aws-cdk-lib.aws_iam.IPrincipal

interface IPrincipal

LanguageType name
.NETAmazon.CDK.AWS.IAM.IPrincipal
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsiam#IPrincipal
Javasoftware.amazon.awscdk.services.iam.IPrincipal
Pythonaws_cdk.aws_iam.IPrincipal
TypeScript (source)aws-cdk-lib » aws_iam » IPrincipal

Implemented by ServiceAccount, AccountPrincipal, AccountRootPrincipal, AnyPrincipal, ArnPrincipal, CanonicalUserPrincipal, CompositePrincipal, FederatedPrincipal, Group, LazyRole, OpenIdConnectPrincipal, OrganizationPrincipal, PrincipalWithConditions, Role, SamlConsolePrincipal, SamlPrincipal, ServicePrincipal, SessionTagsPrincipal, StarPrincipal, UnknownPrincipal, User, WebIdentityPrincipal, ViaServicePrincipal

Obtainable from BaseLoadBalancer.resourcePolicyPrincipal()

Represents a logical IAM principal.

An IPrincipal describes a logical entity that can perform AWS API calls against sets of resources, optionally under certain conditions.

Examples of simple principals are IAM objects that you create, such as Users or Roles.

An example of a more complex principals is a ServicePrincipal (such as new ServicePrincipal("sns.amazonaws.com"), which represents the Simple Notifications Service).

A single logical Principal may also map to a set of physical principals. For example, new OrganizationPrincipal('o-1234') represents all identities that are part of the given AWS Organization.

Properties

NameTypeDescription
assumeRoleActionstringWhen this Principal is used in an AssumeRole policy, the action to use.
grantPrincipalIPrincipalThe principal to grant permissions to.
policyFragmentPrincipalPolicyFragmentReturn the policy fragment that identifies this principal in a Policy.
principalAccount?stringThe AWS account ID of this principal.

assumeRoleAction

Type: string

When this Principal is used in an AssumeRole policy, the action to use.


grantPrincipal

Type: IPrincipal

The principal to grant permissions to.


policyFragment

Type: PrincipalPolicyFragment

Return the policy fragment that identifies this principal in a Policy.


principalAccount?

Type: string (optional)

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

Methods

NameDescription
addToPrincipalPolicy(statement)Add to the policy of this principal.

addToPrincipalPolicy(statement)

public addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult

Parameters

  • statement PolicyStatement

Returns

  • AddToPrincipalPolicyResult

Add to the policy of this principal.