Documentation ¶
Index ¶
- func CfnAccessKey_CFN_RESOURCE_TYPE_NAME() *string
- func CfnAccessKey_IsCfnElement(x interface{}) *bool
- func CfnAccessKey_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnAccessKey_IsConstruct(x interface{}) *bool
- func CfnGroup_CFN_RESOURCE_TYPE_NAME() *string
- func CfnGroup_IsCfnElement(x interface{}) *bool
- func CfnGroup_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnGroup_IsConstruct(x interface{}) *bool
- func CfnInstanceProfile_CFN_RESOURCE_TYPE_NAME() *string
- func CfnInstanceProfile_IsCfnElement(x interface{}) *bool
- func CfnInstanceProfile_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnInstanceProfile_IsConstruct(x interface{}) *bool
- func CfnManagedPolicy_CFN_RESOURCE_TYPE_NAME() *string
- func CfnManagedPolicy_IsCfnElement(x interface{}) *bool
- func CfnManagedPolicy_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnManagedPolicy_IsConstruct(x interface{}) *bool
- func CfnOIDCProvider_CFN_RESOURCE_TYPE_NAME() *string
- func CfnOIDCProvider_IsCfnElement(x interface{}) *bool
- func CfnOIDCProvider_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnOIDCProvider_IsConstruct(x interface{}) *bool
- func CfnPolicy_CFN_RESOURCE_TYPE_NAME() *string
- func CfnPolicy_IsCfnElement(x interface{}) *bool
- func CfnPolicy_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnPolicy_IsConstruct(x interface{}) *bool
- func CfnRole_CFN_RESOURCE_TYPE_NAME() *string
- func CfnRole_IsCfnElement(x interface{}) *bool
- func CfnRole_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnRole_IsConstruct(x interface{}) *bool
- func CfnSAMLProvider_CFN_RESOURCE_TYPE_NAME() *string
- func CfnSAMLProvider_IsCfnElement(x interface{}) *bool
- func CfnSAMLProvider_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnSAMLProvider_IsConstruct(x interface{}) *bool
- func CfnServerCertificate_CFN_RESOURCE_TYPE_NAME() *string
- func CfnServerCertificate_IsCfnElement(x interface{}) *bool
- func CfnServerCertificate_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnServerCertificate_IsConstruct(x interface{}) *bool
- func CfnServiceLinkedRole_CFN_RESOURCE_TYPE_NAME() *string
- func CfnServiceLinkedRole_IsCfnElement(x interface{}) *bool
- func CfnServiceLinkedRole_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnServiceLinkedRole_IsConstruct(x interface{}) *bool
- func CfnUserToGroupAddition_CFN_RESOURCE_TYPE_NAME() *string
- func CfnUserToGroupAddition_IsCfnElement(x interface{}) *bool
- func CfnUserToGroupAddition_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnUserToGroupAddition_IsConstruct(x interface{}) *bool
- func CfnUser_CFN_RESOURCE_TYPE_NAME() *string
- func CfnUser_IsCfnElement(x interface{}) *bool
- func CfnUser_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnUser_IsConstruct(x interface{}) *bool
- func CfnVirtualMFADevice_CFN_RESOURCE_TYPE_NAME() *string
- func CfnVirtualMFADevice_IsCfnElement(x interface{}) *bool
- func CfnVirtualMFADevice_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnVirtualMFADevice_IsConstruct(x interface{}) *bool
- func Group_IsConstruct(x interface{}) *bool
- func Group_IsResource(construct constructs.IConstruct) *bool
- func LazyRole_IsConstruct(x interface{}) *bool
- func LazyRole_IsResource(construct constructs.IConstruct) *bool
- func ManagedPolicy_IsConstruct(x interface{}) *bool
- func ManagedPolicy_IsResource(construct constructs.IConstruct) *bool
- func NewAccountPrincipal_Override(a AccountPrincipal, accountId interface{})
- func NewAccountRootPrincipal_Override(a AccountRootPrincipal)
- func NewAnyPrincipal_Override(a AnyPrincipal)
- func NewArnPrincipal_Override(a ArnPrincipal, arn *string)
- func NewCanonicalUserPrincipal_Override(c CanonicalUserPrincipal, canonicalUserId *string)
- func NewCfnAccessKey_Override(c CfnAccessKey, scope constructs.Construct, id *string, ...)
- func NewCfnGroup_Override(c CfnGroup, scope constructs.Construct, id *string, props *CfnGroupProps)
- func NewCfnInstanceProfile_Override(c CfnInstanceProfile, scope constructs.Construct, id *string, ...)
- func NewCfnManagedPolicy_Override(c CfnManagedPolicy, scope constructs.Construct, id *string, ...)
- func NewCfnOIDCProvider_Override(c CfnOIDCProvider, scope constructs.Construct, id *string, ...)
- func NewCfnPolicy_Override(c CfnPolicy, scope constructs.Construct, id *string, props *CfnPolicyProps)
- func NewCfnRole_Override(c CfnRole, scope constructs.Construct, id *string, props *CfnRoleProps)
- func NewCfnSAMLProvider_Override(c CfnSAMLProvider, scope constructs.Construct, id *string, ...)
- func NewCfnServerCertificate_Override(c CfnServerCertificate, scope constructs.Construct, id *string, ...)
- func NewCfnServiceLinkedRole_Override(c CfnServiceLinkedRole, scope constructs.Construct, id *string, ...)
- func NewCfnUserToGroupAddition_Override(c CfnUserToGroupAddition, scope constructs.Construct, id *string, ...)
- func NewCfnUser_Override(c CfnUser, scope constructs.Construct, id *string, props *CfnUserProps)
- func NewCfnVirtualMFADevice_Override(c CfnVirtualMFADevice, scope constructs.Construct, id *string, ...)
- func NewCompositeDependable_Override(c CompositeDependable, dependables ...constructs.IDependable)
- func NewCompositePrincipal_Override(c CompositePrincipal, principals ...PrincipalBase)
- func NewFederatedPrincipal_Override(f FederatedPrincipal, federated *string, conditions *map[string]interface{}, ...)
- func NewGroup_Override(g Group, scope constructs.Construct, id *string, props *GroupProps)
- func NewLazyRole_Override(l LazyRole, scope constructs.Construct, id *string, props *LazyRoleProps)
- func NewManagedPolicy_Override(m ManagedPolicy, scope constructs.Construct, id *string, ...)
- func NewOpenIdConnectPrincipal_Override(o OpenIdConnectPrincipal, openIdConnectProvider IOpenIdConnectProvider, ...)
- func NewOpenIdConnectProvider_Override(o OpenIdConnectProvider, scope constructs.Construct, id *string, ...)
- func NewOrganizationPrincipal_Override(o OrganizationPrincipal, organizationId *string)
- func NewPolicyDocument_Override(p PolicyDocument, props *PolicyDocumentProps)
- func NewPolicyStatement_Override(p PolicyStatement, props *PolicyStatementProps)
- func NewPolicy_Override(p Policy, scope constructs.Construct, id *string, props *PolicyProps)
- func NewPrincipalBase_Override(p PrincipalBase)
- func NewPrincipalPolicyFragment_Override(p PrincipalPolicyFragment, principalJson *map[string]*[]*string, ...)
- func NewPrincipalWithConditions_Override(p PrincipalWithConditions, principal IPrincipal, ...)
- func NewRole_Override(r Role, scope constructs.Construct, id *string, props *RoleProps)
- func NewSamlConsolePrincipal_Override(s SamlConsolePrincipal, samlProvider ISamlProvider, ...)
- func NewSamlMetadataDocument_Override(s SamlMetadataDocument)
- func NewSamlPrincipal_Override(s SamlPrincipal, samlProvider ISamlProvider, ...)
- func NewSamlProvider_Override(s SamlProvider, scope constructs.Construct, id *string, ...)
- func NewServicePrincipal_Override(s ServicePrincipal, service *string, opts *ServicePrincipalOpts)
- func NewUnknownPrincipal_Override(u UnknownPrincipal, props *UnknownPrincipalProps)
- func NewUser_Override(u User, scope constructs.Construct, id *string, props *UserProps)
- func NewWebIdentityPrincipal_Override(w WebIdentityPrincipal, identityProvider *string, ...)
