Class: AWSCDK::IAM::User
- Inherits:
-
Resource
- Object
- Resource
- AWSCDK::IAM::User
- Includes:
- IIdentity, IUser
- Defined in:
- iam/user.rb
Overview
Define a new IAM user.
Class Method Summary collapse
-
.from_user_arn(scope, id, user_arn) ⇒ AWSCDK::IAM::IUser
Import an existing user given a user ARN.
-
.from_user_attributes(scope, id, attrs) ⇒ AWSCDK::IAM::IUser
Import an existing user given user attributes.
-
.from_user_name(scope, id, user_name) ⇒ AWSCDK::IAM::IUser
Import an existing user given a username.
- .jsii_overridable_methods ⇒ Object
-
.PROPERTY_INJECTION_ID ⇒ String
Uniquely identifies this class.
Instance Method Summary collapse
-
#add_managed_policy(policy) ⇒ void
Attaches a managed policy to the user.
-
#add_to_group(group) ⇒ void
Adds this user to a group.
-
#add_to_policy(statement) ⇒ Boolean
Add to the policy of this principal.
-
#add_to_principal_policy(statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Adds an IAM statement to the default policy.
-
#apply_cross_stack_reference_strength(strength) ⇒ void
Override the cross-stack reference strength for this resource.
-
#apply_removal_policy(policy) ⇒ void
Apply the given removal policy to this resource.
-
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
-
#attach_inline_policy(policy) ⇒ void
Attaches a policy to this user.
-
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
- #generate_physical_name ⇒ String
-
#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g.
bucket.bucketArn). -
#get_resource_name_attribute(name_attr) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g.
bucket.bucketName). -
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
-
#initialize(scope, id, props = nil) ⇒ User
constructor
A new instance of User.
-
#node ⇒ Constructs::Node
The tree node.
-
#permissions_boundary ⇒ AWSCDK::IAM::IManagedPolicy?
Returns the permissions boundary attached to this user.
-
#physical_name ⇒ String
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
-
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Return the policy fragment that identifies this principal in a Policy.
-
#principal_account ⇒ String?
The AWS account ID of this principal.
-
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
-
#to_string ⇒ String
Returns a string representation of this construct.
-
#user_arn ⇒ String
An attribute that represents the user's ARN.
-
#user_name ⇒ String
An attribute that represents the user name.
-
#user_ref ⇒ AWSCDK::Interfaces::AWSIAM::UserReference
A reference to a User resource.
-
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Constructor Details
#initialize(scope, id, props = nil) ⇒ User
Returns a new instance of User.
13 14 15 16 17 18 19 |
# File 'iam/user.rb', line 13 def initialize(scope, id, props = nil) props = props.is_a?(Hash) ? ::AWSCDK::IAM::UserProps.new(**props.transform_keys(&:to_sym)) : props Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlVzZXJQcm9wcyJ9")), "props") unless props.nil? Jsii::Object.instance_method(:initialize).bind(self).call(scope, id, props) end |
Class Method Details
.from_user_arn(scope, id, user_arn) ⇒ AWSCDK::IAM::IUser
Import an existing user given a user ARN.
If the ARN comes from a Token, the User cannot have a path; if so, any attempt to reference its username will fail.
59 60 61 62 63 64 |
# File 'iam/user.rb', line 59 def self.from_user_arn(scope, id, user_arn) Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(user_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userArn") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_iam.User", "fromUserArn", [scope, id, user_arn]) end |
.from_user_attributes(scope, id, attrs) ⇒ AWSCDK::IAM::IUser
Import an existing user given user attributes.
If the ARN comes from a Token, the User cannot have a path; if so, any attempt to reference its username will fail.
75 76 77 78 79 80 81 |
# File 'iam/user.rb', line 75 def self.from_user_attributes(scope, id, attrs) Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") attrs = attrs.is_a?(Hash) ? ::AWSCDK::IAM::UserAttributes.new(**attrs.transform_keys(&:to_sym)) : attrs Jsii::Type.check_type(attrs, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlVzZXJBdHRyaWJ1dGVzIn0=")), "attrs") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_iam.User", "fromUserAttributes", [scope, id, attrs]) end |
.from_user_name(scope, id, user_name) ⇒ AWSCDK::IAM::IUser
Import an existing user given a username.
