@aws-cdk/aws-iam
Version:
CDK routines for easily assigning correct and minimal IAM permissions
1,017 lines • 471 kB
JavaScript
"use strict";
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o;
Object.defineProperty(exports, "__esModule", { value: true });
exports.CfnVirtualMFADevice = exports.CfnUserToGroupAddition = exports.CfnUser = exports.CfnServiceLinkedRole = exports.CfnServerCertificate = exports.CfnSAMLProvider = exports.CfnRole = exports.CfnPolicy = exports.CfnOIDCProvider = exports.CfnManagedPolicy = exports.CfnInstanceProfile = exports.CfnGroup = exports.CfnAccessKey = void 0;
const jsiiDeprecationWarnings = require("../.warnings.jsii.js");
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
// Copyright 2012-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
// Generated from the AWS CloudFormation Resource Specification
// See: docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-resource-specification.html
// @cfn2ts:meta@ {"generated":"2023-06-19T15:13:00.875Z","fingerprint":"1qNJvlNlMUi/xqMxsjOr5NoHZ43ouKpsGuyRnZhbItI="}
/* eslint-disable max-len */ // This is generated code - line lengths are difficult to control
const cdk = require("@aws-cdk/core");
const cfn_parse = require("@aws-cdk/core/lib/helpers-internal");
/**
* Determine whether the given properties match those of a `CfnAccessKeyProps`
*
* @param properties - the TypeScript properties of a `CfnAccessKeyProps`
*
* @returns the result of the validation.
*/
function CfnAccessKeyPropsValidator(properties) {
if (!cdk.canInspect(properties)) {
return cdk.VALIDATION_SUCCESS;
}
const errors = new cdk.ValidationResults();
if (typeof properties !== 'object') {
errors.collect(new cdk.ValidationResult('Expected an object, but received: ' + JSON.stringify(properties)));
}
errors.collect(cdk.propertyValidator('serial', cdk.validateNumber)(properties.serial));
errors.collect(cdk.propertyValidator('status', cdk.validateString)(properties.status));
errors.collect(cdk.propertyValidator('userName', cdk.requiredValidator)(properties.userName));
errors.collect(cdk.propertyValidator('userName', cdk.validateString)(properties.userName));
return errors.wrap('supplied properties not correct for "CfnAccessKeyProps"');
}
/**
* Renders the AWS CloudFormation properties of an `AWS::IAM::AccessKey` resource
*
* @param properties - the TypeScript properties of a `CfnAccessKeyProps`
*
* @returns the AWS CloudFormation properties of an `AWS::IAM::AccessKey` resource.
*/
// @ts-ignore TS6133
function cfnAccessKeyPropsToCloudFormation(properties) {
if (!cdk.canInspect(properties)) {
return properties;
}
CfnAccessKeyPropsValidator(properties).assertSuccess();
return {
UserName: cdk.stringToCloudFormation(properties.userName),
Serial: cdk.numberToCloudFormation(properties.serial),
Status: cdk.stringToCloudFormation(properties.status),
};
}
// @ts-ignore TS6133
function CfnAccessKeyPropsFromCloudFormation(properties) {
properties = properties == null ? {} : properties;
if (typeof properties !== 'object') {
return new cfn_parse.FromCloudFormationResult(properties);
}
const ret = new cfn_parse.FromCloudFormationPropertyObject();
ret.addPropertyResult('userName', 'UserName', cfn_parse.FromCloudFormation.getString(properties.UserName));
ret.addPropertyResult('serial', 'Serial', properties.Serial != null ? cfn_parse.FromCloudFormation.getNumber(properties.Serial) : undefined);
ret.addPropertyResult('status', 'Status', properties.Status != null ? cfn_parse.FromCloudFormation.getString(properties.Status) : undefined);
ret.addUnrecognizedPropertiesAsExtra(properties);
return ret;
}
/**
* A CloudFormation `AWS::IAM::AccessKey`
*
* Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is `Active` .
*
* For information about quotas on the number of keys you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .
*
* > To ensure the security of your AWS account , the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can rotate access keys by increasing the value of the `serial` property.
*
* @cloudformationResource AWS::IAM::AccessKey
* @stability external
*
* @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html
*/
class CfnAccessKey extends cdk.CfnResource {
/**
* Create a new `AWS::IAM::AccessKey`.
*
* @param scope - scope in which this resource is defined
* @param id - scoped id of the resource
* @param props - resource properties
*/
constructor(scope, id, props) {
super(scope, id, { type: CfnAccessKey.CFN_RESOURCE_TYPE_NAME, properties: props });
try {
jsiiDeprecationWarnings._aws_cdk_aws_iam_CfnAccessKeyProps(props);
}
catch (error) {
if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
Error.captureStackTrace(error, CfnAccessKey);
}
throw error;
}
cdk.requireProperty(props, 'userName', this);
this.attrSecretAccessKey = cdk.Token.asString(this.getAtt('SecretAccessKey'));
this.userName = props.userName;
this.serial = props.serial;
this.status = props.status;
}
/**
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope, id, resourceAttributes, options) {
resourceAttributes = resourceAttributes || {};
const resourceProperties = options.parser.parseValue(resourceAttributes.Properties);
const propsResult = CfnAccessKeyPropsFromCloudFormation(resourceProperties);
const ret = new CfnAccessKey(scope, id, propsResult.value);
for (const [propKey, propVal] of Object.entries(propsResult.extraProperties)) {
ret.addPropertyOverride(propKey, propVal);
}
options.parser.handleAttributes(ret, resourceAttributes, id);
return ret;
}
/**
* Examines the CloudFormation resource and discloses attributes.
