Module: AWSCDK::IAM::IRole
- Includes:
- IIdentity, AWSCDK::Interfaces::AWSIAM::IRoleRef
- Defined in:
- iam/i_role.rb
Overview
A Role object.
Class Method Summary collapse
Instance Method Summary collapse
-
#add_managed_policy(policy) ⇒ void
Attaches a managed policy to this principal.
-
#add_to_principal_policy(statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Add to the policy of this principal.
-
#apply_removal_policy(policy) ⇒ void
Apply the given removal policy to this resource.
-
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
-
#attach_inline_policy(policy) ⇒ void
Attaches an inline policy to this principal.
-
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
-
#grant(grantee, *actions) ⇒ AWSCDK::IAM::Grant
Grant the actions defined in actions to the identity Principal on this resource.
-
#grant_assume_role(grantee) ⇒ AWSCDK::IAM::Grant
Grant permissions to the given principal to assume this role.
-
#grant_pass_role(grantee) ⇒ AWSCDK::IAM::Grant
Grant permissions to the given principal to pass this role.
-
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
-
#node ⇒ Constructs::Node
The tree node.
-
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Return the policy fragment that identifies this principal in a Policy.
-
#principal_account ⇒ String?
The AWS account ID of this principal.
-
#role_arn ⇒ String
Returns the ARN of this role.
-
#role_name ⇒ String
Returns the name of this role.
-
#role_ref ⇒ AWSCDK::Interfaces::AWSIAM::RoleReference
A reference to a Role resource.
-
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
-
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Class Method Details
.jsii_overridable_methods ⇒ Object
183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 |
# File 'iam/i_role.rb', line 183 def self.jsii_overridable_methods { :grant_principal => { kind: :property, name: "grantPrincipal", is_optional: false }, :assume_role_action => { kind: :property, name: "assumeRoleAction", is_optional: false }, :policy_fragment => { kind: :property, name: "policyFragment", is_optional: false }, :principal_account => { kind: :property, name: "principalAccount", is_optional: true }, :node => { kind: :property, name: "node", is_optional: false }, :env => { kind: :property, name: "env", is_optional: false }, :stack => { kind: :property, name: "stack", is_optional: false }, :role_ref => { kind: :property, name: "roleRef", is_optional: false }, :role_arn => { kind: :property, name: "roleArn", is_optional: false }, :role_name => { kind: :property, name: "roleName", is_optional: false }, :add_to_principal_policy => { kind: :method, name: "addToPrincipalPolicy", is_optional: false }, :with => { kind: :method, name: "with", is_optional: false }, :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false }, :add_managed_policy => { kind: :method, name: "addManagedPolicy", is_optional: false }, :attach_inline_policy => { kind: :method, name: "attachInlinePolicy", is_optional: false }, :grant => { kind: :method, name: "grant", is_optional: false }, :grant_assume_role => { kind: :method, name: "grantAssumeRole", is_optional: false }, :grant_pass_role => { kind: :method, name: "grantPassRole", is_optional: false }, } end |
Instance Method Details
#add_managed_policy(policy) ⇒ void
This method returns an undefined value.
Attaches a managed policy to this principal.
136 137 138 139 |
# File 'iam/i_role.rb', line 136 def add_managed_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklNYW5hZ2VkUG9saWN5In0=")), "policy") jsii_call_method("addManagedPolicy", [policy]) end |
#add_to_principal_policy(statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Add to the policy of this principal.
96 97 98 99 |
# File 'iam/i_role.rb', line 96 def add_to_principal_policy(statement) Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement") jsii_call_method("addToPrincipalPolicy", [statement]) end |
#apply_removal_policy(policy) ⇒ void
This method returns an undefined value.
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
127 128 129 130 |
# File 'iam/i_role.rb', line 127 def apply_removal_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy") jsii_call_method("applyRemovalPolicy", [policy]) end |
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
19 20 21 |
# File 'iam/i_role.rb', line 19 def assume_role_action() jsii_get_property("assumeRoleAction") end |
#attach_inline_policy(policy) ⇒ void
This method returns an undefined value.
Attaches an inline policy to this principal.
This is the same as calling policy.addToXxx(principal).
147 148 149 150 |
# File 'iam/i_role.rb', line 147 def attach_inline_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeSJ9")), "policy") jsii_call_method("attachInlinePolicy", [policy]) end |
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
60 61 62 |
# File 'iam/i_role.rb', line 60 def env() jsii_get_property("env") end |
#grant(grantee, *actions) ⇒ AWSCDK::IAM::Grant
Grant the actions defined in actions to the identity Principal on this resource.
157 158 159 160 161 162 163 |
# File 'iam/i_role.rb', line 157 def grant(grantee, *actions) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklQcmluY2lwYWwifQ==")), "grantee") actions.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "actions[#{index}]") end jsii_call_method("grant", [grantee, *actions]) end |
#grant_assume_role(grantee) ⇒ AWSCDK::IAM::Grant
Grant permissions to the given principal to assume this role.
169 170 171 172 |
# File 'iam/i_role.rb', line 169 def grant_assume_role(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklQcmluY2lwYWwifQ==")), "grantee") jsii_call_method("grantAssumeRole", [grantee]) end |
#grant_pass_role(grantee) ⇒ AWSCDK::IAM::Grant
Grant permissions to the given principal to pass this role.
178 179 180 181 |
# File 'iam/i_role.rb', line 178 def grant_pass_role(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklQcmluY2lwYWwifQ==")), "grantee") jsii_call_method("grantPassRole", [grantee]) end |
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
12 13 14 |
# File 'iam/i_role.rb', line 12 def grant_principal() jsii_get_property("grantPrincipal") end |
#node ⇒ Constructs::Node
The tree node.
45 46 47 |
# File 'iam/i_role.rb', line 45 def node() jsii_get_property("node") end |
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Return the policy fragment that identifies this principal in a Policy.
26 27 28 |
# File 'iam/i_role.rb', line 26 def policy_fragment() jsii_get_property("policyFragment") end |
#principal_account ⇒ String?
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
38 39 40 |
# File 'iam/i_role.rb', line 38 def principal_account() jsii_get_property("principalAccount") end |
#role_arn ⇒ String
Returns the ARN of this role.
81 82 83 |
# File 'iam/i_role.rb', line 81 def role_arn() jsii_get_property("roleArn") end |
#role_name ⇒ String
Returns the name of this role.
88 89 90 |
# File 'iam/i_role.rb', line 88 def role_name() jsii_get_property("roleName") end |
#role_ref ⇒ AWSCDK::Interfaces::AWSIAM::RoleReference
A reference to a Role resource.
74 75 76 |
# File 'iam/i_role.rb', line 74 def role_ref() jsii_get_property("roleRef") end |
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
67 68 69 |
# File 'iam/i_role.rb', line 67 def stack() jsii_get_property("stack") end |
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited.
108 109 110 111 112 113 |
# File 'iam/i_role.rb', line 108 def with(*mixins) mixins.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]") end jsii_call_method("with", [*mixins]) end |