- func OpenIdConnectProvider_IsConstruct(x interface{}) *bool
- func OpenIdConnectProvider_IsResource(construct constructs.IConstruct) *bool
- func Policy_IsConstruct(x interface{}) *bool
- func Policy_IsResource(construct constructs.IConstruct) *bool
- func Role_IsConstruct(x interface{}) *bool
- func Role_IsResource(construct constructs.IConstruct) *bool
- func SamlProvider_IsConstruct(x interface{}) *bool
- func SamlProvider_IsResource(construct constructs.IConstruct) *bool
- func User_IsConstruct(x interface{}) *bool
- func User_IsResource(construct constructs.IConstruct) *bool
- type AccountPrincipal
- type AccountRootPrincipal
- type AddToPrincipalPolicyResult
- type AddToResourcePolicyResult
- type AnyPrincipal
- type ArnPrincipal
- type CanonicalUserPrincipal
- type CfnAccessKey
- type CfnAccessKeyProps
- type CfnGroup
- type CfnGroupProps
- type CfnGroup_PolicyProperty
- type CfnInstanceProfile
- type CfnInstanceProfileProps
- type CfnManagedPolicy
- type CfnManagedPolicyProps
- type CfnOIDCProvider
- type CfnOIDCProviderProps
- type CfnPolicy
- type CfnPolicyProps
- type CfnRole
- type CfnRoleProps
- type CfnRole_PolicyProperty
- type CfnSAMLProvider
- type CfnSAMLProviderProps
- type CfnServerCertificate
- type CfnServerCertificateProps
- type CfnServiceLinkedRole
- type CfnServiceLinkedRoleProps
- type CfnUser
- type CfnUserProps
- type CfnUserToGroupAddition
- type CfnUserToGroupAdditionProps
- type CfnUser_LoginProfileProperty
- type CfnUser_PolicyProperty
- type CfnVirtualMFADevice
- type CfnVirtualMFADeviceProps
- type CommonGrantOptions
- type CompositeDependable
- type CompositePrincipal
- type Effect
- type FederatedPrincipal
- type FromRoleArnOptions
- type Grant
- type GrantOnPrincipalAndResourceOptions
- type GrantOnPrincipalOptions
- type GrantWithResourceOptions
- type Group
- type GroupProps
- type IGrantable
- type IGroup
- type IIdentity
- type IManagedPolicy
- func ManagedPolicy_FromAwsManagedPolicyName(managedPolicyName *string) IManagedPolicy
- func ManagedPolicy_FromManagedPolicyArn(scope constructs.Construct, id *string, managedPolicyArn *string) IManagedPolicy
- func ManagedPolicy_FromManagedPolicyName(scope constructs.Construct, id *string, managedPolicyName *string) IManagedPolicy
- type IOpenIdConnectProvider
- type IPolicy
- type IPrincipal
- type IResourceWithPolicy
- type IRole
- type ISamlProvider
- type IUser
- type LazyRole
- type LazyRoleProps
- type ManagedPolicy
- type ManagedPolicyProps
- type OpenIdConnectPrincipal
- type OpenIdConnectProvider
- type OpenIdConnectProviderProps
- type OrganizationPrincipal
- type PermissionsBoundary
- type Policy
- type PolicyDocument
- type PolicyDocumentProps
- type PolicyProps
- type PolicyStatement
- type PolicyStatementProps
- type PrincipalBase
- type PrincipalPolicyFragment
- type PrincipalWithConditions
- type Role
- type RoleProps
- type SamlConsolePrincipal
- type SamlMetadataDocument
- type SamlPrincipal
- type SamlProvider
- type SamlProviderProps
- type ServicePrincipal
- type ServicePrincipalOpts
- type UnknownPrincipal
- type UnknownPrincipalProps
- type User
- type UserAttributes
- type UserProps
- type WebIdentityPrincipal
- type WithoutPolicyUpdatesOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CfnAccessKey_CFN_RESOURCE_TYPE_NAME ¶
func CfnAccessKey_CFN_RESOURCE_TYPE_NAME() *string
func CfnAccessKey_IsCfnElement ¶
func CfnAccessKey_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnAccessKey_IsCfnResource ¶
func CfnAccessKey_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnAccessKey_IsConstruct ¶
func CfnAccessKey_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnGroup_CFN_RESOURCE_TYPE_NAME ¶
func CfnGroup_CFN_RESOURCE_TYPE_NAME() *string
func CfnGroup_IsCfnElement ¶
func CfnGroup_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnGroup_IsCfnResource ¶
func CfnGroup_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnGroup_IsConstruct ¶
func CfnGroup_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnInstanceProfile_CFN_RESOURCE_TYPE_NAME ¶
func CfnInstanceProfile_CFN_RESOURCE_TYPE_NAME() *string
func CfnInstanceProfile_IsCfnElement ¶
func CfnInstanceProfile_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnInstanceProfile_IsCfnResource ¶
func CfnInstanceProfile_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnInstanceProfile_IsConstruct ¶
func CfnInstanceProfile_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnManagedPolicy_CFN_RESOURCE_TYPE_NAME ¶
func CfnManagedPolicy_CFN_RESOURCE_TYPE_NAME() *string
func CfnManagedPolicy_IsCfnElement ¶
func CfnManagedPolicy_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnManagedPolicy_IsCfnResource ¶
func CfnManagedPolicy_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnManagedPolicy_IsConstruct ¶
func CfnManagedPolicy_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnOIDCProvider_CFN_RESOURCE_TYPE_NAME ¶
func CfnOIDCProvider_CFN_RESOURCE_TYPE_NAME() *string
func CfnOIDCProvider_IsCfnElement ¶
func CfnOIDCProvider_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnOIDCProvider_IsCfnResource ¶
func CfnOIDCProvider_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnOIDCProvider_IsConstruct ¶
func CfnOIDCProvider_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnPolicy_CFN_RESOURCE_TYPE_NAME ¶
func CfnPolicy_CFN_RESOURCE_TYPE_NAME() *string
func CfnPolicy_IsCfnElement ¶
func CfnPolicy_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnPolicy_IsCfnResource ¶
func CfnPolicy_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnPolicy_IsConstruct ¶
func CfnPolicy_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnRole_CFN_RESOURCE_TYPE_NAME ¶
func CfnRole_CFN_RESOURCE_TYPE_NAME() *string
func CfnRole_IsCfnElement ¶
func CfnRole_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnRole_IsCfnResource ¶
func CfnRole_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnRole_IsConstruct ¶
func CfnRole_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnSAMLProvider_CFN_RESOURCE_TYPE_NAME ¶
func CfnSAMLProvider_CFN_RESOURCE_TYPE_NAME() *string
func CfnSAMLProvider_IsCfnElement ¶
func CfnSAMLProvider_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnSAMLProvider_IsCfnResource ¶
func CfnSAMLProvider_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnSAMLProvider_IsConstruct ¶
func CfnSAMLProvider_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnServerCertificate_CFN_RESOURCE_TYPE_NAME ¶
func CfnServerCertificate_CFN_RESOURCE_TYPE_NAME() *string
func CfnServerCertificate_IsCfnElement ¶
func CfnServerCertificate_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnServerCertificate_IsCfnResource ¶
func CfnServerCertificate_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnServerCertificate_IsConstruct ¶
func CfnServerCertificate_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnServiceLinkedRole_CFN_RESOURCE_TYPE_NAME ¶
func CfnServiceLinkedRole_CFN_RESOURCE_TYPE_NAME() *string
func CfnServiceLinkedRole_IsCfnElement ¶
func CfnServiceLinkedRole_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnServiceLinkedRole_IsCfnResource ¶
func CfnServiceLinkedRole_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnServiceLinkedRole_IsConstruct ¶
func CfnServiceLinkedRole_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnUserToGroupAddition_CFN_RESOURCE_TYPE_NAME ¶
func CfnUserToGroupAddition_CFN_RESOURCE_TYPE_NAME() *string
func CfnUserToGroupAddition_IsCfnElement ¶
func CfnUserToGroupAddition_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnUserToGroupAddition_IsCfnResource ¶
func CfnUserToGroupAddition_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnUserToGroupAddition_IsConstruct ¶
func CfnUserToGroupAddition_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnUser_CFN_RESOURCE_TYPE_NAME ¶
func CfnUser_CFN_RESOURCE_TYPE_NAME() *string
func CfnUser_IsCfnElement ¶
func CfnUser_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnUser_IsCfnResource ¶
func CfnUser_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnUser_IsConstruct ¶
func CfnUser_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnVirtualMFADevice_CFN_RESOURCE_TYPE_NAME ¶
func CfnVirtualMFADevice_CFN_RESOURCE_TYPE_NAME() *string
func CfnVirtualMFADevice_IsCfnElement ¶
func CfnVirtualMFADevice_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnVirtualMFADevice_IsCfnResource ¶
func CfnVirtualMFADevice_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnVirtualMFADevice_IsConstruct ¶
func CfnVirtualMFADevice_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func Group_IsConstruct ¶
func Group_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func Group_IsResource ¶
func Group_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func LazyRole_IsConstruct ¶
func LazyRole_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func LazyRole_IsResource ¶
func LazyRole_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func ManagedPolicy_IsConstruct ¶
func ManagedPolicy_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func ManagedPolicy_IsResource ¶
func ManagedPolicy_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func NewAccountPrincipal_Override ¶
func NewAccountPrincipal_Override(a AccountPrincipal, accountId interface{})
Experimental.
func NewAccountRootPrincipal_Override ¶
func NewAccountRootPrincipal_Override(a AccountRootPrincipal)
Experimental.
func NewArnPrincipal_Override ¶
func NewArnPrincipal_Override(a ArnPrincipal, arn *string)
Experimental.
func NewCanonicalUserPrincipal_Override ¶
func NewCanonicalUserPrincipal_Override(c CanonicalUserPrincipal, canonicalUserId *string)
Experimental.
func NewCfnAccessKey_Override ¶
func NewCfnAccessKey_Override(c CfnAccessKey, scope constructs.Construct, id *string, props *CfnAccessKeyProps)
Create a new `AWS::IAM::AccessKey`.
func NewCfnGroup_Override ¶
func NewCfnGroup_Override(c CfnGroup, scope constructs.Construct, id *string, props *CfnGroupProps)
Create a new `AWS::IAM::Group`.
func NewCfnInstanceProfile_Override ¶
func NewCfnInstanceProfile_Override(c CfnInstanceProfile, scope constructs.Construct, id *string, props *CfnInstanceProfileProps)
Create a new `AWS::IAM::InstanceProfile`.
func NewCfnManagedPolicy_Override ¶
func NewCfnManagedPolicy_Override(c CfnManagedPolicy, scope constructs.Construct, id *string, props *CfnManagedPolicyProps)
Create a new `AWS::IAM::ManagedPolicy`.
func NewCfnOIDCProvider_Override ¶
func NewCfnOIDCProvider_Override(c CfnOIDCProvider, scope constructs.Construct, id *string, props *CfnOIDCProviderProps)
Create a new `AWS::IAM::OIDCProvider`.
func NewCfnPolicy_Override ¶
func NewCfnPolicy_Override(c CfnPolicy, scope constructs.Construct, id *string, props *CfnPolicyProps)
Create a new `AWS::IAM::Policy`.
func NewCfnRole_Override ¶
func NewCfnRole_Override(c CfnRole, scope constructs.Construct, id *string, props *CfnRoleProps)
Create a new `AWS::IAM::Role`.
func NewCfnSAMLProvider_Override ¶
func NewCfnSAMLProvider_Override(c CfnSAMLProvider, scope constructs.Construct, id *string, props *CfnSAMLProviderProps)
Create a new `AWS::IAM::SAMLProvider`.
func NewCfnServerCertificate_Override ¶
func NewCfnServerCertificate_Override(c CfnServerCertificate, scope constructs.Construct, id *string, props *CfnServerCertificateProps)
Create a new `AWS::IAM::ServerCertificate`.
func NewCfnServiceLinkedRole_Override ¶
func NewCfnServiceLinkedRole_Override(c CfnServiceLinkedRole, scope constructs.Construct, id *string, props *CfnServiceLinkedRoleProps)
Create a new `AWS::IAM::ServiceLinkedRole`.
func NewCfnUserToGroupAddition_Override ¶
func NewCfnUserToGroupAddition_Override(c CfnUserToGroupAddition, scope constructs.Construct, id *string, props *CfnUserToGroupAdditionProps)
Create a new `AWS::IAM::UserToGroupAddition`.
func NewCfnUser_Override ¶
func NewCfnUser_Override(c CfnUser, scope constructs.Construct, id *string, props *CfnUserProps)
Create a new `AWS::IAM::User`.
func NewCfnVirtualMFADevice_Override ¶
func NewCfnVirtualMFADevice_Override(c CfnVirtualMFADevice, scope constructs.Construct, id *string, props *CfnVirtualMFADeviceProps)
Create a new `AWS::IAM::VirtualMFADevice`.
func NewCompositeDependable_Override ¶
func NewCompositeDependable_Override(c CompositeDependable, dependables ...constructs.IDependable)
Experimental.
func NewCompositePrincipal_Override ¶
func NewCompositePrincipal_Override(c CompositePrincipal, principals ...PrincipalBase)
Experimental.
func NewFederatedPrincipal_Override ¶
func NewFederatedPrincipal_Override(f FederatedPrincipal, federated *string, conditions *map[string]interface{}, assumeRoleAction *string)
Experimental.
func NewGroup_Override ¶
func NewGroup_Override(g Group, scope constructs.Construct, id *string, props *GroupProps)
Experimental.
func NewLazyRole_Override ¶
func NewLazyRole_Override(l LazyRole, scope constructs.Construct, id *string, props *LazyRoleProps)
Experimental.
func NewManagedPolicy_Override ¶
func NewManagedPolicy_Override(m ManagedPolicy, scope constructs.Construct, id *string, props *ManagedPolicyProps)
Experimental.
func NewOpenIdConnectPrincipal_Override ¶
func NewOpenIdConnectPrincipal_Override(o OpenIdConnectPrincipal, openIdConnectProvider IOpenIdConnectProvider, conditions *map[string]interface{})
Experimental.
func NewOpenIdConnectProvider_Override ¶
func NewOpenIdConnectProvider_Override(o OpenIdConnectProvider, scope constructs.Construct, id *string, props *OpenIdConnectProviderProps)
Defines an OpenID Connect provider. Experimental.
func NewOrganizationPrincipal_Override ¶
func NewOrganizationPrincipal_Override(o OrganizationPrincipal, organizationId *string)
Experimental.
