Show / Hide Table of Contents

Class Group

An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users.

Inheritance
System.Object
Construct
Resource
Group
Implements
IGroup
IIdentity
IPrincipal
IGrantable
IResource
IConstruct
Constructs.IConstruct
IDependable
Inherited Members
Resource.IsResource(IConstruct)
Resource.ApplyRemovalPolicy(RemovalPolicy)
Resource.GeneratePhysicalName()
Resource.GetResourceArnAttribute(String, IArnComponents)
Resource.GetResourceNameAttribute(String)
Resource.Env
Resource.PhysicalName
Resource.Stack
Construct.IsConstruct(Object)
Construct.OnPrepare()
Construct.OnSynthesize(ISynthesisSession)
Construct.OnValidate()
Construct.Prepare()
Construct.Synthesize(ISynthesisSession)
Construct.Validate()
Construct.Node
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.AWS.IAM.dll
Syntax (csharp)
public class Group : Resource, IGroup, IIdentity, IPrincipal, IGrantable, IResource, IConstruct, IDependable
Syntax (vb)
Public Class Group
    Inherits Resource
    Implements IGroup, IIdentity, IPrincipal, IGrantable, IResource, IConstruct, IDependable
Remarks

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html

ExampleMetadata: infused

Examples
var user = new User(this, "MyUser"); // or User.fromUserName(stack, 'User', 'johnsmith');
var group = new Group(this, "MyGroup"); // or Group.fromGroupArn(stack, 'Group', 'arn:aws:iam::account-id:group/group-name');

user.AddToGroup(group);
// or
group.AddUser(user);

Synopsis

Constructors

Group(ByRefValue)

Used by jsii to construct an instance of this class from a Javascript-owned object reference

Group(DeputyBase.DeputyProps)

Used by jsii to construct an instance of this class from DeputyProps

Group(Construct, String, IGroupProps)

Properties

AssumeRoleAction

When this Principal is used in an AssumeRole policy, the action to use.

GrantPrincipal

The principal to grant permissions to.

GroupArn

Returns the IAM Group ARN.

GroupName

Returns the IAM Group Name.

PolicyFragment

Return the policy fragment that identifies this principal in a Policy.

PrincipalAccount

The AWS account ID of this principal.

Methods

AddManagedPolicy(IManagedPolicy)

Attaches a managed policy to this group.

AddToPolicy(PolicyStatement)

Add to the policy of this principal.

AddToPrincipalPolicy(PolicyStatement)

Adds an IAM statement to the default policy.

AddUser(IUser)

Adds a user to this group.

AttachInlinePolicy(Policy)

Attaches a policy to this group.

FromGroupArn(Construct, String, String)

Import an external group by ARN.

FromGroupName(Construct, String, String)

Import an existing group by given name (with path).

Constructors

Group(ByRefValue)

Used by jsii to construct an instance of this class from a Javascript-owned object reference

protected Group(ByRefValue reference)
Parameters
reference Amazon.JSII.Runtime.Deputy.ByRefValue

The Javascript-owned object reference

Group(DeputyBase.DeputyProps)

Used by jsii to construct an instance of this class from DeputyProps

protected Group(DeputyBase.DeputyProps props)
Parameters
props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps

The deputy props

Group(Construct, String, IGroupProps)

public Group(Construct scope, string id, IGroupProps props = null)
Parameters
scope Constructs.Construct
id System.String
props IGroupProps

Properties

AssumeRoleAction

When this Principal is used in an AssumeRole policy, the action to use.

public virtual string AssumeRoleAction { get; }
Property Value

System.String

GrantPrincipal

The principal to grant permissions to.

public virtual IPrincipal GrantPrincipal { get; }
Property Value

IPrincipal

GroupArn

Returns the IAM Group ARN.

public virtual string GroupArn { get; }
Property Value

System.String

GroupName

Returns the IAM Group Name.

public virtual string GroupName { get; }
Property Value

System.String

PolicyFragment

Return the policy fragment that identifies this principal in a Policy.

public virtual PrincipalPolicyFragment PolicyFragment { get; }
Property Value

PrincipalPolicyFragment

PrincipalAccount

The AWS account ID of this principal.

public virtual string PrincipalAccount { get; }
Property Value

System.String

Remarks

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

Methods

AddManagedPolicy(IManagedPolicy)

Attaches a managed policy to this group.

public virtual void AddManagedPolicy(IManagedPolicy policy)
Parameters
policy IManagedPolicy

The managed policy to attach.

AddToPolicy(PolicyStatement)

Add to the policy of this principal.

public virtual bool AddToPolicy(PolicyStatement statement)
Parameters
statement PolicyStatement
Returns

System.Boolean

AddToPrincipalPolicy(PolicyStatement)

Adds an IAM statement to the default policy.

public virtual IAddToPrincipalPolicyResult AddToPrincipalPolicy(PolicyStatement statement)
Parameters
statement PolicyStatement
Returns

IAddToPrincipalPolicyResult

AddUser(IUser)

Adds a user to this group.

public virtual void AddUser(IUser user)
Parameters
user IUser

AttachInlinePolicy(Policy)

Attaches a policy to this group.

public virtual void AttachInlinePolicy(Policy policy)
Parameters
policy Policy

The policy to attach.

FromGroupArn(Construct, String, String)

Import an external group by ARN.

public static IGroup FromGroupArn(Construct scope, string id, string groupArn)
Parameters
scope Constructs.Construct

construct scope.

id System.String

construct id.

groupArn System.String

the ARN of the group to import (e.g. arn:aws:iam::account-id:group/group-name).

Returns

IGroup

Remarks

If the imported Group ARN is a Token (such as a CfnParameter.valueAsString or a Fn.importValue()) and the referenced group has a path (like arn:...:group/AdminGroup/NetworkAdmin), the groupName property will not resolve to the correct value. Instead it will resolve to the first path component. We unfortunately cannot express the correct calculation of the full path name as a CloudFormation expression. In this scenario the Group ARN should be supplied without the path in order to resolve the correct group resource.

FromGroupName(Construct, String, String)

Import an existing group by given name (with path).

public static IGroup FromGroupName(Construct scope, string id, string groupName)
Parameters
scope Constructs.Construct

construct scope.

id System.String

construct id.

groupName System.String

the groupName (path included) of the existing group to import.

Returns

IGroup

Remarks

This method has same caveats of fromGroupArn

Implements

IGroup
IIdentity
IPrincipal
IGrantable
IResource
IConstruct
Constructs.IConstruct
IDependable
Back to top Generated by DocFX