*
* @param inspector - tree inspector to collect and process attributes
*
*/
inspect(inspector) {
inspector.addAttribute("aws:cdk:cloudformation:type", CfnAccessKey.CFN_RESOURCE_TYPE_NAME);
inspector.addAttribute("aws:cdk:cloudformation:props", this.cfnProperties);
}
get cfnProperties() {
return {
userName: this.userName,
serial: this.serial,
status: this.status,
};
}
renderProperties(props) {
return cfnAccessKeyPropsToCloudFormation(props);
}
}
exports.CfnAccessKey = CfnAccessKey;
_a = JSII_RTTI_SYMBOL_1;
CfnAccessKey[_a] = { fqn: "@aws-cdk/aws-iam.CfnAccessKey", version: "1.204.0" };
/**
* The CloudFormation resource type name for this resource class.
*/
CfnAccessKey.CFN_RESOURCE_TYPE_NAME = "AWS::IAM::AccessKey";
/**
* Determine whether the given properties match those of a `CfnGroupProps`
*
* @param properties - the TypeScript properties of a `CfnGroupProps`
*
* @returns the result of the validation.
*/
function CfnGroupPropsValidator(properties) {
if (!cdk.canInspect(properties)) {
return cdk.VALIDATION_SUCCESS;
}
const errors = new cdk.ValidationResults();
if (typeof properties !== 'object') {
errors.collect(new cdk.ValidationResult('Expected an object, but received: ' + JSON.stringify(properties)));
}
errors.collect(cdk.propertyValidator('groupName', cdk.validateString)(properties.groupName));
errors.collect(cdk.propertyValidator('managedPolicyArns', cdk.listValidator(cdk.validateString))(properties.managedPolicyArns));
errors.collect(cdk.propertyValidator('path', cdk.validateString)(properties.path));
errors.collect(cdk.propertyValidator('policies', cdk.listValidator(CfnGroup_PolicyPropertyValidator))(properties.policies));
return errors.wrap('supplied properties not correct for "CfnGroupProps"');
}
/**
* Renders the AWS CloudFormation properties of an `AWS::IAM::Group` resource
*
* @param properties - the TypeScript properties of a `CfnGroupProps`
*
* @returns the AWS CloudFormation properties of an `AWS::IAM::Group` resource.
*/
// @ts-ignore TS6133
function cfnGroupPropsToCloudFormation(properties) {
if (!cdk.canInspect(properties)) {
return properties;
}
CfnGroupPropsValidator(properties).assertSuccess();
return {
GroupName: cdk.stringToCloudFormation(properties.groupName),
ManagedPolicyArns: cdk.listMapper(cdk.stringToCloudFormation)(properties.managedPolicyArns),
Path: cdk.stringToCloudFormation(properties.path),
Policies: cdk.listMapper(cfnGroupPolicyPropertyToCloudFormation)(properties.policies),
};
}
// @ts-ignore TS6133
function CfnGroupPropsFromCloudFormation(properties) {
properties = properties == null ? {} : properties;
if (typeof properties !== 'object') {
return new cfn_parse.FromCloudFormationResult(properties);
}
const ret = new cfn_parse.FromCloudFormationPropertyObject();
ret.addPropertyResult('groupName', 'GroupName', properties.GroupName != null ? cfn_parse.FromCloudFormation.getString(properties.GroupName) : undefined);
ret.addPropertyResult('managedPolicyArns', 'ManagedPolicyArns', properties.ManagedPolicyArns != null ? cfn_parse.FromCloudFormation.getStringArray(properties.ManagedPolicyArns) : undefined);
ret.addPropertyResult('path', 'Path', properties.Path != null ? cfn_parse.FromCloudFormation.getString(properties.Path) : undefined);
ret.addPropertyResult('policies', 'Policies', properties.Policies != null ? cfn_parse.FromCloudFormation.getArray(CfnGroupPolicyPropertyFromCloudFormation)(properties.Policies) : undefined);
ret.addUnrecognizedPropertiesAsExtra(properties);
return ret;
}
/**
* A CloudFormation `AWS::IAM::Group`
*
* Creates a new group.
*
* For information about the number of groups you can create, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .
*
* @cloudformationResource AWS::IAM::Group
* @stability external
*
* @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html
*/
class CfnGroup extends cdk.CfnResource {
/**
* Create a new `AWS::IAM::Group`.
