Module: AWSCDK::IAM::IPrincipal
- Includes:
- IGrantable
- Included in:
- EKS::ServiceAccount, EKSv2::ServiceAccount, IAssumeRolePrincipal, IComparablePrincipal, IIdentity, UnknownPrincipal
- Defined in:
- iam/i_principal.rb
Overview
Represents a logical IAM principal.
An IPrincipal describes a logical entity that can perform AWS API calls against sets of resources, optionally under certain conditions.
Examples of simple principals are IAM objects that you create, such as Users or Roles.
An example of a more complex principals is a ServicePrincipal (such as
new ServicePrincipal("sns.amazonaws.com"), which represents the Simple
Notifications Service).
A single logical Principal may also map to a set of physical principals.
For example, new OrganizationPrincipal('o-12345abcde') represents all
identities that are part of the given AWS Organization.
Class Method Summary collapse
Instance Method Summary collapse
-
#add_to_principal_policy(statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Add to the policy of this principal.
-
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
-
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
-
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Return the policy fragment that identifies this principal in a Policy.
-
#principal_account ⇒ String?
The AWS account ID of this principal.
Class Method Details
.jsii_overridable_methods ⇒ Object
64 65 66 67 68 69 70 71 72 |
# File 'iam/i_principal.rb', line 64 def self.jsii_overridable_methods { :grant_principal => { kind: :property, name: "grantPrincipal", is_optional: false }, :assume_role_action => { kind: :property, name: "assumeRoleAction", is_optional: false }, :policy_fragment => { kind: :property, name: "policyFragment", is_optional: false }, :principal_account => { kind: :property, name: "principalAccount", is_optional: true }, :add_to_principal_policy => { kind: :method, name: "addToPrincipalPolicy", is_optional: false }, } end |
Instance Method Details
#add_to_principal_policy(statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Add to the policy of this principal.
59 60 61 62 |
# File 'iam/i_principal.rb', line 59 def add_to_principal_policy(statement) Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement") jsii_call_method("addToPrincipalPolicy", [statement]) end |
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
32 33 34 |
# File 'iam/i_principal.rb', line 32 def assume_role_action() jsii_get_property("assumeRoleAction") end |
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
25 26 27 |
# File 'iam/i_principal.rb', line 25 def grant_principal() jsii_get_property("grantPrincipal") end |
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Return the policy fragment that identifies this principal in a Policy.
39 40 41 |
# File 'iam/i_principal.rb', line 39 def policy_fragment() jsii_get_property("policyFragment") end |
#principal_account ⇒ String?
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
51 52 53 |
# File 'iam/i_principal.rb', line 51 def principal_account() jsii_get_property("principalAccount") end |