Interface IPrincipal
Represents a logical IAM principal.
Inherited Members
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface IPrincipal : IGrantableSyntax (vb)
Public Interface IPrincipal Inherits IGrantableRemarks
An IPrincipal describes a logical entity that can perform AWS API calls against sets of resources, optionally under certain conditions.
Examples of simple principals are IAM objects that you create, such as Users or Roles.
An example of a more complex principals is a ServicePrincipal (such as
new ServicePrincipal("sns.amazonaws.com"), which represents the Simple
Notifications Service).
A single logical Principal may also map to a set of physical principals.
For example, new OrganizationPrincipal('o-12345abcde') represents all
identities that are part of the given AWS Organization.
Synopsis
Properties
| AssumeRoleAction | When this Principal is used in an AssumeRole policy, the action to use. |
| PolicyFragment | Return the policy fragment that identifies this principal in a Policy. |
| PrincipalAccount | The AWS account ID of this principal. |
Methods
| AddToPrincipalPolicy(PolicyStatement) | Add to the policy of this principal. |
Properties
AssumeRoleAction
When this Principal is used in an AssumeRole policy, the action to use.
string AssumeRoleAction { get; }Property Value
Remarks
An IPrincipal describes a logical entity that can perform AWS API calls against sets of resources, optionally under certain conditions.
Examples of simple principals are IAM objects that you create, such as Users or Roles.
An example of a more complex principals is a ServicePrincipal (such as
new ServicePrincipal("sns.amazonaws.com"), which represents the Simple
Notifications Service).
A single logical Principal may also map to a set of physical principals.
For example, new OrganizationPrincipal('o-12345abcde') represents all
identities that are part of the given AWS Organization.
PolicyFragment
Return the policy fragment that identifies this principal in a Policy.
PrincipalPolicyFragment PolicyFragment { get; }Property Value
Remarks
An IPrincipal describes a logical entity that can perform AWS API calls against sets of resources, optionally under certain conditions.
Examples of simple principals are IAM objects that you create, such as Users or Roles.
An example of a more complex principals is a ServicePrincipal (such as
new ServicePrincipal("sns.amazonaws.com"), which represents the Simple
Notifications Service).
A single logical Principal may also map to a set of physical principals.
For example, new OrganizationPrincipal('o-12345abcde') represents all
identities that are part of the given AWS Organization.
PrincipalAccount
The AWS account ID of this principal.
string? PrincipalAccount { get; }Property Value
Remarks
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
Methods
AddToPrincipalPolicy(PolicyStatement)
Add to the policy of this principal.
IAddToPrincipalPolicyResult AddToPrincipalPolicy(PolicyStatement statement)Parameters
- statement PolicyStatement
Returns
Remarks
An IPrincipal describes a logical entity that can perform AWS API calls against sets of resources, optionally under certain conditions.
Examples of simple principals are IAM objects that you create, such as Users or Roles.
An example of a more complex principals is a ServicePrincipal (such as
new ServicePrincipal("sns.amazonaws.com"), which represents the Simple
Notifications Service).
A single logical Principal may also map to a set of physical principals.
For example, new OrganizationPrincipal('o-12345abcde') represents all
identities that are part of the given AWS Organization.