interface IPrincipal
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.IAM.IPrincipal |
 Java | software.amazon.awscdk.services.iam.IPrincipal |
 Python | aws_cdk.aws_iam.IPrincipal |
 TypeScript (source) | @aws-cdk/aws-iam » IPrincipal |
Implemented by
Service, Account, Account, Any, Anyone, Arn, Canonical, Composite, Federated, Group, Lazy, Open, Organization, Principal, Role, Saml, Saml, Service, Session, Star, Unknown, User, Web, Via
Represents a logical IAM principal.
An IPrincipal describes a logical entity that can perform AWS API calls against sets of resources, optionally under certain conditions.
Examples of simple principals are IAM objects that you create, such as Users or Roles.
An example of a more complex principals is a ServicePrincipal (such as
new ServicePrincipal("sns.amazonaws.com"), which represents the Simple
Notifications Service).
A single logical Principal may also map to a set of physical principals.
For example, new OrganizationPrincipal('o-1234') represents all
identities that are part of the given AWS Organization.
Properties
| Name | Type | Description |
|---|---|---|
| assume | string | When this Principal is used in an AssumeRole policy, the action to use. |
| grant | IPrincipal | The principal to grant permissions to. |
| policy | Principal | Return the policy fragment that identifies this principal in a Policy. |
| principal | string | The AWS account ID of this principal. |
assumeRoleAction
Type:
string
When this Principal is used in an AssumeRole policy, the action to use.
grantPrincipal
Type:
IPrincipal
The principal to grant permissions to.
policyFragment
Type:
Principal
Return the policy fragment that identifies this principal in a Policy.
principalAccount?
Type:
string
(optional)
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
Methods
| Name | Description |
|---|---|
| add | Add to the policy of this principal. |
| add | Add to the policy of this principal. |
addToPolicy(statement)
public addToPolicy(statement: PolicyStatement): boolean
⚠️ Deprecated: Use addToPrincipalPolicy instead.
Parameters
- statement
PolicyStatement
Returns
boolean
Add to the policy of this principal.
addToPrincipalPolicy(statement)
public addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult
Parameters
- statement
PolicyStatement
Returns
Add to the policy of this principal.