Class ArnPrincipal
java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.iam.PrincipalBase
software.amazon.awscdk.services.iam.ArnPrincipal
- All Implemented Interfaces:
IAssumeRolePrincipal
,IComparablePrincipal
,IGrantable
,IPrincipal
,software.amazon.jsii.JsiiSerializable
- Direct Known Subclasses:
AccountPrincipal
,AnyPrincipal
@Generated(value="jsii-pacmak/1.104.0 (build e79254c)",
date="2025-01-15T21:09:20.244Z")
@Stability(Stable)
public class ArnPrincipal
extends PrincipalBase
Specify a principal by the Amazon Resource Name (ARN).
You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. You cannot specify IAM groups or instance profiles as principals
Example:
// Option 2: create your custom mastersRole with scoped assumeBy arn as the Cluster prop. Switch to this role from the AWS console. import software.amazon.awscdk.cdk.lambdalayer.kubectl.v31.KubectlV31Layer; Vpc vpc; Role mastersRole = Role.Builder.create(this, "MastersRole") .assumedBy(new ArnPrincipal("arn_for_trusted_principal")) .build(); Cluster cluster = Cluster.Builder.create(this, "EksCluster") .vpc(vpc) .version(KubernetesVersion.V1_31) .kubectlLayer(new KubectlV31Layer(this, "KubectlLayer")) .mastersRole(mastersRole) .build(); mastersRole.addToPolicy(PolicyStatement.Builder.create() .actions(List.of("eks:AccessKubernetesApi", "eks:Describe*", "eks:List*")) .resources(List.of(cluster.getClusterArn())) .build());
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IAssumeRolePrincipal
IAssumeRolePrincipal.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IComparablePrincipal
IComparablePrincipal.Jsii$Default
-
Constructor Summary
ModifierConstructorDescriptionArnPrincipal
(String arn) protected
ArnPrincipal
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
ArnPrincipal
(software.amazon.jsii.JsiiObjectRef objRef) -
Method Summary
Modifier and TypeMethodDescriptionReturn whether or not this principal is equal to the given principal.getArn()
Amazon Resource Name (ARN) of the principal entity (i.e.Return the policy fragment that identifies this principal in a Policy.inOrganization
(String organizationId) A convenience method for adding a condition that the principal is part of the specified AWS Organization.toString()
Returns a string representation of an object.Methods inherited from class software.amazon.awscdk.services.iam.PrincipalBase
addToAssumeRolePolicy, addToPolicy, addToPrincipalPolicy, getAssumeRoleAction, getGrantPrincipal, getPrincipalAccount, toJSON, withConditions, withSessionTags
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Constructor Details
-
ArnPrincipal
protected ArnPrincipal(software.amazon.jsii.JsiiObjectRef objRef) -
ArnPrincipal
protected ArnPrincipal(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
ArnPrincipal
- Parameters:
arn
- Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name). This parameter is required.
-
-
Method Details
-
dedupeString
Return whether or not this principal is equal to the given principal.- Specified by:
dedupeString
in interfaceIComparablePrincipal
- Specified by:
dedupeString
in classPrincipalBase
-
inOrganization
A convenience method for adding a condition that the principal is part of the specified AWS Organization.- Parameters:
organizationId
- This parameter is required.
-
toString
Returns a string representation of an object.- Overrides:
toString
in classPrincipalBase
-
getArn
Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name). -
getPolicyFragment
Return the policy fragment that identifies this principal in a Policy.- Specified by:
getPolicyFragment
in interfaceIPrincipal
- Specified by:
getPolicyFragment
in classPrincipalBase
-