IAssumeRolePrincipal

class aws_cdk.aws_iam.IAssumeRolePrincipal(*args, **kwargs)

Bases: IPrincipal, Protocol

A type of principal that has more control over its own representation in AssumeRolePolicyDocuments.

More complex types of identity providers need more control over Role’s policy documents than simply { Effect: 'Allow', Action: 'AssumeRole', Principal: <Whatever> }.

If that control is necessary, they can implement IAssumeRolePrincipal to get full access to a Role’s AssumeRolePolicyDocument.

Methods

add_to_assume_role_policy(document)

Add the principal to the AssumeRolePolicyDocument.

Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.

Parameters:

document (PolicyDocument) –

Return type:

None

add_to_principal_policy(statement)

Add to the policy of this principal.

Parameters:

statement (PolicyStatement) –

Return type:

AddToPrincipalPolicyResult

Attributes

assume_role_action

When this Principal is used in an AssumeRole policy, the action to use.

grant_principal

The principal to grant permissions to.

policy_fragment

Return the policy fragment that identifies this principal in a Policy.

principal_account

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it’s assumed to be AWS::AccountId.