Class Group
An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class Group : Resource, IGroup, IIdentity, IPrincipal, IGrantable, IResource, IGroupRef, IConstruct, IDependable, IEnvironmentAwareSyntax (vb)
Public Class Group Inherits Resource Implements IGroup, IIdentity, IPrincipal, IGrantable, IResource, IGroupRef, IConstruct, IDependable, IEnvironmentAwareRemarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
Examples
var user = new User(this, "MyUser"); // or User.fromUserName(this, 'User', 'johnsmith');
var group = new Group(this, "MyGroup"); // or Group.fromGroupArn(this, 'Group', 'arn:aws:iam::account-id:group/group-name');
user.AddToGroup(group);
// or
group.AddUser(user);Synopsis
Constructors
| Group(Construct, string, IGroupProps?) | An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users. |
Properties
| AssumeRoleAction | When this Principal is used in an AssumeRole policy, the action to use. |
| GrantPrincipal | The principal to grant permissions to. |
| GroupArn | Returns the IAM Group ARN. |
| GroupName | Returns the IAM Group Name. |
| GroupRef | A reference to a Group resource. |
| PROPERTY_INJECTION_ID | Uniquely identifies this class. |
| PolicyFragment | Return the policy fragment that identifies this principal in a Policy. |
| PrincipalAccount | The AWS account ID of this principal. |
Methods
| AddManagedPolicy(IManagedPolicy) | Attaches a managed policy to this group. |
| AddToPolicy(PolicyStatement) | Add to the policy of this principal. |
| AddToPrincipalPolicy(PolicyStatement) | Adds an IAM statement to the default policy. |
| AddUser(IUser) | Adds a user to this group. |
| AttachInlinePolicy(Policy) | Attaches a policy to this group. |
| FromGroupArn(Construct, string, string) | Import an external group by ARN. |
| FromGroupName(Construct, string, string) | Import an existing group by given name (with path). |
Constructors
Group(Construct, string, IGroupProps?)
An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users.
public Group(Construct scope, string id, IGroupProps? props = null)Parameters
- scope Construct
- id string
- props IGroupProps
Remarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
Examples
var user = new User(this, "MyUser"); // or User.fromUserName(this, 'User', 'johnsmith');
var group = new Group(this, "MyGroup"); // or Group.fromGroupArn(this, 'Group', 'arn:aws:iam::account-id:group/group-name');
user.AddToGroup(group);
// or
group.AddUser(user);Properties
AssumeRoleAction
When this Principal is used in an AssumeRole policy, the action to use.
public virtual string AssumeRoleAction { get; }Property Value
Remarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
GrantPrincipal
The principal to grant permissions to.
public virtual IPrincipal GrantPrincipal { get; }Property Value
Remarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
GroupArn
Returns the IAM Group ARN.
public virtual string GroupArn { get; }Property Value
Remarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
GroupName
Returns the IAM Group Name.
public virtual string GroupName { get; }Property Value
Remarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
GroupRef
A reference to a Group resource.
public virtual IGroupReference GroupRef { get; }Property Value
Remarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
PROPERTY_INJECTION_ID
Uniquely identifies this class.
public static string PROPERTY_INJECTION_ID { get; }Property Value
Remarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
PolicyFragment
Return the policy fragment that identifies this principal in a Policy.
public virtual PrincipalPolicyFragment PolicyFragment { get; }Property Value
Remarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
PrincipalAccount
The AWS account ID of this principal.
public virtual string? PrincipalAccount { get; }Property Value
Remarks
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
Methods
AddManagedPolicy(IManagedPolicy)
Attaches a managed policy to this group.
public virtual void AddManagedPolicy(IManagedPolicy policy)Parameters
- policy IManagedPolicy
The managed policy to attach.
Remarks
See [IAM and AWS STS quotas, name requirements, and character limits] (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entities) for quota of managed policies attached to an IAM group.
AddToPolicy(PolicyStatement)
Add to the policy of this principal.
public virtual bool AddToPolicy(PolicyStatement statement)Parameters
- statement PolicyStatement
Returns
Remarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
AddToPrincipalPolicy(PolicyStatement)
Adds an IAM statement to the default policy.
public virtual IAddToPrincipalPolicyResult AddToPrincipalPolicy(PolicyStatement statement)Parameters
- statement PolicyStatement
Returns
Remarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
AddUser(IUser)
Adds a user to this group.
public virtual void AddUser(IUser user)Parameters
- user IUser
Remarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
AttachInlinePolicy(Policy)
Attaches a policy to this group.
public virtual void AttachInlinePolicy(Policy policy)Parameters
- policy Policy
The policy to attach.
Remarks
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
ExampleMetadata: infused
FromGroupArn(Construct, string, string)
Import an external group by ARN.
public static IGroup FromGroupArn(Construct scope, string id, string groupArn)Parameters
- scope Construct
construct scope.
- id string
construct id.
- groupArn string
the ARN of the group to import (e.g.
arn:aws:iam::account-id:group/group-name).
Returns
Remarks
If the imported Group ARN is a Token (such as a
CfnParameter.valueAsString or a Fn.importValue()) and the referenced
group has a path (like arn:...:group/AdminGroup/NetworkAdmin), the
groupName property will not resolve to the correct value. Instead it
will resolve to the first path component. We unfortunately cannot express
the correct calculation of the full path name as a CloudFormation
expression. In this scenario the Group ARN should be supplied without the
path in order to resolve the correct group resource.
FromGroupName(Construct, string, string)
Import an existing group by given name (with path).
public static IGroup FromGroupName(Construct scope, string id, string groupName)Parameters
- scope Construct
construct scope.
- id string
construct id.
- groupName string
the groupName (path included) of the existing group to import.
Returns
Remarks
This method has same caveats of fromGroupArn