Class: AWSCDK::IAM::Role
- Inherits:
-
Resource
- Object
- Resource
- AWSCDK::IAM::Role
- Includes:
- IRole
- Defined in:
- iam/role.rb
Overview
IAM Role.
Defines an IAM role. The role is created with an assume policy document associated with
the specified AWS service principal defined in service_assume_role.
Class Method Summary collapse
-
.customize_roles(scope, options = nil) ⇒ void
Customize the creation of IAM roles within the given scope.
-
.from_lookup(scope, id, options) ⇒ AWSCDK::IAM::IRole
Lookup an existing Role.
-
.from_role_arn(scope, id, role_arn, options = nil) ⇒ AWSCDK::IAM::IRole
Import an external role by ARN.
-
.from_role_name(scope, id, role_name, options = nil) ⇒ AWSCDK::IAM::IRole
Import an external role by name.
-
.is_role(x) ⇒ Boolean
Return whether the given object is a Role.
- .jsii_overridable_methods ⇒ Object
-
.PROPERTY_INJECTION_ID ⇒ String
Uniquely identifies this class.
Instance Method Summary collapse
-
#add_managed_policy(policy) ⇒ void
Attaches a managed policy to this role.
-
#add_to_policy(statement) ⇒ Boolean
Add to the policy of this principal.
-
#add_to_principal_policy(statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Adds a permission to the role's default policy document.
-
#apply_cross_stack_reference_strength(strength) ⇒ void
Override the cross-stack reference strength for this resource.
-
#apply_removal_policy(policy) ⇒ void
Skip applyRemovalPolicy if role synthesis is prevented by customizeRoles.
-
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
-
#assume_role_policy ⇒ AWSCDK::IAM::PolicyDocument?
The assume role policy document associated with this role.
-
#attach_inline_policy(policy) ⇒ void
Attaches a policy to this role.
-
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
- #generate_physical_name ⇒ String
-
#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g.
bucket.bucketArn). -
#get_resource_name_attribute(name_attr) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g.
bucket.bucketName). -
#grant(grantee, *actions) ⇒ AWSCDK::IAM::Grant
Grant the actions defined in actions to the identity Principal on this resource.
-
#grant_assume_role(identity) ⇒ AWSCDK::IAM::Grant
Grant permissions to the given principal to assume this role.
-
#grant_pass_role(identity) ⇒ AWSCDK::IAM::Grant
Grant permissions to the given principal to pass this role.
-
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
-
#grants ⇒ AWSCDK::IAM::RoleGrants
Collection of grant methods for a Role.
-
#initialize(scope, id, props) ⇒ Role
constructor
A new instance of Role.
-
#node ⇒ Constructs::Node
The tree node.
-
#permissions_boundary ⇒ AWSCDK::IAM::IManagedPolicy?
Returns the permissions boundary attached to this role.
-
#physical_name ⇒ String
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
-
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Returns the role.
-
#principal_account ⇒ String?
The AWS account ID of this principal.
-
#role_arn ⇒ String
Returns the ARN of this role.
-
#role_id ⇒ String
Returns the stable and unique string identifying the role.
-
#role_name ⇒ String
Returns the name of the role.
-
#role_ref ⇒ AWSCDK::Interfaces::AWSIAM::RoleReference
A reference to a Role resource.
-
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
-
#to_string ⇒ String
Returns a string representation of this construct.
-
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
-
#without_policy_updates(options = nil) ⇒ AWSCDK::IAM::IRole
Return a copy of this Role object whose Policies will not be updated.
Constructor Details
#initialize(scope, id, props) ⇒ Role
Returns a new instance of Role.
15 16 17 18 19 20 21 |
# File 'iam/role.rb', line 15 def initialize(scope, id, props) props = props.is_a?(Hash) ? ::AWSCDK::IAM::RoleProps.new(**props.transform_keys(&:to_sym)) : props Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlJvbGVQcm9wcyJ9")), "props") Jsii::Object.instance_method(:initialize).bind(self).call(scope, id, props) end |
Class Method Details
.customize_roles(scope, options = nil) ⇒ void
This method returns an undefined value.
Customize the creation of IAM roles within the given scope.
It is recommended that you do not use this method and instead allow CDK to manage role creation. This should only be used in environments where CDK applications are not allowed to created IAM roles.
This can be used to prevent the CDK application from creating roles
within the given scope and instead replace the references to the roles with
precreated role names. A report will be synthesized in the cloud assembly (i.e. cdk.out)
that will contain the list of IAM roles that would have been created along with the
IAM policy statements that the role should contain. This report can then be used
to create the IAM roles outside of CDK and then the created role names can be provided
in use_precreated_roles.