func NewPolicyDocument_Override ¶
func NewPolicyDocument_Override(p PolicyDocument, props *PolicyDocumentProps)
Experimental.
func NewPolicyStatement_Override ¶
func NewPolicyStatement_Override(p PolicyStatement, props *PolicyStatementProps)
Experimental.
func NewPolicy_Override ¶
func NewPolicy_Override(p Policy, scope constructs.Construct, id *string, props *PolicyProps)
Experimental.
func NewPrincipalPolicyFragment_Override ¶
func NewPrincipalPolicyFragment_Override(p PrincipalPolicyFragment, principalJson *map[string]*[]*string, conditions *map[string]interface{})
Experimental.
func NewPrincipalWithConditions_Override ¶
func NewPrincipalWithConditions_Override(p PrincipalWithConditions, principal IPrincipal, conditions *map[string]interface{})
Experimental.
func NewRole_Override ¶
Experimental.
func NewSamlConsolePrincipal_Override ¶
func NewSamlConsolePrincipal_Override(s SamlConsolePrincipal, samlProvider ISamlProvider, conditions *map[string]interface{})
Experimental.
func NewSamlMetadataDocument_Override ¶
func NewSamlMetadataDocument_Override(s SamlMetadataDocument)
Experimental.
func NewSamlPrincipal_Override ¶
func NewSamlPrincipal_Override(s SamlPrincipal, samlProvider ISamlProvider, conditions *map[string]interface{})
Experimental.
func NewSamlProvider_Override ¶
func NewSamlProvider_Override(s SamlProvider, scope constructs.Construct, id *string, props *SamlProviderProps)
Experimental.
func NewServicePrincipal_Override ¶
func NewServicePrincipal_Override(s ServicePrincipal, service *string, opts *ServicePrincipalOpts)
Experimental.
func NewUnknownPrincipal_Override ¶
func NewUnknownPrincipal_Override(u UnknownPrincipal, props *UnknownPrincipalProps)
Experimental.
func NewUser_Override ¶
Experimental.
func NewWebIdentityPrincipal_Override ¶
func NewWebIdentityPrincipal_Override(w WebIdentityPrincipal, identityProvider *string, conditions *map[string]interface{})
Experimental.
func OpenIdConnectProvider_IsConstruct ¶
func OpenIdConnectProvider_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func OpenIdConnectProvider_IsResource ¶
func OpenIdConnectProvider_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func Policy_IsConstruct ¶
func Policy_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func Policy_IsResource ¶
func Policy_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func Role_IsConstruct ¶
func Role_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func Role_IsResource ¶
func Role_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func SamlProvider_IsConstruct ¶
func SamlProvider_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func SamlProvider_IsResource ¶
func SamlProvider_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func User_IsConstruct ¶
func User_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func User_IsResource ¶
func User_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
Types ¶
type AccountPrincipal ¶
type AccountPrincipal interface { ArnPrincipal AccountId() interface{} Arn() *string AssumeRoleAction() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
Specify AWS account ID as the principal entity in a policy to delegate authority to the account. Experimental.
func NewAccountPrincipal ¶
func NewAccountPrincipal(accountId interface{}) AccountPrincipal
Experimental.
type AccountRootPrincipal ¶
type AccountRootPrincipal interface { AccountPrincipal AccountId() interface{} Arn() *string AssumeRoleAction() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
Use the AWS account into which a stack is deployed as the principal entity in a policy. Experimental.
type AddToPrincipalPolicyResult ¶
type AddToPrincipalPolicyResult struct { // Whether the statement was added to the identity's policies. // Experimental. StatementAdded *bool `json:"statementAdded"` // Dependable which allows depending on the policy change being applied. // Experimental. PolicyDependable constructs.IDependable `json:"policyDependable"` }
Result of calling `addToPrincipalPolicy`. Experimental.
type AddToResourcePolicyResult ¶
type AddToResourcePolicyResult struct { // Whether the statement was added. // Experimental. StatementAdded *bool `json:"statementAdded"` // Dependable which allows depending on the policy change being applied. // Experimental. PolicyDependable constructs.IDependable `json:"policyDependable"` }
Result of calling addToResourcePolicy. Experimental.
type AnyPrincipal ¶
type AnyPrincipal interface { ArnPrincipal Arn() *string AssumeRoleAction() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
A principal representing all identities in all accounts. Experimental.
type ArnPrincipal ¶
type ArnPrincipal interface { PrincipalBase Arn() *string AssumeRoleAction() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
Specify a principal by the Amazon Resource Name (ARN).
You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. You cannot specify IAM groups or instance profiles as principals See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
Experimental.
type CanonicalUserPrincipal ¶
type CanonicalUserPrincipal interface { PrincipalBase AssumeRoleAction() *string CanonicalUserId() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
A policy principal for canonicalUserIds - useful for S3 bucket policies that use Origin Access identities.
See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html
and
for more details. Experimental.
func NewCanonicalUserPrincipal ¶
func NewCanonicalUserPrincipal(canonicalUserId *string) CanonicalUserPrincipal
Experimental.
type CfnAccessKey ¶
type CfnAccessKey interface { awscdk.CfnResource awscdk.IInspectable AttrSecretAccessKey() *string CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string LogicalId() *string Node() constructs.Node Ref() *string Serial() *float64 SetSerial(val *float64) Stack() awscdk.Stack Status() *string SetStatus(val *string) UpdatedProperites() *map[string]interface{} UserName() *string SetUserName(val *string) AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::IAM::AccessKey`.
func NewCfnAccessKey ¶
func NewCfnAccessKey(scope constructs.Construct, id *string, props *CfnAccessKeyProps) CfnAccessKey
Create a new `AWS::IAM::AccessKey`.
type CfnAccessKeyProps ¶
type CfnAccessKeyProps struct { // `AWS::IAM::AccessKey.UserName`. UserName *string `json:"userName"` // `AWS::IAM::AccessKey.Serial`. Serial *float64 `json:"serial"` // `AWS::IAM::AccessKey.Status`. Status *string `json:"status"` }
Properties for defining a `AWS::IAM::AccessKey`.
type CfnGroup ¶
type CfnGroup interface { awscdk.CfnResource awscdk.IInspectable AttrArn() *string CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string GroupName() *string SetGroupName(val *string) LogicalId() *string ManagedPolicyArns() *[]*string SetManagedPolicyArns(val *[]*string) Node() constructs.Node Path() *string SetPath(val *string) Policies() interface{} SetPolicies(val interface{}) Ref() *string Stack() awscdk.Stack UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::IAM::Group`.
func NewCfnGroup ¶
func NewCfnGroup(scope constructs.Construct, id *string, props *CfnGroupProps) CfnGroup
Create a new `AWS::IAM::Group`.
type CfnGroupProps ¶
type CfnGroupProps struct { // `AWS::IAM::Group.GroupName`. GroupName *string `json:"groupName"` // `AWS::IAM::Group.ManagedPolicyArns`. ManagedPolicyArns *[]*string `json:"managedPolicyArns"` // `AWS::IAM::Group.Path`. Path *string `json:"path"` // `AWS::IAM::Group.Policies`. Policies interface{} `json:"policies"` }
Properties for defining a `AWS::IAM::Group`.
type CfnGroup_PolicyProperty ¶
type CfnGroup_PolicyProperty struct { // `CfnGroup.PolicyProperty.PolicyDocument`. PolicyDocument interface{} `json:"policyDocument"` // `CfnGroup.PolicyProperty.PolicyName`. PolicyName *string `json:"policyName"` }
type CfnInstanceProfile ¶
type CfnInstanceProfile interface { awscdk.CfnResource awscdk.IInspectable AttrArn() *string CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string InstanceProfileName() *string SetInstanceProfileName(val *string) LogicalId() *string Node() constructs.Node Path() *string SetPath(val *string) Ref() *string Roles() *[]*string SetRoles(val *[]*string) Stack() awscdk.Stack UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::IAM::InstanceProfile`.
func NewCfnInstanceProfile ¶
func NewCfnInstanceProfile(scope constructs.Construct, id *string, props *CfnInstanceProfileProps) CfnInstanceProfile
Create a new `AWS::IAM::InstanceProfile`.
type CfnInstanceProfileProps ¶
type CfnInstanceProfileProps struct { // `AWS::IAM::InstanceProfile.Roles`. Roles *[]*string `json:"roles"` // `AWS::IAM::InstanceProfile.InstanceProfileName`. InstanceProfileName *string `json:"instanceProfileName"` // `AWS::IAM::InstanceProfile.Path`. Path *string `json:"path"` }
Properties for defining a `AWS::IAM::InstanceProfile`.
type CfnManagedPolicy ¶
type CfnManagedPolicy interface { awscdk.CfnResource awscdk.IInspectable CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string Description() *string SetDescription(val *string) Groups() *[]*string SetGroups(val *[]*string) LogicalId() *string ManagedPolicyName() *string SetManagedPolicyName(val *string) Node() constructs.Node Path() *string SetPath(val *string) PolicyDocument() interface{} SetPolicyDocument(val interface{}) Ref() *string Roles() *[]*string SetRoles(val *[]*string) Stack() awscdk.Stack UpdatedProperites() *map[string]interface{} Users() *[]*string SetUsers(val *[]*string) AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::IAM::ManagedPolicy`.
func NewCfnManagedPolicy ¶
func NewCfnManagedPolicy(scope constructs.Construct, id *string, props *CfnManagedPolicyProps) CfnManagedPolicy
Create a new `AWS::IAM::ManagedPolicy`.
type CfnManagedPolicyProps ¶
type CfnManagedPolicyProps struct { // `AWS::IAM::ManagedPolicy.PolicyDocument`. PolicyDocument interface{} `json:"policyDocument"` // `AWS::IAM::ManagedPolicy.Description`. Description *string `json:"description"` // `AWS::IAM::ManagedPolicy.Groups`. Groups *[]*string `json:"groups"` // `AWS::IAM::ManagedPolicy.ManagedPolicyName`. ManagedPolicyName *string `json:"managedPolicyName"` // `AWS::IAM::ManagedPolicy.Path`. Path *string `json:"path"` // `AWS::IAM::ManagedPolicy.Roles`. Roles *[]*string `json:"roles"` // `AWS::IAM::ManagedPolicy.Users`. Users *[]*string `json:"users"` }
Properties for defining a `AWS::IAM::ManagedPolicy`.
type CfnOIDCProvider ¶
type CfnOIDCProvider interface { awscdk.CfnResource awscdk.IInspectable AttrArn() *string CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string ClientIdList() *[]*string SetClientIdList(val *[]*string) CreationStack() *[]*string LogicalId() *string Node() constructs.Node Ref() *string Stack() awscdk.Stack Tags() awscdk.TagManager ThumbprintList() *[]*string SetThumbprintList(val *[]*string) UpdatedProperites() *map[string]interface{} Url() *string SetUrl(val *string) AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::IAM::OIDCProvider`.
func NewCfnOIDCProvider ¶
func NewCfnOIDCProvider(scope constructs.Construct, id *string, props *CfnOIDCProviderProps) CfnOIDCProvider
Create a new `AWS::IAM::OIDCProvider`.
type CfnOIDCProviderProps ¶
type CfnOIDCProviderProps struct { // `AWS::IAM::OIDCProvider.ThumbprintList`. ThumbprintList *[]*string `json:"thumbprintList"` // `AWS::IAM::OIDCProvider.ClientIdList`. ClientIdList *[]*string `json:"clientIdList"` // `AWS::IAM::OIDCProvider.Tags`. Tags *[]*awscdk.CfnTag `json:"tags"` // `AWS::IAM::OIDCProvider.Url`. Url *string `json:"url"` }
Properties for defining a `AWS::IAM::OIDCProvider`.
