Class LazyRole
An IAM role that only gets attached to the construct tree once it gets used, not before.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class LazyRole : Resource, IRole, IIdentity, IPrincipal, IGrantable, IResource, IRoleRef, IConstruct, IDependable, IEnvironmentAwareSyntax (vb)
Public Class LazyRole Inherits Resource Implements IRole, IIdentity, IPrincipal, IGrantable, IResource, IRoleRef, IConstruct, IDependable, IEnvironmentAwareRemarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK;
using Amazon.CDK.AWS.IAM;
ManagedPolicy managedPolicy;
PolicyDocument policyDocument;
IPrincipal principal;
var lazyRole = new LazyRole(this, "MyLazyRole", new LazyRoleProps {
AssumedBy = principal,
// the properties below are optional
Description = "description",
ExternalIds = new [] { "externalIds" },
InlinePolicies = new Dictionary<string, PolicyDocument> {
{ "inlinePoliciesKey", policyDocument }
},
ManagedPolicies = new [] { managedPolicy },
MaxSessionDuration = Duration.Minutes(30),
Path = "path",
PermissionsBoundary = managedPolicy,
RoleName = "roleName"
});Synopsis
Constructors
| LazyRole(Construct, string, ILazyRoleProps) | An IAM role that only gets attached to the construct tree once it gets used, not before. |
Properties
| AssumeRoleAction | When this Principal is used in an AssumeRole policy, the action to use. |
| GrantPrincipal | The principal to grant permissions to. |
| PROPERTY_INJECTION_ID | Uniquely identifies this class. |
| PolicyFragment | Return the policy fragment that identifies this principal in a Policy. |
| PrincipalAccount | The AWS account ID of this principal. |
| RoleArn | Returns the ARN of this role. |
| RoleId | Returns the stable and unique string identifying the role (i.e. AIDAJQABLZS4A3QDU576Q). |
| RoleName | Returns the name of this role. |
| RoleRef | A reference to a Role resource. |
Methods
| AddManagedPolicy(IManagedPolicy) | Attaches a managed policy to this role. |
| AddToPolicy(PolicyStatement) | Add to the policy of this principal. |
| AddToPrincipalPolicy(PolicyStatement) | Adds a permission to the role's default policy document. |
| AttachInlinePolicy(Policy) | Attaches a policy to this role. |
| Grant(IPrincipal, params string[]) | Grant the actions defined in actions to the identity Principal on this resource. |
| GrantAssumeRole(IPrincipal) | Grant permissions to the given principal to assume this role. |
| GrantPassRole(IPrincipal) | Grant permissions to the given principal to pass this role. |
Constructors
LazyRole(Construct, string, ILazyRoleProps)
An IAM role that only gets attached to the construct tree once it gets used, not before.
public LazyRole(Construct scope, string id, ILazyRoleProps props)Parameters
- scope Construct
- id string
- props ILazyRoleProps
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK;
using Amazon.CDK.AWS.IAM;
ManagedPolicy managedPolicy;
PolicyDocument policyDocument;
IPrincipal principal;
var lazyRole = new LazyRole(this, "MyLazyRole", new LazyRoleProps {
AssumedBy = principal,
// the properties below are optional
Description = "description",
ExternalIds = new [] { "externalIds" },
InlinePolicies = new Dictionary<string, PolicyDocument> {
{ "inlinePoliciesKey", policyDocument }
},
ManagedPolicies = new [] { managedPolicy },
MaxSessionDuration = Duration.Minutes(30),
Path = "path",
PermissionsBoundary = managedPolicy,
RoleName = "roleName"
});Properties
AssumeRoleAction
When this Principal is used in an AssumeRole policy, the action to use.
public virtual string AssumeRoleAction { get; }Property Value
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
GrantPrincipal
The principal to grant permissions to.
public virtual IPrincipal GrantPrincipal { get; }Property Value
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
PROPERTY_INJECTION_ID
Uniquely identifies this class.
public static string PROPERTY_INJECTION_ID { get; }Property Value
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
PolicyFragment
Return the policy fragment that identifies this principal in a Policy.
public virtual PrincipalPolicyFragment PolicyFragment { get; }Property Value
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
PrincipalAccount
The AWS account ID of this principal.
public virtual string? PrincipalAccount { get; }Property Value
Remarks
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
RoleArn
Returns the ARN of this role.
public virtual string RoleArn { get; }Property Value
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
RoleId
Returns the stable and unique string identifying the role (i.e. AIDAJQABLZS4A3QDU576Q).
public virtual string RoleId { get; }Property Value
Remarks
Attribute: true
RoleName
Returns the name of this role.
public virtual string RoleName { get; }Property Value
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
RoleRef
A reference to a Role resource.
public virtual IRoleReference RoleRef { get; }Property Value
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
Methods
AddManagedPolicy(IManagedPolicy)
Attaches a managed policy to this role.
public virtual void AddManagedPolicy(IManagedPolicy policy)Parameters
- policy IManagedPolicy
The managed policy to attach.
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
AddToPolicy(PolicyStatement)
Add to the policy of this principal.
public virtual bool AddToPolicy(PolicyStatement statement)Parameters
- statement PolicyStatement
Returns
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
AddToPrincipalPolicy(PolicyStatement)
Adds a permission to the role's default policy document.
public virtual IAddToPrincipalPolicyResult AddToPrincipalPolicy(PolicyStatement statement)Parameters
- statement PolicyStatement
The permission statement to add to the policy document.
Returns
Remarks
If there is no default policy attached to this role, it will be created.
AttachInlinePolicy(Policy)
Attaches a policy to this role.
public virtual void AttachInlinePolicy(Policy policy)Parameters
- policy Policy
The policy to attach.
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
Grant(IPrincipal, params string[])
Grant the actions defined in actions to the identity Principal on this resource.
public virtual Grant Grant(IPrincipal identity, params string[] actions)Parameters
- identity IPrincipal
- actions string[]
Returns
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
GrantAssumeRole(IPrincipal)
Grant permissions to the given principal to assume this role.
public virtual Grant GrantAssumeRole(IPrincipal identity)Parameters
- identity IPrincipal
Returns
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated
GrantPassRole(IPrincipal)
Grant permissions to the given principal to pass this role.
public virtual Grant GrantPassRole(IPrincipal identity)Parameters
- identity IPrincipal
Returns
Remarks
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.
Resource: AWS::IAM::Role
ExampleMetadata: fixture=_generated