83 84 85 86 87 88 |
# File 'iam/role.rb', line 83 def self.customize_roles(scope, = nil) Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") = .is_a?(Hash) ? ::AWSCDK::IAM::CustomizeRolesOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLkN1c3RvbWl6ZVJvbGVzT3B0aW9ucyJ9")), "options") unless .nil? Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_iam.Role", "customizeRoles", [scope, ]) end |
.from_lookup(scope, id, options) ⇒ AWSCDK::IAM::IRole
Lookup an existing Role.
96 97 98 99 100 101 102 |
# File 'iam/role.rb', line 96 def self.from_lookup(scope, id, ) Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") = .is_a?(Hash) ? ::AWSCDK::IAM::RoleLookupOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlJvbGVMb29rdXBPcHRpb25zIn0=")), "options") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_iam.Role", "fromLookup", [scope, id, ]) end |
.from_role_arn(scope, id, role_arn, options = nil) ⇒ AWSCDK::IAM::IRole
Import an external role by ARN.
If the imported Role ARN is a Token (such as a
CfnParameter.valueAsString or a Fn.importValue()) and the referenced
role has a path (like arn:...:role/AdminRoles/Alice), the
role_name property will not resolve to the correct value. Instead it
will resolve to the first path component. We unfortunately cannot express
the correct calculation of the full path name as a CloudFormation
expression. In this scenario the Role ARN should be supplied without the
path in order to resolve the correct role resource.
120 121 122 123 124 125 126 127 |
# File 'iam/role.rb', line 120 def self.from_role_arn(scope, id, role_arn, = nil) Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(role_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "roleArn") = .is_a?(Hash) ? ::AWSCDK::IAM::FromRoleARNOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLkZyb21Sb2xlQXJuT3B0aW9ucyJ9")), "options") unless .nil? Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_iam.Role", "fromRoleArn", [scope, id, role_arn, ]) end |
.from_role_name(scope, id, role_name, options = nil) ⇒ AWSCDK::IAM::IRole
Import an external role by name.
The imported role is assumed to exist in the same account as the account the scope's containing Stack is being deployed to.
139 140 141 142 143 144 145 146 |
# File 'iam/role.rb', line 139 def self.from_role_name(scope, id, role_name, = nil) Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(role_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "roleName") = .is_a?(Hash) ? ::AWSCDK::IAM::FromRoleNameOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLkZyb21Sb2xlTmFtZU9wdGlvbnMifQ==")), "options") unless .nil? Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_iam.Role", "fromRoleName", [scope, id, role_name, ]) end |
.is_role(x) ⇒ Boolean
Return whether the given object is a Role.
152 153 154 155 |
# File 'iam/role.rb', line 152 def self.is_role(x) Jsii::Type.check_type(x, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "x") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_iam.Role", "isRole", [x]) end |
.jsii_overridable_methods ⇒ Object
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'iam/role.rb', line 23 def self.jsii_overridable_methods { :node => { kind: :property, name: "node", is_optional: false }, :env => { kind: :property, name: "env", is_optional: false }, :physical_name => { kind: :property, name: "physicalName", is_optional: false }, :stack => { kind: :property, name: "stack", is_optional: false }, :assume_role_action => { kind: :property, name: "assumeRoleAction", is_optional: false }, :grant_principal => { kind: :property, name: "grantPrincipal", is_optional: false }, :grants => { kind: :property, name: "grants", is_optional: false }, :policy_fragment => { kind: :property, name: "policyFragment", is_optional: false }, :role_arn => { kind: :property, name: "roleArn", is_optional: false }, :role_id => { kind: :property, name: "roleId", is_optional: false }, :role_name => { kind: :property, name: "roleName", is_optional: false }, :role_ref => { kind: :property, name: "roleRef", is_optional: false }, :assume_role_policy => { kind: :property, name: "assumeRolePolicy", is_optional: true }, :permissions_boundary => { kind: :property, name: "permissionsBoundary", is_optional: true }, :principal_account => { kind: :property, name: "principalAccount", is_optional: true }, :to_string => { kind: :method, name: "toString", is_optional: false }, :with => { kind: :method, name: "with", is_optional: false }, :apply_cross_stack_reference_strength => { kind: :method, name: "applyCrossStackReferenceStrength", is_optional: false }, :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false }, :generate_physical_name => { kind: :method, name: "generatePhysicalName", is_optional: false }, :get_resource_arn_attribute => { kind: :method, name: "getResourceArnAttribute", is_optional: false }, :get_resource_name_attribute => { kind: :method, name: "getResourceNameAttribute", is_optional: false }, :add_managed_policy => { kind: :method, name: "addManagedPolicy", is_optional: false }, :add_to_policy => { kind: :method, name: "addToPolicy", is_optional: false }, :add_to_principal_policy => { kind: :method, name: "addToPrincipalPolicy", is_optional: false }, :attach_inline_policy => { kind: :method, name: "attachInlinePolicy", is_optional: false }, :grant => { kind: :method, name: "grant", is_optional: false }, :grant_assume_role => { kind: :method, name: "grantAssumeRole", is_optional: false }, :grant_pass_role => { kind: :method, name: "grantPassRole", is_optional: false }, :without_policy_updates => { kind: :method, name: "withoutPolicyUpdates", is_optional: false }, } end |
.PROPERTY_INJECTION_ID ⇒ String
Uniquely identifies this class.
