Class: AWSCDK::IAM::CanonicalUserPrincipal

Inherits:
PrincipalBase
  • Object
show all
Defined in:
iam/canonical_user_principal.rb

Overview

A policy principal for canonicalUserIds - useful for S3 bucket policies that use Origin Access identities.

See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html

and

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

for more details.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(canonical_user_id) ⇒ CanonicalUserPrincipal

Returns a new instance of CanonicalUserPrincipal.

Parameters:

  • canonical_user_id (String)

    unique identifier assigned by AWS for every account.



17
18
19
20
# File 'iam/canonical_user_principal.rb', line 17

def initialize(canonical_user_id)
  Jsii::Type.check_type(canonical_user_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "canonicalUserId")
  Jsii::Object.instance_method(:initialize).bind(self).call(canonical_user_id)
end

Class Method Details

.jsii_overridable_methodsObject



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# File 'iam/canonical_user_principal.rb', line 22

def self.jsii_overridable_methods
  {
    :assume_role_action => { kind: :property, name: "assumeRoleAction", is_optional: false },
    :grant_principal => { kind: :property, name: "grantPrincipal", is_optional: false },
    :policy_fragment => { kind: :property, name: "policyFragment", is_optional: false },
    :principal_account => { kind: :property, name: "principalAccount", is_optional: true },
    :canonical_user_id => { kind: :property, name: "canonicalUserId", is_optional: false },
    :add_to_assume_role_policy => { kind: :method, name: "addToAssumeRolePolicy", is_optional: false },
    :add_to_policy => { kind: :method, name: "addToPolicy", is_optional: false },
    :add_to_principal_policy => { kind: :method, name: "addToPrincipalPolicy", is_optional: false },
    :dedupe_string => { kind: :method, name: "dedupeString", is_optional: false },
    :to_json => { kind: :method, name: "toJSON", is_optional: false },
    :to_string => { kind: :method, name: "toString", is_optional: false },
    :with_conditions => { kind: :method, name: "withConditions", is_optional: false },
    :with_session_tags => { kind: :method, name: "withSessionTags", is_optional: false },
  }
end

Instance Method Details

#add_to_assume_role_policy(document) ⇒ void

This method returns an undefined value.

Add the principal to the AssumeRolePolicyDocument.

Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.

Parameters:



90
91
92
93
# File 'iam/canonical_user_principal.rb', line 90

def add_to_assume_role_policy(document)
  Jsii::Type.check_type(document, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeURvY3VtZW50In0=")), "document")
  jsii_call_method("addToAssumeRolePolicy", [document])
end

#add_to_policy(statement) ⇒ Boolean

Add to the policy of this principal.

Parameters:

Returns:

  • (Boolean)


99
100
101
102
# File 'iam/canonical_user_principal.rb', line 99

def add_to_policy(statement)
  Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement")
  jsii_call_method("addToPolicy", [statement])
end

#add_to_principal_policy(_statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult

Add to the policy of this principal.



108
109
110
111
# File 'iam/canonical_user_principal.rb', line 108

def add_to_principal_policy(_statement)
  Jsii::Type.check_type(_statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "_statement")
  jsii_call_method("addToPrincipalPolicy", [_statement])
end

#assume_role_actionString

When this Principal is used in an AssumeRole policy, the action to use.

Returns:

  • (String)


43
44
45
# File 'iam/canonical_user_principal.rb', line 43

def assume_role_action()
  jsii_get_property("assumeRoleAction")
end

#canonical_user_idString

unique identifier assigned by AWS for every account.

root user and IAM users for an account all see the same ID. (i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)

Returns:

  • (String)


79
80
81
# File 'iam/canonical_user_principal.rb', line 79

def canonical_user_id()
  jsii_get_property("canonicalUserId")
end

#dedupe_stringString?

Return whether or not this principal is equal to the given principal.

Returns:

  • (String, nil)


116
117
118
# File 'iam/canonical_user_principal.rb', line 116

def dedupe_string()
  jsii_call_method("dedupeString", [])
end

#grant_principalAWSCDK::IAM::IPrincipal

The principal to grant permissions to.



50
51
52
# File 'iam/canonical_user_principal.rb', line 50

def grant_principal()
  jsii_get_property("grantPrincipal")
end

#policy_fragmentAWSCDK::IAM::PrincipalPolicyFragment

Return the policy fragment that identifies this principal in a Policy.



57
58
59
# File 'iam/canonical_user_principal.rb', line 57

def policy_fragment()
  jsii_get_property("policyFragment")
end

#principal_accountString?

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

Returns:

  • (String, nil)


69
70
71
# File 'iam/canonical_user_principal.rb', line 69

def ()
  jsii_get_property("principalAccount")
end

#to_jsonHash{String => Array<String>}

JSON-ify the principal.

Used when JSON.stringify() is called

Returns:

  • (Hash{String => Array<String>})


125
126
127
# File 'iam/canonical_user_principal.rb', line 125

def to_json()
  jsii_call_method("toJSON", [])
end

#to_stringString

Returns a string representation of an object.

Returns:

  • (String)


132
133
134
# File 'iam/canonical_user_principal.rb', line 132

def to_string()
  jsii_call_method("toString", [])
end

#with_conditions(conditions) ⇒ AWSCDK::IAM::PrincipalBase

Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.

When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.

Parameters:

  • conditions (Hash{String => Object})

Returns:



143
144
145
146
# File 'iam/canonical_user_principal.rb', line 143

def with_conditions(conditions)
  Jsii::Type.check_type(conditions, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6ImFueSJ9LCJraW5kIjoibWFwIn19")), "conditions")
  jsii_call_method("withConditions", [conditions])
end

#with_session_tagsAWSCDK::IAM::PrincipalBase

Returns a new principal using this principal as the base, with session tags enabled.

Returns:



151
152
153
# File 'iam/canonical_user_principal.rb', line 151

def with_session_tags()
  jsii_call_method("withSessionTags", [])
end