Module: AWSCDK::IAM::IAssumeRolePrincipal
Overview
A type of principal that has more control over its own representation in AssumeRolePolicyDocuments.
More complex types of identity providers need more control over Role's policy documents
than simply { Effect: 'Allow', Action: 'AssumeRole', Principal: <Whatever> }.
If that control is necessary, they can implement IAssumeRolePrincipal to get full
access to a Role's AssumeRolePolicyDocument.
Class Method Summary collapse
Instance Method Summary collapse
-
#add_to_assume_role_policy(document) ⇒ void
Add the principal to the AssumeRolePolicyDocument.
-
#add_to_principal_policy(statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Add to the policy of this principal.
-
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
-
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
-
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Return the policy fragment that identifies this principal in a Policy.
-
#principal_account ⇒ String?
The AWS account ID of this principal.
Class Method Details
.jsii_overridable_methods ⇒ Object
68 69 70 71 72 73 74 75 76 77 |
# File 'iam/i_assume_role_principal.rb', line 68 def self.jsii_overridable_methods { :grant_principal => { kind: :property, name: "grantPrincipal", is_optional: false }, :assume_role_action => { kind: :property, name: "assumeRoleAction", is_optional: false }, :policy_fragment => { kind: :property, name: "policyFragment", is_optional: false }, :principal_account => { kind: :property, name: "principalAccount", is_optional: true }, :add_to_principal_policy => { kind: :method, name: "addToPrincipalPolicy", is_optional: false }, :add_to_assume_role_policy => { kind: :method, name: "addToAssumeRolePolicy", is_optional: false }, } end |
Instance Method Details
#add_to_assume_role_policy(document) ⇒ void
This method returns an undefined value.
Add the principal to the AssumeRolePolicyDocument.
Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.
63 64 65 66 |
# File 'iam/i_assume_role_principal.rb', line 63 def add_to_assume_role_policy(document) Jsii::Type.check_type(document, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeURvY3VtZW50In0=")), "document") jsii_call_method("addToAssumeRolePolicy", [document]) end |
#add_to_principal_policy(statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Add to the policy of this principal.
51 52 53 54 |
# File 'iam/i_assume_role_principal.rb', line 51 def add_to_principal_policy(statement) Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement") jsii_call_method("addToPrincipalPolicy", [statement]) end |
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
24 25 26 |
# File 'iam/i_assume_role_principal.rb', line 24 def assume_role_action() jsii_get_property("assumeRoleAction") end |
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
17 18 19 |
# File 'iam/i_assume_role_principal.rb', line 17 def grant_principal() jsii_get_property("grantPrincipal") end |
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Return the policy fragment that identifies this principal in a Policy.
31 32 33 |
# File 'iam/i_assume_role_principal.rb', line 31 def policy_fragment() jsii_get_property("policyFragment") end |
#principal_account ⇒ String?
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
43 44 45 |
# File 'iam/i_assume_role_principal.rb', line 43 def principal_account() jsii_get_property("principalAccount") end |