Class: AWSCDK::IAM::FederatedPrincipal

Inherits:
PrincipalBase
  • Object
show all
Defined in:
iam/federated_principal.rb

Overview

Principal entity that represents a federated identity provider such as Amazon Cognito, that can be used to provide temporary security credentials to users who have been authenticated.

Additional condition keys are available when the temporary security credentials are used to make a request. You can use these keys to write policies that limit the access of federated users.

Direct Known Subclasses

SamlPrincipal, WebIdentityPrincipal

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(federated, conditions = nil, assume_role_action = nil) ⇒ FederatedPrincipal

Returns a new instance of FederatedPrincipal.

Parameters:

  • federated (String)

    federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito).

  • conditions (Hash{String => Object}, nil) (defaults to: nil)
  • assume_role_action (String, nil) (defaults to: nil)

    When this Principal is used in an AssumeRole policy, the action to use.



16
17
18
19
20
21
# File 'iam/federated_principal.rb', line 16

def initialize(federated, conditions = nil, assume_role_action = nil)
  Jsii::Type.check_type(federated, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "federated")
  Jsii::Type.check_type(conditions, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6ImFueSJ9LCJraW5kIjoibWFwIn19")), "conditions") unless conditions.nil?
  Jsii::Type.check_type(assume_role_action, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "assumeRoleAction") unless assume_role_action.nil?
  Jsii::Object.instance_method(:initialize).bind(self).call(federated, conditions, assume_role_action)
end

Class Method Details

.jsii_overridable_methodsObject



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# File 'iam/federated_principal.rb', line 23

def self.jsii_overridable_methods
  {
    :assume_role_action => { kind: :property, name: "assumeRoleAction", is_optional: false },
    :grant_principal => { kind: :property, name: "grantPrincipal", is_optional: false },
    :policy_fragment => { kind: :property, name: "policyFragment", is_optional: false },
    :principal_account => { kind: :property, name: "principalAccount", is_optional: true },
    :conditions => { kind: :property, name: "conditions", is_optional: false },
    :federated => { kind: :property, name: "federated", is_optional: false },
    :add_to_assume_role_policy => { kind: :method, name: "addToAssumeRolePolicy", is_optional: false },
    :add_to_policy => { kind: :method, name: "addToPolicy", is_optional: false },
    :add_to_principal_policy => { kind: :method, name: "addToPrincipalPolicy", is_optional: false },
    :dedupe_string => { kind: :method, name: "dedupeString", is_optional: false },
    :to_json => { kind: :method, name: "toJSON", is_optional: false },
    :to_string => { kind: :method, name: "toString", is_optional: false },
    :with_conditions => { kind: :method, name: "withConditions", is_optional: false },
    :with_session_tags => { kind: :method, name: "withSessionTags", is_optional: false },
  }
end

Instance Method Details

#add_to_assume_role_policy(document) ⇒ void

This method returns an undefined value.

Add the principal to the AssumeRolePolicyDocument.

Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.

Parameters:



97
98
99
100
# File 'iam/federated_principal.rb', line 97

def add_to_assume_role_policy(document)
  Jsii::Type.check_type(document, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeURvY3VtZW50In0=")), "document")
  jsii_call_method("addToAssumeRolePolicy", [document])
end

#add_to_policy(statement) ⇒ Boolean

Add to the policy of this principal.

Parameters:

Returns:

  • (Boolean)


106
107
108
109
# File 'iam/federated_principal.rb', line 106

def add_to_policy(statement)
  Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement")
  jsii_call_method("addToPolicy", [statement])
end

#add_to_principal_policy(_statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult

Add to the policy of this principal.



115
116
117
118
# File 'iam/federated_principal.rb', line 115

def add_to_principal_policy(_statement)
  Jsii::Type.check_type(_statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "_statement")
  jsii_call_method("addToPrincipalPolicy", [_statement])
end

#assume_role_actionString

When this Principal is used in an AssumeRole policy, the action to use.

Returns:

  • (String)


45
46
47
# File 'iam/federated_principal.rb', line 45

def assume_role_action()
  jsii_get_property("assumeRoleAction")
end

#conditionsHash{String => Object}

The conditions under which the policy is in effect.



79
80
81
# File 'iam/federated_principal.rb', line 79

def conditions()
  jsii_get_property("conditions")
end

#dedupe_stringString?

Return whether or not this principal is equal to the given principal.

Returns:

  • (String, nil)


123
124
125
# File 'iam/federated_principal.rb', line 123

def dedupe_string()
  jsii_call_method("dedupeString", [])
end

#federatedString

federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito).

Returns:

  • (String)


86
87
88
# File 'iam/federated_principal.rb', line 86

def federated()
  jsii_get_property("federated")
end

#grant_principalAWSCDK::IAM::IPrincipal

The principal to grant permissions to.



52
53
54
# File 'iam/federated_principal.rb', line 52

def grant_principal()
  jsii_get_property("grantPrincipal")
end

#policy_fragmentAWSCDK::IAM::PrincipalPolicyFragment

Return the policy fragment that identifies this principal in a Policy.



59
60
61
# File 'iam/federated_principal.rb', line 59

def policy_fragment()
  jsii_get_property("policyFragment")
end

#principal_accountString?

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

Returns:

  • (String, nil)


71
72
73
# File 'iam/federated_principal.rb', line 71

def ()
  jsii_get_property("principalAccount")
end

#to_jsonHash{String => Array<String>}

JSON-ify the principal.

Used when JSON.stringify() is called

Returns:

  • (Hash{String => Array<String>})


132
133
134
# File 'iam/federated_principal.rb', line 132

def to_json()
  jsii_call_method("toJSON", [])
end

#to_stringString

Returns a string representation of an object.

Returns:

  • (String)


139
140
141
# File 'iam/federated_principal.rb', line 139

def to_string()
  jsii_call_method("toString", [])
end

#with_conditions(conditions) ⇒ AWSCDK::IAM::PrincipalBase

Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.

When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.

Parameters:

  • conditions (Hash{String => Object})

Returns:



150
151
152
153
# File 'iam/federated_principal.rb', line 150

def with_conditions(conditions)
  Jsii::Type.check_type(conditions, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6ImFueSJ9LCJraW5kIjoibWFwIn19")), "conditions")
  jsii_call_method("withConditions", [conditions])
end

#with_session_tagsAWSCDK::IAM::PrincipalBase

Returns a new principal using this principal as the base, with session tags enabled.

Returns:



158
159
160
# File 'iam/federated_principal.rb', line 158

def with_session_tags()
  jsii_call_method("withSessionTags", [])
end