Package software.amazon.awscdk.services.iam

Class User

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.Resource

software.amazon.awscdk.services.iam.User

All Implemented Interfaces:

IUserRef, IEnvironmentAware, IResource, IGrantable, IIdentity, IPrincipal, IUser, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.119.0 (build 1634eac)",
           date="2025-11-13T16:10:07.251Z")
@Stability(Stable)
public class User
extends Resource
implements IIdentity, IUser

Define a new IAM user.

Example:

 IChainable definition;
 User user = new User(this, "MyUser");
 StateMachine stateMachine = StateMachine.Builder.create(this, "StateMachine")
         .definitionBody(DefinitionBody.fromChainable(definition))
         .build();
 //give user permission to send task success to the state machine
 stateMachine.grant(user, "states:SendTaskSuccess");
 

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	User.Builder	A fluent builder for User.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IIdentity

IIdentity.Jsii$Default, IIdentity.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource

IResource.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IUser

IUser.Jsii$Default, IUser.Jsii$Proxy

Field Summary

Fields

Modifier and Type	Field	Description
static final String	PROPERTY_INJECTION_ID	Uniquely identifies this class.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	User(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	User(software.amazon.jsii.JsiiObjectRef objRef)
	User(software.constructs.Construct scope, String id)
	User(software.constructs.Construct scope, String id, UserProps props)

Method Summary

Modifier and Type	Method	Description
void	addManagedPolicy(IManagedPolicy policy)	Attaches a managed policy to the user.
void	addToGroup(IGroup group)	Adds this user to a group.
Boolean	addToPolicy(PolicyStatement statement)	Add to the policy of this principal.
AddToPrincipalPolicyResult	addToPrincipalPolicy(PolicyStatement statement)	Adds an IAM statement to the default policy.
void	attachInlinePolicy(Policy policy)	Attaches a policy to this user.
static IUser	fromUserArn(software.constructs.Construct scope, String id, String userArn)	Import an existing user given a user ARN.
static IUser	fromUserAttributes(software.constructs.Construct scope, String id, UserAttributes attrs)	Import an existing user given user attributes.
static IUser	fromUserName(software.constructs.Construct scope, String id, String userName)	Import an existing user given a username.
String	getAssumeRoleAction()	When this Principal is used in an AssumeRole policy, the action to use.
IPrincipal	getGrantPrincipal()	The principal to grant permissions to.
IManagedPolicy	getPermissionsBoundary()	Returns the permissions boundary attached to this user.
PrincipalPolicyFragment	getPolicyFragment()	Return the policy fragment that identifies this principal in a Policy.
String	getPrincipalAccount()	The AWS account ID of this principal.
String	getUserArn()	An attribute that represents the user's ARN.
String	getUserName()	An attribute that represents the user name.
UserReference	getUserRef()	A reference to a User resource.

Methods inherited from class software.amazon.awscdk.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource

Methods inherited from class software.constructs.Construct

getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.IResource

applyRemovalPolicy, getStack

Methods inherited from interface software.amazon.awscdk.services.iam.IUser

getEnv, getNode

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Details

PROPERTY_INJECTION_ID

@Stability(Stable)
public static final String PROPERTY_INJECTION_ID

Uniquely identifies this class.

Constructor Details

User

protected User(software.amazon.jsii.JsiiObjectRef objRef)

User

protected User(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

User

@Stability(Stable)
public User(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @Nullable
 UserProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props -

User

@Stability(Stable)
public User(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id)

Parameters:

scope - This parameter is required.

id - This parameter is required.

Method Details

fromUserArn

@Stability(Stable)
@NotNull
public static IUser fromUserArn(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 String userArn)

Import an existing user given a user ARN.

If the ARN comes from a Token, the User cannot have a path; if so, any attempt to reference its username will fail.

Parameters:

scope - construct scope. This parameter is required.

id - construct id. This parameter is required.

userArn - the ARN of an existing user to import. This parameter is required.

fromUserAttributes

@Stability(Stable)
@NotNull
public static IUser fromUserAttributes(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 UserAttributes attrs)

Import an existing user given user attributes.

If the ARN comes from a Token, the User cannot have a path; if so, any attempt to reference its username will fail.

Parameters:

scope - construct scope. This parameter is required.

id - construct id. This parameter is required.

attrs - the attributes of the user to import. This parameter is required.

fromUserName

@Stability(Stable)
@NotNull
public static IUser fromUserName(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 String userName)

Import an existing user given a username.

Parameters:

scope - construct scope. This parameter is required.

id - construct id. This parameter is required.

userName - the username of the existing user to import. This parameter is required.

addManagedPolicy

@Stability(Stable)
public void addManagedPolicy(@NotNull
 IManagedPolicy policy)

Attaches a managed policy to the user.

Specified by:

addManagedPolicy in interface IIdentity

Parameters:

policy - The managed policy to attach. This parameter is required.

addToGroup

@Stability(Stable)
public void addToGroup(@NotNull
 IGroup group)

Adds this user to a group.

Specified by:

addToGroup in interface IUser

Parameters:

group - This parameter is required.

addToPolicy

@Stability(Stable)
@NotNull
public Boolean addToPolicy(@NotNull
 PolicyStatement statement)

Add to the policy of this principal.

Parameters:

statement - This parameter is required.

addToPrincipalPolicy

@Stability(Stable)
@NotNull
public AddToPrincipalPolicyResult addToPrincipalPolicy(@NotNull
 PolicyStatement statement)

Adds an IAM statement to the default policy.

Specified by:

addToPrincipalPolicy in interface IPrincipal

Parameters:

statement - This parameter is required.

Returns:

true

attachInlinePolicy

@Stability(Stable)
public void attachInlinePolicy(@NotNull
 Policy policy)

Attaches a policy to this user.

Specified by:

attachInlinePolicy in interface IIdentity

Parameters:

policy - This parameter is required.

getAssumeRoleAction

@Stability(Stable)
@NotNull
public String getAssumeRoleAction()

When this Principal is used in an AssumeRole policy, the action to use.

Specified by:

getAssumeRoleAction in interface IPrincipal

getGrantPrincipal

@Stability(Stable)
@NotNull
public IPrincipal getGrantPrincipal()

The principal to grant permissions to.

Specified by:

getGrantPrincipal in interface IGrantable

getPolicyFragment

@Stability(Stable)
@NotNull
public PrincipalPolicyFragment getPolicyFragment()

Return the policy fragment that identifies this principal in a Policy.

Specified by:

getPolicyFragment in interface IPrincipal

getUserArn

@Stability(Stable)
@NotNull
public String getUserArn()

An attribute that represents the user's ARN.

Specified by:

getUserArn in interface IUser

getUserName

@Stability(Stable)
@NotNull
public String getUserName()

An attribute that represents the user name.

Specified by:

getUserName in interface IUser

getUserRef

@Stability(Stable)
@NotNull
public UserReference getUserRef()

A reference to a User resource.

Specified by:

getUserRef in interface IUserRef

getPermissionsBoundary

@Stability(Stable)
@Nullable
public IManagedPolicy getPermissionsBoundary()

Returns the permissions boundary attached to this user.

getPrincipalAccount

@Stability(Stable)
@Nullable
public String getPrincipalAccount()

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

Specified by:

getPrincipalAccount in interface IPrincipal