Table of Contents

Namespace Amazon.CDK.AWS.IAM

Classes

AccessKey

Define a new IAM Access Key.

AccessKeyProps

Properties for defining an IAM access key.

AccountPrincipal

Specify AWS account ID as the principal entity in a policy to delegate authority to the account.

AccountRootPrincipal

Use the AWS account into which a stack is deployed as the principal entity in a policy.

AddToPrincipalPolicyResult

Result of calling addToPrincipalPolicy.

AddToResourcePolicyResult

Result of calling addToResourcePolicy.

AnyPrincipal

A principal representing all AWS identities in all accounts.

Anyone

(deprecated) A principal representing all identities in all accounts.

ArnPrincipal

Specify a principal by the Amazon Resource Name (ARN).

CanonicalUserPrincipal

A policy principal for canonicalUserIds - useful for S3 bucket policies that use Origin Access identities.

CfnAccessKey

A CloudFormation AWS::IAM::AccessKey.

CfnAccessKeyProps

Properties for defining a CfnAccessKey.

CfnGroup

A CloudFormation AWS::IAM::Group.

CfnGroup.PolicyProperty

Contains information about an attached policy.

CfnGroupProps

Properties for defining a CfnGroup.

CfnInstanceProfile

A CloudFormation AWS::IAM::InstanceProfile.

CfnInstanceProfileProps

Properties for defining a CfnInstanceProfile.

CfnManagedPolicy

A CloudFormation AWS::IAM::ManagedPolicy.

CfnManagedPolicyProps

Properties for defining a CfnManagedPolicy.

CfnOIDCProvider

A CloudFormation AWS::IAM::OIDCProvider.

CfnOIDCProviderProps

Properties for defining a CfnOIDCProvider.

CfnPolicy

A CloudFormation AWS::IAM::Policy.

CfnPolicyProps

Properties for defining a CfnPolicy.

CfnRole

A CloudFormation AWS::IAM::Role.

CfnRole.PolicyProperty

Contains information about an attached policy.

CfnRoleProps

Properties for defining a CfnRole.

CfnSAMLProvider

A CloudFormation AWS::IAM::SAMLProvider.

CfnSAMLProviderProps

Properties for defining a CfnSAMLProvider.

CfnServerCertificate

A CloudFormation AWS::IAM::ServerCertificate.

CfnServerCertificateProps

Properties for defining a CfnServerCertificate.

CfnServiceLinkedRole

A CloudFormation AWS::IAM::ServiceLinkedRole.

CfnServiceLinkedRoleProps

Properties for defining a CfnServiceLinkedRole.

CfnUser

A CloudFormation AWS::IAM::User.

CfnUser.LoginProfileProperty

Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console .

CfnUser.PolicyProperty

Contains information about an attached policy.

CfnUserProps

Properties for defining a CfnUser.

CfnUserToGroupAddition

A CloudFormation AWS::IAM::UserToGroupAddition.

CfnUserToGroupAdditionProps

Properties for defining a CfnUserToGroupAddition.

CfnVirtualMFADevice

A CloudFormation AWS::IAM::VirtualMFADevice.

CfnVirtualMFADeviceProps

Properties for defining a CfnVirtualMFADevice.

CommonGrantOptions

Basic options for a grant operation.

ComparablePrincipal

Helper class for working with IComparablePrincipals.

CompositeDependable

Composite dependable.

CompositePrincipal

Represents a principal that has multiple types of principals.

FederatedPrincipal

Principal entity that represents a federated identity provider such as Amazon Cognito, that can be used to provide temporary security credentials to users who have been authenticated.

FromRoleArnOptions

Options allowing customizing the behavior of {@link Role.fromRoleArn}.

Grant

Result of a grant() operation.

GrantOnPrincipalAndResourceOptions

Options for a grant operation to both identity and resource.

GrantOnPrincipalOptions

Options for a grant operation that only applies to principals.

GrantWithResourceOptions

Options for a grant operation.

Group

An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users.

GroupProps

Properties for defining an IAM group.

LazyRole

An IAM role that only gets attached to the construct tree once it gets used, not before.

LazyRoleProps

Properties for defining a LazyRole.

ManagedPolicy

Managed policy.

ManagedPolicyProps

Properties for defining an IAM managed policy.

OpenIdConnectPrincipal

A principal that represents a federated identity provider as from a OpenID Connect provider.

OpenIdConnectProvider

IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce.

OpenIdConnectProviderProps

Initialization properties for OpenIdConnectProvider.

OrganizationPrincipal

A principal that represents an AWS Organization.

PermissionsBoundary

Modify the Permissions Boundaries of Users and Roles in a construct tree.

Policy

The AWS::IAM::Policy resource associates an IAM policy with IAM users, roles, or groups.

PolicyDocument

A PolicyDocument is a collection of statements.

PolicyDocumentProps

Properties for a new PolicyDocument.

PolicyProps

Properties for defining an IAM inline policy document.

PolicyStatement

Represents a statement in an IAM policy document.

PolicyStatementProps

Interface for creating a policy statement.

PrincipalBase

Base class for policy principals.