type CfnPolicy ¶
type CfnPolicy interface { awscdk.CfnResource awscdk.IInspectable CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string Groups() *[]*string SetGroups(val *[]*string) LogicalId() *string Node() constructs.Node PolicyDocument() interface{} SetPolicyDocument(val interface{}) PolicyName() *string SetPolicyName(val *string) Ref() *string Roles() *[]*string SetRoles(val *[]*string) Stack() awscdk.Stack UpdatedProperites() *map[string]interface{} Users() *[]*string SetUsers(val *[]*string) AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::IAM::Policy`.
func NewCfnPolicy ¶
func NewCfnPolicy(scope constructs.Construct, id *string, props *CfnPolicyProps) CfnPolicy
Create a new `AWS::IAM::Policy`.
type CfnPolicyProps ¶
type CfnPolicyProps struct { // `AWS::IAM::Policy.PolicyDocument`. PolicyDocument interface{} `json:"policyDocument"` // `AWS::IAM::Policy.PolicyName`. PolicyName *string `json:"policyName"` // `AWS::IAM::Policy.Groups`. Groups *[]*string `json:"groups"` // `AWS::IAM::Policy.Roles`. Roles *[]*string `json:"roles"` // `AWS::IAM::Policy.Users`. Users *[]*string `json:"users"` }
Properties for defining a `AWS::IAM::Policy`.
type CfnRole ¶
type CfnRole interface { awscdk.CfnResource awscdk.IInspectable AssumeRolePolicyDocument() interface{} SetAssumeRolePolicyDocument(val interface{}) AttrArn() *string AttrRoleId() *string CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string Description() *string SetDescription(val *string) LogicalId() *string ManagedPolicyArns() *[]*string SetManagedPolicyArns(val *[]*string) MaxSessionDuration() *float64 SetMaxSessionDuration(val *float64) Node() constructs.Node Path() *string SetPath(val *string) PermissionsBoundary() *string SetPermissionsBoundary(val *string) Policies() interface{} SetPolicies(val interface{}) Ref() *string RoleName() *string SetRoleName(val *string) Stack() awscdk.Stack Tags() awscdk.TagManager UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::IAM::Role`.
func NewCfnRole ¶
func NewCfnRole(scope constructs.Construct, id *string, props *CfnRoleProps) CfnRole
Create a new `AWS::IAM::Role`.
type CfnRoleProps ¶
type CfnRoleProps struct { // `AWS::IAM::Role.AssumeRolePolicyDocument`. AssumeRolePolicyDocument interface{} `json:"assumeRolePolicyDocument"` // `AWS::IAM::Role.Description`. Description *string `json:"description"` // `AWS::IAM::Role.ManagedPolicyArns`. ManagedPolicyArns *[]*string `json:"managedPolicyArns"` // `AWS::IAM::Role.MaxSessionDuration`. MaxSessionDuration *float64 `json:"maxSessionDuration"` // `AWS::IAM::Role.Path`. Path *string `json:"path"` // `AWS::IAM::Role.PermissionsBoundary`. PermissionsBoundary *string `json:"permissionsBoundary"` // `AWS::IAM::Role.Policies`. Policies interface{} `json:"policies"` // `AWS::IAM::Role.RoleName`. RoleName *string `json:"roleName"` // `AWS::IAM::Role.Tags`. Tags *[]*awscdk.CfnTag `json:"tags"` }
Properties for defining a `AWS::IAM::Role`.
type CfnRole_PolicyProperty ¶
type CfnRole_PolicyProperty struct { // `CfnRole.PolicyProperty.PolicyDocument`. PolicyDocument interface{} `json:"policyDocument"` // `CfnRole.PolicyProperty.PolicyName`. PolicyName *string `json:"policyName"` }
type CfnSAMLProvider ¶
type CfnSAMLProvider interface { awscdk.CfnResource awscdk.IInspectable AttrArn() *string CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string LogicalId() *string Name() *string SetName(val *string) Node() constructs.Node Ref() *string SamlMetadataDocument() *string SetSamlMetadataDocument(val *string) Stack() awscdk.Stack Tags() awscdk.TagManager UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::IAM::SAMLProvider`.
func NewCfnSAMLProvider ¶
func NewCfnSAMLProvider(scope constructs.Construct, id *string, props *CfnSAMLProviderProps) CfnSAMLProvider
Create a new `AWS::IAM::SAMLProvider`.
type CfnSAMLProviderProps ¶
type CfnSAMLProviderProps struct { // `AWS::IAM::SAMLProvider.SamlMetadataDocument`. SamlMetadataDocument *string `json:"samlMetadataDocument"` // `AWS::IAM::SAMLProvider.Name`. Name *string `json:"name"` // `AWS::IAM::SAMLProvider.Tags`. Tags *[]*awscdk.CfnTag `json:"tags"` }
Properties for defining a `AWS::IAM::SAMLProvider`.
type CfnServerCertificate ¶
type CfnServerCertificate interface { awscdk.CfnResource awscdk.IInspectable AttrArn() *string CertificateBody() *string SetCertificateBody(val *string) CertificateChain() *string SetCertificateChain(val *string) CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string LogicalId() *string Node() constructs.Node Path() *string SetPath(val *string) PrivateKey() *string SetPrivateKey(val *string) Ref() *string ServerCertificateName() *string SetServerCertificateName(val *string) Stack() awscdk.Stack Tags() awscdk.TagManager UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::IAM::ServerCertificate`.
func NewCfnServerCertificate ¶
func NewCfnServerCertificate(scope constructs.Construct, id *string, props *CfnServerCertificateProps) CfnServerCertificate
Create a new `AWS::IAM::ServerCertificate`.
type CfnServerCertificateProps ¶
type CfnServerCertificateProps struct { // `AWS::IAM::ServerCertificate.CertificateBody`. CertificateBody *string `json:"certificateBody"` // `AWS::IAM::ServerCertificate.CertificateChain`. CertificateChain *string `json:"certificateChain"` // `AWS::IAM::ServerCertificate.Path`. Path *string `json:"path"` // `AWS::IAM::ServerCertificate.PrivateKey`. PrivateKey *string `json:"privateKey"` // `AWS::IAM::ServerCertificate.ServerCertificateName`. ServerCertificateName *string `json:"serverCertificateName"` // `AWS::IAM::ServerCertificate.Tags`. Tags *[]*awscdk.CfnTag `json:"tags"` }
Properties for defining a `AWS::IAM::ServerCertificate`.
type CfnServiceLinkedRole ¶
type CfnServiceLinkedRole interface { awscdk.CfnResource awscdk.IInspectable AwsServiceName() *string SetAwsServiceName(val *string) CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string CustomSuffix() *string SetCustomSuffix(val *string) Description() *string SetDescription(val *string) LogicalId() *string Node() constructs.Node Ref() *string Stack() awscdk.Stack UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::IAM::ServiceLinkedRole`.
func NewCfnServiceLinkedRole ¶
func NewCfnServiceLinkedRole(scope constructs.Construct, id *string, props *CfnServiceLinkedRoleProps) CfnServiceLinkedRole
Create a new `AWS::IAM::ServiceLinkedRole`.
type CfnServiceLinkedRoleProps ¶
type CfnServiceLinkedRoleProps struct { // `AWS::IAM::ServiceLinkedRole.AWSServiceName`. AwsServiceName *string `json:"awsServiceName"` // `AWS::IAM::ServiceLinkedRole.CustomSuffix`. CustomSuffix *string `json:"customSuffix"` // `AWS::IAM::ServiceLinkedRole.Description`. Description *string `json:"description"` }
Properties for defining a `AWS::IAM::ServiceLinkedRole`.
type CfnUser ¶
type CfnUser interface { awscdk.CfnResource awscdk.IInspectable AttrArn() *string CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string Groups() *[]*string SetGroups(val *[]*string) LogicalId() *string LoginProfile() interface{} SetLoginProfile(val interface{}) ManagedPolicyArns() *[]*string SetManagedPolicyArns(val *[]*string) Node() constructs.Node Path() *string SetPath(val *string) PermissionsBoundary() *string SetPermissionsBoundary(val *string) Policies() interface{} SetPolicies(val interface{}) Ref() *string Stack() awscdk.Stack Tags() awscdk.TagManager UpdatedProperites() *map[string]interface{} UserName() *string SetUserName(val *string) AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::IAM::User`.
func NewCfnUser ¶
func NewCfnUser(scope constructs.Construct, id *string, props *CfnUserProps) CfnUser
Create a new `AWS::IAM::User`.
type CfnUserProps ¶
type CfnUserProps struct { // `AWS::IAM::User.Groups`. Groups *[]*string `json:"groups"` // `AWS::IAM::User.LoginProfile`. LoginProfile interface{} `json:"loginProfile"` // `AWS::IAM::User.ManagedPolicyArns`. ManagedPolicyArns *[]*string `json:"managedPolicyArns"` // `AWS::IAM::User.Path`. Path *string `json:"path"` // `AWS::IAM::User.PermissionsBoundary`. PermissionsBoundary *string `json:"permissionsBoundary"` // `AWS::IAM::User.Policies`. Policies interface{} `json:"policies"` // `AWS::IAM::User.Tags`. Tags *[]*awscdk.CfnTag `json:"tags"` // `AWS::IAM::User.UserName`. UserName *string `json:"userName"` }
Properties for defining a `AWS::IAM::User`.
type CfnUserToGroupAddition ¶
type CfnUserToGroupAddition interface { awscdk.CfnResource awscdk.IInspectable CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string GroupName() *string SetGroupName(val *string) LogicalId() *string Node() constructs.Node Ref() *string Stack() awscdk.Stack UpdatedProperites() *map[string]interface{} Users() *[]*string SetUsers(val *[]*string) AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::IAM::UserToGroupAddition`.
func NewCfnUserToGroupAddition ¶
func NewCfnUserToGroupAddition(scope constructs.Construct, id *string, props *CfnUserToGroupAdditionProps) CfnUserToGroupAddition
Create a new `AWS::IAM::UserToGroupAddition`.
type CfnUserToGroupAdditionProps ¶
type CfnUserToGroupAdditionProps struct { // `AWS::IAM::UserToGroupAddition.GroupName`. GroupName *string `json:"groupName"` // `AWS::IAM::UserToGroupAddition.Users`. Users *[]*string `json:"users"` }
Properties for defining a `AWS::IAM::UserToGroupAddition`.
type CfnUser_LoginProfileProperty ¶
type CfnUser_LoginProfileProperty struct { // `CfnUser.LoginProfileProperty.Password`. Password *string `json:"password"` // `CfnUser.LoginProfileProperty.PasswordResetRequired`. PasswordResetRequired interface{} `json:"passwordResetRequired"` }
type CfnUser_PolicyProperty ¶
type CfnUser_PolicyProperty struct { // `CfnUser.PolicyProperty.PolicyDocument`. PolicyDocument interface{} `json:"policyDocument"` // `CfnUser.PolicyProperty.PolicyName`. PolicyName *string `json:"policyName"` }
type CfnVirtualMFADevice ¶
type CfnVirtualMFADevice interface { awscdk.CfnResource awscdk.IInspectable AttrSerialNumber() *string CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string LogicalId() *string Node() constructs.Node Path() *string SetPath(val *string) Ref() *string Stack() awscdk.Stack Tags() awscdk.TagManager UpdatedProperites() *map[string]interface{} Users() *[]*string SetUsers(val *[]*string) VirtualMfaDeviceName() *string SetVirtualMfaDeviceName(val *string) AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::IAM::VirtualMFADevice`.
