Table of Contents

Class PrincipalBase

Namespace
Amazon.CDK.AWS.IAM
Assembly
Amazon.CDK.AWS.IAM.dll

Base class for policy principals.

public abstract class PrincipalBase : DeputyBase, IAssumeRolePrincipal, IComparablePrincipal, IPrincipal, IGrantable
Inheritance
PrincipalBase
Implements
Derived

Examples

var tagParam = new CfnParameter(this, "TagName");

            var stringEquals = new CfnJson(this, "ConditionJson", new CfnJsonProps {
                Value = new Dictionary<string, boolean> {
                    { $"aws:PrincipalTag/{tagParam.valueAsString}", true }
                }
            });

            var principal = new AccountRootPrincipal().WithConditions(new Dictionary<string, object> {
                { "StringEquals", stringEquals }
            });

            new Role(this, "MyRole", new RoleProps { AssumedBy = principal });

Remarks

ExampleMetadata: infused

Constructors

PrincipalBase() 

protected PrincipalBase()

Properties

AssumeRoleAction

When this Principal is used in an AssumeRole policy, the action to use.

public virtual string AssumeRoleAction { get; }

Property Value

string

GrantPrincipal

The principal to grant permissions to.

public virtual IPrincipal GrantPrincipal { get; }

Property Value

IPrincipal

PolicyFragment

Return the policy fragment that identifies this principal in a Policy.

public abstract PrincipalPolicyFragment PolicyFragment { get; }

Property Value

PrincipalPolicyFragment

PrincipalAccount

The AWS account ID of this principal.

public virtual string? PrincipalAccount { get; }

Property Value

string

Remarks

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

Methods

AddToAssumeRolePolicy(PolicyDocument)

Add the princpial to the AssumeRolePolicyDocument.

public virtual void AddToAssumeRolePolicy(PolicyDocument document)

Parameters

document PolicyDocument

Remarks

Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.

AddToPolicy(PolicyStatement)

Add to the policy of this principal.

public virtual bool AddToPolicy(PolicyStatement statement)

Parameters

statement PolicyStatement

Returns

bool

AddToPrincipalPolicy(PolicyStatement)

Add to the policy of this principal.

public virtual IAddToPrincipalPolicyResult AddToPrincipalPolicy(PolicyStatement statement)

Parameters

statement PolicyStatement

Returns

IAddToPrincipalPolicyResult

DedupeString()

Return whether or not this principal is equal to the given principal.

public abstract string? DedupeString()

Returns

string

ToJSON()

JSON-ify the principal.

public virtual IDictionary<string, string[]> ToJSON()

Returns

IDictionary<string, string[]>

Remarks

Used when JSON.stringify() is called

ToString()

Returns a string representation of an object.

public override string ToString()

Returns

string

WithConditions(IDictionary<string, object>)

Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.

public virtual PrincipalBase WithConditions(IDictionary<string, object> conditions)

Parameters

conditions IDictionary<string, object>

Returns

PrincipalBase

a new PrincipalWithConditions object.

Remarks

When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.

WithSessionTags()

Returns a new principal using this principal as the base, with session tags enabled.

public virtual PrincipalBase WithSessionTags()

Returns

PrincipalBase

a new SessionTagsPrincipal object.