89 90 91 92 93 94 |
# File 'iam/user.rb', line 89 def self.from_user_name(scope, id, user_name) Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(user_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userName") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_iam.User", "fromUserName", [scope, id, user_name]) end |
.jsii_overridable_methods ⇒ Object
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'iam/user.rb', line 21 def self.jsii_overridable_methods { :node => { kind: :property, name: "node", is_optional: false }, :env => { kind: :property, name: "env", is_optional: false }, :physical_name => { kind: :property, name: "physicalName", is_optional: false }, :stack => { kind: :property, name: "stack", is_optional: false }, :assume_role_action => { kind: :property, name: "assumeRoleAction", is_optional: false }, :grant_principal => { kind: :property, name: "grantPrincipal", is_optional: false }, :policy_fragment => { kind: :property, name: "policyFragment", is_optional: false }, :user_arn => { kind: :property, name: "userArn", is_optional: false }, :user_name => { kind: :property, name: "userName", is_optional: false }, :user_ref => { kind: :property, name: "userRef", is_optional: false }, :permissions_boundary => { kind: :property, name: "permissionsBoundary", is_optional: true }, :principal_account => { kind: :property, name: "principalAccount", is_optional: true }, :to_string => { kind: :method, name: "toString", is_optional: false }, :with => { kind: :method, name: "with", is_optional: false }, :apply_cross_stack_reference_strength => { kind: :method, name: "applyCrossStackReferenceStrength", is_optional: false }, :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false }, :generate_physical_name => { kind: :method, name: "generatePhysicalName", is_optional: false }, :get_resource_arn_attribute => { kind: :method, name: "getResourceArnAttribute", is_optional: false }, :get_resource_name_attribute => { kind: :method, name: "getResourceNameAttribute", is_optional: false }, :add_managed_policy => { kind: :method, name: "addManagedPolicy", is_optional: false }, :add_to_group => { kind: :method, name: "addToGroup", is_optional: false }, :add_to_policy => { kind: :method, name: "addToPolicy", is_optional: false }, :add_to_principal_policy => { kind: :method, name: "addToPrincipalPolicy", is_optional: false }, :attach_inline_policy => { kind: :method, name: "attachInlinePolicy", is_optional: false }, } end |
.PROPERTY_INJECTION_ID ⇒ String
Uniquely identifies this class.
142 143 144 |
# File 'iam/user.rb', line 142 def self.PROPERTY_INJECTION_ID() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_iam.User", "PROPERTY_INJECTION_ID") end |
Instance Method Details
#add_managed_policy(policy) ⇒ void
This method returns an undefined value.
Attaches a managed policy to the user.
301 302 303 304 |
# File 'iam/user.rb', line 301 def add_managed_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklNYW5hZ2VkUG9saWN5In0=")), "policy") jsii_call_method("addManagedPolicy", [policy]) end |
#add_to_group(group) ⇒ void
This method returns an undefined value.
Adds this user to a group.
310 311 312 313 |
# File 'iam/user.rb', line 310 def add_to_group(group) Jsii::Type.check_type(group, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcm91cCJ9")), "group") jsii_call_method("addToGroup", [group]) end |
#add_to_policy(statement) ⇒ Boolean
Add to the policy of this principal.
319 320 321 322 |
# File 'iam/user.rb', line 319 def add_to_policy(statement) Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement") jsii_call_method("addToPolicy", [statement]) end |
#add_to_principal_policy(statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Adds an IAM statement to the default policy.
328 329 330 331 |
# File 'iam/user.rb', line 328 def add_to_principal_policy(statement) Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement") jsii_call_method("addToPrincipalPolicy", [statement]) end |
#apply_cross_stack_reference_strength(strength) ⇒ void
This method returns an undefined value.
Override the cross-stack reference strength for this resource.
When set, any cross-stack reference to this resource will use the specified
mechanism instead of the global default determined by the
@aws-cdk/core:defaultCrossStackReferences context key. This is useful for
selectively weakening specific references to avoid the "deadly embrace" problem
without changing the app-wide default.
240 241 242 243 |
# File 'iam/user.rb', line 240 def apply_cross_stack_reference_strength(strength) Jsii::Type.check_type(strength, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZWZlcmVuY2VTdHJlbmd0aCJ9")), "strength") jsii_call_method("applyCrossStackReferenceStrength", [strength]) end |
#apply_removal_policy(policy) ⇒ void
This method returns an undefined value.
