{ "author": { "name": "Amazon Web Services", "organization": true, "roles": [ "author" ], "url": "https://aws.amazon.com" }, "dependencies": { "@aws-cdk/core": "1.64.0", "@aws-cdk/region-info": "1.64.0", "constructs": "^3.0.4" }, "dependencyClosure": { "@aws-cdk/cloud-assembly-schema": { "targets": { "dotnet": { "assemblyOriginatorKeyFile": "../../key.snk", "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.CloudAssembly.Schema", "packageId": "Amazon.CDK.CloudAssembly.Schema", "signAssembly": true }, "java": { "maven": { "artifactId": "cdk-cloud-assembly-schema", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.cloudassembly.schema" }, "js": { "npm": "@aws-cdk/cloud-assembly-schema" }, "python": { "distName": "aws-cdk.cloud-assembly-schema", "module": "aws_cdk.cloud_assembly_schema" } } }, "@aws-cdk/core": { "targets": { "dotnet": { "assemblyOriginatorKeyFile": "../../key.snk", "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK", "packageId": "Amazon.CDK", "signAssembly": true }, "java": { "maven": { "artifactId": "core", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.core" }, "js": { "npm": "@aws-cdk/core" }, "python": { "distName": "aws-cdk.core", "module": "aws_cdk.core" } } }, "@aws-cdk/cx-api": { "targets": { "dotnet": { "assemblyOriginatorKeyFile": "../../key.snk", "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.CXAPI", "packageId": "Amazon.CDK.CXAPI", "signAssembly": true }, "java": { "maven": { "artifactId": "cdk-cx-api", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.cxapi" }, "js": { "npm": "@aws-cdk/cx-api" }, "python": { "distName": "aws-cdk.cx-api", "module": "aws_cdk.cx_api" } } }, "@aws-cdk/region-info": { "targets": { "dotnet": { "assemblyOriginatorKeyFile": "../../key.snk", "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.RegionInfo", "packageId": "Amazon.CDK.RegionInfo", "signAssembly": true }, "java": { "maven": { "artifactId": "cdk-region-info", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.regioninfo" }, "js": { "npm": "@aws-cdk/region-info" }, "python": { "distName": "aws-cdk.region-info", "module": "aws_cdk.region_info" } } }, "constructs": { "targets": { "dotnet": { "namespace": "Constructs", "packageId": "Constructs" }, "java": { "maven": { "artifactId": "constructs", "groupId": "software.constructs" }, "package": "software.constructs" }, "js": { "npm": "constructs" }, "python": { "distName": "constructs", "module": "constructs" } } } }, "description": "CDK routines for easily assigning correct and minimal IAM permissions", "docs": { "stability": "stable" }, "homepage": "https://github.com/aws/aws-cdk", "jsiiVersion": "1.12.0 (build 5ddc9f2)", "keywords": [ "aws", "cdk", "constructs", "iam" ], "license": "Apache-2.0", "name": "@aws-cdk/aws-iam", "readme": { "markdown": "## AWS Identity and Access Management Construct Library\n\n---\n\n![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)\n\n![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge)\n\n---\n\n\nDefine a role and add permissions to it. This will automatically create and\nattach an IAM policy to the role:\n\n```ts lit=test/example.role.lit.ts\n const role = new Role(this, 'MyRole', {\n assumedBy: new ServicePrincipal('sns.amazonaws.com'),\n });\n\n role.addToPolicy(new PolicyStatement({\n resources: ['*'],\n actions: ['lambda:InvokeFunction'],\n }));\n```\n\nDefine a policy and attach it to groups, users and roles. Note that it is possible to attach\nthe policy either by calling `xxx.attachInlinePolicy(policy)` or `policy.attachToXxx(xxx)`.\n\n```ts lit=test/example.attaching.lit.ts\n const user = new User(this, 'MyUser', { password: cdk.SecretValue.plainText('1234') });\n const group = new Group(this, 'MyGroup');\n\n const policy = new Policy(this, 'MyPolicy');\n policy.attachToUser(user);\n group.attachInlinePolicy(policy);\n```\n\nManaged policies can be attached using `xxx.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`:\n\n```ts lit=test/example.managedpolicy.lit.ts\nconst group = new Group(this, 'MyGroup');\ngroup.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'));\n```\n\n### Granting permissions to resources\n\nMany of the AWS CDK resources have `grant*` methods that allow you to grant other resources access to that resource. As an example, the following code gives a Lambda function write permissions (Put, Update, Delete) to a DynamoDB table.\n\n```typescript\nconst fn = new lambda.Function(...);\nconst table = new dynamodb.Table(...);\n\ntable.grantWriteData(fn);\n```\n\nThe more generic `grant` method allows you to give specific permissions to a resource:\n\n```typescript\nconst fn = new lambda.Function(...);\nconst table = new dynamodb.Table(...);\n\ntable.grant(fn, 'dynamodb:PutItem');\n```\n\nThe `grant*` methods accept an `IGrantable` object. This interface is implemented by IAM principlal resources (groups, users and roles) and resources that assume a role such as a Lambda function, EC2 instance or a Codebuild project.\n\nYou can find which `grant*` methods exist for a resource in the [AWS CDK API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-construct-library.html).\n\n### Roles\n\nMany AWS resources require *Roles* to operate. These Roles define the AWS API\ncalls an instance or other AWS service is allowed to make.\n\nCreating Roles and populating them with the right permissions *Statements* is\na necessary but tedious part of setting up AWS infrastructure. In order to\nhelp you focus on your business logic, CDK will take care of creating\nroles and populating them with least-privilege permissions automatically.\n\nAll constructs that require Roles will create one for you if don't specify\none at construction time. Permissions will be added to that role\nautomatically if you associate the construct with other constructs from the\nAWS Construct Library (for example, if you tell an *AWS CodePipeline* to trigger\nan *AWS Lambda Function*, the Pipeline's Role will automatically get\n`lambda:InvokeFunction` permissions on that particular Lambda Function),\nor if you explicitly grant permissions using `grant` functions (see the\nprevious section).\n\n#### Opting out of automatic permissions management\n\nYou may prefer to manage a Role's permissions yourself instead of having the\nCDK automatically manage them for you. This may happen in one of the\nfollowing cases:\n\n* You don't like the permissions that CDK automatically generates and\n want to substitute your own set.\n* The least-permissions policy that the CDK generates is becoming too\n big for IAM to store, and you need to add some wildcards to keep the\n policy size down.\n\nTo prevent constructs from updating your Role's policy, pass the object\nreturned by `myRole.withoutPolicyUpdates()` instead of `myRole` itself.\n\nFor example, to have an AWS CodePipeline *not* automatically add the required\npermissions to trigger the expected targets, do the following:\n\n```ts\nconst role = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('codepipeline.amazonaws.com'),\n // custom description if desired\n description: 'This is a custom role...',\n});\n\nnew codepipeline.Pipeline(this, 'Pipeline', {\n // Give the Pipeline an immutable view of the Role\n role: role.withoutPolicyUpdates(),\n});\n\n// You now have to manage the Role policies yourself\nrole.addToPolicy(new iam.PolicyStatement({\n action: [/* whatever actions you want */],\n resource: [/* whatever resources you intend to touch */],\n});\n```\n\n#### Using existing roles\n\nIf there are Roles in your account that have already been created which you\nwould like to use in your CDK application, you can use `Role.fromRoleArn` to\nimport them, as follows:\n\n```ts\nconst role = iam.Role.fromRoleArn(this, 'Role', 'arn:aws:iam::123456789012:role/MyExistingRole', {\n // Set 'mutable' to 'false' to use the role as-is and prevent adding new\n // policies to it. The default is 'true', which means the role may be\n // modified as part of the deployment.\n mutable: false,\n});\n```\n\n### Configuring an ExternalId\n\nIf you need to create Roles that will be assumed by third parties, it is generally a good idea to [require an `ExternalId`\nto assume them](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html). Configuring\nan `ExternalId` works like this:\n\n```ts lit=test/example.external-id.lit.ts\nconst role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.AccountPrincipal('123456789012'),\n externalIds: ['SUPPLY-ME'],\n});\n```\n\n### Principals vs Identities\n\nWhen we say *Principal*, we mean an entity you grant permissions to. This\nentity can be an AWS Service, a Role, or something more abstract such as \"all\nusers in this account\" or even \"all users in this organization\". An\n*Identity* is an IAM representing a single IAM entity that can have\na policy attached, one of `Role`, `User`, or `Group`.\n\n### IAM Principals\n\nWhen defining policy statements as part of an AssumeRole policy or as part of a\nresource policy, statements would usually refer to a specific IAM principal\nunder `Principal`.\n\nIAM principals are modeled as classes that derive from the `iam.PolicyPrincipal`\nabstract class. Principal objects include principal type (string) and value\n(array of string), optional set of conditions and the action that this principal\nrequires when it is used in an assume role policy document.\n\nTo add a principal to a policy statement you can either use the abstract\n`statement.addPrincipal`, one of the concrete `addXxxPrincipal` methods:\n\n* `addAwsPrincipal`, `addArnPrincipal` or `new ArnPrincipal(arn)` for `{ \"AWS\": arn }`\n* `addAwsAccountPrincipal` or `new AccountPrincipal(accountId)` for `{ \"AWS\": account-arn }`\n* `addServicePrincipal` or `new ServicePrincipal(service)` for `{ \"Service\": service }`\n* `addAccountRootPrincipal` or `new AccountRootPrincipal()` for `{ \"AWS\": { \"Ref: \"AWS::AccountId\" } }`\n* `addCanonicalUserPrincipal` or `new CanonicalUserPrincipal(id)` for `{ \"CanonicalUser\": id }`\n* `addFederatedPrincipal` or `new FederatedPrincipal(federated, conditions, assumeAction)` for\n `{ \"Federated\": arn }` and a set of optional conditions and the assume role action to use.\n* `addAnyPrincipal` or `new AnyPrincipal` for `{ \"AWS\": \"*\" }`\n\nIf multiple principals are added to the policy statement, they will be merged together:\n\n```ts\nconst statement = new PolicyStatement();\nstatement.addServicePrincipal('cloudwatch.amazonaws.com');\nstatement.addServicePrincipal('ec2.amazonaws.com');\nstatement.addArnPrincipal('arn:aws:boom:boom');\n```\n\nWill result in:\n\n```json\n{\n \"Principal\": {\n \"Service\": [ \"cloudwatch.amazonaws.com\", \"ec2.amazonaws.com\" ],\n \"AWS\": \"arn:aws:boom:boom\"\n }\n}\n```\n\nThe `CompositePrincipal` class can also be used to define complex principals, for example:\n\n```ts\nconst role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.CompositePrincipal(\n new iam.ServicePrincipal('ec2.amazonaws.com'),\n new iam.AccountPrincipal('1818188181818187272')\n )\n});\n```\n\nThe `PrincipalWithConditions` class can be used to add conditions to a\nprincipal, especially those that don't take a `conditions` parameter in their\nconstructor. The `principal.withConditions()` method can be used to create a\n`PrincipalWithConditions` from an existing principal, for example:\n\n```ts\nconst principal = new iam.AccountPrincipal('123456789000')\n .withConditions({ StringEquals: { foo: \"baz\" } });\n```\n\n> NOTE: If you need to define an IAM condition that uses a token (such as a\n> deploy-time attribute of another resource) in a JSON map key, use `CfnJson` to\n> render this condition. See [this test](./test/integ-condition-with-ref.ts) for\n> an example.\n\nThe `WebIdentityPrincipal` class can be used as a principal for web identities like\nCognito, Amazon, Google or Facebook, for example:\n\n```ts\nconst principal = new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com')\n .withConditions({\n \"StringEquals\": { \"cognito-identity.amazonaws.com:aud\": \"us-east-2:12345678-abcd-abcd-abcd-123456\" },\n \"ForAnyValue:StringLike\": {\"cognito-identity.amazonaws.com:amr\": \"unauthenticated\"}\n });\n```\n\n### Parsing JSON Policy Documents\n\nThe `PolicyDocument.fromJson` and `PolicyStatement.fromJson` static methods can be used to parse JSON objects. For example:\n\n```ts\nconst policyDocument = {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"FirstStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\"iam:ChangePassword\"],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"SecondStatement\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListAllMyBuckets\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"ThirdStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:List*\",\n \"s3:Get*\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::confidential-data\",\n \"arn:aws:s3:::confidential-data/*\"\n ],\n \"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": \"true\"}}\n }\n ]\n};\n\nconst newPolicyDocument = PolicyDocument.fromJson(policyDocument);\n\n```\n\n### OpenID Connect Providers\n\nOIDC identity providers are entities in IAM that describe an external identity\nprovider (IdP) service that supports the [OpenID Connect] (OIDC) standard, such\nas Google or Salesforce. You use an IAM OIDC identity provider when you want to\nestablish trust between an OIDC-compatible IdP and your AWS account. This is\nuseful when creating a mobile app or web application that requires access to AWS\nresources, but you don't want to create custom sign-in code or manage your own\nuser identities. For more information about this scenario, see [About Web\nIdentity Federation] and the relevant documentation in the [Amazon Cognito\nIdentity Pools Developer Guide].\n\n[OpenID Connect]: http://openid.net/connect\n[About Web Identity Federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html\n[Amazon Cognito Identity Pools Developer Guide]: https://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html\n\nThe following examples defines an OpenID Connect provider. Two client IDs\n(audiences) are will be able to send authentication requests to\nhttps://openid/connect.\n\n```ts\nconst provider = new OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clients: [ 'myclient1', 'myclient2' ]\n});\n```\n\nYou can specify an optional list of `thumbprints`. If not specified, the\nthumbprint of the root certificate authority (CA) will automatically be obtained\nfrom the host as described\n[here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html).\n\nOnce you define an OpenID connect provider, you can use it with AWS services\nthat expect an IAM OIDC provider. For example, when you define an [Amazon\nCognito identity\npool](https://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html)\nyou can reference the provider's ARN as follows:\n\n```ts\nnew cognito.CfnIdentityPool(this, 'IdentityPool', {\n openIdConnectProviderARNs: [ provider.openIdConnectProviderArn ]\n});\n```\n\nThe `OpenIdConnectPrincipal` class can be used as a principal used with a `OpenIdConnectProvider`, for example:\n\n```ts\nconst provider = new OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clients: [ 'myclient1', 'myclient2' ]\n});\nconst principal = new iam.OpenIdConnectPrincipal(provider);\n```\n\n### Features\n\n * Policy name uniqueness is enforced. If two policies by the same name are attached to the same\n principal, the attachment will fail.\n * Policy names are not required - the CDK logical ID will be used and ensured to be unique.\n * Policies are validated during synthesis to ensure that they have actions, and that policies\n attached to IAM principals specify relevant resources, while policies attached to resources\n specify which IAM principals they apply to.\n" }, "repository": { "directory": "packages/@aws-cdk/aws-iam", "type": "git", "url": "https://github.com/aws/aws-cdk.git" }, "schema": "jsii/0.10.0", "targets": { "dotnet": { "assemblyOriginatorKeyFile": "../../key.snk", "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.IAM", "packageId": "Amazon.CDK.AWS.IAM", "signAssembly": true }, "java": { "maven": { "artifactId": "iam", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.iam" }, "js": { "npm": "@aws-cdk/aws-iam" }, "python": { "distName": "aws-cdk.aws-iam", "module": "aws_cdk.aws_iam" } }, "types": { "@aws-cdk/aws-iam.AccountPrincipal": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/aws-iam.ArnPrincipal", "docs": { "stability": "stable", "summary": "Specify AWS account ID as the principal entity in a policy to delegate authority to the account." }, "fqn": "@aws-cdk/aws-iam.AccountPrincipal", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 302 }, "parameters": [ { "docs": { "summary": "AWS account ID (i.e. 123456789012)." }, "name": "accountId", "type": { "primitive": "any" } } ] }, "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 297 }, "methods": [ { "docs": { "stability": "stable", "summary": "Returns a string representation of an object." }, "locationInModule": { "filename": "lib/principals.ts", "line": 306 }, "name": "toString", "overrides": "@aws-cdk/aws-iam.ArnPrincipal", "returns": { "type": { "primitive": "string" } } } ], "name": "AccountPrincipal", "properties": [ { "docs": { "stability": "stable", "summary": "AWS account ID (i.e. 123456789012)." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 302 }, "name": "accountId", "type": { "primitive": "any" } } ] }, "@aws-cdk/aws-iam.AccountRootPrincipal": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/aws-iam.AccountPrincipal", "docs": { "stability": "stable", "summary": "Use the AWS account into which a stack is deployed as the principal entity in a policy." }, "fqn": "@aws-cdk/aws-iam.AccountRootPrincipal", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 500 } }, "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 499 }, "methods": [ { "docs": { "stability": "stable", "summary": "Returns a string representation of an object." }, "locationInModule": { "filename": "lib/principals.ts", "line": 504 }, "name": "toString", "overrides": "@aws-cdk/aws-iam.AccountPrincipal", "returns": { "type": { "primitive": "string" } } } ], "name": "AccountRootPrincipal" }, "@aws-cdk/aws-iam.AddToPrincipalPolicyResult": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "stable", "summary": "Result of calling `addToPrincipalPolicy`." }, "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult", "kind": "interface", "locationInModule": { "filename": "lib/principals.ts", "line": 73 }, "name": "AddToPrincipalPolicyResult", "properties": [ { "abstract": true, "docs": { "stability": "experimental", "summary": "Whether the statement was added to the identity's policies." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 79 }, "name": "statementAdded", "type": { "primitive": "boolean" } }, { "abstract": true, "docs": { "default": "- Required if `statementAdded` is true.", "stability": "experimental", "summary": "Dependable which allows depending on the policy change being applied." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 87 }, "name": "policyDependable", "optional": true, "type": { "fqn": "@aws-cdk/core.IDependable" } } ] }, "@aws-cdk/aws-iam.AddToResourcePolicyResult": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "stable", "summary": "Result of calling addToResourcePolicy." }, "fqn": "@aws-cdk/aws-iam.AddToResourcePolicyResult", "kind": "interface", "locationInModule": { "filename": "lib/grant.ts", "line": 320 }, "name": "AddToResourcePolicyResult", "properties": [ { "abstract": true, "docs": { "stability": "stable", "summary": "Whether the statement was added." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 324 }, "name": "statementAdded", "type": { "primitive": "boolean" } }, { "abstract": true, "docs": { "default": "- If `statementAdded` is true, the resource object itself.\nOtherwise, no dependable.", "stability": "stable", "summary": "Dependable which allows depending on the policy change being applied." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 332 }, "name": "policyDependable", "optional": true, "type": { "fqn": "@aws-cdk/core.IDependable" } } ] }, "@aws-cdk/aws-iam.AnyPrincipal": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/aws-iam.ArnPrincipal", "docs": { "stability": "stable", "summary": "A principal representing all identities in all accounts." }, "fqn": "@aws-cdk/aws-iam.AnyPrincipal", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 513 } }, "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 512 }, "methods": [ { "docs": { "stability": "stable", "summary": "Returns a string representation of an object." }, "locationInModule": { "filename": "lib/principals.ts", "line": 517 }, "name": "toString", "overrides": "@aws-cdk/aws-iam.ArnPrincipal", "returns": { "type": { "primitive": "string" } } } ], "name": "AnyPrincipal" }, "@aws-cdk/aws-iam.Anyone": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/aws-iam.AnyPrincipal", "docs": { "deprecated": "use `AnyPrincipal`", "stability": "deprecated", "summary": "A principal representing all identities in all accounts." }, "fqn": "@aws-cdk/aws-iam.Anyone", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 513 } }, "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 526 }, "name": "Anyone" }, "@aws-cdk/aws-iam.ArnPrincipal": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/aws-iam.PrincipalBase", "docs": { "remarks": "You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions.\nYou cannot specify IAM groups or instance profiles as principals", "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html", "stability": "stable", "summary": "Specify a principal by the Amazon Resource Name (ARN)." }, "fqn": "@aws-cdk/aws-iam.ArnPrincipal", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 281 }, "parameters": [ { "docs": { "summary": "Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name)." }, "name": "arn", "type": { "primitive": "string" } } ] }, "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 276 }, "methods": [ { "docs": { "stability": "stable", "summary": "Returns a string representation of an object." }, "locationInModule": { "filename": "lib/principals.ts", "line": 289 }, "name": "toString", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "returns": { "type": { "primitive": "string" } } } ], "name": "ArnPrincipal", "properties": [ { "docs": { "stability": "stable", "summary": "Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name)." