Interface CfnApp.PermissionModelProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnApp.PermissionModelProperty.Jsii$Proxy
- Enclosing class:
CfnApp
@Stability(Stable)
public static interface CfnApp.PermissionModelProperty
extends software.amazon.jsii.JsiiSerializable
Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.resiliencehub.*; PermissionModelProperty permissionModelProperty = PermissionModelProperty.builder() .type("type") // the properties below are optional .crossAccountRoleArns(List.of("crossAccountRoleArns")) .invokerRoleName("invokerRoleName") .build();
- See Also:
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
A builder forCfnApp.PermissionModelProperty
static final class
An implementation forCfnApp.PermissionModelProperty
-
Method Summary
Modifier and TypeMethodDescriptionbuilder()
Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts.default String
Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment.getType()
Defines how AWS Resilience Hub scans your resources.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getType
Defines how AWS Resilience Hub scans your resources.It can scan for the resources by using a pre-existing role in your AWS account, or by using the credentials of the current IAM user.
- See Also:
-
getCrossAccountRoleArns
Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts.These ARNs are used for querying purposes while importing resources and assessing your application.
- These ARNs are required only when your resources are in other accounts and you have different role name in these accounts. Else, the invoker role name will be used in the other accounts.
- These roles must have a trust policy with
iam:AssumeRole
permission to the invoker role in the primary account.
- See Also:
-
getInvokerRoleName
Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment.- You must have
iam:passRole
permission for this role while creating or updating the application. - Currently,
invokerRoleName
accepts only[A-Za-z0-9_+=,.@-]
characters.
- See Also:
- You must have
-
builder
-