Package software.amazon.awscdk.services.iam

Class ArnPrincipal

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.iam.PrincipalBase
software.amazon.awscdk.services.iam.ArnPrincipal
All Implemented Interfaces:
IAssumeRolePrincipal, IComparablePrincipal, IGrantable, IPrincipal, software.amazon.jsii.JsiiSerializable
Direct Known Subclasses:
AccountPrincipal, AnyPrincipal
@Generated(value="jsii-pacmak/1.110.0 (build 336b265)", date="2025-04-22T23:08:14.385Z") @Stability(Stable) public class ArnPrincipal extends PrincipalBase
Specify a principal by the Amazon Resource Name (ARN).

You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. You cannot specify IAM groups or instance profiles as principals

Example: 

 // Option 2: create your custom mastersRole with scoped assumeBy arn as the Cluster prop. Switch to this role from the AWS console.
 import software.amazon.awscdk.cdk.lambdalayer.kubectl.v32.KubectlV32Layer;
 Vpc vpc;
 Role mastersRole = Role.Builder.create(this, "MastersRole")
         .assumedBy(new ArnPrincipal("arn_for_trusted_principal"))
         .build();
 Cluster cluster = Cluster.Builder.create(this, "EksCluster")
         .vpc(vpc)
         .version(KubernetesVersion.V1_32)
         .kubectlLayer(new KubectlV32Layer(this, "KubectlLayer"))
         .mastersRole(mastersRole)
         .build();
 mastersRole.addToPolicy(PolicyStatement.Builder.create()
         .actions(List.of("eks:AccessKubernetesApi", "eks:Describe*", "eks:List*"))
         .resources(List.of(cluster.getClusterArn()))
         .build());

See Also:

  • Constructor Details

    • ArnPrincipal

      protected ArnPrincipal(software.amazon.jsii.JsiiObjectRef objRef)

    • ArnPrincipal

      protected ArnPrincipal(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • ArnPrincipal

      @Stability(Stable) public ArnPrincipal(@NotNull String arn)
      Parameters:
      arn - Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name). This parameter is required.

  • Method Details

    • dedupeString

      @Stability(Stable) @Nullable public String dedupeString()
      Return whether or not this principal is equal to the given principal.
      Specified by:
      dedupeString in interface IComparablePrincipal
      Specified by:
      dedupeString in class PrincipalBase

    • inOrganization

      @Stability(Stable) @NotNull public PrincipalBase inOrganization(@NotNull String organizationId)
      A convenience method for adding a condition that the principal is part of the specified AWS Organization.

      Parameters:
      organizationId - This parameter is required.

    • toString

      @Stability(Stable) @NotNull public String toString()
      Returns a string representation of an object.
      Overrides:
      toString in class PrincipalBase

    • getArn

      @Stability(Stable) @NotNull public String getArn()
      Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name).

    • getPolicyFragment

      @Stability(Stable) @NotNull public PrincipalPolicyFragment getPolicyFragment()
      Return the policy fragment that identifies this principal in a Policy.
      Specified by:
      getPolicyFragment in interface IPrincipal
      Specified by:
      getPolicyFragment in class PrincipalBase