Package software.amazon.awscdk.services.iam

Class ArnPrincipal

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.iam.PrincipalBase
software.amazon.awscdk.services.iam.ArnPrincipal
All Implemented Interfaces:
IAssumeRolePrincipal, IComparablePrincipal, IGrantable, IPrincipal, software.amazon.jsii.JsiiSerializable
Direct Known Subclasses:
AccountPrincipal, AnyPrincipal
@Generated(value="jsii-pacmak/1.91.0 (build 1b1f239)", date="2023-11-16T22:34:06.027Z") @Stability(Stable) public class ArnPrincipal extends PrincipalBase
Specify a principal by the Amazon Resource Name (ARN).

You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. You cannot specify IAM groups or instance profiles as principals

Example: 

 // Option 3: Create a new role that allows the account root principal to assume. Add this role in the `system:masters` and witch to this role from the AWS console.
 Cluster cluster;
 Role consoleReadOnlyRole = Role.Builder.create(this, "ConsoleReadOnlyRole")
         .assumedBy(new ArnPrincipal("arn_for_trusted_principal"))
         .build();
 consoleReadOnlyRole.addToPolicy(PolicyStatement.Builder.create()
         .actions(List.of("eks:AccessKubernetesApi", "eks:Describe*", "eks:List*"))
         .resources(List.of(cluster.getClusterArn()))
         .build());
 // Add this role to system:masters RBAC group
 cluster.awsAuth.addMastersRole(consoleReadOnlyRole);

See Also:

  • Constructor Details

    • ArnPrincipal

      protected ArnPrincipal(software.amazon.jsii.JsiiObjectRef objRef)

    • ArnPrincipal

      protected ArnPrincipal(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • ArnPrincipal

      @Stability(Stable) public ArnPrincipal(@NotNull String arn)
      Parameters:
      arn - Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name). This parameter is required.

  • Method Details

    • dedupeString

      @Stability(Stable) @Nullable public String dedupeString()
      Return whether or not this principal is equal to the given principal.
      Specified by:
      dedupeString in interface IComparablePrincipal
      Specified by:
      dedupeString in class PrincipalBase

    • inOrganization

      @Stability(Stable) @NotNull public PrincipalBase inOrganization(@NotNull String organizationId)
      A convenience method for adding a condition that the principal is part of the specified AWS Organization.

      Parameters:
      organizationId - This parameter is required.

    • toString

      @Stability(Stable) @NotNull public String toString()
      Returns a string representation of an object.
      Overrides:
      toString in class PrincipalBase

    • getArn

      @Stability(Stable) @NotNull public String getArn()
      Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name).

    • getPolicyFragment

      @Stability(Stable) @NotNull public PrincipalPolicyFragment getPolicyFragment()
      Return the policy fragment that identifies this principal in a Policy.
      Specified by:
      getPolicyFragment in interface IPrincipal
      Specified by:
      getPolicyFragment in class PrincipalBase