aws-cdk-lib.aws_iam.UserProps

interface UserProps

LanguageType name
.NETAmazon.CDK.AWS.IAM.UserProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsiam#UserProps
Javasoftware.amazon.awscdk.services.iam.UserProps
Pythonaws_cdk.aws_iam.UserProps
TypeScript (source)aws-cdk-lib » aws_iam » UserProps

Properties for defining an IAM user.

Example

    const user = new User(this, 'MyUser', { password: SecretValue.plainText('1234') });
    const group = new Group(this, 'MyGroup');

    const policy = new Policy(this, 'MyPolicy');
    policy.attachToUser(user);
    group.attachInlinePolicy(policy);

Properties

NameTypeDescription
groups?IGroup[]Groups to add this user to.
managedPolicies?IManagedPolicy[]A list of managed policies associated with this role.
password?SecretValueThe password for the user. This is required so the user can access the AWS Management Console.
passwordResetRequired?booleanSpecifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.
path?stringThe path for the user name.
permissionsBoundary?IManagedPolicyAWS supports permissions boundaries for IAM entities (users or roles).
userName?stringA name for the IAM user.

groups?

Type: IGroup[] (optional, default: No groups.)

Groups to add this user to.

You can also use addToGroup to add this user to a group.


managedPolicies?

Type: IManagedPolicy[] (optional, default: No managed policies.)

A list of managed policies associated with this role.

You can add managed policies later using addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName)).


password?

Type: SecretValue (optional, default: User won't be able to access the management console without a password.)

The password for the user. This is required so the user can access the AWS Management Console.

You can use SecretValue.unsafePlainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager.


passwordResetRequired?

Type: boolean (optional, default: false)

Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.

If this is set to 'true', you must also specify "initialPassword".


path?

Type: string (optional, default: /)

The path for the user name.

For more information about paths, see IAM Identifiers in the IAM User Guide.


permissionsBoundary?

Type: IManagedPolicy (optional, default: No permissions boundary.)

AWS supports permissions boundaries for IAM entities (users or roles).

A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.


userName?

Type: string (optional, default: Generated by CloudFormation (recommended))

A name for the IAM user.

For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.

If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.