*
* @param scope - scope in which this resource is defined
* @param id - scoped id of the resource
* @param props - resource properties
*/
constructor(scope, id, props = {}) {
super(scope, id, { type: CfnGroup.CFN_RESOURCE_TYPE_NAME, properties: props });
try {
jsiiDeprecationWarnings._aws_cdk_aws_iam_CfnGroupProps(props);
}
catch (error) {
if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
Error.captureStackTrace(error, CfnGroup);
}
throw error;
}
this.attrArn = cdk.Token.asString(this.getAtt('Arn'));
this.groupName = props.groupName;
this.managedPolicyArns = props.managedPolicyArns;
this.path = props.path;
this.policies = props.policies;
}
/**
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope, id, resourceAttributes, options) {
resourceAttributes = resourceAttributes || {};
const resourceProperties = options.parser.parseValue(resourceAttributes.Properties);
const propsResult = CfnGroupPropsFromCloudFormation(resourceProperties);
const ret = new CfnGroup(scope, id, propsResult.value);
for (const [propKey, propVal] of Object.entries(propsResult.extraProperties)) {
ret.addPropertyOverride(propKey, propVal);
}
options.parser.handleAttributes(ret, resourceAttributes, id);
return ret;
}
/**
* Examines the CloudFormation resource and discloses attributes.
*
* @param inspector - tree inspector to collect and process attributes
*
*/
inspect(inspector) {
inspector.addAttribute("aws:cdk:cloudformation:type", CfnGroup.CFN_RESOURCE_TYPE_NAME);
inspector.addAttribute("aws:cdk:cloudformation:props", this.cfnProperties);
}
get cfnProperties() {
return {
groupName: this.groupName,
managedPolicyArns: this.managedPolicyArns,
path: this.path,
policies: this.policies,
};
}
renderProperties(props) {
return cfnGroupPropsToCloudFormation(props);
}
}
exports.CfnGroup = CfnGroup;
_b = JSII_RTTI_SYMBOL_1;
CfnGroup[_b] = { fqn: "@aws-cdk/aws-iam.CfnGroup", version: "1.204.0" };
/**
* The CloudFormation resource type name for this resource class.
*/
CfnGroup.CFN_RESOURCE_TYPE_NAME = "AWS::IAM::Group";
/**
* Determine whether the given properties match those of a `PolicyProperty`
*
* @param properties - the TypeScript properties of a `PolicyProperty`
*
* @returns the result of the validation.
*/
function CfnGroup_PolicyPropertyValidator(properties) {
if (!cdk.canInspect(properties)) {
return cdk.VALIDATION_SUCCESS;
}
const errors = new cdk.ValidationResults();
if (typeof properties !== 'object') {
errors.collect(new cdk.ValidationResult('Expected an object, but received: ' + JSON.stringify(properties)));
}
errors.collect(cdk.propertyValidator('policyDocument', cdk.requiredValidator)(properties.policyDocument));
errors.collect(cdk.propertyValidator('policyDocument', cdk.validateObject)(properties.policyDocument));
errors.collect(cdk.propertyValidator('policyName', cdk.requiredValidator)(properties.policyName));
errors.collect(cdk.propertyValidator('policyName', cdk.validateString)(properties.policyName));
return errors.wrap('supplied properties not correct for "PolicyProperty"');
}
/**
* Renders the AWS CloudFormation properties of an `AWS::IAM::Group.Policy` resource
*
* @param properties - the TypeScript properties of a `PolicyProperty`
*
* @returns the AWS CloudFormation properties of an `AWS::IAM::Group.Policy` resource.
*/
// @ts-ignore TS6133
function cfnGroupPolicyPropertyToCloudFormation(properties) {
if (!cdk.canInspect(properties)) {
return properties;
}
CfnGroup_PolicyPropertyValidator(properties).assertSuccess();
return {
PolicyDocument: cdk.objectToCloudFormation(properties.policyDocument),
PolicyName: cdk.stringToCloudFormation(properties.policyName),
};
}
// @ts-ignore TS6133
function CfnGroupPolicyPropertyFromCloudFormation(properties) {
if (cdk.isResolvableObject(properties)) {
return new cfn_parse.FromCloudFormationResult(properties);
}
properties = properties == null ? {} : properties;
if (typeof properties !== 'object') {
return new cfn_parse.FromCloudFormationResult(properties);
}
const ret = new cfn_parse.FromCloudFormationPropertyObject();
ret.addPropertyResult('policyDocument', 'PolicyDocument', cfn_parse.FromCloudFormation.getAny(properties.PolicyDocument));
ret.addPropertyResult('policyName', 'PolicyName', cfn_parse.FromCloudFormation.getString(properties.PolicyName));
ret.addUnrecognizedPropertiesAsExtra(properties);
return ret;
}
/**
* Determine whether the given properties match those of a `CfnInstanceProfileProps`
*
* @param properties - the TypeScript properties of a `CfnInstanceProfileProps`
*
* @returns the result of the validation.
*/
function CfnInstanceProfilePropsValidator(properties) {
if (!cdk.canInspect(properties)) {
return cdk.VALIDATION_SUCCESS;
}
const errors = new cdk.ValidationResults();
if (typeof properties !== 'object') {
errors.collect(new cdk.ValidationResult('Expected an object, but received: ' + JSON.stringify(properties)));
}
errors.collect(cdk.propertyValidator('instanceProfileName', cdk.validateString)(properties.instanceProfileName));
errors.collect(cdk.propertyValidator('path', cdk.validateString)(properties.path));
errors.collect(cdk.propertyValidator('roles', cdk.requiredValidator)(properties.roles));
errors.collect(cdk.propertyValidator('roles', cdk.listValidator(cdk.validateString))(properties.roles));
return errors.wrap('supplied properties not correct for "CfnInstanceProfileProps"');
}
/**
* Renders the AWS CloudFormation properties of an `AWS::IAM::InstanceProfile` resource
*
* @param properties - the TypeScript properties of a `CfnInstanceProfileProps`
*
* @returns the AWS CloudFormation properties of an `AWS::IAM::InstanceProfile` resource.
