Interface IUserProps
Properties for defining an IAM user.
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface IUserPropsSyntax (vb)
Public Interface IUserPropsRemarks
ExampleMetadata: lit=aws-iam/test/example.attaching.lit.ts infused
Examples
var user = new User(this, "MyUser", new UserProps { Password = SecretValue.PlainText("1234") });
var group = new Group(this, "MyGroup");
var policy = new Policy(this, "MyPolicy");
policy.AttachToUser(user);
group.AttachInlinePolicy(policy);Synopsis
Properties
| Groups | Groups to add this user to. |
| ManagedPolicies | A list of managed policies associated with this role. |
| Password | The password for the user. This is required so the user can access the AWS Management Console. |
| PasswordResetRequired | Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console. |
| Path | The path for the user name. |
| PermissionsBoundary | AWS supports permissions boundaries for IAM entities (users or roles). |
| UserName | A name for the IAM user. |
Properties
Groups
Groups to add this user to.
IGroup[]? Groups { get; }Property Value
IGroup[]
Remarks
You can also use addToGroup to add this
user to a group.
Default: - No groups.
ManagedPolicies
A list of managed policies associated with this role.
IManagedPolicy[]? ManagedPolicies { get; }Property Value
Remarks
You can add managed policies later using
addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName)).
Default: - No managed policies.
Password
The password for the user. This is required so the user can access the AWS Management Console.
SecretValue? Password { get; }Property Value
Remarks
You can use SecretValue.unsafePlainText to specify a password in plain text or
use secretsmanager.Secret.fromSecretAttributes to reference a secret in
Secrets Manager.
Default: - User won't be able to access the management console without a password.
PasswordResetRequired
Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.
bool? PasswordResetRequired { get; }Property Value
bool?
Remarks
If this is set to 'true', you must also specify "initialPassword".
Default: false
Path
The path for the user name.
string? Path { get; }Property Value
Remarks
For more information about paths, see IAM Identifiers in the IAM User Guide.
Default: /
PermissionsBoundary
AWS supports permissions boundaries for IAM entities (users or roles).
IManagedPolicy? PermissionsBoundary { get; }Property Value
Remarks
A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.
Default: - No permissions boundary.
Link: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
UserName
A name for the IAM user.
string? UserName { get; }Property Value
Remarks
For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.
Default: - Generated by CloudFormation (recommended)