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 281 }, "name": "arn", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 285 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } } ] }, "@aws-cdk/aws-iam.CanonicalUserPrincipal": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/aws-iam.PrincipalBase", "docs": { "remarks": "See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html\n\nand\n\nhttps://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html\n\nfor more details.", "stability": "stable", "summary": "A policy principal for canonicalUserIds - useful for S3 bucket policies that use Origin Access identities." }, "fqn": "@aws-cdk/aws-iam.CanonicalUserPrincipal", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 399 }, "parameters": [ { "docs": { "remarks": "root user and IAM users for an account all see the same ID.\n(i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)", "summary": "unique identifier assigned by AWS for every account." }, "name": "canonicalUserId", "type": { "primitive": "string" } } ] }, "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 392 }, "methods": [ { "docs": { "stability": "stable", "summary": "Returns a string representation of an object." }, "locationInModule": { "filename": "lib/principals.ts", "line": 407 }, "name": "toString", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "returns": { "type": { "primitive": "string" } } } ], "name": "CanonicalUserPrincipal", "properties": [ { "docs": { "remarks": "root user and IAM users for an account all see the same ID.\n(i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)", "stability": "stable", "summary": "unique identifier assigned by AWS for every account." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 399 }, "name": "canonicalUserId", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 403 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } } ] }, "@aws-cdk/aws-iam.CfnAccessKey": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::IAM::AccessKey" }, "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html", "stability": "external", "summary": "A CloudFormation `AWS::IAM::AccessKey`." }, "fqn": "@aws-cdk/aws-iam.CfnAccessKey", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::IAM::AccessKey`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 142 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-iam.CfnAccessKeyProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 90 }, "methods": [ { "docs": { "stability": "experimental", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 159 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 171 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnAccessKey", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 94 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "SecretAccessKey" }, "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 115 }, "name": "attrSecretAccessKey", "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 164 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-username", "stability": "external", "summary": "`AWS::IAM::AccessKey.UserName`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 121 }, "name": "userName", "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-serial", "stability": "external", "summary": "`AWS::IAM::AccessKey.Serial`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 127 }, "name": "serial", "optional": true, "type": { "primitive": "number" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-status", "stability": "external", "summary": "`AWS::IAM::AccessKey.Status`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 133 }, "name": "status", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.CfnAccessKeyProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html", "stability": "external", "summary": "Properties for defining a `AWS::IAM::AccessKey`." }, "fqn": "@aws-cdk/aws-iam.CfnAccessKeyProps", "kind": "interface", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 17 }, "name": "CfnAccessKeyProps", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-username", "stability": "external", "summary": "`AWS::IAM::AccessKey.UserName`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 23 }, "name": "userName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-serial", "stability": "external", "summary": "`AWS::IAM::AccessKey.Serial`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 29 }, "name": "serial", "optional": true, "type": { "primitive": "number" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-status", "stability": "external", "summary": "`AWS::IAM::AccessKey.Status`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 35 }, "name": "status", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.CfnGroup": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::IAM::Group" }, "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html", "stability": "external", "summary": "A CloudFormation `AWS::IAM::Group`." }, "fqn": "@aws-cdk/aws-iam.CfnGroup", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::IAM::Group`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 321 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.CfnGroupProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 263 }, "methods": [ { "docs": { "stability": "experimental", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 338 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 351 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnGroup", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 267 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "Arn" }, "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 288 }, "name": "attrArn", "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 343 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-groupname", "stability": "external", "summary": "`AWS::IAM::Group.GroupName`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 294 }, "name": "groupName", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-managepolicyarns", "stability": "external", "summary": "`AWS::IAM::Group.ManagedPolicyArns`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 300 }, "name": "managedPolicyArns", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-path", "stability": "external", "summary": "`AWS::IAM::Group.Path`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 306 }, "name": "path", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-policies", "stability": "external", "summary": "`AWS::IAM::Group.Policies`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 312 }, "name": "policies", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "collection": { "elementtype": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-iam.CfnGroup.PolicyProperty" } ] } }, "kind": "array" } } ] } } } ] }, "@aws-cdk/aws-iam.CfnGroup.PolicyProperty": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html", "stability": "external" }, "fqn": "@aws-cdk/aws-iam.CfnGroup.PolicyProperty", "kind": "interface", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 361 }, "name": "PolicyProperty", "namespace": "CfnGroup", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument", "stability": "external", "summary": "`CfnGroup.PolicyProperty.PolicyDocument`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 366 }, "name": "policyDocument", "type": { "primitive": "any" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname", "stability": "external", "summary": "`CfnGroup.PolicyProperty.PolicyName`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 371 }, "name": "policyName", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.CfnGroupProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html", "stability": "external", "summary": "Properties for defining a `AWS::IAM::Group`." }, "fqn": "@aws-cdk/aws-iam.CfnGroupProps", "kind": "interface", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 182 }, "name": "CfnGroupProps", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-groupname", "stability": "external", "summary": "`AWS::IAM::Group.GroupName`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 188 }, "name": "groupName", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-managepolicyarns", "stability": "external", "summary": "`AWS::IAM::Group.ManagedPolicyArns`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 194 }, "name": "managedPolicyArns", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-path", "stability": "external", "summary": "`AWS::IAM::Group.Path`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 200 }, "name": "path", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-policies", "stability": "external", "summary": "`AWS::IAM::Group.Policies`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 206 }, "name": "policies", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "collection": { "elementtype": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-iam.CfnGroup.PolicyProperty" } ] } }, "kind": "array" } } ] } } } ] }, "@aws-cdk/aws-iam.CfnInstanceProfile": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::IAM::InstanceProfile" }, "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html", "stability": "external", "summary": "A CloudFormation `AWS::IAM::InstanceProfile`." }, "fqn": "@aws-cdk/aws-iam.CfnInstanceProfile", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::IAM::InstanceProfile`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 552 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-iam.CfnInstanceProfileProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 500 }, "methods": [ { "docs": { "stability": "experimental", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 569 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 581 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnInstanceProfile", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 504 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "Arn" }, "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 525 }, "name": "attrArn", "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 574 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-roles", "stability": "external", "summary": "`AWS::IAM::InstanceProfile.Roles`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 531 }, "name": "roles", "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-instanceprofilename", "stability": "external", "summary": "`AWS::IAM::InstanceProfile.InstanceProfileName`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 537 }, "name": "instanceProfileName", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-path", "stability": "external", "summary": "`AWS::IAM::InstanceProfile.Path`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 543 }, "name": "path", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.CfnInstanceProfileProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html", "stability": "external", "summary": "Properties for defining a `AWS::IAM::InstanceProfile`." }, "fqn": "@aws-cdk/aws-iam.CfnInstanceProfileProps", "kind": "interface", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 427 }, "name": "CfnInstanceProfileProps", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-roles", "stability": "external", "summary": "`AWS::IAM::InstanceProfile.Roles`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 433 }, "name": "roles", "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-instanceprofilename", "stability": "external", "summary": "`AWS::IAM::InstanceProfile.InstanceProfileName`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 439 }, "name": "instanceProfileName", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-path", "stability": "external", "summary": "`AWS::IAM::InstanceProfile.Path`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 445 }, "name": "path", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.CfnManagedPolicy": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::IAM::ManagedPolicy" }, "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html", "stability": "external", "summary": "A CloudFormation `AWS::IAM::ManagedPolicy`." }, "fqn": "@aws-cdk/aws-iam.CfnManagedPolicy", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::IAM::ManagedPolicy`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 772 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-iam.CfnManagedPolicyProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 701 }, "methods": [ { "docs": { "stability": "experimental", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 792 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 808 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnManagedPolicy", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 705 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 797 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-policydocument", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.PolicyDocument`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 727 }, "name": "policyDocument", "type": { "primitive": "any" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-description", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.Description`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 733 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-groups", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.Groups`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 739 }, "name": "groups", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-managedpolicyname", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.ManagedPolicyName`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 745 }, "name": "managedPolicyName", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-ec2-dhcpoptions-path", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.Path`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 751 }, "name": "path", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-roles", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.Roles`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 757 }, "name": "roles", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-users", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.Users`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 763 }, "name": "users", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.CfnManagedPolicyProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html", "stability": "external", "summary": "Properties for defining a `AWS::IAM::ManagedPolicy`." }, "fqn": "@aws-cdk/aws-iam.CfnManagedPolicyProps", "kind": "interface", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 592 }, "name": "CfnManagedPolicyProps", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-policydocument", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.PolicyDocument`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 598 }, "name": "policyDocument", "type": { "primitive": "any" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-description", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.Description`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 604 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-groups", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.Groups`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 610 }, "name": "groups", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-managedpolicyname", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.ManagedPolicyName`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 616 }, "name": "managedPolicyName", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-ec2-dhcpoptions-path", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.Path`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 622 }, "name": "path", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-roles", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.Roles`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 628 }, "name": "roles", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-users", "stability": "external", "summary": "`AWS::IAM::ManagedPolicy.Users`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 634 }, "name": "users", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.CfnPolicy": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::IAM::Policy" }, "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html", "stability": "external", "summary": "A CloudFormation `AWS::IAM::Policy`." }, "fqn": "@aws-cdk/aws-iam.CfnPolicy", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::IAM::Policy`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 970 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-iam.CfnPolicyProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 911 }, "methods": [ { "docs": { "stability": "experimental", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 989 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1003 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnPolicy", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 915 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 994 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument", "stability": "external", "summary": "`AWS::IAM::Policy.PolicyDocument`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 937 }, "name": "policyDocument", "type": { "primitive": "any" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policyname", "stability": "external", "summary": "`AWS::IAM::Policy.PolicyName`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 943 }, "name": "policyName", "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-groups", "stability": "external", "summary": "`AWS::IAM::Policy.Groups`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 949 }, "name": "groups", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-roles", "stability": "external", "summary": "`AWS::IAM::Policy.Roles`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 955 }, "name": "roles", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-users", "stability": "external", "summary": "`AWS::IAM::Policy.Users`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 961 }, "name": "users", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.CfnPolicyProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html", "stability": "external", "summary": "Properties for defining a `AWS::IAM::Policy`." }, "fqn": "@aws-cdk/aws-iam.CfnPolicyProps", "kind": "interface", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 819 }, "name": "CfnPolicyProps", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument", "stability": "external", "summary": "`AWS::IAM::Policy.PolicyDocument`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 825 }, "name": "policyDocument", "type": { "primitive": "any" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policyname", "stability": "external", "summary": "`AWS::IAM::Policy.PolicyName`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 831 }, "name": "policyName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-groups", "stability": "external", "summary": "`AWS::IAM::Policy.Groups`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 837 }, "name": "groups", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-roles", "stability": "external", "summary": "`AWS::IAM::Policy.Roles`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 843 }, "name": "roles", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-users", "stability": "external", "summary": "`AWS::IAM::Policy.Users`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 849 }, "name": "users", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.CfnRole": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::IAM::Role" }, "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html", "stability": "external", "summary": "A CloudFormation `AWS::IAM::Role`." }, "fqn": "@aws-cdk/aws-iam.CfnRole", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::IAM::Role`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1234 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-iam.CfnRoleProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1141 }, "methods": [ { "docs": { "stability": "experimental", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1258 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1276 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnRole", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1145 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "Arn" }, "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1166 }, "name": "attrArn", "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "RoleId" }, "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1171 }, "name": "attrRoleId", "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1263 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-tags", "stability": "external", "summary": "`AWS::IAM::Role.Tags`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1225 }, "name": "tags", "type": { "fqn": "@aws-cdk/core.TagManager" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-assumerolepolicydocument", "stability": "external", "summary": "`AWS::IAM::Role.AssumeRolePolicyDocument`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1177 }, "name": "assumeRolePolicyDocument", "type": { "primitive": "any" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-description", "stability": "external", "summary": "`AWS::IAM::Role.Description`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1183 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-managepolicyarns", "stability": "external", "summary": "`AWS::IAM::Role.ManagedPolicyArns`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1189 }, "name": "managedPolicyArns", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-maxsessionduration", "stability": "external", "summary": "`AWS::IAM::Role.MaxSessionDuration`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1195 }, "name": "maxSessionDuration", "optional": true, "type": { "primitive": "number" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path", "stability": "external", "summary": "`AWS::IAM::Role.Path`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1201 }, "name": "path", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary", "stability": "external", "summary": "`AWS::IAM::Role.PermissionsBoundary`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1207 }, "name": "permissionsBoundary", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-policies", "stability": "external", "summary": "`AWS::IAM::Role.Policies`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1213 }, "name": "policies", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "collection": { "elementtype": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-iam.CfnRole.PolicyProperty" } ] } }, "kind": "array" } } ] } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-rolename", "stability": "external", "summary": "`AWS::IAM::Role.RoleName`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1219 }, "name": "roleName", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.CfnRole.PolicyProperty": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html", "stability": "external" }, "fqn": "@aws-cdk/aws-iam.CfnRole.PolicyProperty", "kind": "interface", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1286 }, "name": "PolicyProperty", "namespace": "CfnRole", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument", "stability": "external", "summary": "`CfnRole.PolicyProperty.PolicyDocument`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1291 }, "name": "policyDocument", "type": { "primitive": "any" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname", "stability": "external", "summary": "`CfnRole.PolicyProperty.PolicyName`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1296 }, "name": "policyName", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.CfnRoleProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html", "stability": "external", "summary": "Properties for defining a `AWS::IAM::Role`." }, "fqn": "@aws-cdk/aws-iam.CfnRoleProps", "kind": "interface", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1014 }, "name": "CfnRoleProps", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-assumerolepolicydocument", "stability": "external", "summary": "`AWS::IAM::Role.AssumeRolePolicyDocument`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1020 }, "name": "assumeRolePolicyDocument", "type": { "primitive": "any" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-description", "stability": "external", "summary": "`AWS::IAM::Role.Description`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1026 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-managepolicyarns", "stability": "external", "summary": "`AWS::IAM::Role.ManagedPolicyArns`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1032 }, "name": "managedPolicyArns", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-maxsessionduration", "stability": "external", "summary": "`AWS::IAM::Role.MaxSessionDuration`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1038 }, "name": "maxSessionDuration", "optional": true, "type": { "primitive": "number" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path", "stability": "external", "summary": "`AWS::IAM::Role.Path`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1044 }, "name": "path", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary", "stability": "external", "summary": "`AWS::IAM::Role.PermissionsBoundary`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1050 }, "name": "permissionsBoundary", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-policies", "stability": "external", "summary": "`AWS::IAM::Role.Policies`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1056 }, "name": "policies", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "collection": { "elementtype": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-iam.CfnRole.PolicyProperty" } ] } }, "kind": "array" } } ] } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-rolename", "stability": "external", "summary": "`AWS::IAM::Role.RoleName`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1062 }, "name": "roleName", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-tags", "stability": "external", "summary": "`AWS::IAM::Role.Tags`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1068 }, "name": "tags", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/core.CfnTag" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.CfnServiceLinkedRole": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::IAM::ServiceLinkedRole" }, "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html", "stability": "external", "summary": "A CloudFormation `AWS::IAM::ServiceLinkedRole`." }, "fqn": "@aws-cdk/aws-iam.CfnServiceLinkedRole", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::IAM::ServiceLinkedRole`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1472 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-iam.CfnServiceLinkedRoleProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1425 }, "methods": [ { "docs": { "stability": "experimental", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1488 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1500 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnServiceLinkedRole", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1429 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1493 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-awsservicename", "stability": "external", "summary": "`AWS::IAM::ServiceLinkedRole.AWSServiceName`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1451 }, "name": "awsServiceName", "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-customsuffix", "stability": "external", "summary": "`AWS::IAM::ServiceLinkedRole.CustomSuffix`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1457 }, "name": "customSuffix", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-description", "stability": "external", "summary": "`AWS::IAM::ServiceLinkedRole.Description`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1463 }, "name": "description", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.CfnServiceLinkedRoleProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html", "stability": "external", "summary": "Properties for defining a `AWS::IAM::ServiceLinkedRole`." }, "fqn": "@aws-cdk/aws-iam.CfnServiceLinkedRoleProps", "kind": "interface", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1352 }, "name": "CfnServiceLinkedRoleProps", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-awsservicename", "stability": "external", "summary": "`AWS::IAM::ServiceLinkedRole.AWSServiceName`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1358 }, "name": "awsServiceName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-customsuffix", "stability": "external", "summary": "`AWS::IAM::ServiceLinkedRole.CustomSuffix`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1364 }, "name": "customSuffix", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-description", "stability": "external", "summary": "`AWS::IAM::ServiceLinkedRole.Description`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1370 }, "name": "description", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.CfnUser": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::IAM::User" }, "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html", "stability": "external", "summary": "A CloudFormation `AWS::IAM::User`." }, "fqn": "@aws-cdk/aws-iam.CfnUser", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::IAM::User`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1710 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.CfnUserProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1628 }, "methods": [ { "docs": { "stability": "experimental", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1731 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1748 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnUser", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1632 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "Arn" }, "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1653 }, "name": "attrArn", "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1736 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-tags", "stability": "external", "summary": "`AWS::IAM::User.Tags`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1695 }, "name": "tags", "type": { "fqn": "@aws-cdk/core.TagManager" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-groups", "stability": "external", "summary": "`AWS::IAM::User.Groups`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1659 }, "name": "groups", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-loginprofile", "stability": "external", "summary": "`AWS::IAM::User.LoginProfile`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1665 }, "name": "loginProfile", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty" } ] } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-managepolicyarns", "stability": "external", "summary": "`AWS::IAM::User.ManagedPolicyArns`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1671 }, "name": "managedPolicyArns", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-path", "stability": "external", "summary": "`AWS::IAM::User.Path`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1677 }, "name": "path", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-permissionsboundary", "stability": "external", "summary": "`AWS::IAM::User.PermissionsBoundary`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1683 }, "name": "permissionsBoundary", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-policies", "stability": "external", "summary": "`AWS::IAM::User.Policies`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1689 }, "name": "policies", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "collection": { "elementtype": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-iam.CfnUser.PolicyProperty" } ] } }, "kind": "array" } } ] } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-username", "stability": "external", "summary": "`AWS::IAM::User.UserName`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1701 }, "name": "userName", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html", "stability": "external" }, "fqn": "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty", "kind": "interface", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1758 }, "name": "LoginProfileProperty", "namespace": "CfnUser", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html#cfn-iam-user-loginprofile-password", "stability": "external", "summary": "`CfnUser.LoginProfileProperty.Password`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1763 }, "name": "password", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html#cfn-iam-user-loginprofile-passwordresetrequired", "stability": "external", "summary": "`CfnUser.LoginProfileProperty.PasswordResetRequired`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1768 }, "name": "passwordResetRequired", "optional": true, "type": { "union": { "types": [ { "primitive": "boolean" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } } ] }, "@aws-cdk/aws-iam.CfnUser.PolicyProperty": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html", "stability": "external" }, "fqn": "@aws-cdk/aws-iam.CfnUser.PolicyProperty", "kind": "interface", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1822 }, "name": "PolicyProperty", "namespace": "CfnUser", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument", "stability": "external", "summary": "`CfnUser.PolicyProperty.PolicyDocument`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1827 }, "name": "policyDocument", "type": { "primitive": "any" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname", "stability": "external", "summary": "`CfnUser.PolicyProperty.PolicyName`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1832 }, "name": "policyName", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.CfnUserProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html", "stability": "external", "summary": "Properties for defining a `AWS::IAM::User`." }, "fqn": "@aws-cdk/aws-iam.CfnUserProps", "kind": "interface", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1511 }, "name": "CfnUserProps", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-groups", "stability": "external", "summary": "`AWS::IAM::User.Groups`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1517 }, "name": "groups", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-loginprofile", "stability": "external", "summary": "`AWS::IAM::User.LoginProfile`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1523 }, "name": "loginProfile", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty" } ] } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-managepolicyarns", "stability": "external", "summary": "`AWS::IAM::User.ManagedPolicyArns`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1529 }, "name": "managedPolicyArns", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-path", "stability": "external", "summary": "`AWS::IAM::User.Path`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1535 }, "name": "path", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-permissionsboundary", "stability": "external", "summary": "`AWS::IAM::User.PermissionsBoundary`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1541 }, "name": "permissionsBoundary", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-policies", "stability": "external", "summary": "`AWS::IAM::User.Policies`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1547 }, "name": "policies", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "collection": { "elementtype": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-iam.CfnUser.PolicyProperty" } ] } }, "kind": "array" } } ] } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-tags", "stability": "external", "summary": "`AWS::IAM::User.Tags`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1553 }, "name": "tags", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/core.CfnTag" }, "kind": "array" } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-username", "stability": "external", "summary": "`AWS::IAM::User.UserName`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1559 }, "name": "userName", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.CfnUserToGroupAddition": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::IAM::UserToGroupAddition" }, "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html", "stability": "external", "summary": "A CloudFormation `AWS::IAM::UserToGroupAddition`." }, "fqn": "@aws-cdk/aws-iam.CfnUserToGroupAddition", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::IAM::UserToGroupAddition`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1994 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-iam.CfnUserToGroupAdditionProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1953 }, "methods": [ { "docs": { "stability": "experimental", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 2010 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 2021 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnUserToGroupAddition", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1957 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 2015 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-groupname", "stability": "external", "summary": "`AWS::IAM::UserToGroupAddition.GroupName`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1979 }, "name": "groupName", "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-users", "stability": "external", "summary": "`AWS::IAM::UserToGroupAddition.Users`." }, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1985 }, "name": "users", "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.CfnUserToGroupAdditionProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html", "stability": "external", "summary": "Properties for defining a `AWS::IAM::UserToGroupAddition`." }, "fqn": "@aws-cdk/aws-iam.CfnUserToGroupAdditionProps", "kind": "interface", "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1888 }, "name": "CfnUserToGroupAdditionProps", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-groupname", "stability": "external", "summary": "`AWS::IAM::UserToGroupAddition.GroupName`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1894 }, "name": "groupName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-users", "stability": "external", "summary": "`AWS::IAM::UserToGroupAddition.Users`." }, "immutable": true, "locationInModule": { "filename": "lib/iam.generated.ts", "line": 1900 }, "name": "users", "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.CommonGrantOptions": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "experimental", "summary": "Basic options for a grant operation." }, "fqn": "@aws-cdk/aws-iam.CommonGrantOptions", "kind": "interface", "locationInModule": { "filename": "lib/grant.ts", "line": 10 }, "name": "CommonGrantOptions", "properties": [ { "abstract": true, "docs": { "stability": "experimental", "summary": "The actions to grant." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 21 }, "name": "actions", "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "if principal is undefined, no work is done.", "stability": "experimental", "summary": "The principal to grant to." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 16 }, "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } }, { "abstract": true, "docs": { "stability": "experimental", "summary": "The resource ARNs to grant to." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 26 }, "name": "resourceArns", "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.CompositeDependable": { "assembly": "@aws-cdk/aws-iam", "docs": { "remarks": "Not as simple as eagerly getting the dependency roots from the\ninner dependables, as they may be mutable so we need to defer\nthe query.", "stability": "stable", "summary": "Composite dependable." }, "fqn": "@aws-cdk/aws-iam.CompositeDependable", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/grant.ts", "line": 343 }, "parameters": [ { "name": "dependables", "type": { "fqn": "@aws-cdk/core.IDependable" }, "variadic": true } ], "variadic": true }, "interfaces": [ "@aws-cdk/core.IDependable" ], "kind": "class", "locationInModule": { "filename": "lib/grant.ts", "line": 342 }, "name": "CompositeDependable" }, "@aws-cdk/aws-iam.CompositePrincipal": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/aws-iam.PrincipalBase", "docs": { "remarks": "A composite principal cannot\nhave conditions. i.e. multiple ServicePrincipals that form a composite principal", "stability": "stable", "summary": "Represents a principal that has multiple types of principals." }, "fqn": "@aws-cdk/aws-iam.CompositePrincipal", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 536 }, "parameters": [ { "name": "principals", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalBase" }, "variadic": true } ], "variadic": true }, "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 532 }, "methods": [ { "docs": { "remarks": "Composite principals cannot have\nconditions.", "stability": "stable", "summary": "Adds IAM principals to the composite principal." }, "locationInModule": { "filename": "lib/principals.ts", "line": 551 }, "name": "addPrincipals", "parameters": [ { "docs": { "summary": "IAM principals that will be added to the composite principal." }, "name": "principals", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalBase" }, "variadic": true } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.CompositePrincipal" } }, "variadic": true }, { "docs": { "stability": "stable", "summary": "Returns a string representation of an object." }, "locationInModule": { "filename": "lib/principals.ts", "line": 582 }, "name": "toString", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "returns": { "type": { "primitive": "string" } } } ], "name": "CompositePrincipal", "properties": [ { "docs": { "stability": "stable", "summary": "When this Principal is used in an AssumeRole policy, the action to use." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 533 }, "name": "assumeRoleAction", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 572 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } } ] }, "@aws-cdk/aws-iam.Effect": { "assembly": "@aws-cdk/aws-iam", "docs": { "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_effect.html", "stability": "stable", "summary": "The Effect element of an IAM policy." }, "fqn": "@aws-cdk/aws-iam.Effect", "kind": "enum", "locationInModule": { "filename": "lib/policy-statement.ts", "line": 456 }, "members": [ { "docs": { "remarks": "By default, access to resources are denied.", "stability": "stable", "summary": "Allows access to a resource in an IAM policy statement." }, "name": "ALLOW" }, { "docs": { "remarks": "By default, all requests are denied implicitly.", "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html", "stability": "stable", "summary": "Explicitly deny access to a resource." }, "name": "DENY" } ], "name": "Effect" }, "@aws-cdk/aws-iam.FederatedPrincipal": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/aws-iam.PrincipalBase", "docs": { "remarks": "Additional condition keys are available when the temporary security credentials are used to make a request.\nYou can use these keys to write policies that limit the access of federated users.", "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif", "stability": "stable", "summary": "Principal entity that represents a federated identity provider such as Amazon Cognito, that can be used to provide temporary security credentials to users who have been authenticated." }, "fqn": "@aws-cdk/aws-iam.FederatedPrincipal", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 429 }, "parameters": [ { "docs": { "summary": "federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito)." }, "name": "federated", "type": { "primitive": "string" } }, { "docs": { "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).", "summary": "The conditions under which the policy is in effect." }, "name": "conditions", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "name": "assumeRoleAction", "optional": true, "type": { "primitive": "string" } } ] }, "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 420 }, "methods": [ { "docs": { "stability": "stable", "summary": "Returns a string representation of an object." }, "locationInModule": { "filename": "lib/principals.ts", "line": 442 }, "name": "toString", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "returns": { "type": { "primitive": "string" } } } ], "name": "FederatedPrincipal", "properties": [ { "docs": { "stability": "stable", "summary": "When this Principal is used in an AssumeRole policy, the action to use." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 421 }, "name": "assumeRoleAction", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "type": { "primitive": "string" } }, { "docs": { "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).", "stability": "stable", "summary": "The conditions under which the policy is in effect." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 431 }, "name": "conditions", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "stability": "stable", "summary": "federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito)." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 430 }, "name": "federated", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 438 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } } ] }, "@aws-cdk/aws-iam.FromRoleArnOptions": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "stable", "summary": "Options allowing customizing the behavior of {@link Role.fromRoleArn}." }, "fqn": "@aws-cdk/aws-iam.FromRoleArnOptions", "kind": "interface", "locationInModule": { "filename": "lib/role.ts", "line": 140 }, "name": "FromRoleArnOptions", "properties": [ { "abstract": true, "docs": { "default": "true", "stability": "experimental", "summary": "Whether the imported role can be modified by attaching policy resources to it." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 148 }, "name": "mutable", "optional": true, "type": { "primitive": "boolean" } } ] }, "@aws-cdk/aws-iam.Grant": { "assembly": "@aws-cdk/aws-iam", "docs": { "remarks": "This class is not instantiable by consumers on purpose, so that they will be\nrequired to call the Grant factory functions.", "stability": "stable", "summary": "Result of a grant() operation." }, "fqn": "@aws-cdk/aws-iam.Grant", "interfaces": [ "@aws-cdk/core.IDependable" ], "kind": "class", "locationInModule": { "filename": "lib/grant.ts", "line": 103 }, "methods": [ { "docs": { "remarks": "Absence of a principal leads to a warning, but failing to add\nthe permissions to a present principal is not an error.", "stability": "stable", "summary": "Try to grant the given permissions to the given principal." }, "locationInModule": { "filename": "lib/grant.ts", "line": 162 }, "name": "addToPrincipal", "parameters": [ { "name": "options", "type": { "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalOptions" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } }, "static": true }, { "docs": { "remarks": "As long as any principal is given, granting on the principal may fail (in\ncase of a non-identity principal), but granting on the resource will\nnever fail.\n\nStatement will be the resource statement.", "stability": "stable", "summary": "Add a grant both on the principal and on the resource." }, "locationInModule": { "filename": "lib/grant.ts", "line": 189 }, "name": "addToPrincipalAndResource", "parameters": [ { "name": "options", "type": { "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalAndResourceOptions" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } }, "static": true }, { "docs": { "remarks": "The permissions will be added to the principal policy primarily, falling\nback to the resource policy if necessary. The permissions must be granted\nsomewhere.\n\n- Trying to grant permissions to a principal that does not admit adding to\n the principal policy while not providing a resource with a resource policy\n is an error.\n- Trying to grant permissions to an absent principal (possible in the\n case of imported resources) leads to a warning being added to the\n resource construct.", "stability": "stable", "summary": "Grant the given permissions to the principal." }, "locationInModule": { "filename": "lib/grant.ts", "line": 118 }, "name": "addToPrincipalOrResource", "parameters": [ { "name": "options", "type": { "fqn": "@aws-cdk/aws-iam.GrantWithResourceOptions" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } }, "static": true }, { "docs": { "remarks": "This can be used for e.g. imported resources where you may not be able to modify\nthe resource's policy or some underlying policy which you don't know about.", "stability": "stable", "summary": "Returns a \"no-op\" `Grant` object which represents a \"dropped grant\"." }, "locationInModule": { "filename": "lib/grant.ts", "line": 221 }, "name": "drop", "parameters": [ { "docs": { "summary": "The intended grantee." }, "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } }, { "docs": { "summary": "The user's intent (will be ignored at the moment)." }, "name": "_intent", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } }, "static": true }, { "docs": { "remarks": "The same as construct.node.addDependency(grant), but slightly nicer to read.", "stability": "stable", "summary": "Make sure this grant is applied before the given constructs are deployed." }, "locationInModule": { "filename": "lib/grant.ts", "line": 283 }, "name": "applyBefore", "parameters": [ { "name": "constructs", "type": { "fqn": "@aws-cdk/core.IConstruct" }, "variadic": true } ], "variadic": true }, { "docs": { "stability": "stable", "summary": "Throw an error if this grant wasn't successful." }, "locationInModule": { "filename": "lib/grant.ts", "line": 271 }, "name": "assertSuccess" } ], "name": "Grant", "properties": [ { "docs": { "stability": "stable", "summary": "Whether the grant operation was successful." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 264 }, "name": "success", "type": { "primitive": "boolean" } }, { "docs": { "remarks": "Can be accessed to (e.g.) add additional conditions to the statement.", "stability": "stable", "summary": "The statement that was added to the principal's policy." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 232 }, "name": "principalStatement", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } }, { "docs": { "remarks": "Can be accessed to (e.g.) add additional conditions to the statement.", "stability": "stable", "summary": "The statement that was added to the resource policy." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 239 }, "name": "resourceStatement", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ] }, "@aws-cdk/aws-iam.GrantOnPrincipalAndResourceOptions": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "experimental", "summary": "Options for a grant operation to both identity and resource." }, "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalAndResourceOptions", "interfaces": [ "@aws-cdk/aws-iam.CommonGrantOptions" ], "kind": "interface", "locationInModule": { "filename": "lib/grant.ts", "line": 72 }, "name": "GrantOnPrincipalAndResourceOptions", "properties": [ { "abstract": true, "docs": { "remarks": "The statement will always be added to the resource policy.", "stability": "experimental", "summary": "The resource with a resource policy." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 78 }, "name": "resource", "type": { "fqn": "@aws-cdk/aws-iam.IResourceWithPolicy" } }, { "abstract": true, "docs": { "default": "- the principal of the grantee will be used", "stability": "experimental", "summary": "The principal to use in the statement for the resource policy." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 94 }, "name": "resourcePolicyPrincipal", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } }, { "abstract": true, "docs": { "default": "Same as regular resource ARNs", "remarks": "(Depending on the resource type, this needs to be '*' in a resource policy).", "stability": "experimental", "summary": "When referring to the resource in a resource policy, use this as ARN." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 87 }, "name": "resourceSelfArns", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.GrantOnPrincipalOptions": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "experimental", "summary": "Options for a grant operation that only applies to principals." }, "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalOptions", "interfaces": [ "@aws-cdk/aws-iam.CommonGrantOptions" ], "kind": "interface", "locationInModule": { "filename": "lib/grant.ts", "line": 58 }, "name": "GrantOnPrincipalOptions", "properties": [ { "abstract": true, "docs": { "default": "- the construct in which this construct is defined", "stability": "experimental", "summary": "Construct to report warnings on in case grant could not be registered." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 64 }, "name": "scope", "optional": true, "type": { "fqn": "@aws-cdk/core.IConstruct" } } ] }, "@aws-cdk/aws-iam.GrantWithResourceOptions": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "experimental", "summary": "Options for a grant operation." }, "fqn": "@aws-cdk/aws-iam.GrantWithResourceOptions", "interfaces": [ "@aws-cdk/aws-iam.CommonGrantOptions" ], "kind": "interface", "locationInModule": { "filename": "lib/grant.ts", "line": 34 }, "name": "GrantWithResourceOptions", "properties": [ { "abstract": true, "docs": { "remarks": "The statement will be added to the resource policy if it couldn't be\nadded to the principal policy.", "stability": "experimental", "summary": "The resource with a resource policy." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 41 }, "name": "resource", "type": { "fqn": "@aws-cdk/aws-iam.IResourceWithPolicy" } }, { "abstract": true, "docs": { "default": "Same as regular resource ARNs", "remarks": "(Depending on the resource type, this needs to be '*' in a resource policy).", "stability": "experimental", "summary": "When referring to the resource in a resource policy, use this as ARN." }, "immutable": true, "locationInModule": { "filename": "lib/grant.ts", "line": 50 }, "name": "resourceSelfArns", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.Group": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.Resource", "docs": { "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html", "stability": "stable", "summary": "An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users." }, "fqn": "@aws-cdk/aws-iam.Group", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/group.ts", "line": 163 }, "parameters": [ { "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "props", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.GroupProps" } } ] }, "interfaces": [ "@aws-cdk/aws-iam.IGroup" ], "kind": "class", "locationInModule": { "filename": "lib/group.ts", "line": 129 }, "methods": [ { "docs": { "remarks": "If the imported Group ARN is a Token (such as a\n`CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced\ngroup has a `path` (like `arn:...:group/AdminGroup/NetworkAdmin`), the\n`groupName` property will not resolve to the correct value. Instead it\nwill resolve to the first path component. We unfortunately cannot express\nthe correct calculation of the full path name as a CloudFormation\nexpression. In this scenario the Group ARN should be supplied without the\n`path` in order to resolve the correct group resource.", "stability": "stable", "summary": "Import an external group by ARN." }, "locationInModule": { "filename": "lib/group.ts", "line": 146 }, "name": "fromGroupArn", "parameters": [ { "docs": { "summary": "construct scope." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "construct id." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "the ARN of the group to import (e.g. `arn:aws:iam::account-id:group/group-name`)." }, "name": "groupArn", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.IGroup" } }, "static": true }, { "docs": { "stability": "stable", "summary": "Attaches a managed policy to this group." }, "locationInModule": { "filename": "lib/group.ts", "line": 189 }, "name": "addManagedPolicy", "overrides": "@aws-cdk/aws-iam.IIdentity", "parameters": [ { "docs": { "summary": "The managed policy to attach." }, "name": "policy", "type": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" } } ] }, { "docs": { "stability": "stable", "summary": "Add to the policy of this principal." }, "locationInModule": { "filename": "lib/group.ts", "line": 118 }, "name": "addToPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "primitive": "boolean" } } }, { "docs": { "stability": "stable", "summary": "Adds an IAM statement to the default policy." }, "locationInModule": { "filename": "lib/group.ts", "line": 108 }, "name": "addToPrincipalPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult" } } }, { "docs": { "stability": "stable", "summary": "Adds a user to this group." }, "locationInModule": { "filename": "lib/group.ts", "line": 101 }, "name": "addUser", "parameters": [ { "name": "user", "type": { "fqn": "@aws-cdk/aws-iam.IUser" } } ] }, { "docs": { "stability": "stable", "summary": "Attaches a policy to this group." }, "locationInModule": { "filename": "lib/group.ts", "line": 89 }, "name": "attachInlinePolicy", "overrides": "@aws-cdk/aws-iam.IIdentity", "parameters": [ { "docs": { "summary": "The policy to attach." }, "name": "policy", "type": { "fqn": "@aws-cdk/aws-iam.Policy" } } ] } ], "name": "Group", "properties": [ { "docs": { "stability": "stable", "summary": "When this Principal is used in an AssumeRole policy, the action to use." }, "immutable": true, "locationInModule": { "filename": "lib/group.ts", "line": 76 }, "name": "assumeRoleAction", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "The principal to grant permissions to." }, "immutable": true, "locationInModule": { "filename": "lib/group.ts", "line": 74 }, "name": "grantPrincipal", "overrides": "@aws-cdk/aws-iam.IGrantable", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } }, { "docs": { "stability": "stable", "summary": "Returns the IAM Group ARN." }, "immutable": true, "locationInModule": { "filename": "lib/group.ts", "line": 159 }, "name": "groupArn", "overrides": "@aws-cdk/aws-iam.IGroup", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "Returns the IAM Group Name." }, "immutable": true, "locationInModule": { "filename": "lib/group.ts", "line": 158 }, "name": "groupName", "overrides": "@aws-cdk/aws-iam.IGroup", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/group.ts", "line": 81 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } }, { "docs": { "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.", "stability": "stable", "summary": "The AWS account ID of this principal." }, "immutable": true, "locationInModule": { "filename": "lib/group.ts", "line": 75 }, "name": "principalAccount", "optional": true, "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.GroupProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "stable", "summary": "Properties for defining an IAM group." }, "fqn": "@aws-cdk/aws-iam.GroupProps", "kind": "interface", "locationInModule": { "filename": "lib/group.ts", "line": 35 }, "name": "GroupProps", "properties": [ { "abstract": true, "docs": { "default": "Generated by CloudFormation (recommended)", "remarks": "For valid values, see the GroupName parameter\nfor the CreateGroup action in the IAM API Reference. If you don't specify\na name, AWS CloudFormation generates a unique physical ID and uses that\nID for the group name.\n\nIf you specify a name, you must specify the CAPABILITY_NAMED_IAM value to\nacknowledge your template's capabilities. For more information, see\nAcknowledging IAM Resources in AWS CloudFormation Templates.", "stability": "stable", "summary": "A name for the IAM group." }, "immutable": true, "locationInModule": { "filename": "lib/group.ts", "line": 48 }, "name": "groupName", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "default": "- No managed policies.", "remarks": "You can add managed policies later using\n`addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.", "stability": "stable", "summary": "A list of managed policies associated with this role." }, "immutable": true, "locationInModule": { "filename": "lib/group.ts", "line": 58 }, "name": "managedPolicies", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "/", "remarks": "For more information about paths, see [IAM\nIdentifiers](http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html)\nin the IAM User Guide.", "stability": "stable", "summary": "The path to the group." }, "immutable": true, "locationInModule": { "filename": "lib/group.ts", "line": 67 }, "name": "path", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.IGrantable": { "assembly": "@aws-cdk/aws-iam", "docs": { "stability": "stable", "summary": "Any object that has an associated principal that a permission can be granted to." }, "fqn": "@aws-cdk/aws-iam.IGrantable", "kind": "interface", "locationInModule": { "filename": "lib/principals.ts", "line": 10 }, "name": "IGrantable", "properties": [ { "abstract": true, "docs": { "stability": "stable", "summary": "The principal to grant permissions to." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 14 }, "name": "grantPrincipal", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } } ] }, "@aws-cdk/aws-iam.IGroup": { "assembly": "@aws-cdk/aws-iam", "docs": { "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html", "stability": "stable", "summary": "Represents an IAM Group." }, "fqn": "@aws-cdk/aws-iam.IGroup", "interfaces": [ "@aws-cdk/aws-iam.IIdentity" ], "kind": "interface", "locationInModule": { "filename": "lib/group.ts", "line": 16 }, "name": "IGroup", "properties": [ { "abstract": true, "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "Returns the IAM Group ARN." }, "immutable": true, "locationInModule": { "filename": "lib/group.ts", "line": 29 }, "name": "groupArn", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "Returns the IAM Group Name." }, "immutable": true, "locationInModule": { "filename": "lib/group.ts", "line": 22 }, "name": "groupName", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.IIdentity": { "assembly": "@aws-cdk/aws-iam", "docs": { "stability": "stable", "summary": "A construct that represents an IAM principal, such as a user, group or role." }, "fqn": "@aws-cdk/aws-iam.IIdentity", "interfaces": [ "@aws-cdk/aws-iam.IPrincipal", "@aws-cdk/core.IResource" ], "kind": "interface", "locationInModule": { "filename": "lib/identity-base.ts", "line": 9 }, "methods": [ { "abstract": true, "docs": { "stability": "stable", "summary": "Attaches a managed policy to this principal." }, "locationInModule": { "filename": "lib/identity-base.ts", "line": 21 }, "name": "addManagedPolicy", "parameters": [ { "docs": { "summary": "The managed policy." }, "name": "policy", "type": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" } } ] }, { "abstract": true, "docs": { "remarks": "This is the same as calling `policy.addToXxx(principal)`.", "stability": "stable", "summary": "Attaches an inline policy to this principal." }, "locationInModule": { "filename": "lib/identity-base.ts", "line": 15 }, "name": "attachInlinePolicy", "parameters": [ { "docs": { "summary": "The policy resource to attach to this principal [disable-awslint:ref-via-interface]." }, "name": "policy", "type": { "fqn": "@aws-cdk/aws-iam.Policy" } } ] } ], "name": "IIdentity" }, "@aws-cdk/aws-iam.IManagedPolicy": { "assembly": "@aws-cdk/aws-iam", "docs": { "stability": "stable", "summary": "A managed policy." }, "fqn": "@aws-cdk/aws-iam.IManagedPolicy", "kind": "interface", "locationInModule": { "filename": "lib/managed-policy.ts", "line": 13 }, "name": "IManagedPolicy", "properties": [ { "abstract": true, "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The ARN of the managed policy." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 18 }, "name": "managedPolicyArn", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.IOpenIdConnectProvider": { "assembly": "@aws-cdk/aws-iam", "docs": { "stability": "experimental", "summary": "Represents an IAM OpenID Connect provider." }, "fqn": "@aws-cdk/aws-iam.IOpenIdConnectProvider", "interfaces": [ "@aws-cdk/core.IResource" ], "kind": "interface", "locationInModule": { "filename": "lib/oidc-provider.ts", "line": 11 }, "name": "IOpenIdConnectProvider", "properties": [ { "abstract": true, "docs": { "stability": "experimental", "summary": "The Amazon Resource Name (ARN) of the IAM OpenID Connect provider." }, "immutable": true, "locationInModule": { "filename": "lib/oidc-provider.ts", "line": 15 }, "name": "openIdConnectProviderArn", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.IPolicy": { "assembly": "@aws-cdk/aws-iam", "docs": { "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage.html", "stability": "stable", "summary": "Represents an IAM Policy." }, "fqn": "@aws-cdk/aws-iam.IPolicy", "interfaces": [ "@aws-cdk/core.IResource" ], "kind": "interface", "locationInModule": { "filename": "lib/policy.ts", "line": 15 }, "name": "IPolicy", "properties": [ { "abstract": true, "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The name of this policy." }, "immutable": true, "locationInModule": { "filename": "lib/policy.ts", "line": 21 }, "name": "policyName", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.IPrincipal": { "assembly": "@aws-cdk/aws-iam", "docs": { "remarks": "An IPrincipal describes a logical entity that can perform AWS API calls\nagainst sets of resources, optionally under certain conditions.\n\nExamples of simple principals are IAM objects that you create, such\nas Users or Roles.\n\nAn example of a more complex principals is a `ServicePrincipal` (such as\n`new ServicePrincipal(\"sns.amazonaws.com\")`, which represents the Simple\nNotifications Service).\n\nA single logical Principal may also map to a set of physical principals.