*/
// @ts-ignore TS6133
function cfnInstanceProfilePropsToCloudFormation(properties) {
if (!cdk.canInspect(properties)) {
return properties;
}
CfnInstanceProfilePropsValidator(properties).assertSuccess();
return {
Roles: cdk.listMapper(cdk.stringToCloudFormation)(properties.roles),
InstanceProfileName: cdk.stringToCloudFormation(properties.instanceProfileName),
Path: cdk.stringToCloudFormation(properties.path),
};
}
// @ts-ignore TS6133
function CfnInstanceProfilePropsFromCloudFormation(properties) {
properties = properties == null ? {} : properties;
if (typeof properties !== 'object') {
return new cfn_parse.FromCloudFormationResult(properties);
}
const ret = new cfn_parse.FromCloudFormationPropertyObject();
ret.addPropertyResult('roles', 'Roles', cfn_parse.FromCloudFormation.getStringArray(properties.Roles));
ret.addPropertyResult('instanceProfileName', 'InstanceProfileName', properties.InstanceProfileName != null ? cfn_parse.FromCloudFormation.getString(properties.InstanceProfileName) : undefined);
ret.addPropertyResult('path', 'Path', properties.Path != null ? cfn_parse.FromCloudFormation.getString(properties.Path) : undefined);
ret.addUnrecognizedPropertiesAsExtra(properties);
return ret;
}
/**
* A CloudFormation `AWS::IAM::InstanceProfile`
*
* Creates a new instance profile. For information about instance profiles, see [Using instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) .
*
* For information about the number of instance profiles you can create, see [IAM object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .
*
* @cloudformationResource AWS::IAM::InstanceProfile
* @stability external
*
* @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html
*/
class CfnInstanceProfile extends cdk.CfnResource {
/**
* Create a new `AWS::IAM::InstanceProfile`.
*
* @param scope - scope in which this resource is defined
* @param id - scoped id of the resource
* @param props - resource properties
*/
constructor(scope, id, props) {
super(scope, id, { type: CfnInstanceProfile.CFN_RESOURCE_TYPE_NAME, properties: props });
try {
jsiiDeprecationWarnings._aws_cdk_aws_iam_CfnInstanceProfileProps(props);
}
catch (error) {
if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
Error.captureStackTrace(error, CfnInstanceProfile);
}
throw error;
}
cdk.requireProperty(props, 'roles', this);
this.attrArn = cdk.Token.asString(this.getAtt('Arn'));
this.roles = props.roles;
this.instanceProfileName = props.instanceProfileName;
this.path = props.path;
}
/**
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope, id, resourceAttributes, options) {
resourceAttributes = resourceAttributes || {};
const resourceProperties = options.parser.parseValue(resourceAttributes.Properties);
const propsResult = CfnInstanceProfilePropsFromCloudFormation(resourceProperties);
const ret = new CfnInstanceProfile(scope, id, propsResult.value);
for (const [propKey, propVal] of Object.entries(propsResult.extraProperties)) {
ret.addPropertyOverride(propKey, propVal);
}
options.parser.handleAttributes(ret, resourceAttributes, id);
return ret;
}
/**
* Examines the CloudFormation resource and discloses attributes.
*
* @param inspector - tree inspector to collect and process attributes
*
*/
inspect(inspector) {
inspector.addAttribute("aws:cdk:cloudformation:type", CfnInstanceProfile.CFN_RESOURCE_TYPE_NAME);
inspector.addAttribute("aws:cdk:cloudformation:props", this.cfnProperties);
}
get cfnProperties() {
return {
roles: this.roles,
instanceProfileName: this.instanceProfileName,
path: this.path,
};
}
renderProperties(props) {
return cfnInstanceProfilePropsToCloudFormation(props);
}
}
exports.CfnInstanceProfile = CfnInstanceProfile;
_c = JSII_RTTI_SYMBOL_1;
CfnInstanceProfile[_c] = { fqn: "@aws-cdk/aws-iam.CfnInstanceProfile", version: "1.204.0" };
/**
* The CloudFormation resource type name for this resource class.
*/
CfnInstanceProfile.CFN_RESOURCE_TYPE_NAME = "AWS::IAM::InstanceProfile";
/**
* Determine whether the given properties match those of a `CfnManagedPolicyProps`
*
* @param properties - the TypeScript properties of a `CfnManagedPolicyProps`
*
* @returns the result of the validation.