203 204 205 |
# File 'iam/role.rb', line 203 def self.PROPERTY_INJECTION_ID() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_iam.Role", "PROPERTY_INJECTION_ID") end |
Instance Method Details
#add_managed_policy(policy) ⇒ void
This method returns an undefined value.
Attaches a managed policy to this role.
380 381 382 383 |
# File 'iam/role.rb', line 380 def add_managed_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklNYW5hZ2VkUG9saWN5In0=")), "policy") jsii_call_method("addManagedPolicy", [policy]) end |
#add_to_policy(statement) ⇒ Boolean
Add to the policy of this principal.
389 390 391 392 |
# File 'iam/role.rb', line 389 def add_to_policy(statement) Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement") jsii_call_method("addToPolicy", [statement]) end |
#add_to_principal_policy(statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Adds a permission to the role's default policy document.
If there is no default policy attached to this role, it will be created.
400 401 402 403 |
# File 'iam/role.rb', line 400 def add_to_principal_policy(statement) Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement") jsii_call_method("addToPrincipalPolicy", [statement]) end |
#apply_cross_stack_reference_strength(strength) ⇒ void
This method returns an undefined value.
Override the cross-stack reference strength for this resource.
When set, any cross-stack reference to this resource will use the specified
mechanism instead of the global default determined by the
@aws-cdk/core:defaultCrossStackReferences context key. This is useful for
selectively weakening specific references to avoid the "deadly embrace" problem
without changing the app-wide default.
325 326 327 328 |
# File 'iam/role.rb', line 325 def apply_cross_stack_reference_strength(strength) Jsii::Type.check_type(strength, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZWZlcmVuY2VTdHJlbmd0aCJ9")), "strength") jsii_call_method("applyCrossStackReferenceStrength", [strength]) end |
#apply_removal_policy(policy) ⇒ void
This method returns an undefined value.
Skip applyRemovalPolicy if role synthesis is prevented by customizeRoles.
Because in this case, this construct does not have a CfnResource in the tree.
336 337 338 339 |
# File 'iam/role.rb', line 336 def apply_removal_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy") jsii_call_method("applyRemovalPolicy", [policy]) end |
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
210 211 212 |
# File 'iam/role.rb', line 210 def assume_role_action() jsii_get_property("assumeRoleAction") end |
#assume_role_policy ⇒ AWSCDK::IAM::PolicyDocument?
The assume role policy document associated with this role.
269 270 271 |
# File 'iam/role.rb', line 269 def assume_role_policy() jsii_get_property("assumeRolePolicy") end |
#attach_inline_policy(policy) ⇒ void
This method returns an undefined value.
Attaches a policy to this role.
409 410 411 412 |
# File 'iam/role.rb', line 409 def attach_inline_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeSJ9")), "policy") jsii_call_method("attachInlinePolicy", [policy]) end |
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
175 176 177 |
# File 'iam/role.rb', line 175 def env() jsii_get_property("env") end |
#generate_physical_name ⇒ String
342 343 344 |
# File 'iam/role.rb', line 342 def generate_physical_name() jsii_call_method("generatePhysicalName", []) end |
#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. bucket.bucketArn).
Normally, this token will resolve to arn_attr, but if the resource is
referenced across environments, arn_components will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName in arn_components.
356 357 358 359 360 361 |
# File 'iam/role.rb', line 356 def get_resource_arn_attribute(arn_attr, arn_components) Jsii::Type.check_type(arn_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "arnAttr") arn_components = arn_components.is_a?(Hash) ? ::AWSCDK::ARNComponents.new(**arn_components.transform_keys(&:to_sym)) : arn_components Jsii::Type.check_type(arn_components, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5Bcm5Db21wb25lbnRzIn0=")), "arnComponents") jsii_call_method("getResourceArnAttribute", [arn_attr, arn_components]) end |
#get_resource_name_attribute(name_attr) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. bucket.bucketName).
Normally, this token will resolve to name_attr, but if the resource is
referenced across environments, it will be resolved to this.physicalName,
which will be a concrete name.
