aws-cdk-lib.aws_iam.IAssumeRolePrincipal

interface IAssumeRolePrincipal

LanguageType name
.NETAmazon.CDK.AWS.IAM.IAssumeRolePrincipal
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsiam#IAssumeRolePrincipal
Javasoftware.amazon.awscdk.services.iam.IAssumeRolePrincipal
Pythonaws_cdk.aws_iam.IAssumeRolePrincipal
TypeScript (source)aws-cdk-lib » aws_iam » IAssumeRolePrincipal

Implemented by AccountPrincipal, AccountRootPrincipal, AnyPrincipal, ArnPrincipal, CanonicalUserPrincipal, CompositePrincipal, FederatedPrincipal, OpenIdConnectPrincipal, OrganizationPrincipal, PrincipalWithConditions, SamlConsolePrincipal, SamlPrincipal, ServicePrincipal, SessionTagsPrincipal, StarPrincipal, WebIdentityPrincipal, ViaServicePrincipal

A type of principal that has more control over its own representation in AssumeRolePolicyDocuments.

More complex types of identity providers need more control over Role's policy documents than simply { Effect: 'Allow', Action: 'AssumeRole', Principal: <Whatever> }.

If that control is necessary, they can implement IAssumeRolePrincipal to get full access to a Role's AssumeRolePolicyDocument.

Properties

NameTypeDescription
assumeRoleActionstringWhen this Principal is used in an AssumeRole policy, the action to use.
grantPrincipalIPrincipalThe principal to grant permissions to.
policyFragmentPrincipalPolicyFragmentReturn the policy fragment that identifies this principal in a Policy.
principalAccount?stringThe AWS account ID of this principal.

assumeRoleAction

Type: string

When this Principal is used in an AssumeRole policy, the action to use.


grantPrincipal

Type: IPrincipal

The principal to grant permissions to.


policyFragment

Type: PrincipalPolicyFragment

Return the policy fragment that identifies this principal in a Policy.


principalAccount?

Type: string (optional)

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

Methods

NameDescription
addToAssumeRolePolicy(document)Add the principal to the AssumeRolePolicyDocument.
addToPrincipalPolicy(statement)Add to the policy of this principal.

addToAssumeRolePolicy(document)

public addToAssumeRolePolicy(document: PolicyDocument): void

Parameters

  • document PolicyDocument

Add the principal to the AssumeRolePolicyDocument.

Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.


addToPrincipalPolicy(statement)

public addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult

Parameters

  • statement PolicyStatement

Returns

  • AddToPrincipalPolicyResult

Add to the policy of this principal.