IAssumeRolePrincipal
- class aws_cdk.aws_iam.IAssumeRolePrincipal(*args, **kwargs)
Bases:
IPrincipal,ProtocolA type of principal that has more control over its own representation in AssumeRolePolicyDocuments.
More complex types of identity providers need more control over Role’s policy documents than simply
{ Effect: 'Allow', Action: 'AssumeRole', Principal: <Whatever> }.If that control is necessary, they can implement
IAssumeRolePrincipalto get full access to a Role’s AssumeRolePolicyDocument.Methods
- add_to_assume_role_policy(document)
Add the princpial to the AssumeRolePolicyDocument.
Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.
- Parameters:
document (
PolicyDocument)- Return type:
None
- add_to_policy(statement)
(deprecated) Add to the policy of this principal.
- Parameters:
statement (
PolicyStatement)- Return type:
bool- Returns:
true if the statement was added, false if the principal in question does not have a policy document to add the statement to.
- Deprecated:
Use
addToPrincipalPolicyinstead.- Stability:
deprecated
- add_to_principal_policy(statement)
Add to the policy of this principal.
- Parameters:
statement (
PolicyStatement)- Return type:
Attributes
- assume_role_action
When this Principal is used in an AssumeRole policy, the action to use.
- grant_principal
The principal to grant permissions to.
- policy_fragment
Return the policy fragment that identifies this principal in a Policy.
- principal_account
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it’s assumed to be AWS::AccountId.