Class LazyRole

Namespace

Amazon.CDK.AWS.IAM

Assembly

Amazon.CDK.AWS.IAM.dll

An IAM role that only gets attached to the construct tree once it gets used, not before.

public class LazyRole : Resource, IRole, IIdentity, IPrincipal, IGrantable, IResource, IConstruct, IConstruct, IDependable

Inheritance

object

LazyRole

Implements

IRole

IIdentity

IPrincipal

IGrantable

IResource

IConstruct

IConstruct

IDependable

Examples

// The code below shows an example of how to instantiate this type.
             // The values are placeholders you should change.
             using Amazon.CDK.AWS.IAM;
             using Amazon.CDK;

             ManagedPolicy managedPolicy;
             PolicyDocument policyDocument;
             IPrincipal principal;
             var lazyRole = new LazyRole(this, "MyLazyRole", new LazyRoleProps {
                 AssumedBy = principal,

                 // the properties below are optional
                 Description = "description",
                 ExternalId = "externalId",
                 ExternalIds = new [] { "externalIds" },
                 InlinePolicies = new Dictionary<string, PolicyDocument> {
                     { "inlinePoliciesKey", policyDocument }
                 },
                 ManagedPolicies = new [] { managedPolicy },
                 MaxSessionDuration = Duration.Minutes(30),
                 Path = "path",
                 PermissionsBoundary = managedPolicy,
                 RoleName = "roleName"
             });

Remarks

This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.

Resource: AWS::IAM::Role

ExampleMetadata: fixture=_generated

Constructors

LazyRole(Construct, string, ILazyRoleProps)

public LazyRole(Construct scope, string id, ILazyRoleProps props)

Parameters

scope Construct

id string

props ILazyRoleProps

Properties

AssumeRoleAction

When this Principal is used in an AssumeRole policy, the action to use.

public virtual string AssumeRoleAction { get; }

Property Value

string

GrantPrincipal

The principal to grant permissions to.

public virtual IPrincipal GrantPrincipal { get; }

Property Value

IPrincipal

PolicyFragment

Return the policy fragment that identifies this principal in a Policy.

public virtual PrincipalPolicyFragment PolicyFragment { get; }

Property Value

PrincipalPolicyFragment

PrincipalAccount

The AWS account ID of this principal.

public virtual string? PrincipalAccount { get; }

Property Value

string

Remarks

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

RoleArn

Returns the ARN of this role.

public virtual string RoleArn { get; }

Property Value

string

RoleId

Returns the stable and unique string identifying the role (i.e. AIDAJQABLZS4A3QDU576Q).

public virtual string RoleId { get; }

Property Value

string

Remarks

Attribute: true

RoleName

Returns the name of this role.

public virtual string RoleName { get; }

Property Value

string

Methods

AddManagedPolicy(IManagedPolicy)

Attaches a managed policy to this role.

public virtual void AddManagedPolicy(IManagedPolicy policy)

Parameters

policy IManagedPolicy

The managed policy to attach.

AddToPolicy(PolicyStatement)

Add to the policy of this principal.

public virtual bool AddToPolicy(PolicyStatement statement)

Parameters

statement PolicyStatement

Returns

bool

AddToPrincipalPolicy(PolicyStatement)

Adds a permission to the role's default policy document.

public virtual IAddToPrincipalPolicyResult AddToPrincipalPolicy(PolicyStatement statement)

Parameters

statement PolicyStatement

The permission statement to add to the policy document.

Returns

IAddToPrincipalPolicyResult

Remarks

If there is no default policy attached to this role, it will be created.

AttachInlinePolicy(Policy)

Attaches a policy to this role.

public virtual void AttachInlinePolicy(Policy policy)

Parameters

policy Policy

The policy to attach.

Grant(IPrincipal, params string[])

Grant the actions defined in actions to the identity Principal on this resource.

public virtual Grant Grant(IPrincipal identity, params string[] actions)

Parameters

identity IPrincipal

actions string[]

Returns

Grant

GrantAssumeRole(IPrincipal)

Grant permissions to the given principal to assume this role.

public virtual Grant GrantAssumeRole(IPrincipal identity)

Parameters

identity IPrincipal

Returns

Grant

GrantPassRole(IPrincipal)

Grant permissions to the given principal to pass this role.

public virtual Grant GrantPassRole(IPrincipal identity)

Parameters

identity IPrincipal

Returns

Grant