Module: AWSCDK::IAM::IRole

Includes:
IIdentity, AWSCDK::Interfaces::AWSIAM::IRoleRef
Included in:
LazyRole, Role
Defined in:
iam/i_role.rb

Overview

A Role object.

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.jsii_overridable_methodsObject



183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
# File 'iam/i_role.rb', line 183

def self.jsii_overridable_methods
  {
    :grant_principal => { kind: :property, name: "grantPrincipal", is_optional: false },
    :assume_role_action => { kind: :property, name: "assumeRoleAction", is_optional: false },
    :policy_fragment => { kind: :property, name: "policyFragment", is_optional: false },
    :principal_account => { kind: :property, name: "principalAccount", is_optional: true },
    :node => { kind: :property, name: "node", is_optional: false },
    :env => { kind: :property, name: "env", is_optional: false },
    :stack => { kind: :property, name: "stack", is_optional: false },
    :role_ref => { kind: :property, name: "roleRef", is_optional: false },
    :role_arn => { kind: :property, name: "roleArn", is_optional: false },
    :role_name => { kind: :property, name: "roleName", is_optional: false },
    :add_to_principal_policy => { kind: :method, name: "addToPrincipalPolicy", is_optional: false },
    :with => { kind: :method, name: "with", is_optional: false },
    :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false },
    :add_managed_policy => { kind: :method, name: "addManagedPolicy", is_optional: false },
    :attach_inline_policy => { kind: :method, name: "attachInlinePolicy", is_optional: false },
    :grant => { kind: :method, name: "grant", is_optional: false },
    :grant_assume_role => { kind: :method, name: "grantAssumeRole", is_optional: false },
    :grant_pass_role => { kind: :method, name: "grantPassRole", is_optional: false },
  }
end

Instance Method Details

#add_managed_policy(policy) ⇒ void

This method returns an undefined value.

Attaches a managed policy to this principal.

Parameters:



136
137
138
139
# File 'iam/i_role.rb', line 136

def add_managed_policy(policy)
  Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklNYW5hZ2VkUG9saWN5In0=")), "policy")
  jsii_call_method("addManagedPolicy", [policy])
end

#add_to_principal_policy(statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult

Add to the policy of this principal.



96
97
98
99
# File 'iam/i_role.rb', line 96

def add_to_principal_policy(statement)
  Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement")
  jsii_call_method("addToPrincipalPolicy", [statement])
end

#apply_removal_policy(policy) ⇒ void

This method returns an undefined value.

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters:



127
128
129
130
# File 'iam/i_role.rb', line 127

def apply_removal_policy(policy)
  Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy")
  jsii_call_method("applyRemovalPolicy", [policy])
end

#assume_role_actionString

When this Principal is used in an AssumeRole policy, the action to use.

Returns:

  • (String)


19
20
21
# File 'iam/i_role.rb', line 19

def assume_role_action()
  jsii_get_property("assumeRoleAction")
end

#attach_inline_policy(policy) ⇒ void

This method returns an undefined value.

Attaches an inline policy to this principal.

This is the same as calling policy.addToXxx(principal).

Parameters:

  • policy (AWSCDK::IAM::Policy)

    The policy resource to attach to this principal [disable-awslint:ref-via-interface].



147
148
149
150
# File 'iam/i_role.rb', line 147

def attach_inline_policy(policy)
  Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeSJ9")), "policy")
  jsii_call_method("attachInlinePolicy", [policy])
end

#envAWSCDK::Interfaces::ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed in a Stack (those created by creating new class instances like new Role(), new Bucket(), etc.), this is always the same as the environment of the stack they belong to.

For referenced resources (those obtained from referencing methods like Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be different than the stack they were imported into.



60
61
62
# File 'iam/i_role.rb', line 60

def env()
  jsii_get_property("env")
end

#grant(grantee, *actions) ⇒ AWSCDK::IAM::Grant

Grant the actions defined in actions to the identity Principal on this resource.

Parameters:

Returns:



157
158
159
160
161
162
163
# File 'iam/i_role.rb', line 157

def grant(grantee, *actions)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklQcmluY2lwYWwifQ==")), "grantee")
  actions.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "actions[#{index}]")
  end
  jsii_call_method("grant", [grantee, *actions])
end

#grant_assume_role(grantee) ⇒ AWSCDK::IAM::Grant

Grant permissions to the given principal to assume this role.

Parameters:

Returns:



169
170
171
172
# File 'iam/i_role.rb', line 169

def grant_assume_role(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklQcmluY2lwYWwifQ==")), "grantee")
  jsii_call_method("grantAssumeRole", [grantee])
end

#grant_pass_role(grantee) ⇒ AWSCDK::IAM::Grant

Grant permissions to the given principal to pass this role.

Parameters:

Returns:



178
179
180
181
# File 'iam/i_role.rb', line 178

def grant_pass_role(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklQcmluY2lwYWwifQ==")), "grantee")
  jsii_call_method("grantPassRole", [grantee])
end

#grant_principalAWSCDK::IAM::IPrincipal

The principal to grant permissions to.



12
13
14
# File 'iam/i_role.rb', line 12

def grant_principal()
  jsii_get_property("grantPrincipal")
end

#nodeConstructs::Node

The tree node.

Returns:

  • (Constructs::Node)


45
46
47
# File 'iam/i_role.rb', line 45

def node()
  jsii_get_property("node")
end

#policy_fragmentAWSCDK::IAM::PrincipalPolicyFragment

Return the policy fragment that identifies this principal in a Policy.



26
27
28
# File 'iam/i_role.rb', line 26

def policy_fragment()
  jsii_get_property("policyFragment")
end

#principal_accountString?

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

Returns:

  • (String, nil)


38
39
40
# File 'iam/i_role.rb', line 38

def ()
  jsii_get_property("principalAccount")
end

#role_arnString

Returns the ARN of this role.

Returns:

  • (String)


81
82
83
# File 'iam/i_role.rb', line 81

def role_arn()
  jsii_get_property("roleArn")
end

#role_nameString

Returns the name of this role.

Returns:

  • (String)


88
89
90
# File 'iam/i_role.rb', line 88

def role_name()
  jsii_get_property("roleName")
end

#role_refAWSCDK::Interfaces::AWSIAM::RoleReference

A reference to a Role resource.



74
75
76
# File 'iam/i_role.rb', line 74

def role_ref()
  jsii_get_property("roleRef")
end

#stackAWSCDK::Stack

The stack in which this resource is defined.

Returns:



67
68
69
# File 'iam/i_role.rb', line 67

def stack()
  jsii_get_property("stack")
end

#with(*mixins) ⇒ Constructs::IConstruct

Applies one or more mixins to this construct.

Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited.

Parameters:

  • mixins (Array<Constructs::IMixin>)

    The mixins to apply.

Returns:

  • (Constructs::IConstruct)

    This construct for chaining



108
109
110
111
112
113
# File 'iam/i_role.rb', line 108

def with(*mixins)
  mixins.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]")
  end
  jsii_call_method("with", [*mixins])
end