Class PrincipalBase
Base class for policy principals.
Inheritance
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public abstract class PrincipalBase : DeputyBase, IAssumeRolePrincipal, IComparablePrincipal, IPrincipal, IGrantableSyntax (vb)
Public MustInherit Class PrincipalBase Inherits DeputyBase Implements IAssumeRolePrincipal, IComparablePrincipal, IPrincipal, IGrantableRemarks
ExampleMetadata: infused
Examples
var tagParam = new CfnParameter(this, "TagName");
var stringEquals = new CfnJson(this, "ConditionJson", new CfnJsonProps {
Value = new Dictionary<string, boolean> {
{ $"aws:PrincipalTag/{tagParam.valueAsString}", true }
}
});
var principal = new AccountRootPrincipal().WithConditions(new Dictionary<string, object> {
{ "StringEquals", stringEquals }
});
new Role(this, "MyRole", new RoleProps { AssumedBy = principal });Synopsis
Constructors
| PrincipalBase() | Base class for policy principals. |
Properties
| AssumeRoleAction | When this Principal is used in an AssumeRole policy, the action to use. |
| GrantPrincipal | The principal to grant permissions to. |
| PolicyFragment | Return the policy fragment that identifies this principal in a Policy. |
| PrincipalAccount | The AWS account ID of this principal. |
Methods
| AddToAssumeRolePolicy(PolicyDocument) | Add the principal to the AssumeRolePolicyDocument. |
| AddToPolicy(PolicyStatement) | Add to the policy of this principal. |
| AddToPrincipalPolicy(PolicyStatement) | Add to the policy of this principal. |
| DedupeString() | Return whether or not this principal is equal to the given principal. |
| ToJSON() | JSON-ify the principal. |
| ToString() | Returns a string representation of an object. |
| WithConditions(IDictionary<string, object>) | Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added. |
| WithSessionTags() | Returns a new principal using this principal as the base, with session tags enabled. |
Constructors
PrincipalBase()
Base class for policy principals.
protected PrincipalBase()Remarks
ExampleMetadata: infused
Examples
var tagParam = new CfnParameter(this, "TagName");
var stringEquals = new CfnJson(this, "ConditionJson", new CfnJsonProps {
Value = new Dictionary<string, boolean> {
{ $"aws:PrincipalTag/{tagParam.valueAsString}", true }
}
});
var principal = new AccountRootPrincipal().WithConditions(new Dictionary<string, object> {
{ "StringEquals", stringEquals }
});
new Role(this, "MyRole", new RoleProps { AssumedBy = principal });Properties
AssumeRoleAction
When this Principal is used in an AssumeRole policy, the action to use.
public virtual string AssumeRoleAction { get; }Property Value
Remarks
ExampleMetadata: infused
GrantPrincipal
The principal to grant permissions to.
public virtual IPrincipal GrantPrincipal { get; }Property Value
Remarks
ExampleMetadata: infused
PolicyFragment
Return the policy fragment that identifies this principal in a Policy.
public abstract PrincipalPolicyFragment PolicyFragment { get; }Property Value
Remarks
ExampleMetadata: infused
PrincipalAccount
The AWS account ID of this principal.
public virtual string? PrincipalAccount { get; }Property Value
Remarks
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
Methods
AddToAssumeRolePolicy(PolicyDocument)
Add the principal to the AssumeRolePolicyDocument.
public virtual void AddToAssumeRolePolicy(PolicyDocument document)Parameters
- document PolicyDocument
Remarks
Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.
AddToPolicy(PolicyStatement)
Add to the policy of this principal.
public virtual bool AddToPolicy(PolicyStatement statement)Parameters
- statement PolicyStatement
Returns
Remarks
ExampleMetadata: infused
AddToPrincipalPolicy(PolicyStatement)
Add to the policy of this principal.
public virtual IAddToPrincipalPolicyResult AddToPrincipalPolicy(PolicyStatement statement)Parameters
- statement PolicyStatement
Returns
Remarks
ExampleMetadata: infused
DedupeString()
Return whether or not this principal is equal to the given principal.
public abstract string? DedupeString()Returns
Remarks
ExampleMetadata: infused
ToJSON()
JSON-ify the principal.
public virtual IDictionary<string, string[]> ToJSON()Returns
IDictionary<string, string[]>
Remarks
Used when JSON.stringify() is called
ToString()
Returns a string representation of an object.
public override string ToString()Returns
Remarks
ExampleMetadata: infused
WithConditions(IDictionary<string, object>)
Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
public virtual PrincipalBase WithConditions(IDictionary<string, object> conditions)Parameters
- conditions IDictionary<string, object>
Returns
a new PrincipalWithConditions object.
Remarks
When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.
WithSessionTags()
Returns a new principal using this principal as the base, with session tags enabled.
public virtual PrincipalBase WithSessionTags()Returns
a new SessionTagsPrincipal object.
Remarks
ExampleMetadata: infused