Class Group
- All Implemented Interfaces:
IResource
,IGrantable
,IGroup
,IIdentity
,IPrincipal
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
,software.constructs.IDependable
Example:
User user = new User(this, "MyUser"); // or User.fromUserName(this, 'User', 'johnsmith'); Group group = new Group(this, "MyGroup"); // or Group.fromGroupArn(this, 'Group', 'arn:aws:iam::account-id:group/group-name'); user.addToGroup(group); // or group.addUser(user);
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IGroup
IGroup.Jsii$Default, IGroup.Jsii$Proxy
Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource
IResource.Jsii$Default
-
Constructor Summary
ModifierConstructorDescriptionprotected
Group
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
Group
(software.amazon.jsii.JsiiObjectRef objRef) Group
(software.constructs.Construct scope, String id, GroupProps props) -
Method Summary
Modifier and TypeMethodDescriptionvoid
addManagedPolicy
(IManagedPolicy policy) Attaches a managed policy to this group.addToPolicy
(PolicyStatement statement) Add to the policy of this principal.addToPrincipalPolicy
(PolicyStatement statement) Adds an IAM statement to the default policy.void
Adds a user to this group.void
attachInlinePolicy
(Policy policy) Attaches a policy to this group.static IGroup
fromGroupArn
(software.constructs.Construct scope, String id, String groupArn) Import an external group by ARN.static IGroup
fromGroupName
(software.constructs.Construct scope, String id, String groupName) Import an existing group by given name (with path).When this Principal is used in an AssumeRole policy, the action to use.The principal to grant permissions to.Returns the IAM Group ARN.Returns the IAM Group Name.Return the policy fragment that identifies this principal in a Policy.The AWS account ID of this principal.Methods inherited from class software.amazon.awscdk.Resource
applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource
Methods inherited from class software.constructs.Construct
getNode, isConstruct, toString
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.constructs.IConstruct
getNode
Methods inherited from interface software.amazon.awscdk.IResource
applyRemovalPolicy, getEnv, getStack
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Constructor Details
-
Group
protected Group(software.amazon.jsii.JsiiObjectRef objRef) -
Group
protected Group(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
Group
@Stability(Stable) public Group(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable GroupProps props) - Parameters:
scope
- This parameter is required.id
- This parameter is required.props
-
-
Group
- Parameters:
scope
- This parameter is required.id
- This parameter is required.
-
-
Method Details
-
fromGroupArn
@Stability(Stable) @NotNull public static IGroup fromGroupArn(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String groupArn) Import an external group by ARN.If the imported Group ARN is a Token (such as a
CfnParameter.valueAsString
or aFn.importValue()
) and the referenced group has apath
(likearn:...:group/AdminGroup/NetworkAdmin
), thegroupName
property will not resolve to the correct value. Instead it will resolve to the first path component. We unfortunately cannot express the correct calculation of the full path name as a CloudFormation expression. In this scenario the Group ARN should be supplied without thepath
in order to resolve the correct group resource.- Parameters:
scope
- construct scope. This parameter is required.id
- construct id. This parameter is required.groupArn
- the ARN of the group to import (e.g.arn:aws:iam::account-id:group/group-name
). This parameter is required.
-
fromGroupName
@Stability(Stable) @NotNull public static IGroup fromGroupName(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String groupName) Import an existing group by given name (with path).This method has same caveats of
fromGroupArn
- Parameters:
scope
- construct scope. This parameter is required.id
- construct id. This parameter is required.groupName
- the groupName (path included) of the existing group to import. This parameter is required.
-
addManagedPolicy
Attaches a managed policy to this group.See [IAM and AWS STS quotas, name requirements, and character limits] (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entities) for quota of managed policies attached to an IAM group.
- Specified by:
addManagedPolicy
in interfaceIIdentity
- Parameters:
policy
- The managed policy to attach. This parameter is required.
-
addToPolicy
Add to the policy of this principal.- Parameters:
statement
- This parameter is required.
-
addToPrincipalPolicy
@Stability(Stable) @NotNull public AddToPrincipalPolicyResult addToPrincipalPolicy(@NotNull PolicyStatement statement) Adds an IAM statement to the default policy.- Specified by:
addToPrincipalPolicy
in interfaceIPrincipal
- Parameters:
statement
- This parameter is required.
-
addUser
Adds a user to this group.- Parameters:
user
- This parameter is required.
-
attachInlinePolicy
Attaches a policy to this group.- Specified by:
attachInlinePolicy
in interfaceIIdentity
- Parameters:
policy
- The policy to attach. This parameter is required.
-
getAssumeRoleAction
When this Principal is used in an AssumeRole policy, the action to use.- Specified by:
getAssumeRoleAction
in interfaceIPrincipal
-
getGrantPrincipal
The principal to grant permissions to.- Specified by:
getGrantPrincipal
in interfaceIGrantable
-
getGroupArn
Returns the IAM Group ARN.- Specified by:
getGroupArn
in interfaceIGroup
-
getGroupName
Returns the IAM Group Name.- Specified by:
getGroupName
in interfaceIGroup
-
getPolicyFragment
Return the policy fragment that identifies this principal in a Policy.- Specified by:
getPolicyFragment
in interfaceIPrincipal
-
getPrincipalAccount
The AWS account ID of this principal.Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
- Specified by:
getPrincipalAccount
in interfaceIPrincipal
-