PrincipalPolicyFragment

A collection of the fields in a PolicyStatement that can be used to identify a principal.

PrincipalWithConditions

An IAM principal with additional conditions specifying when the policy is in effect.

Role

IAM Role.

RoleProps

Properties for defining an IAM Role.

SamlConsolePrincipal

Principal entity that represents a SAML federated identity provider for programmatic and AWS Management Console access.

SamlMetadataDocument

A SAML metadata document.

SamlPrincipal

Principal entity that represents a SAML federated identity provider.

SamlProvider

A SAML provider.

SamlProviderProps

Properties for a SAML provider.

ServicePrincipal

An IAM principal that represents an AWS service (i.e. sqs.amazonaws.com).

ServicePrincipalOpts

Options for a service principal.

SessionTagsPrincipal

Enables session tags on role assumptions from a principal.

StarPrincipal

A principal that uses a literal '*' in the IAM JSON language.

UnknownPrincipal

A principal for use in resources that need to have a role but it's unknown.

UnknownPrincipalProps

Properties for an UnknownPrincipal.

User

Define a new IAM user.

UserAttributes

Represents a user defined outside of this stack.

UserProps

Properties for defining an IAM user.

WebIdentityPrincipal

A principal that represents a federated identity provider as Web Identity such as Cognito, Amazon, Facebook, Google, etc.

WithoutPolicyUpdatesOptions

Options for the withoutPolicyUpdates() modifier of a Role.

Interfaces

CfnGroup.IPolicyProperty

Contains information about an attached policy.

CfnRole.IPolicyProperty

Contains information about an attached policy.

CfnUser.ILoginProfileProperty

Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console .

CfnUser.IPolicyProperty

Contains information about an attached policy.

IAccessKey

Represents an IAM Access Key.

IAccessKeyProps

Properties for defining an IAM access key.

IAddToPrincipalPolicyResult

Result of calling addToPrincipalPolicy.

IAddToResourcePolicyResult

Result of calling addToResourcePolicy.

IAssumeRolePrincipal

A type of principal that has more control over its own representation in AssumeRolePolicyDocuments.

ICfnAccessKeyProps

Properties for defining a CfnAccessKey.

ICfnGroupProps

Properties for defining a CfnGroup.

ICfnInstanceProfileProps

Properties for defining a CfnInstanceProfile.

ICfnManagedPolicyProps

Properties for defining a CfnManagedPolicy.

ICfnOIDCProviderProps

Properties for defining a CfnOIDCProvider.

ICfnPolicyProps

Properties for defining a CfnPolicy.

ICfnRoleProps

Properties for defining a CfnRole.

ICfnSAMLProviderProps

Properties for defining a CfnSAMLProvider.

ICfnServerCertificateProps

Properties for defining a CfnServerCertificate.

ICfnServiceLinkedRoleProps

Properties for defining a CfnServiceLinkedRole.

ICfnUserProps

Properties for defining a CfnUser.

ICfnUserToGroupAdditionProps

Properties for defining a CfnUserToGroupAddition.

ICfnVirtualMFADeviceProps

Properties for defining a CfnVirtualMFADevice.

ICommonGrantOptions

Basic options for a grant operation.

IComparablePrincipal

Interface for principals that can be compared.

IFromRoleArnOptions

Options allowing customizing the behavior of {@link Role.fromRoleArn}.

IGrantOnPrincipalAndResourceOptions

Options for a grant operation to both identity and resource.

IGrantOnPrincipalOptions

Options for a grant operation that only applies to principals.

IGrantWithResourceOptions

Options for a grant operation.

IGrantable

Any object that has an associated principal that a permission can be granted to.

IGroup

Represents an IAM Group.

IGroupProps

Properties for defining an IAM group.

IIdentity

A construct that represents an IAM principal, such as a user, group or role.

ILazyRoleProps

Properties for defining a LazyRole.

IManagedPolicy

A managed policy.

IManagedPolicyProps

Properties for defining an IAM managed policy.

IOpenIdConnectProvider

Represents an IAM OpenID Connect provider.

IOpenIdConnectProviderProps

Initialization properties for OpenIdConnectProvider.

IPolicy

Represents an IAM Policy.

IPolicyDocumentProps

Properties for a new PolicyDocument.

IPolicyProps

Properties for defining an IAM inline policy document.

IPolicyStatementProps

Interface for creating a policy statement.

IPrincipal

Represents a logical IAM principal.

IResourceWithPolicy

A resource with a resource policy that can be added to.

IRole

A Role object.

IRoleProps

Properties for defining an IAM Role.

ISamlProvider

A SAML provider.

ISamlProviderProps

Properties for a SAML provider.

IServicePrincipalOpts

Options for a service principal.

IUnknownPrincipalProps

Properties for an UnknownPrincipal.

IUser

Represents an IAM user.

IUserAttributes

Represents a user defined outside of this stack.

IUserProps

Properties for defining an IAM user.

IWithoutPolicyUpdatesOptions

Options for the withoutPolicyUpdates() modifier of a Role.

Enums

AccessKeyStatus

Valid statuses for an IAM Access Key.

Effect

The Effect element of an IAM policy.