func NewCfnVirtualMFADevice ¶
func NewCfnVirtualMFADevice(scope constructs.Construct, id *string, props *CfnVirtualMFADeviceProps) CfnVirtualMFADevice
Create a new `AWS::IAM::VirtualMFADevice`.
type CfnVirtualMFADeviceProps ¶
type CfnVirtualMFADeviceProps struct { // `AWS::IAM::VirtualMFADevice.Users`. Users *[]*string `json:"users"` // `AWS::IAM::VirtualMFADevice.Path`. Path *string `json:"path"` // `AWS::IAM::VirtualMFADevice.Tags`. Tags *[]*awscdk.CfnTag `json:"tags"` // `AWS::IAM::VirtualMFADevice.VirtualMfaDeviceName`. VirtualMfaDeviceName *string `json:"virtualMfaDeviceName"` }
Properties for defining a `AWS::IAM::VirtualMFADevice`.
type CommonGrantOptions ¶
type CommonGrantOptions struct { // The actions to grant. // Experimental. Actions *[]*string `json:"actions"` // The principal to grant to. // Experimental. Grantee IGrantable `json:"grantee"` // The resource ARNs to grant to. // Experimental. ResourceArns *[]*string `json:"resourceArns"` }
Basic options for a grant operation. Experimental.
type CompositeDependable ¶
type CompositeDependable interface { constructs.IDependable }
Composite dependable.
Not as simple as eagerly getting the dependency roots from the inner dependables, as they may be mutable so we need to defer the query. Experimental.
func NewCompositeDependable ¶
func NewCompositeDependable(dependables ...constructs.IDependable) CompositeDependable
Experimental.
type CompositePrincipal ¶
type CompositePrincipal interface { PrincipalBase AssumeRoleAction() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddPrincipals(principals ...PrincipalBase) CompositePrincipal AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
Represents a principal that has multiple types of principals.
A composite principal cannot have conditions. i.e. multiple ServicePrincipals that form a composite principal Experimental.
func NewCompositePrincipal ¶
func NewCompositePrincipal(principals ...PrincipalBase) CompositePrincipal
Experimental.
type Effect ¶
type Effect string
The Effect element of an IAM policy. See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_effect.html
Experimental.
type FederatedPrincipal ¶
type FederatedPrincipal interface { PrincipalBase AssumeRoleAction() *string Conditions() *map[string]interface{} Federated() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
Principal entity that represents a federated identity provider such as Amazon Cognito, that can be used to provide temporary security credentials to users who have been authenticated.
Additional condition keys are available when the temporary security credentials are used to make a request. You can use these keys to write policies that limit the access of federated users. See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif
Experimental.
func NewFederatedPrincipal ¶
func NewFederatedPrincipal(federated *string, conditions *map[string]interface{}, assumeRoleAction *string) FederatedPrincipal
Experimental.
type FromRoleArnOptions ¶
type FromRoleArnOptions struct { // For immutable roles: add grants to resources instead of dropping them. // // If this is `false` or not specified, grant permissions added to this role are ignored. // It is your own responsibility to make sure the role has the required permissions. // // If this is `true`, any grant permissions will be added to the resource instead. // Experimental. AddGrantsToResources *bool `json:"addGrantsToResources"` // Whether the imported role can be modified by attaching policy resources to it. // Experimental. Mutable *bool `json:"mutable"` }
Options allowing customizing the behavior of {@link Role.fromRoleArn}. Experimental.
type Grant ¶
type Grant interface { constructs.IDependable PrincipalStatement() PolicyStatement ResourceStatement() PolicyStatement Success() *bool ApplyBefore(constructs ...constructs.IConstruct) AssertSuccess() }
Result of a grant() operation.
This class is not instantiable by consumers on purpose, so that they will be required to call the Grant factory functions. Experimental.
func Grant_AddToPrincipal ¶
func Grant_AddToPrincipal(options *GrantOnPrincipalOptions) Grant
Try to grant the given permissions to the given principal.
Absence of a principal leads to a warning, but failing to add the permissions to a present principal is not an error. Experimental.
func Grant_AddToPrincipalAndResource ¶
func Grant_AddToPrincipalAndResource(options *GrantOnPrincipalAndResourceOptions) Grant
Add a grant both on the principal and on the resource.
As long as any principal is given, granting on the principal may fail (in case of a non-identity principal), but granting on the resource will never fail.
Statement will be the resource statement. Experimental.
func Grant_AddToPrincipalOrResource ¶
func Grant_AddToPrincipalOrResource(options *GrantWithResourceOptions) Grant
Grant the given permissions to the principal.
The permissions will be added to the principal policy primarily, falling back to the resource policy if necessary. The permissions must be granted somewhere.
- Trying to grant permissions to a principal that does not admit adding to the principal policy while not providing a resource with a resource policy is an error.
- Trying to grant permissions to an absent principal (possible in the case of imported resources) leads to a warning being added to the resource construct.
Experimental.
func Grant_Drop ¶
func Grant_Drop(grantee IGrantable, _intent *string) Grant
Returns a "no-op" `Grant` object which represents a "dropped grant".
This can be used for e.g. imported resources where you may not be able to modify the resource's policy or some underlying policy which you don't know about. Experimental.
type GrantOnPrincipalAndResourceOptions ¶
type GrantOnPrincipalAndResourceOptions struct { // The actions to grant. // Experimental. Actions *[]*string `json:"actions"` // The principal to grant to. // Experimental. Grantee IGrantable `json:"grantee"` // The resource ARNs to grant to. // Experimental. ResourceArns *[]*string `json:"resourceArns"` // The resource with a resource policy. // // The statement will always be added to the resource policy. // Experimental. Resource IResourceWithPolicy `json:"resource"` // The principal to use in the statement for the resource policy. // Experimental. ResourcePolicyPrincipal IPrincipal `json:"resourcePolicyPrincipal"` // When referring to the resource in a resource policy, use this as ARN. // // (Depending on the resource type, this needs to be '*' in a resource policy). // Experimental. ResourceSelfArns *[]*string `json:"resourceSelfArns"` }
Options for a grant operation to both identity and resource. Experimental.
type GrantOnPrincipalOptions ¶
type GrantOnPrincipalOptions struct { // The actions to grant. // Experimental. Actions *[]*string `json:"actions"` // The principal to grant to. // Experimental. Grantee IGrantable `json:"grantee"` // The resource ARNs to grant to. // Experimental. ResourceArns *[]*string `json:"resourceArns"` // Construct to report warnings on in case grant could not be registered. // Experimental. Scope constructs.IConstruct `json:"scope"` }
Options for a grant operation that only applies to principals. Experimental.
type GrantWithResourceOptions ¶
type GrantWithResourceOptions struct { // The actions to grant. // Experimental. Actions *[]*string `json:"actions"` // The principal to grant to. // Experimental. Grantee IGrantable `json:"grantee"` // The resource ARNs to grant to. // Experimental. ResourceArns *[]*string `json:"resourceArns"` // The resource with a resource policy. // // The statement will be added to the resource policy if it couldn't be // added to the principal policy. // Experimental. Resource IResourceWithPolicy `json:"resource"` // When referring to the resource in a resource policy, use this as ARN. // // (Depending on the resource type, this needs to be '*' in a resource policy). // Experimental. ResourceSelfArns *[]*string `json:"resourceSelfArns"` }
Options for a grant operation. Experimental.
type Group ¶
type Group interface { awscdk.Resource IGroup AssumeRoleAction() *string Env() *awscdk.ResourceEnvironment GrantPrincipal() IPrincipal GroupArn() *string GroupName() *string Node() constructs.Node PhysicalName() *string PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string Stack() awscdk.Stack AddManagedPolicy(policy IManagedPolicy) AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(statement PolicyStatement) *AddToPrincipalPolicyResult AddUser(user IUser) ApplyRemovalPolicy(policy awscdk.RemovalPolicy) AttachInlinePolicy(policy Policy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string ToString() *string }
An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users. See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
Experimental.
func NewGroup ¶
func NewGroup(scope constructs.Construct, id *string, props *GroupProps) Group
Experimental.
type GroupProps ¶
type GroupProps struct { // A name for the IAM group. // // For valid values, see the GroupName parameter // for the CreateGroup action in the IAM API Reference. If you don't specify // a name, AWS CloudFormation generates a unique physical ID and uses that // ID for the group name. // // If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to // acknowledge your template's capabilities. For more information, see // Acknowledging IAM Resources in AWS CloudFormation Templates. // Experimental. GroupName *string `json:"groupName"` // A list of managed policies associated with this role. // // You can add managed policies later using // `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`. // Experimental. ManagedPolicies *[]IManagedPolicy `json:"managedPolicies"` // The path to the group. // // For more information about paths, see [IAM // Identifiers](http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html) // in the IAM User Guide. // Experimental. Path *string `json:"path"` }
Properties for defining an IAM group. Experimental.
type IGrantable ¶
type IGrantable interface { // The principal to grant permissions to. // Experimental. GrantPrincipal() IPrincipal }
Any object that has an associated principal that a permission can be granted to. Experimental.
type IGroup ¶
type IGroup interface { IIdentity // Returns the IAM Group ARN. // Experimental. GroupArn() *string // Returns the IAM Group Name. // Experimental. GroupName() *string }
Represents an IAM Group. See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
Experimental.
func Group_FromGroupArn ¶
Import an external group by ARN.
If the imported Group ARN is a Token (such as a `CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced group has a `path` (like `arn:...:group/AdminGroup/NetworkAdmin`), the `groupName` property will not resolve to the correct value. Instead it will resolve to the first path component. We unfortunately cannot express the correct calculation of the full path name as a CloudFormation expression. In this scenario the Group ARN should be supplied without the `path` in order to resolve the correct group resource. Experimental.
type IIdentity ¶
type IIdentity interface { IPrincipal awscdk.IResource // Attaches a managed policy to this principal. // Experimental. AddManagedPolicy(policy IManagedPolicy) // Attaches an inline policy to this principal. // // This is the same as calling `policy.addToXxx(principal)`. // Experimental. AttachInlinePolicy(policy Policy) }
A construct that represents an IAM principal, such as a user, group or role. Experimental.
type IManagedPolicy ¶
type IManagedPolicy interface { // The ARN of the managed policy. // Experimental. ManagedPolicyArn() *string }
A managed policy. Experimental.
func ManagedPolicy_FromAwsManagedPolicyName ¶
func ManagedPolicy_FromAwsManagedPolicyName(managedPolicyName *string) IManagedPolicy
Import a managed policy from one of the policies that AWS manages.
For this managed policy, you only need to know the name to be able to use it.
Some managed policy names start with "service-role/", some start with "job-function/", and some don't start with anything. Do include the prefix when constructing this object. Experimental.
func ManagedPolicy_FromManagedPolicyArn ¶
func ManagedPolicy_FromManagedPolicyArn(scope constructs.Construct, id *string, managedPolicyArn *string) IManagedPolicy
Import an external managed policy by ARN.
For this managed policy, you only need to know the ARN to be able to use it. This can be useful if you got the ARN from a CloudFormation Export.