\nFor example, `new OrganizationPrincipal('o-1234')` represents all\nidentities that are part of the given AWS Organization.", "stability": "stable", "summary": "Represents a logical IAM principal." }, "fqn": "@aws-cdk/aws-iam.IPrincipal", "interfaces": [ "@aws-cdk/aws-iam.IGrantable" ], "kind": "interface", "locationInModule": { "filename": "lib/principals.ts", "line": 34 }, "methods": [ { "abstract": true, "docs": { "deprecated": "Use `addToPrincipalPolicy` instead.", "returns": "true if the statement was added, false if the principal in\nquestion does not have a policy document to add the statement to.", "stability": "deprecated", "summary": "Add to the policy of this principal." }, "locationInModule": { "filename": "lib/principals.ts", "line": 62 }, "name": "addToPolicy", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "primitive": "boolean" } } }, { "abstract": true, "docs": { "stability": "stable", "summary": "Add to the policy of this principal." }, "locationInModule": { "filename": "lib/principals.ts", "line": 67 }, "name": "addToPrincipalPolicy", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult" } } } ], "name": "IPrincipal", "properties": [ { "abstract": true, "docs": { "stability": "stable", "summary": "When this Principal is used in an AssumeRole policy, the action to use." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 38 }, "name": "assumeRoleAction", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 43 }, "name": "policyFragment", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } }, { "abstract": true, "docs": { "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.", "stability": "stable", "summary": "The AWS account ID of this principal." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 52 }, "name": "principalAccount", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.IResourceWithPolicy": { "assembly": "@aws-cdk/aws-iam", "docs": { "stability": "stable", "summary": "A resource with a resource policy that can be added to." }, "fqn": "@aws-cdk/aws-iam.IResourceWithPolicy", "interfaces": [ "@aws-cdk/core.IResource" ], "kind": "interface", "locationInModule": { "filename": "lib/grant.ts", "line": 310 }, "methods": [ { "abstract": true, "docs": { "stability": "stable", "summary": "Add a statement to the resource's resource policy." }, "locationInModule": { "filename": "lib/grant.ts", "line": 314 }, "name": "addToResourcePolicy", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.AddToResourcePolicyResult" } } } ], "name": "IResourceWithPolicy" }, "@aws-cdk/aws-iam.IRole": { "assembly": "@aws-cdk/aws-iam", "docs": { "stability": "stable", "summary": "A Role object." }, "fqn": "@aws-cdk/aws-iam.IRole", "interfaces": [ "@aws-cdk/aws-iam.IIdentity" ], "kind": "interface", "locationInModule": { "filename": "lib/role.ts", "line": 445 }, "methods": [ { "abstract": true, "docs": { "stability": "stable", "summary": "Grant the actions defined in actions to the identity Principal on this resource." }, "locationInModule": { "filename": "lib/role.ts", "line": 463 }, "name": "grant", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } }, { "name": "actions", "type": { "primitive": "string" }, "variadic": true } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } }, "variadic": true }, { "abstract": true, "docs": { "stability": "stable", "summary": "Grant permissions to the given principal to pass this role." }, "locationInModule": { "filename": "lib/role.ts", "line": 468 }, "name": "grantPassRole", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } } } ], "name": "IRole", "properties": [ { "abstract": true, "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "Returns the ARN of this role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 451 }, "name": "roleArn", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "Returns the name of this role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 458 }, "name": "roleName", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.IUser": { "assembly": "@aws-cdk/aws-iam", "docs": { "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html", "stability": "stable", "summary": "Represents an IAM user." }, "fqn": "@aws-cdk/aws-iam.IUser", "interfaces": [ "@aws-cdk/aws-iam.IIdentity" ], "kind": "interface", "locationInModule": { "filename": "lib/user.ts", "line": 16 }, "methods": [ { "abstract": true, "docs": { "stability": "stable", "summary": "Adds this user to a group." }, "locationInModule": { "filename": "lib/user.ts", "line": 32 }, "name": "addToGroup", "parameters": [ { "name": "group", "type": { "fqn": "@aws-cdk/aws-iam.IGroup" } } ] } ], "name": "IUser", "properties": [ { "abstract": true, "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The user's ARN." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 27 }, "name": "userArn", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The user's name." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 21 }, "name": "userName", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.LazyRole": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.Resource", "docs": { "custom": { "resource": "AWS::IAM::Role" }, "remarks": "This construct can be used to simplify logic in other constructs\nwhich need to create a role but only if certain configurations occur\n(such as when AutoScaling is configured). The role can be configured in one\nplace, but if it never gets used it doesn't get instantiated and will\nnot be synthesized or deployed.", "stability": "stable", "summary": "An IAM role that only gets attached to the construct tree once it gets used, not before." }, "fqn": "@aws-cdk/aws-iam.LazyRole", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 37 }, "parameters": [ { "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "props", "type": { "fqn": "@aws-cdk/aws-iam.LazyRoleProps" } } ] }, "interfaces": [ "@aws-cdk/aws-iam.IRole" ], "kind": "class", "locationInModule": { "filename": "lib/lazy-role.ts", "line": 27 }, "methods": [ { "docs": { "stability": "stable", "summary": "Attaches a managed policy to this role." }, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 75 }, "name": "addManagedPolicy", "overrides": "@aws-cdk/aws-iam.IIdentity", "parameters": [ { "docs": { "summary": "The managed policy to attach." }, "name": "policy", "type": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" } } ] }, { "docs": { "stability": "stable", "summary": "Add to the policy of this principal." }, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 55 }, "name": "addToPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "primitive": "boolean" } } }, { "docs": { "remarks": "If there is no default policy attached to this role, it will be created.", "stability": "stable", "summary": "Adds a permission to the role's default policy document." }, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 46 }, "name": "addToPrincipalPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "docs": { "summary": "The permission statement to add to the policy document." }, "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult" } } }, { "docs": { "stability": "stable", "summary": "Attaches a policy to this role." }, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 63 }, "name": "attachInlinePolicy", "overrides": "@aws-cdk/aws-iam.IIdentity", "parameters": [ { "docs": { "summary": "The policy to attach." }, "name": "policy", "type": { "fqn": "@aws-cdk/aws-iam.Policy" } } ] }, { "docs": { "stability": "stable", "summary": "Grant the actions defined in actions to the identity Principal on this resource." }, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 110 }, "name": "grant", "overrides": "@aws-cdk/aws-iam.IRole", "parameters": [ { "name": "identity", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } }, { "name": "actions", "type": { "primitive": "string" }, "variadic": true } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } }, "variadic": true }, { "docs": { "stability": "stable", "summary": "Grant permissions to the given principal to pass this role." }, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 117 }, "name": "grantPassRole", "overrides": "@aws-cdk/aws-iam.IRole", "parameters": [ { "name": "identity", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } } } ], "name": "LazyRole", "properties": [ { "docs": { "stability": "stable", "summary": "When this Principal is used in an AssumeRole policy, the action to use." }, "immutable": true, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 30 }, "name": "assumeRoleAction", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "The principal to grant permissions to." }, "immutable": true, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 28 }, "name": "grantPrincipal", "overrides": "@aws-cdk/aws-iam.IGrantable", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } }, { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 103 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } }, { "docs": { "stability": "stable", "summary": "Returns the ARN of this role." }, "immutable": true, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 86 }, "name": "roleArn", "overrides": "@aws-cdk/aws-iam.IRole", "type": { "primitive": "string" } }, { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "Returns the stable and unique string identifying the role (i.e. AIDAJQABLZS4A3QDU576Q)." }, "immutable": true, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 95 }, "name": "roleId", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "Returns the name of this role." }, "immutable": true, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 99 }, "name": "roleName", "overrides": "@aws-cdk/aws-iam.IRole", "type": { "primitive": "string" } }, { "docs": { "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.", "stability": "stable", "summary": "The AWS account ID of this principal." }, "immutable": true, "locationInModule": { "filename": "lib/lazy-role.ts", "line": 29 }, "name": "principalAccount", "optional": true, "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.LazyRoleProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "stable", "summary": "Properties for defining a LazyRole." }, "fqn": "@aws-cdk/aws-iam.LazyRoleProps", "interfaces": [ "@aws-cdk/aws-iam.RoleProps" ], "kind": "interface", "locationInModule": { "filename": "lib/lazy-role.ts", "line": 12 }, "name": "LazyRoleProps" }, "@aws-cdk/aws-iam.ManagedPolicy": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.Resource", "docs": { "stability": "stable", "summary": "Managed policy." }, "fqn": "@aws-cdk/aws-iam.ManagedPolicy", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 210 }, "parameters": [ { "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "props", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.ManagedPolicyProps" } } ] }, "interfaces": [ "@aws-cdk/aws-iam.IManagedPolicy" ], "kind": "class", "locationInModule": { "filename": "lib/managed-policy.ts", "line": 101 }, "methods": [ { "docs": { "remarks": "For this managed policy, you only need to know the name to be able to use it.\n\nSome managed policy names start with \"service-role/\", some start with\n\"job-function/\", and some don't start with anything. Do include the\nprefix when constructing this object.", "stability": "stable", "summary": "Import a managed policy from one of the policies that AWS manages." }, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 156 }, "name": "fromAwsManagedPolicyName", "parameters": [ { "name": "managedPolicyName", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" } }, "static": true }, { "docs": { "remarks": "For this managed policy, you only need to know the ARN to be able to use it.\nThis can be useful if you got the ARN from a CloudFormation Export.\n\nIf the imported Managed Policy ARN is a Token (such as a\n`CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced\nmanaged policy has a `path` (like `arn:...:policy/AdminPolicy/AdminAllow`), the\n`managedPolicyName` property will not resolve to the correct value. Instead it\nwill resolve to the first path component. We unfortunately cannot express\nthe correct calculation of the full path name as a CloudFormation\nexpression. In this scenario the Managed Policy ARN should be supplied without the\n`path` in order to resolve the correct managed policy resource.", "stability": "stable", "summary": "Import an external managed policy by ARN." }, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 140 }, "name": "fromManagedPolicyArn", "parameters": [ { "docs": { "summary": "construct scope." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "construct id." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "the ARN of the managed policy to import." }, "name": "managedPolicyArn", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" } }, "static": true }, { "docs": { "remarks": "For this managed policy, you only need to know the name to be able to use it.", "stability": "stable", "summary": "Import a customer managed policy from the managedPolicyName." }, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 108 }, "name": "fromManagedPolicyName", "parameters": [ { "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "managedPolicyName", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" } }, "static": true }, { "docs": { "stability": "stable", "summary": "Adds a statement to the policy document." }, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 261 }, "name": "addStatements", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" }, "variadic": true } ], "variadic": true }, { "docs": { "stability": "stable", "summary": "Attaches this policy to a group." }, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 284 }, "name": "attachToGroup", "parameters": [ { "name": "group", "type": { "fqn": "@aws-cdk/aws-iam.IGroup" } } ] }, { "docs": { "stability": "stable", "summary": "Attaches this policy to a role." }, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 276 }, "name": "attachToRole", "parameters": [ { "name": "role", "type": { "fqn": "@aws-cdk/aws-iam.IRole" } } ] }, { "docs": { "stability": "stable", "summary": "Attaches this policy to a user." }, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 268 }, "name": "attachToUser", "parameters": [ { "name": "user", "type": { "fqn": "@aws-cdk/aws-iam.IUser" } } ] }, { "docs": { "remarks": "This method can be implemented by derived constructs in order to perform\nvalidation logic. It is called on all constructs before synthesis.", "stability": "stable", "summary": "Validate the current construct." }, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 289 }, "name": "validate", "overrides": "@aws-cdk/core.Construct", "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } } ], "name": "ManagedPolicy", "properties": [ { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The description of this policy." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 197 }, "name": "description", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "The policy document." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 183 }, "name": "document", "type": { "fqn": "@aws-cdk/aws-iam.PolicyDocument" } }, { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "Returns the ARN of this managed policy." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 178 }, "name": "managedPolicyArn", "overrides": "@aws-cdk/aws-iam.IManagedPolicy", "type": { "primitive": "string" } }, { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The name of this policy." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 190 }, "name": "managedPolicyName", "type": { "primitive": "string" } }, { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The path of this policy." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 204 }, "name": "path", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.ManagedPolicyProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "stable", "summary": "Properties for defining an IAM managed policy." }, "fqn": "@aws-cdk/aws-iam.ManagedPolicyProps", "kind": "interface", "locationInModule": { "filename": "lib/managed-policy.ts", "line": 24 }, "name": "ManagedPolicyProps", "properties": [ { "abstract": true, "docs": { "default": "- empty", "remarks": "Typically used to store information about the\npermissions defined in the policy. For example, \"Grants access to production DynamoDB tables.\"\nThe policy description is immutable. After a value is assigned, it cannot be changed.", "stability": "stable", "summary": "A description of the managed policy." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 41 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "default": "- An empty policy.", "remarks": "If omited, any\n`PolicyStatement` provided in the `statements` property will be applied\nagainst the empty default `PolicyDocument`.", "stability": "stable", "summary": "Initial PolicyDocument to use for this ManagedPolicy." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 94 }, "name": "document", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.PolicyDocument" } }, { "abstract": true, "docs": { "default": "- No groups.", "remarks": "You can also use `attachToGroup(group)` to attach this policy to a group.", "stability": "stable", "summary": "Groups to attach this policy to." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 77 }, "name": "groups", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.IGroup" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- A name is automatically generated.", "remarks": "If you specify multiple policies for an entity,\nspecify unique names. For example, if you specify a list of policies for\nan IAM role, each policy must have a unique name.", "stability": "stable", "summary": "The name of the managed policy." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 32 }, "name": "managedPolicyName", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "default": "- \"/\"", "remarks": "This parameter allows (through its regex pattern) a string of characters\nconsisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes.\nIn addition, it can contain any ASCII character from the ! (\\u0021) through the DEL character (\\u007F),\nincluding most punctuation characters, digits, and upper and lowercased letters.\n\nFor more information about paths, see IAM Identifiers in the IAM User Guide.", "stability": "stable", "summary": "The path for the policy." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 53 }, "name": "path", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "default": "- No roles.", "remarks": "You can also use `attachToRole(role)` to attach this policy to a role.", "stability": "stable", "summary": "Roles to attach this policy to." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 69 }, "name": "roles", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.IRole" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- No statements.", "remarks": "You can also use `addPermission(statement)` to add permissions later.", "stability": "stable", "summary": "Initial set of permissions to add to this policy document." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 85 }, "name": "statements", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- No users.", "remarks": "You can also use `attachToUser(user)` to attach this policy to a user.", "stability": "stable", "summary": "Users to attach this policy to." }, "immutable": true, "locationInModule": { "filename": "lib/managed-policy.ts", "line": 61 }, "name": "users", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.IUser" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.OpenIdConnectPrincipal": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/aws-iam.WebIdentityPrincipal", "docs": { "stability": "stable", "summary": "A principal that represents a federated identity provider as from a OpenID Connect provider." }, "fqn": "@aws-cdk/aws-iam.OpenIdConnectPrincipal", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 483 }, "parameters": [ { "docs": { "summary": "OpenID Connect provider." }, "name": "openIdConnectProvider", "type": { "fqn": "@aws-cdk/aws-iam.IOpenIdConnectProvider" } }, { "docs": { "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).", "summary": "The conditions under which the policy is in effect." }, "name": "conditions", "optional": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ] }, "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 475 }, "methods": [ { "docs": { "stability": "stable", "summary": "Returns a string representation of an object." }, "locationInModule": { "filename": "lib/principals.ts", "line": 491 }, "name": "toString", "overrides": "@aws-cdk/aws-iam.WebIdentityPrincipal", "returns": { "type": { "primitive": "string" } } } ], "name": "OpenIdConnectPrincipal", "properties": [ { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 487 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.WebIdentityPrincipal", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } } ] }, "@aws-cdk/aws-iam.OpenIdConnectProvider": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.Resource", "docs": { "custom": { "resource": "AWS::CloudFormation::CustomResource" }, "remarks": "You use an IAM OIDC identity provider\nwhen you want to establish trust between an OIDC-compatible IdP and your AWS\naccount. This is useful when creating a mobile app or web application that\nrequires access to AWS resources, but you don't want to create custom sign-in\ncode or manage your own user identities.", "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html", "stability": "experimental", "summary": "IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce." }, "fqn": "@aws-cdk/aws-iam.OpenIdConnectProvider", "initializer": { "docs": { "stability": "experimental", "summary": "Defines an OpenID Connect provider." }, "locationInModule": { "filename": "lib/oidc-provider.ts", "line": 118 }, "parameters": [ { "docs": { "summary": "The definition scope." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "Construct ID." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "Initialization properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-iam.OpenIdConnectProviderProps" } } ] }, "interfaces": [ "@aws-cdk/aws-iam.IOpenIdConnectProvider" ], "kind": "class", "locationInModule": { "filename": "lib/oidc-provider.ts", "line": 93 }, "methods": [ { "docs": { "stability": "experimental", "summary": "Imports an Open ID connect provider from an ARN." }, "locationInModule": { "filename": "lib/oidc-provider.ts", "line": 100 }, "name": "fromOpenIdConnectProviderArn", "parameters": [ { "docs": { "summary": "The definition scope." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "ID of the construct." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "the ARN to import." }, "name": "openIdConnectProviderArn", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.IOpenIdConnectProvider" } }, "static": true } ], "name": "OpenIdConnectProvider", "properties": [ { "docs": { "stability": "experimental", "summary": "The Amazon Resource Name (ARN) of the IAM OpenID Connect provider." }, "immutable": true, "locationInModule": { "filename": "lib/oidc-provider.ts", "line": 110 }, "name": "openIdConnectProviderArn", "overrides": "@aws-cdk/aws-iam.IOpenIdConnectProvider", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.OpenIdConnectProviderProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "experimental", "summary": "Initialization properties for `OpenIdConnectProvider`." }, "fqn": "@aws-cdk/aws-iam.OpenIdConnectProviderProps", "kind": "interface", "locationInModule": { "filename": "lib/oidc-provider.ts", "line": 22 }, "name": "OpenIdConnectProviderProps", "properties": [ { "abstract": true, "docs": { "remarks": "The URL must begin with https:// and\nshould correspond to the iss claim in the provider's OpenID Connect ID\ntokens. Per the OIDC standard, path components are allowed but query\nparameters are not. Typically the URL consists of only a hostname, like\nhttps://server.example.org or https://example.com.\n\nYou cannot register the same provider multiple times in a single AWS\naccount. If you try to submit a URL that has already been used for an\nOpenID Connect provider in the AWS account, you will get an error.", "stability": "experimental", "summary": "The URL of the identity provider." }, "immutable": true, "locationInModule": { "filename": "lib/oidc-provider.ts", "line": 34 }, "name": "url", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "default": "- no clients are allowed", "remarks": "When a mobile or web app\nregisters with an OpenID Connect provider, they establish a value that\nidentifies the application. (This is the value that's sent as the client_id\nparameter on OAuth requests.)\n\nYou can register multiple client IDs with the same provider. For example,\nyou might have multiple applications that use the same OIDC provider. You\ncannot register more than 100 client IDs with a single IAM OIDC provider.\n\nClient IDs are up to 255 characters long.", "stability": "experimental", "summary": "A list of client IDs (also known as audiences)." }, "immutable": true, "locationInModule": { "filename": "lib/oidc-provider.ts", "line": 50 }, "name": "clientIds", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- If no thumbprints are specified (an empty array or `undefined`),\nthe thumbprint of the root certificate authority will be obtained from the\nprovider's server as described in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html", "remarks": "Typically this list includes only one entry. However, IAM lets you have up\nto five thumbprints for an OIDC provider. This lets you maintain multiple\nthumbprints if the identity provider is rotating certificates.\n\nThe server certificate thumbprint is the hex-encoded SHA-1 hash value of\nthe X.509 certificate used by the domain where the OpenID Connect provider\nmakes its keys available. It is always a 40-character string.\n\nYou must provide at least one thumbprint when creating an IAM OIDC\nprovider. For example, assume that the OIDC provider is server.example.com\nand the provider stores its keys at\nhttps://keys.server.example.com/openid-connect. In that case, the\nthumbprint string would be the hex-encoded SHA-1 hash value of the\ncertificate used by https://keys.server.example.com.", "stability": "experimental", "summary": "A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificates." }, "immutable": true, "locationInModule": { "filename": "lib/oidc-provider.ts", "line": 75 }, "name": "thumbprints", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.OrganizationPrincipal": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/aws-iam.PrincipalBase", "docs": { "stability": "stable", "summary": "A principal that represents an AWS Organization." }, "fqn": "@aws-cdk/aws-iam.OrganizationPrincipal", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 363 }, "parameters": [ { "docs": { "summary": "The unique identifier (ID) of an organization (i.e. o-12345abcde)." }, "name": "organizationId", "type": { "primitive": "string" } } ] }, "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 358 }, "methods": [ { "docs": { "stability": "stable", "summary": "Returns a string representation of an object." }, "locationInModule": { "filename": "lib/principals.ts", "line": 374 }, "name": "toString", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "returns": { "type": { "primitive": "string" } } } ], "name": "OrganizationPrincipal", "properties": [ { "docs": { "stability": "stable", "summary": "The unique identifier (ID) of an organization (i.e. o-12345abcde)." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 363 }, "name": "organizationId", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 367 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } } ] }, "@aws-cdk/aws-iam.Policy": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.Resource", "docs": { "remarks": "For more information about IAM policies, see [Overview of IAM\nPolicies](http://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html)\nin the IAM User Guide guide.", "stability": "stable", "summary": "The AWS::IAM::Policy resource associates an IAM policy with IAM users, roles, or groups." }, "fqn": "@aws-cdk/aws-iam.Policy", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/policy.ts", "line": 118 }, "parameters": [ { "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "props", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.PolicyProps" } } ] }, "interfaces": [ "@aws-cdk/aws-iam.IPolicy" ], "kind": "class", "locationInModule": { "filename": "lib/policy.ts", "line": 93 }, "methods": [ { "docs": { "stability": "stable", "summary": "Import a policy in this app based on its name." }, "locationInModule": { "filename": "lib/policy.ts", "line": 98 }, "name": "fromPolicyName", "parameters": [ { "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "policyName", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.IPolicy" } }, "static": true }, { "docs": { "stability": "stable", "summary": "Adds a statement to the policy document." }, "locationInModule": { "filename": "lib/policy.ts", "line": 171 }, "name": "addStatements", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" }, "variadic": true } ], "variadic": true }, { "docs": { "stability": "stable", "summary": "Attaches this policy to a group." }, "locationInModule": { "filename": "lib/policy.ts", "line": 196 }, "name": "attachToGroup", "parameters": [ { "name": "group", "type": { "fqn": "@aws-cdk/aws-iam.IGroup" } } ] }, { "docs": { "stability": "stable", "summary": "Attaches this policy to a role." }, "locationInModule": { "filename": "lib/policy.ts", "line": 187 }, "name": "attachToRole", "parameters": [ { "name": "role", "type": { "fqn": "@aws-cdk/aws-iam.IRole" } } ] }, { "docs": { "stability": "stable", "summary": "Attaches this policy to a user." }, "locationInModule": { "filename": "lib/policy.ts", "line": 178 }, "name": "attachToUser", "parameters": [ { "name": "user", "type": { "fqn": "@aws-cdk/aws-iam.IUser" } } ] }, { "docs": { "remarks": "This method can be implemented by derived constructs in order to perform\nvalidation logic. It is called on all constructs before synthesis.", "stability": "stable", "summary": "Validate the current construct." }, "locationInModule": { "filename": "lib/policy.ts", "line": 212 }, "name": "validate", "overrides": "@aws-cdk/core.Construct", "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } } ], "name": "Policy", "properties": [ { "docs": { "stability": "stable", "summary": "The policy document." }, "immutable": true, "locationInModule": { "filename": "lib/policy.ts", "line": 109 }, "name": "document", "type": { "fqn": "@aws-cdk/aws-iam.PolicyDocument" } }, { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The name of this policy." }, "immutable": true, "locationInModule": { "filename": "lib/policy.ts", "line": 207 }, "name": "policyName", "overrides": "@aws-cdk/aws-iam.IPolicy", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.PolicyDocument": { "assembly": "@aws-cdk/aws-iam", "docs": { "stability": "stable", "summary": "A PolicyDocument is a collection of statements." }, "fqn": "@aws-cdk/aws-iam.PolicyDocument", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/policy-document.ts", "line": 47 }, "parameters": [ { "name": "props", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.PolicyDocumentProps" } } ] }, "interfaces": [ "@aws-cdk/core.IResolvable" ], "kind": "class", "locationInModule": { "filename": "lib/policy-document.ts", "line": 26 }, "methods": [ { "docs": { "remarks": "This will accept an object created from the `.toJSON()` call", "stability": "stable", "summary": "Creates a new PolicyDocument based on the object provided." }, "locationInModule": { "filename": "lib/policy-document.ts", "line": 33 }, "name": "fromJson", "parameters": [ { "docs": { "summary": "the PolicyDocument in object form." }, "name": "obj", "type": { "primitive": "any" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.PolicyDocument" } }, "static": true }, { "docs": { "stability": "stable", "summary": "Adds a statement to the policy document." }, "locationInModule": { "filename": "lib/policy-document.ts", "line": 79 }, "name": "addStatements", "parameters": [ { "docs": { "summary": "the statement to add." }, "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" }, "variadic": true } ], "variadic": true }, { "docs": { "stability": "stable", "summary": "Produce the Token's value at resolution time." }, "locationInModule": { "filename": "lib/policy-document.ts", "line": 54 }, "name": "resolve", "overrides": "@aws-cdk/core.IResolvable", "parameters": [ { "name": "context", "type": { "fqn": "@aws-cdk/core.IResolveContext" } } ], "returns": { "type": { "primitive": "any" } } }, { "docs": { "remarks": "Used when JSON.stringify() is called", "stability": "stable", "summary": "JSON-ify the document." }, "locationInModule": { "filename": "lib/policy-document.ts", "line": 97 }, "name": "toJSON", "returns": { "type": { "primitive": "any" } } }, { "docs": { "stability": "stable", "summary": "Encode the policy document as a string." }, "locationInModule": { "filename": "lib/policy-document.ts", "line": 86 }, "name": "toString", "overrides": "@aws-cdk/core.IResolvable", "returns": { "type": { "primitive": "string" } } }, { "docs": { "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json", "stability": "stable", "summary": "Validate that all policy statements in the policy document satisfies the requirements for any policy." }, "locationInModule": { "filename": "lib/policy-document.ts", "line": 107 }, "name": "validateForAnyPolicy", "returns": { "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } }, { "docs": { "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json", "stability": "stable", "summary": "Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy." }, "locationInModule": { "filename": "lib/policy-document.ts", "line": 135 }, "name": "validateForIdentityPolicy", "returns": { "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } }, { "docs": { "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json", "stability": "stable", "summary": "Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy." }, "locationInModule": { "filename": "lib/policy-document.ts", "line": 121 }, "name": "validateForResourcePolicy", "returns": { "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } } ], "name": "PolicyDocument", "properties": [ { "docs": { "remarks": "If this returns an empty array the stack will not be attached.", "stability": "stable", "summary": "The creation stack of this resolvable which will be appended to errors thrown during resolution." }, "immutable": true, "locationInModule": { "filename": "lib/policy-document.ts", "line": 43 }, "name": "creationStack", "overrides": "@aws-cdk/core.IResolvable", "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "docs": { "stability": "stable", "summary": "Whether the policy document contains any statements." }, "immutable": true, "locationInModule": { "filename": "lib/policy-document.ts", "line": 62 }, "name": "isEmpty", "type": { "primitive": "boolean" } }, { "docs": { "remarks": "Can be used, for example, to generate unique \"sid\"s within the policy.", "stability": "stable", "summary": "The number of statements already added to this policy." }, "immutable": true, "locationInModule": { "filename": "lib/policy-document.ts", "line": 70 }, "name": "statementCount", "type": { "primitive": "number" } } ] }, "@aws-cdk/aws-iam.PolicyDocumentProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "stable", "summary": "Properties for a new PolicyDocument." }, "fqn": "@aws-cdk/aws-iam.PolicyDocumentProps", "kind": "interface", "locationInModule": { "filename": "lib/policy-document.ts", "line": 7 }, "name": "PolicyDocumentProps", "properties": [ { "abstract": true, "docs": { "default": "false", "stability": "stable", "summary": "Automatically assign Statement Ids to all statements." }, "immutable": true, "locationInModule": { "filename": "lib/policy-document.ts", "line": 13 }, "name": "assignSids", "optional": true, "type": { "primitive": "boolean" } }, { "abstract": true, "docs": { "default": "- No statements", "stability": "stable", "summary": "Initial statements to add to the policy document." }, "immutable": true, "locationInModule": { "filename": "lib/policy-document.ts", "line": 20 }, "name": "statements", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.PolicyProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "stable", "summary": "Properties for defining an IAM inline policy document." }, "fqn": "@aws-cdk/aws-iam.PolicyProps", "kind": "interface", "locationInModule": { "filename": "lib/policy.ts", "line": 27 }, "name": "PolicyProps", "properties": [ { "abstract": true, "docs": { "default": "false", "remarks": "Unless set to `true`, this `Policy` construct will not materialize to an\n`AWS::IAM::Policy` CloudFormation resource in case it would have no effect\n(for example, if it remains unattached to an IAM identity or if it has no\nstatements). This is generally desired behavior, since it prevents\ncreating invalid--and hence undeployable--CloudFormation templates.\n\nIn cases where you know the policy must be created and it is actually\nan error if no statements have been added to it, you can se this to `true`.", "stability": "stable", "summary": "Force creation of an `AWS::IAM::Policy`." }, "immutable": true, "locationInModule": { "filename": "lib/policy.ts", "line": 84 }, "name": "force", "optional": true, "type": { "primitive": "boolean" } }, { "abstract": true, "docs": { "default": "- No groups.", "remarks": "You can also use `attachToGroup(group)` to attach this policy to a group.", "stability": "stable", "summary": "Groups to attach this policy to." }, "immutable": true, "locationInModule": { "filename": "lib/policy.ts", "line": 60 }, "name": "groups", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.IGroup" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- Uses the logical ID of the policy resource, which is ensured\nto be unique within the stack.", "remarks": "If you specify multiple policies for an entity,\nspecify unique names. For example, if you specify a list of policies for\nan IAM role, each policy must have a unique name.", "stability": "stable", "summary": "The name of the policy." }, "immutable": true, "locationInModule": { "filename": "lib/policy.ts", "line": 36 }, "name": "policyName", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "default": "- No roles.", "remarks": "You can also use `attachToRole(role)` to attach this policy to a role.", "stability": "stable", "summary": "Roles to attach this policy to." }, "immutable": true, "locationInModule": { "filename": "lib/policy.ts", "line": 52 }, "name": "roles", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.IRole" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- No statements.", "remarks": "You can also use `addStatements(...statement)` to add permissions later.", "stability": "stable", "summary": "Initial set of permissions to add to this policy document." }, "immutable": true, "locationInModule": { "filename": "lib/policy.ts", "line": 68 }, "name": "statements", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- No users.", "remarks": "You can also use `attachToUser(user)` to attach this policy to a user.", "stability": "stable", "summary": "Users to attach this policy to." }, "immutable": true, "locationInModule": { "filename": "lib/policy.ts", "line": 44 }, "name": "users", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.IUser" }, "kind": "array" } } } ] }, "@aws-cdk/aws-iam.PolicyStatement": { "assembly": "@aws-cdk/aws-iam", "docs": { "stability": "stable", "summary": "Represents a statement in an IAM policy document." }, "fqn": "@aws-cdk/aws-iam.PolicyStatement", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 63 }, "parameters": [ { "name": "props", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatementProps" } } ] }, "kind": "class", "locationInModule": { "filename": "lib/policy-statement.ts", "line": 24 }, "methods": [ { "docs": { "remarks": "This will accept an object created from the `.toJSON()` call", "stability": "stable", "summary": "Creates a new PolicyStatement based on the object provided." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 31 }, "name": "fromJson", "parameters": [ { "docs": { "summary": "the PolicyStatement in object form." }, "name": "obj", "type": { "primitive": "any" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } }, "static": true }, { "docs": { "stability": "stable", "summary": "Add a condition that limits to a given account." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 299 }, "name": "addAccountCondition", "parameters": [ { "name": "accountId", "type": { "primitive": "string" } } ] }, { "docs": { "stability": "stable", "summary": "Adds an AWS account root user principal to this policy statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 207 }, "name": "addAccountRootPrincipal" }, { "docs": { "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html", "stability": "stable", "summary": "Specify allowed actions into the \"Action\" section of the policy statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 96 }, "name": "addActions", "parameters": [ { "docs": { "summary": "actions that will be allowed." }, "name": "actions", "type": { "primitive": "string" }, "variadic": true } ], "variadic": true }, { "docs": { "stability": "stable", "summary": "Adds a ``\"*\"`` resource to this statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 264 }, "name": "addAllResources" }, { "docs": { "stability": "stable", "summary": "Adds all identities in all accounts (\"*\") to this policy statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 223 }, "name": "addAnyPrincipal" }, { "docs": { "remarks": "You cannot specify IAM groups and instance profiles as principals.", "stability": "stable", "summary": "Specify a principal using the ARN identifier of the principal." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 179 }, "name": "addArnPrincipal", "parameters": [ { "docs": { "summary": "ARN identifier of AWS account, IAM user, or IAM role (i.e. arn:aws:iam::123456789012:user/user-name)." }, "name": "arn", "type": { "primitive": "string" } } ] }, { "docs": { "stability": "stable", "summary": "Specify AWS account ID as the principal entity to the \"Principal\" section of a policy statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 169 }, "name": "addAwsAccountPrincipal", "parameters": [ { "name": "accountId", "type": { "primitive": "string" } } ] }, { "docs": { "stability": "stable", "summary": "Adds a canonical user ID principal to this policy document." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 216 }, "name": "addCanonicalUserPrincipal", "parameters": [ { "docs": { "summary": "unique identifier assigned by AWS for every account." }, "name": "canonicalUserId", "type": { "primitive": "string" } } ] }, { "docs": { "stability": "stable", "summary": "Add a condition to the Policy." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 282 }, "name": "addCondition", "parameters": [ { "name": "key", "type": { "primitive": "string" } }, { "name": "value", "type": { "primitive": "any" } } ] }, { "docs": { "stability": "stable", "summary": "Add multiple conditions to the Policy." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 290 }, "name": "addConditions", "parameters": [ { "name": "conditions", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ] }, { "docs": { "stability": "stable", "summary": "Adds a federated identity provider such as Amazon Cognito to this policy statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 200 }, "name": "addFederatedPrincipal", "parameters": [ { "docs": { "summary": "federated identity provider (i.e. 'cognito-identity.amazonaws.com')." }, "name": "federated", "type": { "primitive": "any" } }, { "docs": { "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).", "summary": "The conditions under which the policy is in effect." }, "name": "conditions", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ] }, { "docs": { "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html", "stability": "stable", "summary": "Explicitly allow all actions except the specified list of actions into the \"NotAction\" section of the policy document." