Class: AWSCDK::IAM::UserProps

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
iam/user_props.rb

Overview

Properties for defining an IAM user.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(groups: nil, managed_policies: nil, password: nil, password_reset_required: nil, path: nil, permissions_boundary: nil, user_name: nil) ⇒ UserProps

Returns a new instance of UserProps.

Parameters:

  • groups (Array<AWSCDK::IAM::IGroup>, nil) (defaults to: nil)

    Groups to add this user to.

  • managed_policies (Array<AWSCDK::IAM::IManagedPolicy>, nil) (defaults to: nil)

    A list of managed policies associated with this role.

  • password (AWSCDK::SecretValue, nil) (defaults to: nil)

    The password for the user. This is required so the user can access the AWS Management Console.

  • password_reset_required (Boolean, nil) (defaults to: nil)

    Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.

  • path (String, nil) (defaults to: nil)

    The path for the user name.

  • permissions_boundary (AWSCDK::IAM::IManagedPolicy, nil) (defaults to: nil)

    AWS supports permissions boundaries for IAM entities (users or roles).

  • user_name (String, nil) (defaults to: nil)

    A name for the IAM user.



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# File 'iam/user_props.rb', line 14

def initialize(groups: nil, managed_policies: nil, password: nil, password_reset_required: nil, path: nil, permissions_boundary: nil, user_name: nil)
  @groups = groups
  Jsii::Type.check_type(@groups, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pYW0uSUdyb3VwIn0sImtpbmQiOiJhcnJheSJ9fQ==")), "groups") unless @groups.nil?
  @managed_policies = managed_policies
  Jsii::Type.check_type(@managed_policies, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pYW0uSU1hbmFnZWRQb2xpY3kifSwia2luZCI6ImFycmF5In19")), "managedPolicies") unless @managed_policies.nil?
  @password = password
  Jsii::Type.check_type(@password, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5TZWNyZXRWYWx1ZSJ9")), "password") unless @password.nil?
  @password_reset_required = password_reset_required
  Jsii::Type.check_type(@password_reset_required, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "passwordResetRequired") unless @password_reset_required.nil?
  @path = path
  Jsii::Type.check_type(@path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "path") unless @path.nil?
  @permissions_boundary = permissions_boundary
  Jsii::Type.check_type(@permissions_boundary, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklNYW5hZ2VkUG9saWN5In0=")), "permissionsBoundary") unless @permissions_boundary.nil?
  @user_name = user_name
  Jsii::Type.check_type(@user_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userName") unless @user_name.nil?
end

Instance Attribute Details

#groupsArray<AWSCDK::IAM::IGroup>? (readonly)

Note:

Default: - No groups.

Groups to add this user to.

You can also use add_to_group to add this user to a group.

Returns:



38
39
40
# File 'iam/user_props.rb', line 38

def groups
  @groups
end

#managed_policiesArray<AWSCDK::IAM::IManagedPolicy>? (readonly)

Note:

Default: - No managed policies.

A list of managed policies associated with this role.

You can add managed policies later using addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName)).

Returns:



46
47
48
# File 'iam/user_props.rb', line 46

def managed_policies
  @managed_policies
end

#passwordAWSCDK::SecretValue? (readonly)

Note:

Default: - User won't be able to access the management console without a password.

The password for the user. This is required so the user can access the AWS Management Console.

You can use SecretValue.unsafePlainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager.

Returns:



55
56
57
# File 'iam/user_props.rb', line 55

def password
  @password
end

#password_reset_requiredBoolean? (readonly)

Note:

Default: false

Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.

If this is set to 'true', you must also specify "initialPassword".

Returns:

  • (Boolean, nil)


62
63
64
# File 'iam/user_props.rb', line 62

def password_reset_required
  @password_reset_required
end

#pathString? (readonly)

Note:

Default: /

The path for the user name.

For more information about paths, see IAM Identifiers in the IAM User Guide.

Returns:

  • (String, nil)


70
71
72
# File 'iam/user_props.rb', line 70

def path
  @path
end

#permissions_boundaryAWSCDK::IAM::IManagedPolicy? (readonly)

Note:

Default: - No permissions boundary.

AWS supports permissions boundaries for IAM entities (users or roles).

A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.

Returns:



81
82
83
# File 'iam/user_props.rb', line 81

def permissions_boundary
  @permissions_boundary
end

#user_nameString? (readonly)

Note:

Default: - Generated by CloudFormation (recommended)

A name for the IAM user.

For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.

If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.

Returns:

  • (String, nil)


99
100
101
# File 'iam/user_props.rb', line 99

def user_name
  @user_name
end

Class Method Details

.jsii_propertiesObject



101
102
103
104
105
106
107
108
109
110
111
# File 'iam/user_props.rb', line 101

def self.jsii_properties
  {
    :groups => "groups",
    :managed_policies => "managedPolicies",
    :password => "password",
    :password_reset_required => "passwordResetRequired",
    :path => "path",
    :permissions_boundary => "permissionsBoundary",
    :user_name => "userName",
  }
end

Instance Method Details

#to_jsiiObject



113
114
115
116
117
118
119
120
121
122
123
124
125
# File 'iam/user_props.rb', line 113

def to_jsii
  result = {}
  result.merge!({
    "groups" => @groups,
    "managedPolicies" => @managed_policies,
    "password" => @password,
    "passwordResetRequired" => @password_reset_required,
    "path" => @path,
    "permissionsBoundary" => @permissions_boundary,
    "userName" => @user_name,
  })
  result.compact
end