If the imported Managed Policy ARN is a Token (such as a `CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced managed policy has a `path` (like `arn:...:policy/AdminPolicy/AdminAllow`), the `managedPolicyName` property will not resolve to the correct value. Instead it will resolve to the first path component. We unfortunately cannot express the correct calculation of the full path name as a CloudFormation expression. In this scenario the Managed Policy ARN should be supplied without the `path` in order to resolve the correct managed policy resource. Experimental.
func ManagedPolicy_FromManagedPolicyName ¶
func ManagedPolicy_FromManagedPolicyName(scope constructs.Construct, id *string, managedPolicyName *string) IManagedPolicy
Import a customer managed policy from the managedPolicyName.
For this managed policy, you only need to know the name to be able to use it. Experimental.
type IOpenIdConnectProvider ¶
type IOpenIdConnectProvider interface { awscdk.IResource // The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. // Experimental. OpenIdConnectProviderArn() *string // The issuer for OIDC Provider. // Experimental. OpenIdConnectProviderIssuer() *string }
Represents an IAM OpenID Connect provider. Experimental.
func OpenIdConnectProvider_FromOpenIdConnectProviderArn ¶
func OpenIdConnectProvider_FromOpenIdConnectProviderArn(scope constructs.Construct, id *string, openIdConnectProviderArn *string) IOpenIdConnectProvider
Imports an Open ID connect provider from an ARN. Experimental.
type IPolicy ¶
type IPolicy interface { awscdk.IResource // The name of this policy. // Experimental. PolicyName() *string }
Represents an IAM Policy. See: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage.html
Experimental.
func Policy_FromPolicyName ¶
Import a policy in this app based on its name. Experimental.
type IPrincipal ¶
type IPrincipal interface { IGrantable // Add to the policy of this principal. // Experimental. AddToPrincipalPolicy(statement PolicyStatement) *AddToPrincipalPolicyResult // When this Principal is used in an AssumeRole policy, the action to use. // Experimental. AssumeRoleAction() *string // Return the policy fragment that identifies this principal in a Policy. // Experimental. PolicyFragment() PrincipalPolicyFragment // The AWS account ID of this principal. // // Can be undefined when the account is not known // (for example, for service principals). // Can be a Token - in that case, // it's assumed to be AWS::AccountId. // Experimental. PrincipalAccount() *string }
Represents a logical IAM principal.
An IPrincipal describes a logical entity that can perform AWS API calls against sets of resources, optionally under certain conditions.
Examples of simple principals are IAM objects that you create, such as Users or Roles.
An example of a more complex principals is a `ServicePrincipal` (such as `new ServicePrincipal("sns.amazonaws.com")`, which represents the Simple Notifications Service).
A single logical Principal may also map to a set of physical principals. For example, `new OrganizationPrincipal('o-1234')` represents all identities that are part of the given AWS Organization. Experimental.
type IResourceWithPolicy ¶
type IResourceWithPolicy interface { awscdk.IResource // Add a statement to the resource's resource policy. // Experimental. AddToResourcePolicy(statement PolicyStatement) *AddToResourcePolicyResult }
A resource with a resource policy that can be added to. Experimental.
type IRole ¶
type IRole interface { IIdentity // Grant the actions defined in actions to the identity Principal on this resource. // Experimental. Grant(grantee IPrincipal, actions ...*string) Grant // Grant permissions to the given principal to pass this role. // Experimental. GrantPassRole(grantee IPrincipal) Grant // Returns the ARN of this role. // Experimental. RoleArn() *string // Returns the name of this role. // Experimental. RoleName() *string }
A Role object. Experimental.
func Role_FromRoleArn ¶
func Role_FromRoleArn(scope constructs.Construct, id *string, roleArn *string, options *FromRoleArnOptions) IRole
Import an external role by ARN.
If the imported Role ARN is a Token (such as a `CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced role has a `path` (like `arn:...:role/AdminRoles/Alice`), the `roleName` property will not resolve to the correct value. Instead it will resolve to the first path component. We unfortunately cannot express the correct calculation of the full path name as a CloudFormation expression. In this scenario the Role ARN should be supplied without the `path` in order to resolve the correct role resource. Experimental.
type ISamlProvider ¶
type ISamlProvider interface { awscdk.IResource // The Amazon Resource Name (ARN) of the provider. // Experimental. SamlProviderArn() *string }
A SAML provider. Experimental.
func SamlProvider_FromSamlProviderArn ¶
func SamlProvider_FromSamlProviderArn(scope constructs.Construct, id *string, samlProviderArn *string) ISamlProvider
Import an existing provider. Experimental.
type IUser ¶
type IUser interface { IIdentity // Adds this user to a group. // Experimental. AddToGroup(group IGroup) // The user's ARN. // Experimental. UserArn() *string // The user's name. // Experimental. UserName() *string }
Represents an IAM user. See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html
Experimental.
func User_FromUserArn ¶
Import an existing user given a user ARN. Experimental.
func User_FromUserAttributes ¶
func User_FromUserAttributes(scope constructs.Construct, id *string, attrs *UserAttributes) IUser
Import an existing user given user attributes. Experimental.
func User_FromUserName ¶
Import an existing user given a username. Experimental.
type LazyRole ¶
type LazyRole interface { awscdk.Resource IRole AssumeRoleAction() *string Env() *awscdk.ResourceEnvironment GrantPrincipal() IPrincipal Node() constructs.Node PhysicalName() *string PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string RoleArn() *string RoleId() *string RoleName() *string Stack() awscdk.Stack AddManagedPolicy(policy IManagedPolicy) AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(statement PolicyStatement) *AddToPrincipalPolicyResult ApplyRemovalPolicy(policy awscdk.RemovalPolicy) AttachInlinePolicy(policy Policy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string Grant(identity IPrincipal, actions ...*string) Grant GrantPassRole(identity IPrincipal) Grant ToString() *string }
An IAM role that only gets attached to the construct tree once it gets used, not before.
This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed. Experimental.
func NewLazyRole ¶
func NewLazyRole(scope constructs.Construct, id *string, props *LazyRoleProps) LazyRole
Experimental.
type LazyRoleProps ¶
type LazyRoleProps struct { // The IAM principal (i.e. `new ServicePrincipal('sns.amazonaws.com')`) which can assume this role. // // You can later modify the assume role policy document by accessing it via // the `assumeRolePolicy` property. // Experimental. AssumedBy IPrincipal `json:"assumedBy"` // A description of the role. // // It can be up to 1000 characters long. // Experimental. Description *string `json:"description"` // List of IDs that the role assumer needs to provide one of when assuming this role. // // If the configured and provided external IDs do not match, the // AssumeRole operation will fail. // Experimental. ExternalIds *[]*string `json:"externalIds"` // A list of named policies to inline into this role. // // These policies will be // created with the role, whereas those added by “addToPolicy“ are added // using a separate CloudFormation resource (allowing a way around circular // dependencies that could otherwise be introduced). // Experimental. InlinePolicies *map[string]PolicyDocument `json:"inlinePolicies"` // A list of managed policies associated with this role. // // You can add managed policies later using // `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`. // Experimental. ManagedPolicies *[]IManagedPolicy `json:"managedPolicies"` // The maximum session duration that you want to set for the specified role. // // This setting can have a value from 1 hour (3600sec) to 12 (43200sec) hours. // // Anyone who assumes the role from the AWS CLI or API can use the // DurationSeconds API parameter or the duration-seconds CLI parameter to // request a longer session. The MaxSessionDuration setting determines the // maximum duration that can be requested using the DurationSeconds // parameter. // // If users don't specify a value for the DurationSeconds parameter, their // security credentials are valid for one hour by default. This applies when // you use the AssumeRole* API operations or the assume-role* CLI operations // but does not apply when you use those operations to create a console URL. // Experimental. MaxSessionDuration awscdk.Duration `json:"maxSessionDuration"` // The path associated with this role. // // For information about IAM paths, see // Friendly Names and Paths in IAM User Guide. // Experimental. Path *string `json:"path"` // AWS supports permissions boundaries for IAM entities (users or roles). // // A permissions boundary is an advanced feature for using a managed policy // to set the maximum permissions that an identity-based policy can grant to // an IAM entity. An entity's permissions boundary allows it to perform only // the actions that are allowed by both its identity-based policies and its // permissions boundaries. // Experimental. PermissionsBoundary IManagedPolicy `json:"permissionsBoundary"` // A name for the IAM role. // // For valid values, see the RoleName parameter for // the CreateRole action in the IAM API Reference. // // IMPORTANT: If you specify a name, you cannot perform updates that require // replacement of this resource. You can perform updates that require no or // some interruption. If you must replace the resource, specify a new name. // // If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to // acknowledge your template's capabilities. For more information, see // Acknowledging IAM Resources in AWS CloudFormation Templates. // Experimental. RoleName *string `json:"roleName"` }
Properties for defining a LazyRole. Experimental.
type ManagedPolicy ¶
type ManagedPolicy interface { awscdk.Resource IManagedPolicy Description() *string Document() PolicyDocument Env() *awscdk.ResourceEnvironment ManagedPolicyArn() *string ManagedPolicyName() *string Node() constructs.Node Path() *string PhysicalName() *string Stack() awscdk.Stack AddStatements(statement ...PolicyStatement) ApplyRemovalPolicy(policy awscdk.RemovalPolicy) AttachToGroup(group IGroup) AttachToRole(role IRole) AttachToUser(user IUser) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string ToString() *string }
Managed policy. Experimental.
func NewManagedPolicy ¶
func NewManagedPolicy(scope constructs.Construct, id *string, props *ManagedPolicyProps) ManagedPolicy
Experimental.
type ManagedPolicyProps ¶
type ManagedPolicyProps struct { // A description of the managed policy. // // Typically used to store information about the // permissions defined in the policy. For example, "Grants access to production DynamoDB tables." // The policy description is immutable. After a value is assigned, it cannot be changed. // Experimental. Description *string `json:"description"` // Initial PolicyDocument to use for this ManagedPolicy. // // If omited, any // `PolicyStatement` provided in the `statements` property will be applied // against the empty default `PolicyDocument`. // Experimental. Document PolicyDocument `json:"document"` // Groups to attach this policy to. // // You can also use `attachToGroup(group)` to attach this policy to a group. // Experimental. Groups *[]IGroup `json:"groups"` // The name of the managed policy. // // If you specify multiple policies for an entity, // specify unique names. For example, if you specify a list of policies for // an IAM role, each policy must have a unique name. // Experimental. ManagedPolicyName *string `json:"managedPolicyName"` // The path for the policy. // // This parameter allows (through its regex pattern) a string of characters // consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. // In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), // including most punctuation characters, digits, and upper and lowercased letters. // // For more information about paths, see IAM Identifiers in the IAM User Guide. // Experimental. Path *string `json:"path"` // Roles to attach this policy to. // // You can also use `attachToRole(role)` to attach this policy to a role. // Experimental. Roles *[]IRole `json:"roles"` // Initial set of permissions to add to this policy document. // // You can also use `addPermission(statement)` to add permissions later. // Experimental. Statements *[]PolicyStatement `json:"statements"` // Users to attach this policy to. // // You can also use `attachToUser(user)` to attach this policy to a user. // Experimental. Users *[]IUser `json:"users"` }
Properties for defining an IAM managed policy. Experimental.
type OpenIdConnectPrincipal ¶
type OpenIdConnectPrincipal interface { WebIdentityPrincipal AssumeRoleAction() *string Conditions() *map[string]interface{} Federated() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
A principal that represents a federated identity provider as from a OpenID Connect provider. Experimental.
func NewOpenIdConnectPrincipal ¶
func NewOpenIdConnectPrincipal(openIdConnectProvider IOpenIdConnectProvider, conditions *map[string]interface{}) OpenIdConnectPrincipal
Experimental.
type OpenIdConnectProvider ¶
type OpenIdConnectProvider interface { awscdk.Resource IOpenIdConnectProvider Env() *awscdk.ResourceEnvironment Node() constructs.Node OpenIdConnectProviderArn() *string OpenIdConnectProviderIssuer() *string PhysicalName() *string Stack() awscdk.Stack ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string ToString() *string }
IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce.
