Module: AWSCDK::IAM::IAssumeRolePrincipal

Includes:
IPrincipal
Included in:
PrincipalBase
Defined in:
iam/i_assume_role_principal.rb

Overview

A type of principal that has more control over its own representation in AssumeRolePolicyDocuments.

More complex types of identity providers need more control over Role's policy documents than simply { Effect: 'Allow', Action: 'AssumeRole', Principal: <Whatever> }.

If that control is necessary, they can implement IAssumeRolePrincipal to get full access to a Role's AssumeRolePolicyDocument.

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.jsii_overridable_methodsObject



68
69
70
71
72
73
74
75
76
77
# File 'iam/i_assume_role_principal.rb', line 68

def self.jsii_overridable_methods
  {
    :grant_principal => { kind: :property, name: "grantPrincipal", is_optional: false },
    :assume_role_action => { kind: :property, name: "assumeRoleAction", is_optional: false },
    :policy_fragment => { kind: :property, name: "policyFragment", is_optional: false },
    :principal_account => { kind: :property, name: "principalAccount", is_optional: true },
    :add_to_principal_policy => { kind: :method, name: "addToPrincipalPolicy", is_optional: false },
    :add_to_assume_role_policy => { kind: :method, name: "addToAssumeRolePolicy", is_optional: false },
  }
end

Instance Method Details

#add_to_assume_role_policy(document) ⇒ void

This method returns an undefined value.

Add the principal to the AssumeRolePolicyDocument.

Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.

Parameters:



63
64
65
66
# File 'iam/i_assume_role_principal.rb', line 63

def add_to_assume_role_policy(document)
  Jsii::Type.check_type(document, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeURvY3VtZW50In0=")), "document")
  jsii_call_method("addToAssumeRolePolicy", [document])
end

#add_to_principal_policy(statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult

Add to the policy of this principal.



51
52
53
54
# File 'iam/i_assume_role_principal.rb', line 51

def add_to_principal_policy(statement)
  Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement")
  jsii_call_method("addToPrincipalPolicy", [statement])
end

#assume_role_actionString

When this Principal is used in an AssumeRole policy, the action to use.

Returns:

  • (String)


24
25
26
# File 'iam/i_assume_role_principal.rb', line 24

def assume_role_action()
  jsii_get_property("assumeRoleAction")
end

#grant_principalAWSCDK::IAM::IPrincipal

The principal to grant permissions to.



17
18
19
# File 'iam/i_assume_role_principal.rb', line 17

def grant_principal()
  jsii_get_property("grantPrincipal")
end

#policy_fragmentAWSCDK::IAM::PrincipalPolicyFragment

Return the policy fragment that identifies this principal in a Policy.



31
32
33
# File 'iam/i_assume_role_principal.rb', line 31

def policy_fragment()
  jsii_get_property("policyFragment")
end

#principal_accountString?

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

Returns:

  • (String, nil)


43
44
45
# File 'iam/i_assume_role_principal.rb', line 43

def ()
  jsii_get_property("principalAccount")
end