*/
function CfnManagedPolicyPropsValidator(properties) {
if (!cdk.canInspect(properties)) {
return cdk.VALIDATION_SUCCESS;
}
const errors = new cdk.ValidationResults();
if (typeof properties !== 'object') {
errors.collect(new cdk.ValidationResult('Expected an object, but received: ' + JSON.stringify(properties)));
}
errors.collect(cdk.propertyValidator('description', cdk.validateString)(properties.description));
errors.collect(cdk.propertyValidator('groups', cdk.listValidator(cdk.validateString))(properties.groups));
errors.collect(cdk.propertyValidator('managedPolicyName', cdk.validateString)(properties.managedPolicyName));
errors.collect(cdk.propertyValidator('path', cdk.validateString)(properties.path));
errors.collect(cdk.propertyValidator('policyDocument', cdk.requiredValidator)(properties.policyDocument));
errors.collect(cdk.propertyValidator('policyDocument', cdk.validateObject)(properties.policyDocument));
errors.collect(cdk.propertyValidator('roles', cdk.listValidator(cdk.validateString))(properties.roles));
errors.collect(cdk.propertyValidator('users', cdk.listValidator(cdk.validateString))(properties.users));
return errors.wrap('supplied properties not correct for "CfnManagedPolicyProps"');
}
/**
* Renders the AWS CloudFormation properties of an `AWS::IAM::ManagedPolicy` resource
*
* @param properties - the TypeScript properties of a `CfnManagedPolicyProps`
*
* @returns the AWS CloudFormation properties of an `AWS::IAM::ManagedPolicy` resource.
*/
// @ts-ignore TS6133
function cfnManagedPolicyPropsToCloudFormation(properties) {
if (!cdk.canInspect(properties)) {
return properties;
}
CfnManagedPolicyPropsValidator(properties).assertSuccess();
return {
PolicyDocument: cdk.objectToCloudFormation(properties.policyDocument),
Description: cdk.stringToCloudFormation(properties.description),
Groups: cdk.listMapper(cdk.stringToCloudFormation)(properties.groups),
ManagedPolicyName: cdk.stringToCloudFormation(properties.managedPolicyName),
Path: cdk.stringToCloudFormation(properties.path),
Roles: cdk.listMapper(cdk.stringToCloudFormation)(properties.roles),
Users: cdk.listMapper(cdk.stringToCloudFormation)(properties.users),
};
}
// @ts-ignore TS6133
function CfnManagedPolicyPropsFromCloudFormation(properties) {
properties = properties == null ? {} : properties;
if (typeof properties !== 'object') {
return new cfn_parse.FromCloudFormationResult(properties);
}
const ret = new cfn_parse.FromCloudFormationPropertyObject();
ret.addPropertyResult('policyDocument', 'PolicyDocument', cfn_parse.FromCloudFormation.getAny(properties.PolicyDocument));
ret.addPropertyResult('description', 'Description', properties.Description != null ? cfn_parse.FromCloudFormation.getString(properties.Description) : undefined);
ret.addPropertyResult('groups', 'Groups', properties.Groups != null ? cfn_parse.FromCloudFormation.getStringArray(properties.Groups) : undefined);
ret.addPropertyResult('managedPolicyName', 'ManagedPolicyName', properties.ManagedPolicyName != null ? cfn_parse.FromCloudFormation.getString(properties.ManagedPolicyName) : undefined);
ret.addPropertyResult('path', 'Path', properties.Path != null ? cfn_parse.FromCloudFormation.getString(properties.Path) : undefined);
ret.addPropertyResult('roles', 'Roles', properties.Roles != null ? cfn_parse.FromCloudFormation.getStringArray(properties.Roles) : undefined);
ret.addPropertyResult('users', 'Users', properties.Users != null ? cfn_parse.FromCloudFormation.getStringArray(properties.Users) : undefined);
ret.addUnrecognizedPropertiesAsExtra(properties);
return ret;
}
/**
* A CloudFormation `AWS::IAM::ManagedPolicy`
*
* Creates a new managed policy for your AWS account .
*
* This operation creates a policy version with a version identifier of `v1` and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide* .
*
* As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide* .
*
* For more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .
*
* @cloudformationResource AWS::IAM::ManagedPolicy
* @stability external
*
* @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html
*/
class CfnManagedPolicy extends cdk.CfnResource {
/**
* Create a new `AWS::IAM::ManagedPolicy`.
*
* @param scope - scope in which this resource is defined
* @param id - scoped id of the resource
* @param props - resource properties
*/
constructor(scope, id, props) {
super(scope, id, { type: CfnManagedPolicy.CFN_RESOURCE_TYPE_NAME, properties: props });
try {
jsiiDeprecationWarnings._aws_cdk_aws_iam_CfnManagedPolicyProps(props);
}
catch (error) {
if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
Error.captureStackTrace(error, CfnManagedPolicy);
}
throw error;
}
cdk.requireProperty(props, 'policyDocument', this);
this.policyDocument = props.policyDocument;
this.description = props.description;
this.groups = props.groups;
this.managedPolicyName = props.managedPolicyName;
this.path = props.path;
this.roles = props.roles;
this.users = props.users;
}
/**
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope, id, resourceAttributes, options) {
resourceAttributes = resourceAttributes || {};
const resourceProperties = options.parser.parseValue(resourceAttributes.Properties);
const propsResult = CfnManagedPolicyPropsFromCloudFormation(resourceProperties);
const ret = new CfnManagedPolicy(scope, id, propsResult.value);
for (const [propKey, propVal] of Object.entries(propsResult.extraProperties)) {
ret.addPropertyOverride(propKey, propVal);
}
options.parser.handleAttributes(ret, resourceAttributes, id);
return ret;
}
/**
* Examines the CloudFormation resource and discloses attributes.