You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities. See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
Experimental.
func NewOpenIdConnectProvider ¶
func NewOpenIdConnectProvider(scope constructs.Construct, id *string, props *OpenIdConnectProviderProps) OpenIdConnectProvider
Defines an OpenID Connect provider. Experimental.
type OpenIdConnectProviderProps ¶
type OpenIdConnectProviderProps struct { // The URL of the identity provider. // // The URL must begin with https:// and // should correspond to the iss claim in the provider's OpenID Connect ID // tokens. Per the OIDC standard, path components are allowed but query // parameters are not. Typically the URL consists of only a hostname, like // https://server.example.org or https://example.com. // // You cannot register the same provider multiple times in a single AWS // account. If you try to submit a URL that has already been used for an // OpenID Connect provider in the AWS account, you will get an error. // Experimental. Url *string `json:"url"` // A list of client IDs (also known as audiences). // // When a mobile or web app // registers with an OpenID Connect provider, they establish a value that // identifies the application. (This is the value that's sent as the client_id // parameter on OAuth requests.) // // You can register multiple client IDs with the same provider. For example, // you might have multiple applications that use the same OIDC provider. You // cannot register more than 100 client IDs with a single IAM OIDC provider. // // Client IDs are up to 255 characters long. // Experimental. ClientIds *[]*string `json:"clientIds"` // A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificates. // // Typically this list includes only one entry. However, IAM lets you have up // to five thumbprints for an OIDC provider. This lets you maintain multiple // thumbprints if the identity provider is rotating certificates. // // The server certificate thumbprint is the hex-encoded SHA-1 hash value of // the X.509 certificate used by the domain where the OpenID Connect provider // makes its keys available. It is always a 40-character string. // // You must provide at least one thumbprint when creating an IAM OIDC // provider. For example, assume that the OIDC provider is server.example.com // and the provider stores its keys at // https://keys.server.example.com/openid-connect. In that case, the // thumbprint string would be the hex-encoded SHA-1 hash value of the // certificate used by https://keys.server.example.com. // Experimental. Thumbprints *[]*string `json:"thumbprints"` }
Initialization properties for `OpenIdConnectProvider`. Experimental.
type OrganizationPrincipal ¶
type OrganizationPrincipal interface { PrincipalBase AssumeRoleAction() *string GrantPrincipal() IPrincipal OrganizationId() *string PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
A principal that represents an AWS Organization. Experimental.
func NewOrganizationPrincipal ¶
func NewOrganizationPrincipal(organizationId *string) OrganizationPrincipal
Experimental.
type PermissionsBoundary ¶
type PermissionsBoundary interface { Apply(boundaryPolicy IManagedPolicy) Clear() }
Modify the Permissions Boundaries of Users and Roles in a construct tree.
TODO: EXAMPLE
Experimental.
func PermissionsBoundary_Of ¶
func PermissionsBoundary_Of(scope constructs.IConstruct) PermissionsBoundary
Access the Permissions Boundaries of a construct tree. Experimental.
type Policy ¶
type Policy interface { awscdk.Resource IPolicy Document() PolicyDocument Env() *awscdk.ResourceEnvironment Node() constructs.Node PhysicalName() *string PolicyName() *string Stack() awscdk.Stack AddStatements(statement ...PolicyStatement) ApplyRemovalPolicy(policy awscdk.RemovalPolicy) AttachToGroup(group IGroup) AttachToRole(role IRole) AttachToUser(user IUser) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string ToString() *string }
The AWS::IAM::Policy resource associates an IAM policy with IAM users, roles, or groups.
For more information about IAM policies, see [Overview of IAM Policies](http://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html) in the IAM User Guide guide. Experimental.
func NewPolicy ¶
func NewPolicy(scope constructs.Construct, id *string, props *PolicyProps) Policy
Experimental.
type PolicyDocument ¶
type PolicyDocument interface { awscdk.IResolvable CreationStack() *[]*string IsEmpty() *bool StatementCount() *float64 AddStatements(statement ...PolicyStatement) Resolve(context awscdk.IResolveContext) interface{} ToJSON() interface{} ToString() *string ValidateForAnyPolicy() *[]*string ValidateForIdentityPolicy() *[]*string ValidateForResourcePolicy() *[]*string }
A PolicyDocument is a collection of statements. Experimental.
func NewPolicyDocument ¶
func NewPolicyDocument(props *PolicyDocumentProps) PolicyDocument
Experimental.
func PolicyDocument_FromJson ¶
func PolicyDocument_FromJson(obj interface{}) PolicyDocument
Creates a new PolicyDocument based on the object provided.
This will accept an object created from the `.toJSON()` call Experimental.
type PolicyDocumentProps ¶
type PolicyDocumentProps struct { // Automatically assign Statement Ids to all statements. // Experimental. AssignSids *bool `json:"assignSids"` // Initial statements to add to the policy document. // Experimental. Statements *[]PolicyStatement `json:"statements"` }
Properties for a new PolicyDocument. Experimental.
type PolicyProps ¶
type PolicyProps struct { // Initial PolicyDocument to use for this Policy. // // If omited, any // `PolicyStatement` provided in the `statements` property will be applied // against the empty default `PolicyDocument`. // Experimental. Document PolicyDocument `json:"document"` // Force creation of an `AWS::IAM::Policy`. // // Unless set to `true`, this `Policy` construct will not materialize to an // `AWS::IAM::Policy` CloudFormation resource in case it would have no effect // (for example, if it remains unattached to an IAM identity or if it has no // statements). This is generally desired behavior, since it prevents // creating invalid--and hence undeployable--CloudFormation templates. // // In cases where you know the policy must be created and it is actually // an error if no statements have been added to it, you can set this to `true`. // Experimental. Force *bool `json:"force"` // Groups to attach this policy to. // // You can also use `attachToGroup(group)` to attach this policy to a group. // Experimental. Groups *[]IGroup `json:"groups"` // The name of the policy. // // If you specify multiple policies for an entity, // specify unique names. For example, if you specify a list of policies for // an IAM role, each policy must have a unique name. // Experimental. PolicyName *string `json:"policyName"` // Roles to attach this policy to. // // You can also use `attachToRole(role)` to attach this policy to a role. // Experimental. Roles *[]IRole `json:"roles"` // Initial set of permissions to add to this policy document. // // You can also use `addStatements(...statement)` to add permissions later. // Experimental. Statements *[]PolicyStatement `json:"statements"` // Users to attach this policy to. // // You can also use `attachToUser(user)` to attach this policy to a user. // Experimental. Users *[]IUser `json:"users"` }
Properties for defining an IAM inline policy document. Experimental.
type PolicyStatement ¶
type PolicyStatement interface { Effect() Effect SetEffect(val Effect) HasPrincipal() *bool HasResource() *bool Sid() *string SetSid(val *string) AddAccountCondition(accountId *string) AddAccountRootPrincipal() AddActions(actions ...*string) AddAllResources() AddAnyPrincipal() AddArnPrincipal(arn *string) AddAwsAccountPrincipal(accountId *string) AddCanonicalUserPrincipal(canonicalUserId *string) AddCondition(key *string, value interface{}) AddConditions(conditions *map[string]interface{}) AddFederatedPrincipal(federated interface{}, conditions *map[string]interface{}) AddNotActions(notActions ...*string) AddNotPrincipals(notPrincipals ...IPrincipal) AddNotResources(arns ...*string) AddPrincipals(principals ...IPrincipal) AddResources(arns ...*string) AddServicePrincipal(service *string, opts *ServicePrincipalOpts) ToJSON() interface{} ToStatementJson() interface{} ToString() *string ValidateForAnyPolicy() *[]*string ValidateForIdentityPolicy() *[]*string ValidateForResourcePolicy() *[]*string }
Represents a statement in an IAM policy document. Experimental.
func NewPolicyStatement ¶
func NewPolicyStatement(props *PolicyStatementProps) PolicyStatement
Experimental.
func PolicyStatement_FromJson ¶
func PolicyStatement_FromJson(obj interface{}) PolicyStatement
Creates a new PolicyStatement based on the object provided.
This will accept an object created from the `.toJSON()` call Experimental.
type PolicyStatementProps ¶
type PolicyStatementProps struct { // List of actions to add to the statement. // Experimental. Actions *[]*string `json:"actions"` // Conditions to add to the statement. // Experimental. Conditions *map[string]interface{} `json:"conditions"` // Whether to allow or deny the actions in this statement. // Experimental. Effect Effect `json:"effect"` // List of not actions to add to the statement. // Experimental. NotActions *[]*string `json:"notActions"` // List of not principals to add to the statement. // Experimental. NotPrincipals *[]IPrincipal `json:"notPrincipals"` // NotResource ARNs to add to the statement. // Experimental. NotResources *[]*string `json:"notResources"` // List of principals to add to the statement. // Experimental. Principals *[]IPrincipal `json:"principals"` // Resource ARNs to add to the statement. // Experimental. Resources *[]*string `json:"resources"` // The Sid (statement ID) is an optional identifier that you provide for the policy statement. // // You can assign a Sid value to each statement in a // statement array. In services that let you specify an ID element, such as // SQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In // IAM, the Sid value must be unique within a JSON policy. // Experimental. Sid *string `json:"sid"` }
Interface for creating a policy statement. Experimental.
type PrincipalBase ¶
type PrincipalBase interface { IPrincipal AssumeRoleAction() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
Base class for policy principals. Experimental.
type PrincipalPolicyFragment ¶
type PrincipalPolicyFragment interface { Conditions() *map[string]interface{} PrincipalJson() *map[string]*[]*string }
A collection of the fields in a PolicyStatement that can be used to identify a principal.
This consists of the JSON used in the "Principal" field, and optionally a set of "Condition"s that need to be applied to the policy. Experimental.
func NewPrincipalPolicyFragment ¶
func NewPrincipalPolicyFragment(principalJson *map[string]*[]*string, conditions *map[string]interface{}) PrincipalPolicyFragment
Experimental.
type PrincipalWithConditions ¶
type PrincipalWithConditions interface { IPrincipal AssumeRoleAction() *string Conditions() *map[string]interface{} GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddCondition(key *string, value interface{}) AddConditions(conditions *map[string]interface{}) AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string }
An IAM principal with additional conditions specifying when the policy is in effect.