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
257 258 259 260 |
# File 'iam/user.rb', line 257 def apply_removal_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy") jsii_call_method("applyRemovalPolicy", [policy]) end |
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
149 150 151 |
# File 'iam/user.rb', line 149 def assume_role_action() jsii_get_property("assumeRoleAction") end |
#attach_inline_policy(policy) ⇒ void
This method returns an undefined value.
Attaches a policy to this user.
337 338 339 340 |
# File 'iam/user.rb', line 337 def attach_inline_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeSJ9")), "policy") jsii_call_method("attachInlinePolicy", [policy]) end |
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
114 115 116 |
# File 'iam/user.rb', line 114 def env() jsii_get_property("env") end |
#generate_physical_name ⇒ String
263 264 265 |
# File 'iam/user.rb', line 263 def generate_physical_name() jsii_call_method("generatePhysicalName", []) end |
#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. bucket.bucketArn).
Normally, this token will resolve to arn_attr, but if the resource is
referenced across environments, arn_components will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName in arn_components.
277 278 279 280 281 282 |
# File 'iam/user.rb', line 277 def get_resource_arn_attribute(arn_attr, arn_components) Jsii::Type.check_type(arn_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "arnAttr") arn_components = arn_components.is_a?(Hash) ? ::AWSCDK::ARNComponents.new(**arn_components.transform_keys(&:to_sym)) : arn_components Jsii::Type.check_type(arn_components, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5Bcm5Db21wb25lbnRzIn0=")), "arnComponents") jsii_call_method("getResourceArnAttribute", [arn_attr, arn_components]) end |
#get_resource_name_attribute(name_attr) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. bucket.bucketName).
Normally, this token will resolve to name_attr, but if the resource is
referenced across environments, it will be resolved to this.physicalName,
which will be a concrete name.
292 293 294 295 |
# File 'iam/user.rb', line 292 def get_resource_name_attribute(name_attr) Jsii::Type.check_type(name_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "nameAttr") jsii_call_method("getResourceNameAttribute", [name_attr]) end |
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
156 157 158 |
# File 'iam/user.rb', line 156 def grant_principal() jsii_get_property("grantPrincipal") end |
#node ⇒ Constructs::Node
The tree node.
99 100 101 |
# File 'iam/user.rb', line 99 def node() jsii_get_property("node") end |
#permissions_boundary ⇒ AWSCDK::IAM::IManagedPolicy?
Returns the permissions boundary attached to this user.
191 192 193 |
# File 'iam/user.rb', line 191 def () jsii_get_property("permissionsBoundary") end |
#physical_name ⇒ String
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
- a concrete value (e.g.
"my-awesome-bucket") undefined, when a name should be generated by CloudFormation- a concrete name generated automatically during synthesis, in cross-environment scenarios.
128 129 130 |
# File 'iam/user.rb', line 128 def physical_name() jsii_get_property("physicalName") end |
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Return the policy fragment that identifies this principal in a Policy.
163 164 165 |
# File 'iam/user.rb', line 163 def policy_fragment() jsii_get_property("policyFragment") end |
#principal_account ⇒ String?
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
203 204 205 |
# File 'iam/user.rb', line 203 def principal_account() jsii_get_property("principalAccount") end |
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
135 136 137 |
# File 'iam/user.rb', line 135 def stack() jsii_get_property("stack") end |
#to_string ⇒ String
Returns a string representation of this construct.
210 211 212 |
# File 'iam/user.rb', line 210 def to_string() jsii_call_method("toString", []) end |
#user_arn ⇒ String
An attribute that represents the user's ARN.
170 171 172 |
# File 'iam/user.rb', line 170 def user_arn() jsii_get_property("userArn") end |
#user_name ⇒ String
An attribute that represents the user name.
177 178 179 |
# File 'iam/user.rb', line 177 def user_name() jsii_get_property("userName") end |
#user_ref ⇒ AWSCDK::Interfaces::AWSIAM::UserReference
A reference to a User resource.
184 185 186 |
# File 'iam/user.rb', line 184 def user_ref() jsii_get_property("userRef") end |
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the
start of the call, so constructs added by a mixin will not be visited.
Use multiple with() calls if subsequent mixins should apply to added
constructs.
223 224 225 226 227 228 |
# File 'iam/user.rb', line 223 def with(*mixins) mixins.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]") end jsii_call_method("with", [*mixins]) end |