Class LazyRole
An IAM role that only gets attached to the construct tree once it gets used, not before.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class LazyRole : Resource, IRole, IIdentity, IPrincipal, IGrantable, IResource
Syntax (vb)
Public Class LazyRole
Inherits Resource
Implements IRole, IIdentity, IPrincipal, IGrantable, IResource
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK;
using Amazon.CDK.AWS.IAM;
ManagedPolicy managedPolicy;
PolicyDocument policyDocument;
IPrincipal principal;
var lazyRole = new LazyRole(this, "MyLazyRole", new LazyRoleProps {
AssumedBy = principal,
// the properties below are optional
Description = "description",
ExternalIds = new [] { "externalIds" },
InlinePolicies = new Dictionary<string, PolicyDocument> {
{ "inlinePoliciesKey", policyDocument }
},
ManagedPolicies = new [] { managedPolicy },
MaxSessionDuration = Duration.Minutes(30),
Path = "path",
PermissionsBoundary = managedPolicy,
RoleName = "roleName"
});
Synopsis
Constructors
LazyRole(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
LazyRole(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
LazyRole(Construct, String, ILazyRoleProps) |
Properties
AssumeRoleAction | When this Principal is used in an AssumeRole policy, the action to use. |
GrantPrincipal | The principal to grant permissions to. |
PolicyFragment | Return the policy fragment that identifies this principal in a Policy. |
PrincipalAccount | The AWS account ID of this principal. |
RoleArn | Returns the ARN of this role. |
RoleId | Returns the stable and unique string identifying the role (i.e. AIDAJQABLZS4A3QDU576Q). |
RoleName | Returns the name of this role. |
Methods
AddManagedPolicy(IManagedPolicy) | Attaches a managed policy to this role. |
AddToPolicy(PolicyStatement) | Add to the policy of this principal. |
AddToPrincipalPolicy(PolicyStatement) | Adds a permission to the role's default policy document. |
AttachInlinePolicy(Policy) | Attaches a policy to this role. |
Grant(IPrincipal, String[]) | Grant the actions defined in actions to the identity Principal on this resource. |
GrantAssumeRole(IPrincipal) | Grant permissions to the given principal to assume this role. |
GrantPassRole(IPrincipal) | Grant permissions to the given principal to pass this role. |
Constructors
LazyRole(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected LazyRole(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
LazyRole(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected LazyRole(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
LazyRole(Construct, String, ILazyRoleProps)
public LazyRole(Construct scope, string id, ILazyRoleProps props)
Parameters
- scope Constructs.Construct
- id System.String
- props ILazyRoleProps
Properties
AssumeRoleAction
When this Principal is used in an AssumeRole policy, the action to use.
public virtual string AssumeRoleAction { get; }
Property Value
System.String
GrantPrincipal
The principal to grant permissions to.
public virtual IPrincipal GrantPrincipal { get; }
Property Value
PolicyFragment
Return the policy fragment that identifies this principal in a Policy.
public virtual PrincipalPolicyFragment PolicyFragment { get; }
Property Value
PrincipalAccount
The AWS account ID of this principal.
public virtual string PrincipalAccount { get; }
Property Value
System.String
Remarks
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
RoleArn
Returns the ARN of this role.
public virtual string RoleArn { get; }
Property Value
System.String
RoleId
Returns the stable and unique string identifying the role (i.e. AIDAJQABLZS4A3QDU576Q).
public virtual string RoleId { get; }
Property Value
System.String
Remarks
Attribute: true
RoleName
Returns the name of this role.
public virtual string RoleName { get; }
Property Value
System.String
Methods
AddManagedPolicy(IManagedPolicy)
Attaches a managed policy to this role.
public virtual void AddManagedPolicy(IManagedPolicy policy)
Parameters
- policy IManagedPolicy
The managed policy to attach.
AddToPolicy(PolicyStatement)
Add to the policy of this principal.
public virtual bool AddToPolicy(PolicyStatement statement)
Parameters
- statement PolicyStatement
Returns
System.Boolean
AddToPrincipalPolicy(PolicyStatement)
Adds a permission to the role's default policy document.
public virtual IAddToPrincipalPolicyResult AddToPrincipalPolicy(PolicyStatement statement)
Parameters
- statement PolicyStatement
The permission statement to add to the policy document.
Returns
Remarks
If there is no default policy attached to this role, it will be created.
AttachInlinePolicy(Policy)
Attaches a policy to this role.
public virtual void AttachInlinePolicy(Policy policy)
Parameters
- policy Policy
The policy to attach.
Grant(IPrincipal, String[])
Grant the actions defined in actions to the identity Principal on this resource.
public virtual Grant Grant(IPrincipal identity, params string[] actions)
Parameters
- identity IPrincipal
- actions System.String[]
Returns
GrantAssumeRole(IPrincipal)
Grant permissions to the given principal to assume this role.
public virtual Grant GrantAssumeRole(IPrincipal identity)
Parameters
- identity IPrincipal
Returns
GrantPassRole(IPrincipal)
Grant permissions to the given principal to pass this role.
public virtual Grant GrantPassRole(IPrincipal identity)
Parameters
- identity IPrincipal
Returns