*
* @param inspector - tree inspector to collect and process attributes
*
*/
inspect(inspector) {
inspector.addAttribute("aws:cdk:cloudformation:type", CfnManagedPolicy.CFN_RESOURCE_TYPE_NAME);
inspector.addAttribute("aws:cdk:cloudformation:props", this.cfnProperties);
}
get cfnProperties() {
return {
policyDocument: this.policyDocument,
description: this.description,
groups: this.groups,
managedPolicyName: this.managedPolicyName,
path: this.path,
roles: this.roles,
users: this.users,
};
}
renderProperties(props) {
return cfnManagedPolicyPropsToCloudFormation(props);
}
}
exports.CfnManagedPolicy = CfnManagedPolicy;
_d = JSII_RTTI_SYMBOL_1;
CfnManagedPolicy[_d] = { fqn: "@aws-cdk/aws-iam.CfnManagedPolicy", version: "1.204.0" };
/**
* The CloudFormation resource type name for this resource class.
*/
CfnManagedPolicy.CFN_RESOURCE_TYPE_NAME = "AWS::IAM::ManagedPolicy";
/**
* Determine whether the given properties match those of a `CfnOIDCProviderProps`
*
* @param properties - the TypeScript properties of a `CfnOIDCProviderProps`
*
* @returns the result of the validation.
*/
function CfnOIDCProviderPropsValidator(properties) {
if (!cdk.canInspect(properties)) {
return cdk.VALIDATION_SUCCESS;
}
const errors = new cdk.ValidationResults();
if (typeof properties !== 'object') {
errors.collect(new cdk.ValidationResult('Expected an object, but received: ' + JSON.stringify(properties)));
}
errors.collect(cdk.propertyValidator('clientIdList', cdk.listValidator(cdk.validateString))(properties.clientIdList));
errors.collect(cdk.propertyValidator('tags', cdk.listValidator(cdk.validateCfnTag))(properties.tags));
errors.collect(cdk.propertyValidator('thumbprintList', cdk.requiredValidator)(properties.thumbprintList));
errors.collect(cdk.propertyValidator('thumbprintList', cdk.listValidator(cdk.validateString))(properties.thumbprintList));
errors.collect(cdk.propertyValidator('url', cdk.validateString)(properties.url));
return errors.wrap('supplied properties not correct for "CfnOIDCProviderProps"');
}
/**
* Renders the AWS CloudFormation properties of an `AWS::IAM::OIDCProvider` resource
*
* @param properties - the TypeScript properties of a `CfnOIDCProviderProps`
*
* @returns the AWS CloudFormation properties of an `AWS::IAM::OIDCProvider` resource.
*/
// @ts-ignore TS6133
function cfnOIDCProviderPropsToCloudFormation(properties) {
if (!cdk.canInspect(properties)) {
return properties;
}
CfnOIDCProviderPropsValidator(properties).assertSuccess();
return {
ThumbprintList: cdk.listMapper(cdk.stringToCloudFormation)(properties.thumbprintList),
ClientIdList: cdk.listMapper(cdk.stringToCloudFormation)(properties.clientIdList),
Tags: cdk.listMapper(cdk.cfnTagToCloudFormation)(properties.tags),
Url: cdk.stringToCloudFormation(properties.url),
};
}
// @ts-ignore TS6133
function CfnOIDCProviderPropsFromCloudFormation(properties) {
properties = properties == null ? {} : properties;
if (typeof properties !== 'object') {
return new cfn_parse.FromCloudFormationResult(properties);
}
const ret = new cfn_parse.FromCloudFormationPropertyObject();
ret.addPropertyResult('thumbprintList', 'ThumbprintList', cfn_parse.FromCloudFormation.getStringArray(properties.ThumbprintList));
ret.addPropertyResult('clientIdList', 'ClientIdList', properties.ClientIdList != null ? cfn_parse.FromCloudFormation.getStringArray(properties.ClientIdList) : undefined);
ret.addPropertyResult('tags', 'Tags', properties.Tags != null ? cfn_parse.FromCloudFormation.getArray(cfn_parse.FromCloudFormation.getCfnTag)(properties.Tags) : undefined);
ret.addPropertyResult('url', 'Url', properties.Url != null ? cfn_parse.FromCloudFormation.getString(properties.Url) : undefined);
ret.addUnrecognizedPropertiesAsExtra(properties);
return ret;
}
/**
* A CloudFormation `AWS::IAM::OIDCProvider`
*
* Creates or updates an IAM entity to describe an identity provider (IdP) that supports [OpenID Connect (OIDC)](https://docs.aws.amazon.com/http://openid.net/connect/) .
*
* The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between AWS and the OIDC provider.
*
* When you create the IAM OIDC provider, you specify the following:
*
* - The URL of the OIDC identity provider (IdP) to trust
* - A list of client IDs (also known as audiences) that identify the application or applications that are allowed to authenticate using the OIDC provider
* - A list of tags that are attached to the specified IAM OIDC provider
* - A list of thumbprints of one or more server certificates that the IdP uses
*
* You get all of this information from the OIDC IdP that you want to use to access AWS .