For more information about conditions, see: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html Experimental.
func NewPrincipalWithConditions ¶
func NewPrincipalWithConditions(principal IPrincipal, conditions *map[string]interface{}) PrincipalWithConditions
Experimental.
type Role ¶
type Role interface { awscdk.Resource IRole AssumeRoleAction() *string AssumeRolePolicy() PolicyDocument Env() *awscdk.ResourceEnvironment GrantPrincipal() IPrincipal Node() constructs.Node PermissionsBoundary() IManagedPolicy PhysicalName() *string PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string RoleArn() *string RoleId() *string RoleName() *string Stack() awscdk.Stack AddManagedPolicy(policy IManagedPolicy) AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(statement PolicyStatement) *AddToPrincipalPolicyResult ApplyRemovalPolicy(policy awscdk.RemovalPolicy) AttachInlinePolicy(policy Policy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string Grant(grantee IPrincipal, actions ...*string) Grant GrantPassRole(identity IPrincipal) Grant ToString() *string WithoutPolicyUpdates(options *WithoutPolicyUpdatesOptions) IRole }
IAM Role.
Defines an IAM role. The role is created with an assume policy document associated with the specified AWS service principal defined in `serviceAssumeRole`. Experimental.
type RoleProps ¶
type RoleProps struct { // The IAM principal (i.e. `new ServicePrincipal('sns.amazonaws.com')`) which can assume this role. // // You can later modify the assume role policy document by accessing it via // the `assumeRolePolicy` property. // Experimental. AssumedBy IPrincipal `json:"assumedBy"` // A description of the role. // // It can be up to 1000 characters long. // Experimental. Description *string `json:"description"` // List of IDs that the role assumer needs to provide one of when assuming this role. // // If the configured and provided external IDs do not match, the // AssumeRole operation will fail. // Experimental. ExternalIds *[]*string `json:"externalIds"` // A list of named policies to inline into this role. // // These policies will be // created with the role, whereas those added by “addToPolicy“ are added // using a separate CloudFormation resource (allowing a way around circular // dependencies that could otherwise be introduced). // Experimental. InlinePolicies *map[string]PolicyDocument `json:"inlinePolicies"` // A list of managed policies associated with this role. // // You can add managed policies later using // `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`. // Experimental. ManagedPolicies *[]IManagedPolicy `json:"managedPolicies"` // The maximum session duration that you want to set for the specified role. // // This setting can have a value from 1 hour (3600sec) to 12 (43200sec) hours. // // Anyone who assumes the role from the AWS CLI or API can use the // DurationSeconds API parameter or the duration-seconds CLI parameter to // request a longer session. The MaxSessionDuration setting determines the // maximum duration that can be requested using the DurationSeconds // parameter. // // If users don't specify a value for the DurationSeconds parameter, their // security credentials are valid for one hour by default. This applies when // you use the AssumeRole* API operations or the assume-role* CLI operations // but does not apply when you use those operations to create a console URL. // Experimental. MaxSessionDuration awscdk.Duration `json:"maxSessionDuration"` // The path associated with this role. // // For information about IAM paths, see // Friendly Names and Paths in IAM User Guide. // Experimental. Path *string `json:"path"` // AWS supports permissions boundaries for IAM entities (users or roles). // // A permissions boundary is an advanced feature for using a managed policy // to set the maximum permissions that an identity-based policy can grant to // an IAM entity. An entity's permissions boundary allows it to perform only // the actions that are allowed by both its identity-based policies and its // permissions boundaries. // Experimental. PermissionsBoundary IManagedPolicy `json:"permissionsBoundary"` // A name for the IAM role. // // For valid values, see the RoleName parameter for // the CreateRole action in the IAM API Reference. // // IMPORTANT: If you specify a name, you cannot perform updates that require // replacement of this resource. You can perform updates that require no or // some interruption. If you must replace the resource, specify a new name. // // If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to // acknowledge your template's capabilities. For more information, see // Acknowledging IAM Resources in AWS CloudFormation Templates. // Experimental. RoleName *string `json:"roleName"` }
Properties for defining an IAM Role. Experimental.
type SamlConsolePrincipal ¶
type SamlConsolePrincipal interface { SamlPrincipal AssumeRoleAction() *string Conditions() *map[string]interface{} Federated() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
Principal entity that represents a SAML federated identity provider for programmatic and AWS Management Console access. Experimental.
func NewSamlConsolePrincipal ¶
func NewSamlConsolePrincipal(samlProvider ISamlProvider, conditions *map[string]interface{}) SamlConsolePrincipal
Experimental.
type SamlMetadataDocument ¶
type SamlMetadataDocument interface {
Xml() *string
}
A SAML metadata document. Experimental.
func SamlMetadataDocument_FromFile ¶
func SamlMetadataDocument_FromFile(path *string) SamlMetadataDocument
Create a SAML metadata document from a XML file. Experimental.
func SamlMetadataDocument_FromXml ¶
func SamlMetadataDocument_FromXml(xml *string) SamlMetadataDocument
Create a SAML metadata document from a XML string. Experimental.
type SamlPrincipal ¶
type SamlPrincipal interface { FederatedPrincipal AssumeRoleAction() *string Conditions() *map[string]interface{} Federated() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
Principal entity that represents a SAML federated identity provider. Experimental.
func NewSamlPrincipal ¶
func NewSamlPrincipal(samlProvider ISamlProvider, conditions *map[string]interface{}) SamlPrincipal
Experimental.
type SamlProvider ¶
type SamlProvider interface { awscdk.Resource ISamlProvider Env() *awscdk.ResourceEnvironment Node() constructs.Node PhysicalName() *string SamlProviderArn() *string Stack() awscdk.Stack ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string ToString() *string }
A SAML provider. Experimental.
func NewSamlProvider ¶
func NewSamlProvider(scope constructs.Construct, id *string, props *SamlProviderProps) SamlProvider
Experimental.
type SamlProviderProps ¶
type SamlProviderProps struct { // An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP. // Experimental. MetadataDocument SamlMetadataDocument `json:"metadataDocument"` // The name of the provider to create. // // This parameter allows a string of characters consisting of upper and // lowercase alphanumeric characters with no spaces. You can also include // any of the following characters: _+=,.@- // // Length must be between 1 and 128 characters. // Experimental. Name *string `json:"name"` }
Properties for a SAML provider. Experimental.
type ServicePrincipal ¶
type ServicePrincipal interface { PrincipalBase AssumeRoleAction() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string Service() *string AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
An IAM principal that represents an AWS service (i.e. sqs.amazonaws.com). Experimental.
func NewServicePrincipal ¶
func NewServicePrincipal(service *string, opts *ServicePrincipalOpts) ServicePrincipal
Experimental.
type ServicePrincipalOpts ¶
type ServicePrincipalOpts struct { // Additional conditions to add to the Service Principal. // Experimental. Conditions *map[string]interface{} `json:"conditions"` // The region in which the service is operating. // Experimental. Region *string `json:"region"` }
Options for a service principal. Experimental.
type UnknownPrincipal ¶
type UnknownPrincipal interface { IPrincipal AssumeRoleAction() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(statement PolicyStatement) *AddToPrincipalPolicyResult }
A principal for use in resources that need to have a role but it's unknown.
Some resources have roles associated with them which they assume, such as Lambda Functions, CodeBuild projects, StepFunctions machines, etc.
When those resources are imported, their actual roles are not always imported with them. When that happens, we use an instance of this class instead, which will add user warnings when statements are attempted to be added to it. Experimental.
func NewUnknownPrincipal ¶
func NewUnknownPrincipal(props *UnknownPrincipalProps) UnknownPrincipal
Experimental.
type UnknownPrincipalProps ¶
type UnknownPrincipalProps struct { // The resource the role proxy is for. // Experimental. Resource constructs.IConstruct `json:"resource"` }
Properties for an UnknownPrincipal. Experimental.
type User ¶
type User interface { awscdk.Resource IIdentity IUser AssumeRoleAction() *string Env() *awscdk.ResourceEnvironment GrantPrincipal() IPrincipal Node() constructs.Node PermissionsBoundary() IManagedPolicy PhysicalName() *string PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string Stack() awscdk.Stack UserArn() *string UserName() *string AddManagedPolicy(policy IManagedPolicy) AddToGroup(group IGroup) AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(statement PolicyStatement) *AddToPrincipalPolicyResult ApplyRemovalPolicy(policy awscdk.RemovalPolicy) AttachInlinePolicy(policy Policy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string ToString() *string }
Define a new IAM user. Experimental.
type UserAttributes ¶
type UserAttributes struct { // The ARN of the user. // // Format: arn:<partition>:iam::<account-id>:user/<user-name-with-path> // Experimental. UserArn *string `json:"userArn"` }
Represents a user defined outside of this stack. Experimental.
type UserProps ¶
type UserProps struct { // Groups to add this user to. // // You can also use `addToGroup` to add this // user to a group. // Experimental. Groups *[]IGroup `json:"groups"` // A list of managed policies associated with this role. // // You can add managed policies later using // `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`. // Experimental. ManagedPolicies *[]IManagedPolicy `json:"managedPolicies"` // The password for the user. This is required so the user can access the AWS Management Console. // // You can use `SecretValue.plainText` to specify a password in plain text or // use `secretsmanager.Secret.fromSecretAttributes` to reference a secret in // Secrets Manager. // Experimental. Password awscdk.SecretValue `json:"password"` // Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console. // // If this is set to 'true', you must also specify "initialPassword". // Experimental. PasswordResetRequired *bool `json:"passwordResetRequired"` // The path for the user name. // // For more information about paths, see IAM // Identifiers in the IAM User Guide. // Experimental. Path *string `json:"path"` // AWS supports permissions boundaries for IAM entities (users or roles). // // A permissions boundary is an advanced feature for using a managed policy // to set the maximum permissions that an identity-based policy can grant to // an IAM entity. An entity's permissions boundary allows it to perform only // the actions that are allowed by both its identity-based policies and its // permissions boundaries. // Experimental. PermissionsBoundary IManagedPolicy `json:"permissionsBoundary"` // A name for the IAM user. // // For valid values, see the UserName parameter for // the CreateUser action in the IAM API Reference. If you don't specify a // name, AWS CloudFormation generates a unique physical ID and uses that ID // for the user name. // // If you specify a name, you cannot perform updates that require // replacement of this resource. You can perform updates that require no or // some interruption. If you must replace the resource, specify a new name. // // If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to // acknowledge your template's capabilities. For more information, see // Acknowledging IAM Resources in AWS CloudFormation Templates. // Experimental. UserName *string `json:"userName"` }
Properties for defining an IAM user. Experimental.
type WebIdentityPrincipal ¶
type WebIdentityPrincipal interface { FederatedPrincipal AssumeRoleAction() *string Conditions() *map[string]interface{} Federated() *string GrantPrincipal() IPrincipal PolicyFragment() PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement PolicyStatement) *bool AddToPrincipalPolicy(_statement PolicyStatement) *AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) IPrincipal }
A principal that represents a federated identity provider as Web Identity such as Cognito, Amazon, Facebook, Google, etc. Experimental.
func NewWebIdentityPrincipal ¶
func NewWebIdentityPrincipal(identityProvider *string, conditions *map[string]interface{}) WebIdentityPrincipal
Experimental.
type WithoutPolicyUpdatesOptions ¶
type WithoutPolicyUpdatesOptions struct { // Add grants to resources instead of dropping them. // // If this is `false` or not specified, grant permissions added to this role are ignored. // It is your own responsibility to make sure the role has the required permissions. // // If this is `true`, any grant permissions will be added to the resource instead. // Experimental. AddGrantsToResources *bool `json:"addGrantsToResources"` }
Options for the `withoutPolicyUpdates()` modifier of a Role. Experimental.