | Groups to add this user to. |
| managed | IManaged[] | A list of managed policies associated with this role. |
| password? | Secret | The password for the user. This is required so the user can access the AWS Management Console. |
| password | boolean | Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console. |
| path? | string | The path for the user name. |
| permissions | IManaged | AWS supports permissions boundaries for IAM entities (users or roles). |
| user | string | A name for the IAM user. |
groups?
Type:
IGroup[]
(optional, default: No groups.)
Groups to add this user to.
You can also use addToGroup to add this
user to a group.
managedPolicies?
Type:
IManaged[]
(optional, default: No managed policies.)
A list of managed policies associated with this role.
You can add managed policies later using
addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName)).
password?
Type:
Secret
(optional, default: User won't be able to access the management console without a password.)
The password for the user. This is required so the user can access the AWS Management Console.
You can use SecretValue.unsafePlainText to specify a password in plain text or
use secretsmanager.Secret.fromSecretAttributes to reference a secret in
Secrets Manager.
passwordResetRequired?
Type:
boolean
(optional, default: false)
Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.
If this is set to 'true', you must also specify "initialPassword".
path?
Type:
string
(optional, default: /)
The path for the user name.
For more information about paths, see IAM Identifiers in the IAM User Guide.
permissionsBoundary?
Type:
IManaged
(optional, default: No permissions boundary.)
AWS supports permissions boundaries for IAM entities (users or roles).
A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.
userName?
Type:
string
(optional, default: Generated by CloudFormation (recommended))
A name for the IAM user.
For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.