Class ArnPrincipal

Specify a principal by the Amazon Resource Name (ARN).

Inheritance

object

PrincipalBase

ArnPrincipal

AccountPrincipal

AnyPrincipal

Implements

Inherited Members

PrincipalBase.AddToAssumeRolePolicy(PolicyDocument)

PrincipalBase.AddToPolicy(PolicyStatement)

PrincipalBase.AddToPrincipalPolicy(PolicyStatement)

PrincipalBase.ToJSON()

PrincipalBase.WithConditions(IDictionary<string, object>)

PrincipalBase.WithSessionTags()

PrincipalBase.AssumeRoleAction

PrincipalBase.GrantPrincipal

PrincipalBase.PrincipalAccount

Namespace: Amazon.CDK.AWS.IAM

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public class ArnPrincipal : PrincipalBase, IAssumeRolePrincipal, IComparablePrincipal, IPrincipal, IGrantable

Syntax (vb)

Public Class ArnPrincipal Inherits PrincipalBase Implements IAssumeRolePrincipal, IComparablePrincipal, IPrincipal, IGrantable

Remarks

You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. You cannot specify IAM groups or instance profiles as principals

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

ExampleMetadata: infused

Examples

// Option 2: create your custom mastersRole with scoped assumeBy arn as the Cluster prop. Switch to this role from the AWS console.
             using Amazon.CDK.LambdaLayer.KubectlV33;
             Vpc vpc;


             var mastersRole = new Role(this, "MastersRole", new RoleProps {
                 AssumedBy = new ArnPrincipal("arn_for_trusted_principal")
             });

             var cluster = new Cluster(this, "EksCluster", new ClusterProps {
                 Vpc = vpc,
                 Version = KubernetesVersion.V1_33,
                 KubectlLayer = new KubectlV33Layer(this, "KubectlLayer"),
                 MastersRole = mastersRole
             });

             mastersRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps {
                 Actions = new [] { "eks:AccessKubernetesApi", "eks:Describe*", "eks:List*" },
                 Resources = new [] { cluster.ClusterArn }
             }));

Synopsis

Constructors

ArnPrincipal(string)

Specify a principal by the Amazon Resource Name (ARN).

Properties

Arn	Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name).
PolicyFragment	Return the policy fragment that identifies this principal in a Policy.

Methods

DedupeString()	Return whether or not this principal is equal to the given principal.
InOrganization(string)	A convenience method for adding a condition that the principal is part of the specified AWS Organization.
ToString()	Returns a string representation of an object.

Constructors

ArnPrincipal(string)

Specify a principal by the Amazon Resource Name (ARN).

public ArnPrincipal(string arn)

Parameters

arn string: Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name).

Remarks

You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. You cannot specify IAM groups or instance profiles as principals

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

ExampleMetadata: infused

Properties

Arn

Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name).

public virtual string Arn { get; }

Property Value

string

Remarks

You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. You cannot specify IAM groups or instance profiles as principals

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

ExampleMetadata: infused

PolicyFragment

Return the policy fragment that identifies this principal in a Policy.

public override PrincipalPolicyFragment PolicyFragment { get; }

Property Value

PrincipalPolicyFragment

Overrides

PrincipalBase.PolicyFragment

Remarks

You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. You cannot specify IAM groups or instance profiles as principals

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

ExampleMetadata: infused

Methods

DedupeString()

Return whether or not this principal is equal to the given principal.

public override string? DedupeString()

Returns

string

Overrides

PrincipalBase.DedupeString()

Remarks

You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. You cannot specify IAM groups or instance profiles as principals

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

ExampleMetadata: infused

InOrganization(string)

A convenience method for adding a condition that the principal is part of the specified AWS Organization.

public virtual PrincipalBase InOrganization(string organizationId)

Parameters

organizationId string

Returns

PrincipalBase

Remarks

You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. You cannot specify IAM groups or instance profiles as principals

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

ExampleMetadata: infused

ToString()

Returns a string representation of an object.

public override string ToString()

Returns

string

Overrides

PrincipalBase.ToString()

Remarks

You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. You cannot specify IAM groups or instance profiles as principals

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

ExampleMetadata: infused

Implements

IAssumeRolePrincipal

IComparablePrincipal

IPrincipal

IGrantable