*
* When you update the IAM OIDC provider, you specify the following:
*
* - The URL of the OIDC identity provider (IdP) to trust
* - A list of client IDs (also known as audiences) that replaces the existing list of client IDs associated with the OIDC IdP
* - A list of tags that replaces the existing list of tags attached to the specified IAM OIDC provider
* - A list of thumbprints that replaces the existing list of server certificates thumbprints that the IdP uses
*
* > The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is best to limit access to the [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) operation to highly privileged users.
*
* @cloudformationResource AWS::IAM::OIDCProvider
* @stability external
*
* @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html
*/
class CfnOIDCProvider extends cdk.CfnResource {
/**
* Create a new `AWS::IAM::OIDCProvider`.
*
* @param scope - scope in which this resource is defined
* @param id - scoped id of the resource
* @param props - resource properties
*/
constructor(scope, id, props) {
super(scope, id, { type: CfnOIDCProvider.CFN_RESOURCE_TYPE_NAME, properties: props });
try {
jsiiDeprecationWarnings._aws_cdk_aws_iam_CfnOIDCProviderProps(props);
}
catch (error) {
if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
Error.captureStackTrace(error, CfnOIDCProvider);
}
throw error;
}
cdk.requireProperty(props, 'thumbprintList', this);
this.attrArn = cdk.Token.asString(this.getAtt('Arn'));
this.thumbprintList = props.thumbprintList;
this.clientIdList = props.clientIdList;
this.tags = new cdk.TagManager(cdk.TagType.STANDARD, "AWS::IAM::OIDCProvider", props.tags, { tagPropertyName: 'tags' });
this.url = props.url;
}
/**
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope, id, resourceAttributes, options) {
resourceAttributes = resourceAttributes || {};
const resourceProperties = options.parser.parseValue(resourceAttributes.Properties);
const propsResult = CfnOIDCProviderPropsFromCloudFormation(resourceProperties);
const ret = new CfnOIDCProvider(scope, id, propsResult.value);
for (const [propKey, propVal] of Object.entries(propsResult.extraProperties)) {
ret.addPropertyOverride(propKey, propVal);
}
options.parser.handleAttributes(ret, resourceAttributes, id);
return ret;
}
/**
* Examines the CloudFormation resource and discloses attributes.
*
* @param inspector - tree inspector to collect and process attributes
*
*/
inspect(inspector) {
inspector.addAttribute("aws:cdk:cloudformation:type", CfnOIDCProvider.CFN_RESOURCE_TYPE_NAME);
inspector.addAttribute("aws:cdk:cloudformation:props", this.cfnProperties);
}
get cfnProperties() {
return {
thumbprintList: this.thumbprintList,
clientIdList: this.clientIdList,
tags: this.tags.renderTags(),
url: this.url,
};
}
renderProperties(props) {
return cfnOIDCProviderPropsToCloudFormation(props);
}
}
exports.CfnOIDCProvider = CfnOIDCProvider;
_e = JSII_RTTI_SYMBOL_1;
CfnOIDCProvider[_e] = { fqn: "@aws-cdk/aws-iam.CfnOIDCProvider", version: "1.204.0" };
/**
* The CloudFormation resource type name for this resource class.
*/
CfnOIDCProvider.CFN_RESOURCE_TYPE_NAME = "AWS::IAM::OIDCProvider";
/**
* Determine whether the given properties match those of a `CfnPolicyProps`
*
* @param properties - the TypeScript properties of a `CfnPolicyProps`
*
* @returns the result of the validation.
*/
function CfnPolicyPropsValidator(properties) {
if (!cdk.canInspect(properties)) {
return cdk.VALIDATION_SUCCESS;
}
const errors = new cdk.ValidationResults();
if (typeof properties !== 'object') {
errors.collect(new cdk.ValidationResult('Expected an object, but received: ' + JSON.stringify(properties)));
}
errors.collect(cdk.propertyValidator('groups', cdk.listValidator(cdk.validateString))(properties.groups));
errors.collect(cdk.propertyValidator('policyDocument', cdk.requiredValidator)(properties.policyDocument));
errors.collect(cdk.propertyValidator('policyDocument', cdk.validateObject)(properties.policyDocument));
errors.collect(cdk.propertyValidator('policyName', cdk.requiredValidator)(properties.policyName));
errors.collect(cdk.propertyValidator('policyName', cdk.validateString)(properties.policyName));
errors.collect(cdk.propertyValidator('roles', cdk.listValidator(cdk.validateString))(properties.roles));
errors.collect(cdk.propertyValidator('users', cdk.listValidator(cdk.validateString))(properties.users));
return errors.wrap('supplied properties not correct for "CfnPolicyProps"');
}
/**
* Renders the AWS CloudFormation properties of an `AWS::IAM::Policy` resource
*
* @param properties - the TypeScript properties of a `CfnPolicyProps`
*
* @returns the AWS CloudFormation properties of an `AWS::IAM::Policy` resource.