371 372 373 374 |
# File 'iam/role.rb', line 371 def get_resource_name_attribute(name_attr) Jsii::Type.check_type(name_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "nameAttr") jsii_call_method("getResourceNameAttribute", [name_attr]) end |
#grant(grantee, *actions) ⇒ AWSCDK::IAM::Grant
Grant the actions defined in actions to the identity Principal on this resource.
419 420 421 422 423 424 425 |
# File 'iam/role.rb', line 419 def grant(grantee, *actions) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklQcmluY2lwYWwifQ==")), "grantee") actions.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "actions[#{index}]") end jsii_call_method("grant", [grantee, *actions]) end |
#grant_assume_role(identity) ⇒ AWSCDK::IAM::Grant
Grant permissions to the given principal to assume this role.
431 432 433 434 |
# File 'iam/role.rb', line 431 def grant_assume_role(identity) Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklQcmluY2lwYWwifQ==")), "identity") jsii_call_method("grantAssumeRole", [identity]) end |
#grant_pass_role(identity) ⇒ AWSCDK::IAM::Grant
Grant permissions to the given principal to pass this role.
440 441 442 443 |
# File 'iam/role.rb', line 440 def grant_pass_role(identity) Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklQcmluY2lwYWwifQ==")), "identity") jsii_call_method("grantPassRole", [identity]) end |
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
217 218 219 |
# File 'iam/role.rb', line 217 def grant_principal() jsii_get_property("grantPrincipal") end |
#grants ⇒ AWSCDK::IAM::RoleGrants
Collection of grant methods for a Role.
224 225 226 |
# File 'iam/role.rb', line 224 def grants() jsii_get_property("grants") end |
#node ⇒ Constructs::Node
The tree node.
160 161 162 |
# File 'iam/role.rb', line 160 def node() jsii_get_property("node") end |
#permissions_boundary ⇒ AWSCDK::IAM::IManagedPolicy?
Returns the permissions boundary attached to this role.
276 277 278 |
# File 'iam/role.rb', line 276 def () jsii_get_property("permissionsBoundary") end |
#physical_name ⇒ String
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
- a concrete value (e.g.
"my-awesome-bucket") undefined, when a name should be generated by CloudFormation- a concrete name generated automatically during synthesis, in cross-environment scenarios.
189 190 191 |
# File 'iam/role.rb', line 189 def physical_name() jsii_get_property("physicalName") end |
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Returns the role.
231 232 233 |
# File 'iam/role.rb', line 231 def policy_fragment() jsii_get_property("policyFragment") end |
#principal_account ⇒ String?
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
288 289 290 |
# File 'iam/role.rb', line 288 def principal_account() jsii_get_property("principalAccount") end |
#role_arn ⇒ String
Returns the ARN of this role.
238 239 240 |
# File 'iam/role.rb', line 238 def role_arn() jsii_get_property("roleArn") end |
#role_id ⇒ String
Returns the stable and unique string identifying the role.
For example, AIDAJQABLZS4A3QDU576Q.
248 249 250 |
# File 'iam/role.rb', line 248 def role_id() jsii_get_property("roleId") end |
#role_name ⇒ String
Returns the name of the role.
255 256 257 |
# File 'iam/role.rb', line 255 def role_name() jsii_get_property("roleName") end |
#role_ref ⇒ AWSCDK::Interfaces::AWSIAM::RoleReference
A reference to a Role resource.
262 263 264 |
# File 'iam/role.rb', line 262 def role_ref() jsii_get_property("roleRef") end |
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
196 197 198 |
# File 'iam/role.rb', line 196 def stack() jsii_get_property("stack") end |
#to_string ⇒ String
Returns a string representation of this construct.
295 296 297 |
# File 'iam/role.rb', line 295 def to_string() jsii_call_method("toString", []) end |
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the
start of the call, so constructs added by a mixin will not be visited.
Use multiple with() calls if subsequent mixins should apply to added
constructs.
308 309 310 311 312 313 |
# File 'iam/role.rb', line 308 def with(*mixins) mixins.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]") end jsii_call_method("with", [*mixins]) end |
#without_policy_updates(options = nil) ⇒ AWSCDK::IAM::IRole
Return a copy of this Role object whose Policies will not be updated.
Use the object returned by this method if you want this Role to be used by a construct without it automatically updating the Role's Policies.
If you do, you are responsible for adding the correct statements to the Role's policies yourself.
455 456 457 458 459 |
# File 'iam/role.rb', line 455 def without_policy_updates( = nil) = .is_a?(Hash) ? ::AWSCDK::IAM::WithoutPolicyUpdatesOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLldpdGhvdXRQb2xpY3lVcGRhdGVzT3B0aW9ucyJ9")), "options") unless .nil? jsii_call_method("withoutPolicyUpdates", []) end |