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 111 }, "name": "addNotActions", "parameters": [ { "docs": { "remarks": "All other actions will be permitted.", "summary": "actions that will be denied." }, "name": "notActions", "type": { "primitive": "string" }, "variadic": true } ], "variadic": true }, { "docs": { "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html", "stability": "stable", "summary": "Specify principals that is not allowed or denied access to the \"NotPrincipal\" section of a policy statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 155 }, "name": "addNotPrincipals", "parameters": [ { "docs": { "summary": "IAM principals that will be denied access." }, "name": "notPrincipals", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" }, "variadic": true } ], "variadic": true }, { "docs": { "remarks": "All resources except the specified list will be matched.", "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html", "stability": "stable", "summary": "Specify resources that this policy statement will not apply to in the \"NotResource\" section of this policy statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 254 }, "name": "addNotResources", "parameters": [ { "docs": { "summary": "Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to." }, "name": "arns", "type": { "primitive": "string" }, "variadic": true } ], "variadic": true }, { "docs": { "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html", "stability": "stable", "summary": "Adds principals to the \"Principal\" section of a policy statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 136 }, "name": "addPrincipals", "parameters": [ { "docs": { "summary": "IAM principals that will be added." }, "name": "principals", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" }, "variadic": true } ], "variadic": true }, { "docs": { "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html", "stability": "stable", "summary": "Specify resources that this policy statement applies into the \"Resource\" section of this policy statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 239 }, "name": "addResources", "parameters": [ { "docs": { "summary": "Amazon Resource Names (ARNs) of the resources that this policy statement applies to." }, "name": "arns", "type": { "primitive": "string" }, "variadic": true } ], "variadic": true }, { "docs": { "stability": "stable", "summary": "Adds a service principal to this policy statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 189 }, "name": "addServicePrincipal", "parameters": [ { "docs": { "summary": "the service name for which a service principal is requested (e.g: `s3.amazonaws.com`)." }, "name": "service", "type": { "primitive": "string" } }, { "docs": { "summary": "options for adding the service principal (such as specifying a principal in a different region)." }, "name": "opts", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.ServicePrincipalOpts" } } ] }, { "docs": { "remarks": "Used when JSON.stringify() is called", "stability": "stable", "summary": "JSON-ify the statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 383 }, "name": "toJSON", "returns": { "type": { "primitive": "any" } } }, { "docs": { "remarks": "Used when JSON.stringify() is called", "stability": "stable", "summary": "JSON-ify the policy statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 308 }, "name": "toStatementJson", "returns": { "type": { "primitive": "any" } } }, { "docs": { "stability": "stable", "summary": "String representation of this policy statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 372 }, "name": "toString", "returns": { "type": { "primitive": "string" } } }, { "docs": { "stability": "stable", "summary": "Validate that the policy statement satisfies base requirements for a policy." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 417 }, "name": "validateForAnyPolicy", "returns": { "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } }, { "docs": { "stability": "stable", "summary": "Validate that the policy statement satisfies all requirements for an identity-based policy." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 439 }, "name": "validateForIdentityPolicy", "returns": { "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } }, { "docs": { "stability": "stable", "summary": "Validate that the policy statement satisfies all requirements for a resource-based policy." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 428 }, "name": "validateForResourcePolicy", "returns": { "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } } ], "name": "PolicyStatement", "properties": [ { "docs": { "stability": "stable", "summary": "Indicates if this permission has a \"Principal\" section." }, "immutable": true, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 125 }, "name": "hasPrincipal", "type": { "primitive": "boolean" } }, { "docs": { "stability": "stable", "summary": "Indicates if this permission as at least one resource associated with it." }, "immutable": true, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 271 }, "name": "hasResource", "type": { "primitive": "boolean" } }, { "docs": { "stability": "stable", "summary": "Whether to allow or deny the actions in this statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 52 }, "name": "effect", "type": { "fqn": "@aws-cdk/aws-iam.Effect" } }, { "docs": { "stability": "stable", "summary": "Statement ID for this statement." }, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 48 }, "name": "sid", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.PolicyStatementProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "stable", "summary": "Interface for creating a policy statement." }, "fqn": "@aws-cdk/aws-iam.PolicyStatementProps", "kind": "interface", "locationInModule": { "filename": "lib/policy-statement.ts", "line": 503 }, "name": "PolicyStatementProps", "properties": [ { "abstract": true, "docs": { "default": "- no actions", "stability": "stable", "summary": "List of actions to add to the statement." }, "immutable": true, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 520 }, "name": "actions", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- no condition", "stability": "stable", "summary": "Conditions to add to the statement." }, "immutable": true, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 562 }, "name": "conditions", "optional": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "abstract": true, "docs": { "default": "Effect.ALLOW", "stability": "stable", "summary": "Whether to allow or deny the actions in this statement." }, "immutable": true, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 569 }, "name": "effect", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.Effect" } }, { "abstract": true, "docs": { "default": "- no not-actions", "stability": "stable", "summary": "List of not actions to add to the statement." }, "immutable": true, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 527 }, "name": "notActions", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- no not principals", "stability": "stable", "summary": "List of not principals to add to the statement." }, "immutable": true, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 541 }, "name": "notPrincipals", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.IPrincipal" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- no not-resources", "stability": "stable", "summary": "NotResource ARNs to add to the statement." }, "immutable": true, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 555 }, "name": "notResources", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- no principals", "stability": "stable", "summary": "List of principals to add to the statement." }, "immutable": true, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 534 }, "name": "principals", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.IPrincipal" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- no resources", "stability": "stable", "summary": "Resource ARNs to add to the statement." }, "immutable": true, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 548 }, "name": "resources", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- no sid", "remarks": "You can assign a Sid value to each statement in a\nstatement array. In services that let you specify an ID element, such as\nSQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In\nIAM, the Sid value must be unique within a JSON policy.", "stability": "stable", "summary": "The Sid (statement ID) is an optional identifier that you provide for the policy statement." }, "immutable": true, "locationInModule": { "filename": "lib/policy-statement.ts", "line": 513 }, "name": "sid", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.PrincipalBase": { "abstract": true, "assembly": "@aws-cdk/aws-iam", "docs": { "stability": "stable", "summary": "Base class for policy principals." }, "fqn": "@aws-cdk/aws-iam.PrincipalBase", "initializer": { "docs": { "stability": "stable" } }, "interfaces": [ "@aws-cdk/aws-iam.IPrincipal" ], "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 93 }, "methods": [ { "docs": { "stability": "stable", "summary": "Add to the policy of this principal." }, "locationInModule": { "filename": "lib/principals.ts", "line": 107 }, "name": "addToPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "primitive": "boolean" } } }, { "docs": { "stability": "stable", "summary": "Add to the policy of this principal." }, "locationInModule": { "filename": "lib/principals.ts", "line": 111 }, "name": "addToPrincipalPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "name": "_statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult" } } }, { "docs": { "remarks": "Used when JSON.stringify() is called", "stability": "stable", "summary": "JSON-ify the principal." }, "locationInModule": { "filename": "lib/principals.ts", "line": 128 }, "name": "toJSON", "returns": { "type": { "collection": { "elementtype": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } }, "kind": "map" } } } }, { "docs": { "stability": "stable", "summary": "Returns a string representation of an object." }, "locationInModule": { "filename": "lib/principals.ts", "line": 117 }, "name": "toString", "returns": { "type": { "primitive": "string" } } }, { "docs": { "remarks": "When there is a value for the same operator and key in both the principal and the\nconditions parameter, the value from the conditions parameter will be used.", "returns": "a new PrincipalWithConditions object.", "stability": "stable", "summary": "Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added." }, "locationInModule": { "filename": "lib/principals.ts", "line": 142 }, "name": "withConditions", "parameters": [ { "name": "conditions", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } } } ], "name": "PrincipalBase", "properties": [ { "docs": { "stability": "stable", "summary": "When this Principal is used in an AssumeRole policy, the action to use." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 105 }, "name": "assumeRoleAction", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "The principal to grant permissions to." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 94 }, "name": "grantPrincipal", "overrides": "@aws-cdk/aws-iam.IGrantable", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } }, { "abstract": true, "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 100 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } }, { "docs": { "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.", "stability": "stable", "summary": "The AWS account ID of this principal." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 95 }, "name": "principalAccount", "optional": true, "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.PrincipalPolicyFragment": { "assembly": "@aws-cdk/aws-iam", "docs": { "remarks": "This consists of the JSON used in the \"Principal\" field, and optionally a\nset of \"Condition\"s that need to be applied to the policy.", "stability": "stable", "summary": "A collection of the fields in a PolicyStatement that can be used to identify a principal." }, "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 259 }, "parameters": [ { "docs": { "summary": "JSON of the \"Principal\" section in a policy statement." }, "name": "principalJson", "type": { "collection": { "elementtype": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } }, "kind": "map" } } }, { "docs": { "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).\nconditions that need to be applied to this policy", "summary": "The conditions under which the policy is in effect." }, "name": "conditions", "optional": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ] }, "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 253 }, "name": "PrincipalPolicyFragment", "properties": [ { "docs": { "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).\nconditions that need to be applied to this policy", "stability": "stable", "summary": "The conditions under which the policy is in effect." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 265 }, "name": "conditions", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "stability": "stable", "summary": "JSON of the \"Principal\" section in a policy statement." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 260 }, "name": "principalJson", "type": { "collection": { "elementtype": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } }, "kind": "map" } } } ] }, "@aws-cdk/aws-iam.PrincipalWithConditions": { "assembly": "@aws-cdk/aws-iam", "docs": { "remarks": "For more information about conditions, see:\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html", "stability": "stable", "summary": "An IAM principal with additional conditions specifying when the policy is in effect." }, "fqn": "@aws-cdk/aws-iam.PrincipalWithConditions", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 158 }, "parameters": [ { "name": "principal", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } }, { "name": "conditions", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ] }, "interfaces": [ "@aws-cdk/aws-iam.IPrincipal" ], "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 153 }, "methods": [ { "docs": { "stability": "stable", "summary": "Add a condition to the principal." }, "locationInModule": { "filename": "lib/principals.ts", "line": 168 }, "name": "addCondition", "parameters": [ { "name": "key", "type": { "primitive": "string" } }, { "name": "value", "type": { "primitive": "any" } } ] }, { "docs": { "remarks": "Values from the conditions parameter will overwrite existing values with the same operator\nand key.", "stability": "stable", "summary": "Adds multiple conditions to the principal." }, "locationInModule": { "filename": "lib/principals.ts", "line": 179 }, "name": "addConditions", "parameters": [ { "name": "conditions", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ] }, { "docs": { "stability": "stable", "summary": "Add to the policy of this principal." }, "locationInModule": { "filename": "lib/principals.ts", "line": 197 }, "name": "addToPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "primitive": "boolean" } } }, { "docs": { "stability": "stable", "summary": "Add to the policy of this principal." }, "locationInModule": { "filename": "lib/principals.ts", "line": 201 }, "name": "addToPrincipalPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult" } } }, { "docs": { "remarks": "Used when JSON.stringify() is called", "stability": "stable", "summary": "JSON-ify the principal." }, "locationInModule": { "filename": "lib/principals.ts", "line": 214 }, "name": "toJSON", "returns": { "type": { "collection": { "elementtype": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } }, "kind": "map" } } } }, { "docs": { "stability": "stable", "summary": "Returns a string representation of an object." }, "locationInModule": { "filename": "lib/principals.ts", "line": 205 }, "name": "toString", "returns": { "type": { "primitive": "string" } } } ], "name": "PrincipalWithConditions", "properties": [ { "docs": { "stability": "stable", "summary": "When this Principal is used in an AssumeRole policy, the action to use." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 155 }, "name": "assumeRoleAction", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "primitive": "string" } }, { "docs": { "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).", "stability": "stable", "summary": "The conditions under which the policy is in effect." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 189 }, "name": "conditions", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "stability": "stable", "summary": "The principal to grant permissions to." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 154 }, "name": "grantPrincipal", "overrides": "@aws-cdk/aws-iam.IGrantable", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } }, { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 193 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } } ] }, "@aws-cdk/aws-iam.Role": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.Resource", "docs": { "remarks": "Defines an IAM role. The role is created with an assume policy document associated with\nthe specified AWS service principal defined in `serviceAssumeRole`.", "stability": "stable", "summary": "IAM Role." }, "fqn": "@aws-cdk/aws-iam.Role", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/role.ts", "line": 304 }, "parameters": [ { "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "props", "type": { "fqn": "@aws-cdk/aws-iam.RoleProps" } } ] }, "interfaces": [ "@aws-cdk/aws-iam.IRole" ], "kind": "class", "locationInModule": { "filename": "lib/role.ts", "line": 157 }, "methods": [ { "docs": { "remarks": "If the imported Role ARN is a Token (such as a\n`CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced\nrole has a `path` (like `arn:...:role/AdminRoles/Alice`), the\n`roleName` property will not resolve to the correct value. Instead it\nwill resolve to the first path component. We unfortunately cannot express\nthe correct calculation of the full path name as a CloudFormation\nexpression. In this scenario the Role ARN should be supplied without the\n`path` in order to resolve the correct role resource.", "stability": "stable", "summary": "Import an external role by ARN." }, "locationInModule": { "filename": "lib/role.ts", "line": 175 }, "name": "fromRoleArn", "parameters": [ { "docs": { "summary": "construct scope." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "construct id." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "the ARN of the role to import." }, "name": "roleArn", "type": { "primitive": "string" } }, { "docs": { "summary": "allow customizing the behavior of the returned role." }, "name": "options", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.FromRoleArnOptions" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.IRole" } }, "static": true }, { "docs": { "stability": "stable", "summary": "Attaches a managed policy to this role." }, "locationInModule": { "filename": "lib/role.ts", "line": 382 }, "name": "addManagedPolicy", "overrides": "@aws-cdk/aws-iam.IIdentity", "parameters": [ { "docs": { "summary": "The the managed policy to attach." }, "name": "policy", "type": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" } } ] }, { "docs": { "stability": "stable", "summary": "Add to the policy of this principal." }, "locationInModule": { "filename": "lib/role.ts", "line": 374 }, "name": "addToPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "primitive": "boolean" } } }, { "docs": { "remarks": "If there is no default policy attached to this role, it will be created.", "stability": "stable", "summary": "Adds a permission to the role's default policy document." }, "locationInModule": { "filename": "lib/role.ts", "line": 365 }, "name": "addToPrincipalPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "docs": { "summary": "The permission statement to add to the policy document." }, "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult" } } }, { "docs": { "stability": "stable", "summary": "Attaches a policy to this role." }, "locationInModule": { "filename": "lib/role.ts", "line": 391 }, "name": "attachInlinePolicy", "overrides": "@aws-cdk/aws-iam.IIdentity", "parameters": [ { "docs": { "summary": "The policy to attach." }, "name": "policy", "type": { "fqn": "@aws-cdk/aws-iam.Policy" } } ] }, { "docs": { "stability": "stable", "summary": "Grant the actions defined in actions to the identity Principal on this resource." }, "locationInModule": { "filename": "lib/role.ts", "line": 399 }, "name": "grant", "overrides": "@aws-cdk/aws-iam.IRole", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } }, { "name": "actions", "type": { "primitive": "string" }, "variadic": true } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } }, "variadic": true }, { "docs": { "stability": "stable", "summary": "Grant permissions to the given principal to pass this role." }, "locationInModule": { "filename": "lib/role.ts", "line": 411 }, "name": "grantPassRole", "overrides": "@aws-cdk/aws-iam.IRole", "parameters": [ { "name": "identity", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } } }, { "docs": { "remarks": "This method can be implemented by derived constructs in order to perform\nvalidation logic. It is called on all constructs before synthesis.", "stability": "stable", "summary": "Validate the current construct." }, "locationInModule": { "filename": "lib/role.ts", "line": 432 }, "name": "validate", "overrides": "@aws-cdk/core.Construct", "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } }, { "docs": { "remarks": "Use the object returned by this method if you want this Role to be used by\na construct without it automatically updating the Role's Policies.\n\nIf you do, you are responsible for adding the correct statements to the\nRole's policies yourself.", "stability": "stable", "summary": "Return a copy of this Role object whose Policies will not be updated." }, "locationInModule": { "filename": "lib/role.ts", "line": 424 }, "name": "withoutPolicyUpdates", "returns": { "type": { "fqn": "@aws-cdk/aws-iam.IRole" } } } ], "name": "Role", "properties": [ { "docs": { "stability": "stable", "summary": "When this Principal is used in an AssumeRole policy, the action to use." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 263 }, "name": "assumeRoleAction", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "The principal to grant permissions to." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 260 }, "name": "grantPrincipal", "overrides": "@aws-cdk/aws-iam.IGrantable", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } }, { "docs": { "stability": "stable", "summary": "Returns the role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 291 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } }, { "docs": { "stability": "stable", "summary": "Returns the ARN of this role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 273 }, "name": "roleArn", "overrides": "@aws-cdk/aws-iam.IRole", "type": { "primitive": "string" } }, { "docs": { "custom": { "attribute": "true" }, "remarks": "For example,\nAIDAJQABLZS4A3QDU576Q.", "stability": "stable", "summary": "Returns the stable and unique string identifying the role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 281 }, "name": "roleId", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "Returns the name of the role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 286 }, "name": "roleName", "overrides": "@aws-cdk/aws-iam.IRole", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "The assume role policy document associated with this role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 268 }, "name": "assumeRolePolicy", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.PolicyDocument" } }, { "docs": { "stability": "stable", "summary": "Returns the permissions boundary attached to this role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 296 }, "name": "permissionsBoundary", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" } }, { "docs": { "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.", "stability": "stable", "summary": "The AWS account ID of this principal." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 261 }, "name": "principalAccount", "optional": true, "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.RoleProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "stable", "summary": "Properties for defining an IAM Role." }, "fqn": "@aws-cdk/aws-iam.RoleProps", "kind": "interface", "locationInModule": { "filename": "lib/role.ts", "line": 16 }, "name": "RoleProps", "properties": [ { "abstract": true, "docs": { "remarks": "You can later modify the assume role policy document by accessing it via\nthe `assumeRolePolicy` property.", "stability": "stable", "summary": "The IAM principal (i.e. `new ServicePrincipal('sns.amazonaws.com')`) which can assume this role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 24 }, "name": "assumedBy", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } }, { "abstract": true, "docs": { "default": "- No description.", "remarks": "It can be up to 1000 characters long.", "stability": "stable", "summary": "A description of the role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 134 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "default": "No external ID required", "deprecated": "see {@link externalIds}", "remarks": "If the configured and provided external IDs do not match, the\nAssumeRole operation will fail.", "stability": "deprecated", "summary": "ID that the role assumer needs to provide when assuming this role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 36 }, "name": "externalId", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "default": "No external ID required", "remarks": "If the configured and provided external IDs do not match, the\nAssumeRole operation will fail.", "stability": "stable", "summary": "List of IDs that the role assumer needs to provide one of when assuming this role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 46 }, "name": "externalIds", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- No policy is inlined in the Role resource.", "remarks": "These policies will be\ncreated with the role, whereas those added by ``addToPolicy`` are added\nusing a separate CloudFormation resource (allowing a way around circular\ndependencies that could otherwise be introduced).", "stability": "stable", "summary": "A list of named policies to inline into this role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 66 }, "name": "inlinePolicies", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.PolicyDocument" }, "kind": "map" } } }, { "abstract": true, "docs": { "default": "- No managed policies.", "remarks": "You can add managed policies later using\n`addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.", "stability": "stable", "summary": "A list of managed policies associated with this role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 56 }, "name": "managedPolicies", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" }, "kind": "array" } } }, { "abstract": true, "docs": { "custom": { "link": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html" }, "default": "Duration.hours(1)", "remarks": "This setting can have a value from 1 hour (3600sec) to 12 (43200sec) hours.\n\nAnyone who assumes the role from the AWS CLI or API can use the\nDurationSeconds API parameter or the duration-seconds CLI parameter to\nrequest a longer session. The MaxSessionDuration setting determines the\nmaximum duration that can be requested using the DurationSeconds\nparameter.\n\nIf users don't specify a value for the DurationSeconds parameter, their\nsecurity credentials are valid for one hour by default. This applies when\nyou use the AssumeRole* API operations or the assume-role* CLI operations\nbut does not apply when you use those operations to create a console URL.", "stability": "stable", "summary": "The maximum session duration that you want to set for the specified role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 127 }, "name": "maxSessionDuration", "optional": true, "type": { "fqn": "@aws-cdk/core.Duration" } }, { "abstract": true, "docs": { "default": "/", "remarks": "For information about IAM paths, see\nFriendly Names and Paths in IAM User Guide.", "stability": "stable", "summary": "The path associated with this role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 74 }, "name": "path", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html" }, "default": "- No permissions boundary.", "remarks": "A permissions boundary is an advanced feature for using a managed policy\nto set the maximum permissions that an identity-based policy can grant to\nan IAM entity. An entity's permissions boundary allows it to perform only\nthe actions that are allowed by both its identity-based policies and its\npermissions boundaries.", "stability": "stable", "summary": "AWS supports permissions boundaries for IAM entities (users or roles)." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 89 }, "name": "permissionsBoundary", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" } }, { "abstract": true, "docs": { "default": "- AWS CloudFormation generates a unique physical ID and uses that ID\nfor the role name.", "remarks": "For valid values, see the RoleName parameter for\nthe CreateRole action in the IAM API Reference.\n\nIMPORTANT: If you specify a name, you cannot perform updates that require\nreplacement of this resource. You can perform updates that require no or\nsome interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the CAPABILITY_NAMED_IAM value to\nacknowledge your template's capabilities. For more information, see\nAcknowledging IAM Resources in AWS CloudFormation Templates.", "stability": "stable", "summary": "A name for the IAM role." }, "immutable": true, "locationInModule": { "filename": "lib/role.ts", "line": 106 }, "name": "roleName", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.ServicePrincipal": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/aws-iam.PrincipalBase", "docs": { "stability": "stable", "summary": "An IAM principal that represents an AWS service (i.e. sqs.amazonaws.com)." }, "fqn": "@aws-cdk/aws-iam.ServicePrincipal", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 338 }, "parameters": [ { "docs": { "summary": "AWS service (i.e. sqs.amazonaws.com)." }, "name": "service", "type": { "primitive": "string" } }, { "name": "opts", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.ServicePrincipalOpts" } } ] }, "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 333 }, "methods": [ { "docs": { "stability": "stable", "summary": "Returns a string representation of an object." }, "locationInModule": { "filename": "lib/principals.ts", "line": 350 }, "name": "toString", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "returns": { "type": { "primitive": "string" } } } ], "name": "ServicePrincipal", "properties": [ { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 342 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } }, { "docs": { "stability": "stable", "summary": "AWS service (i.e. sqs.amazonaws.com)." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 338 }, "name": "service", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.ServicePrincipalOpts": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "stable", "summary": "Options for a service principal." }, "fqn": "@aws-cdk/aws-iam.ServicePrincipalOpts", "kind": "interface", "locationInModule": { "filename": "lib/principals.ts", "line": 314 }, "name": "ServicePrincipalOpts", "properties": [ { "abstract": true, "docs": { "default": "- No conditions", "stability": "stable", "summary": "Additional conditions to add to the Service Principal." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 327 }, "name": "conditions", "optional": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "abstract": true, "docs": { "default": "the current Stack's region.", "stability": "stable", "summary": "The region in which the service is operating." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 320 }, "name": "region", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.UnknownPrincipal": { "assembly": "@aws-cdk/aws-iam", "docs": { "remarks": "Some resources have roles associated with them which they assume, such as\nLambda Functions, CodeBuild projects, StepFunctions machines, etc.\n\nWhen those resources are imported, their actual roles are not always\nimported with them. When that happens, we use an instance of this class\ninstead, which will add user warnings when statements are attempted to be\nadded to it.", "stability": "stable", "summary": "A principal for use in resources that need to have a role but it's unknown." }, "fqn": "@aws-cdk/aws-iam.UnknownPrincipal", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/unknown-principal.ts", "line": 31 }, "parameters": [ { "name": "props", "type": { "fqn": "@aws-cdk/aws-iam.UnknownPrincipalProps" } } ] }, "interfaces": [ "@aws-cdk/aws-iam.IPrincipal" ], "kind": "class", "locationInModule": { "filename": "lib/unknown-principal.ts", "line": 26 }, "methods": [ { "docs": { "stability": "stable", "summary": "Add to the policy of this principal." }, "locationInModule": { "filename": "lib/unknown-principal.ts", "line": 48 }, "name": "addToPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "primitive": "boolean" } } }, { "docs": { "stability": "stable", "summary": "Add to the policy of this principal." }, "locationInModule": { "filename": "lib/unknown-principal.ts", "line": 40 }, "name": "addToPrincipalPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult" } } } ], "name": "UnknownPrincipal", "properties": [ { "docs": { "stability": "stable", "summary": "When this Principal is used in an AssumeRole policy, the action to use." }, "immutable": true, "locationInModule": { "filename": "lib/unknown-principal.ts", "line": 27 }, "name": "assumeRoleAction", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "The principal to grant permissions to." }, "immutable": true, "locationInModule": { "filename": "lib/unknown-principal.ts", "line": 28 }, "name": "grantPrincipal", "overrides": "@aws-cdk/aws-iam.IGrantable", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } }, { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/unknown-principal.ts", "line": 36 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } } ] }, "@aws-cdk/aws-iam.UnknownPrincipalProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "stable", "summary": "Properties for an UnknownPrincipal." }, "fqn": "@aws-cdk/aws-iam.UnknownPrincipalProps", "kind": "interface", "locationInModule": { "filename": "lib/unknown-principal.ts", "line": 8 }, "name": "UnknownPrincipalProps", "properties": [ { "abstract": true, "docs": { "stability": "stable", "summary": "The resource the role proxy is for." }, "immutable": true, "locationInModule": { "filename": "lib/unknown-principal.ts", "line": 12 }, "name": "resource", "type": { "fqn": "@aws-cdk/core.IConstruct" } } ] }, "@aws-cdk/aws-iam.User": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/core.Resource", "docs": { "stability": "stable", "summary": "Define a new IAM user." }, "fqn": "@aws-cdk/aws-iam.User", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/user.ts", "line": 206 }, "parameters": [ { "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "props", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.UserProps" } } ] }, "interfaces": [ "@aws-cdk/aws-iam.IIdentity", "@aws-cdk/aws-iam.IUser" ], "kind": "class", "locationInModule": { "filename": "lib/user.ts", "line": 124 }, "methods": [ { "docs": { "stability": "stable", "summary": "Import an existing user given a username." }, "locationInModule": { "filename": "lib/user.ts", "line": 132 }, "name": "fromUserName", "parameters": [ { "docs": { "summary": "construct scope." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "construct id." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "the username of the existing user to import." }, "name": "userName", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.IUser" } }, "static": true }, { "docs": { "stability": "stable", "summary": "Attaches a managed policy to the user." }, "locationInModule": { "filename": "lib/user.ts", "line": 249 }, "name": "addManagedPolicy", "overrides": "@aws-cdk/aws-iam.IIdentity", "parameters": [ { "docs": { "summary": "The managed policy to attach." }, "name": "policy", "type": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" } } ] }, { "docs": { "stability": "stable", "summary": "Adds this user to a group." }, "locationInModule": { "filename": "lib/user.ts", "line": 241 }, "name": "addToGroup", "overrides": "@aws-cdk/aws-iam.IUser", "parameters": [ { "name": "group", "type": { "fqn": "@aws-cdk/aws-iam.IGroup" } } ] }, { "docs": { "stability": "stable", "summary": "Add to the policy of this principal." }, "locationInModule": { "filename": "lib/user.ts", "line": 277 }, "name": "addToPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "primitive": "boolean" } } }, { "docs": { "returns": "true", "stability": "stable", "summary": "Adds an IAM statement to the default policy." }, "locationInModule": { "filename": "lib/user.ts", "line": 267 }, "name": "addToPrincipalPolicy", "overrides": "@aws-cdk/aws-iam.IPrincipal", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult" } } }, { "docs": { "stability": "stable", "summary": "Attaches a policy to this user." }, "locationInModule": { "filename": "lib/user.ts", "line": 257 }, "name": "attachInlinePolicy", "overrides": "@aws-cdk/aws-iam.IIdentity", "parameters": [ { "name": "policy", "type": { "fqn": "@aws-cdk/aws-iam.Policy" } } ] } ], "name": "User", "properties": [ { "docs": { "stability": "stable", "summary": "When this Principal is used in an AssumeRole policy, the action to use." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 180 }, "name": "assumeRoleAction", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "The principal to grant permissions to." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 178 }, "name": "grantPrincipal", "overrides": "@aws-cdk/aws-iam.IGrantable", "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } }, { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 199 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } }, { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "An attribute that represents the user's ARN." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 192 }, "name": "userArn", "overrides": "@aws-cdk/aws-iam.IUser", "type": { "primitive": "string" } }, { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "An attribute that represents the user name." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 186 }, "name": "userName", "overrides": "@aws-cdk/aws-iam.IUser", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "Returns the permissions boundary attached to this user." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 197 }, "name": "permissionsBoundary", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" } }, { "docs": { "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.", "stability": "stable", "summary": "The AWS account ID of this principal." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 179 }, "name": "principalAccount", "optional": true, "overrides": "@aws-cdk/aws-iam.IPrincipal", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.UserProps": { "assembly": "@aws-cdk/aws-iam", "datatype": true, "docs": { "stability": "stable", "summary": "Properties for defining an IAM user." }, "fqn": "@aws-cdk/aws-iam.UserProps", "kind": "interface", "locationInModule": { "filename": "lib/user.ts", "line": 38 }, "name": "UserProps", "properties": [ { "abstract": true, "docs": { "default": "- No groups.", "remarks": "You can also use `addToGroup` to add this\nuser to a group.", "stability": "stable", "summary": "Groups to add this user to." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 45 }, "name": "groups", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.IGroup" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- No managed policies.", "remarks": "You can add managed policies later using\n`addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.", "stability": "stable", "summary": "A list of managed policies associated with this role." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 55 }, "name": "managedPolicies", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" }, "kind": "array" } } }, { "abstract": true, "docs": { "default": "- User won't be able to access the management console without a password.", "remarks": "You can use `SecretValue.plainText` to specify a password in plain text or\nuse `secretsmanager.Secret.fromSecretAttributes` to reference a secret in\nSecrets Manager.", "stability": "stable", "summary": "The password for the user. This is required so the user can access the AWS Management Console." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 108 }, "name": "password", "optional": true, "type": { "fqn": "@aws-cdk/core.SecretValue" } }, { "abstract": true, "docs": { "default": "false", "remarks": "If this is set to 'true', you must also specify \"initialPassword\".", "stability": "stable", "summary": "Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 118 }, "name": "passwordResetRequired", "optional": true, "type": { "primitive": "boolean" } }, { "abstract": true, "docs": { "default": "/", "remarks": "For more information about paths, see IAM\nIdentifiers in the IAM User Guide.", "stability": "stable", "summary": "The path for the user name." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 63 }, "name": "path", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html" }, "default": "- No permissions boundary.", "remarks": "A permissions boundary is an advanced feature for using a managed policy\nto set the maximum permissions that an identity-based policy can grant to\nan IAM entity. An entity's permissions boundary allows it to perform only\nthe actions that are allowed by both its identity-based policies and its\npermissions boundaries.", "stability": "stable", "summary": "AWS supports permissions boundaries for IAM entities (users or roles)." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 78 }, "name": "permissionsBoundary", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.IManagedPolicy" } }, { "abstract": true, "docs": { "default": "- Generated by CloudFormation (recommended)", "remarks": "For valid values, see the UserName parameter for\nthe CreateUser action in the IAM API Reference. If you don't specify a\nname, AWS CloudFormation generates a unique physical ID and uses that ID\nfor the user name.\n\nIf you specify a name, you cannot perform updates that require\nreplacement of this resource. You can perform updates that require no or\nsome interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the CAPABILITY_NAMED_IAM value to\nacknowledge your template's capabilities. For more information, see\nAcknowledging IAM Resources in AWS CloudFormation Templates.", "stability": "stable", "summary": "A name for the IAM user." }, "immutable": true, "locationInModule": { "filename": "lib/user.ts", "line": 96 }, "name": "userName", "optional": true, "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-iam.WebIdentityPrincipal": { "assembly": "@aws-cdk/aws-iam", "base": "@aws-cdk/aws-iam.FederatedPrincipal", "docs": { "stability": "stable", "summary": "A principal that represents a federated identity provider as Web Identity such as Cognito, Amazon, Facebook, Google, etc." }, "fqn": "@aws-cdk/aws-iam.WebIdentityPrincipal", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/principals.ts", "line": 459 }, "parameters": [ { "docs": { "summary": "identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito)." }, "name": "identityProvider", "type": { "primitive": "string" } }, { "docs": { "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).", "summary": "The conditions under which the policy is in effect." }, "name": "conditions", "optional": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ] }, "kind": "class", "locationInModule": { "filename": "lib/principals.ts", "line": 451 }, "methods": [ { "docs": { "stability": "stable", "summary": "Returns a string representation of an object." }, "locationInModule": { "filename": "lib/principals.ts", "line": 467 }, "name": "toString", "overrides": "@aws-cdk/aws-iam.FederatedPrincipal", "returns": { "type": { "primitive": "string" } } } ], "name": "WebIdentityPrincipal", "properties": [ { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/principals.ts", "line": 463 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.FederatedPrincipal", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } } ] } }, "version": "1.64.0", "fingerprint": "C+fp1MxQA3ZfSB77KlZahrDYR+9/p8AHlvd+cvPJAHo=" }