Class ArnPrincipal
Specify a principal by the Amazon Resource Name (ARN).
Inherited Members
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class ArnPrincipal : PrincipalBase, IAssumeRolePrincipal, IComparablePrincipal, IPrincipal, IGrantableSyntax (vb)
Public Class ArnPrincipal
Inherits PrincipalBase
Implements IAssumeRolePrincipal, IComparablePrincipal, IPrincipal, IGrantableRemarks
You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. You cannot specify IAM groups or instance profiles as principals
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
ExampleMetadata: infused
Examples
// Option 2: create your custom mastersRole with scoped assumeBy arn as the Cluster prop. Switch to this role from the AWS console.
using Amazon.CDK.LambdaLayer.KubectlV32;
Vpc vpc;
var mastersRole = new Role(this, "MastersRole", new RoleProps {
AssumedBy = new ArnPrincipal("arn_for_trusted_principal")
});
var cluster = new Cluster(this, "EksCluster", new ClusterProps {
Vpc = vpc,
Version = KubernetesVersion.V1_32,
KubectlLayer = new KubectlV32Layer(this, "KubectlLayer"),
MastersRole = mastersRole
});
mastersRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps {
Actions = new [] { "eks:AccessKubernetesApi", "eks:Describe*", "eks:List*" },
Resources = new [] { cluster.ClusterArn }
}));Synopsis
Constructors
| Arn |
Used by jsii to construct an instance of this class from a Javascript-owned object reference |
| Arn |
Used by jsii to construct an instance of this class from DeputyProps |
| Arn |
Properties
| Arn | Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name). |
| Policy |
Return the policy fragment that identifies this principal in a Policy. |
Methods
| Dedupe |
Return whether or not this principal is equal to the given principal. |
| In |
A convenience method for adding a condition that the principal is part of the specified AWS Organization. |
| To |
Returns a string representation of an object. |
Constructors
ArnPrincipal(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected ArnPrincipal(ByRefValue reference)Parameters
- reference Amazon.
JSII. Runtime. Deputy. By Ref Value The Javascript-owned object reference
ArnPrincipal(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected ArnPrincipal(DeputyBase.DeputyProps props)Parameters
- props Amazon.
JSII. Runtime. Deputy. Deputy Base. Deputy Props The deputy props
ArnPrincipal(String)
public ArnPrincipal(string arn)Parameters
- arn System.
String Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name).
Properties
Arn
Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name).
public virtual string Arn { get; }Property Value
System.
PolicyFragment
Return the policy fragment that identifies this principal in a Policy.
public override PrincipalPolicyFragment PolicyFragment { get; }Property Value
Overrides
Methods
DedupeString()
Return whether or not this principal is equal to the given principal.
public override string DedupeString()Returns
System.
Overrides
InOrganization(String)
A convenience method for adding a condition that the principal is part of the specified AWS Organization.
public virtual PrincipalBase InOrganization(string organizationId)Parameters
- organizationId System.
String
Returns
ToString()
Returns a string representation of an object.
public override string ToString()Returns
System.