*/
// @ts-ignore TS6133
function cfnPolicyPropsToCloudFormation(properties) {
if (!cdk.canInspect(properties)) {
return properties;
}
CfnPolicyPropsValidator(properties).assertSuccess();
return {
PolicyDocument: cdk.objectToCloudFormation(properties.policyDocument),
PolicyName: cdk.stringToCloudFormation(properties.policyName),
Groups: cdk.listMapper(cdk.stringToCloudFormation)(properties.groups),
Roles: cdk.listMapper(cdk.stringToCloudFormation)(properties.roles),
Users: cdk.listMapper(cdk.stringToCloudFormation)(properties.users),
};
}
// @ts-ignore TS6133
function CfnPolicyPropsFromCloudFormation(properties) {
properties = properties == null ? {} : properties;
if (typeof properties !== 'object') {
return new cfn_parse.FromCloudFormationResult(properties);
}
const ret = new cfn_parse.FromCloudFormationPropertyObject();
ret.addPropertyResult('policyDocument', 'PolicyDocument', cfn_parse.FromCloudFormation.getAny(properties.PolicyDocument));
ret.addPropertyResult('policyName', 'PolicyName', cfn_parse.FromCloudFormation.getString(properties.PolicyName));
ret.addPropertyResult('groups', 'Groups', properties.Groups != null ? cfn_parse.FromCloudFormation.getStringArray(properties.Groups) : undefined);
ret.addPropertyResult('roles', 'Roles', properties.Roles != null ? cfn_parse.FromCloudFormation.getStringArray(properties.Roles) : undefined);
ret.addPropertyResult('users', 'Users', properties.Users != null ? cfn_parse.FromCloudFormation.getStringArray(properties.Users) : undefined);
ret.addUnrecognizedPropertiesAsExtra(properties);
return ret;
}
/**
* A CloudFormation `AWS::IAM::Policy`
*
* Adds or updates an inline policy document that is embedded in the specified IAM user, group, or role.
*
* An IAM user can also have a managed policy attached to it. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .
*
* The Groups, Roles, and Users properties are optional. However, you must specify at least one of these properties.
*
* For information about policy documents see [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *IAM User Guide* .
*
* For information about limits on the number of inline policies that you can embed in an identity, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .
*
* @cloudformationResource AWS::IAM::Policy
* @stability external
*
* @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html
*/
class CfnPolicy extends cdk.CfnResource {
/**
* Create a new `AWS::IAM::Policy`.
*
* @param scope - scope in which this resource is defined
* @param id - scoped id of the resource
* @param props - resource properties
*/
constructor(scope, id, props) {
super(scope, id, { type: CfnPolicy.CFN_RESOURCE_TYPE_NAME, properties: props });
try {
jsiiDeprecationWarnings._aws_cdk_aws_iam_CfnPolicyProps(props);
}
catch (error) {
if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
Error.captureStackTrace(error, CfnPolicy);
}
throw error;
}
cdk.requireProperty(props, 'policyDocument', this);
cdk.requireProperty(props, 'policyName', this);
this.policyDocument = props.policyDocument;
this.policyName = props.policyName;
this.groups = props.groups;
this.roles = props.roles;
this.users = props.users;
}
/**
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope, id, resourceAttributes, options) {
resourceAttributes = resourceAttributes || {};
const resourceProperties = options.parser.parseValue(resourceAttributes.Properties);
const propsResult = CfnPolicyPropsFromCloudFormation(resourceProperties);
const ret = new CfnPolicy(scope, id, propsResult.value);
for (const [propKey, propVal] of Object.entries(propsResult.extraProperties)) {
ret.addPropertyOverride(propKey, propVal);
}
options.parser.handleAttributes(ret, resourceAttributes, id);
return ret;
}
/**
* Examines the CloudFormation resource and discloses attributes.
*
* @param inspector - tree inspector to collect and process attributes
*
*/
inspect(inspector) {
inspector.addAttribute("aws:cdk:cloudformation:type", CfnPolicy.CFN_RESOURCE_TYPE_NAME);
inspector.addAttribute("aws:cdk:cloudformation:props", this.cfnProperties);
}
get cfnProperties() {
return {
policyDocument: this.policyDocument,
policyName: this.policyName,
groups: this.groups,
roles: this.roles,
users: this.users,
};
}
renderProperties(props) {
return cfnPolicyPropsToCloudFormation(props);
}
}
exports.CfnPolicy = CfnPolicy;
_f = JSII_RTTI_SYMBOL_1;
CfnPolicy[_f] = { fqn: "@aws-cdk/aws-iam.CfnPolicy", version: "1.204.0" };
/**
* The CloudFormation resource type name for this resource class.
*/
CfnPolicy.CFN_RESOURCE_TYPE_NAME = "AWS::IAM::Policy";
/**
* Determine whether the given properties match those of a `CfnRoleProps`
*
* @param properties - the TypeScript properties of a `CfnRoleProps`
*
* @returns the result of the validation.
*/
function CfnRolePropsValidator(properties) {
if (!cdk.canInspect(properties)) {
return cdk.VALIDATION_SUCCESS;
}
const errors = new cdk.ValidationResults();
if (typeof properties !== 'object') {
errors.collect(new cdk.ValidationResult('Expected an object, but received: ' + JSON.stringify(properties)));
}
errors.collect(cdk.propertyValidator('assumeRolePolicyDocument', cdk.requiredValidator)(properties.assumeRolePolicyDocument));
errors.collect(cdk.propertyValidator('assumeRolePolicyDocument', cdk.validateObject)(properties.assumeRolePolicyDocument));
errors.collect(cdk.propertyValidator('description', cdk.validateString)(properties.description));
errors.collect(cdk.propertyValidator('managedPolicyArns', cdk.listValidator(cdk.validateString))(properties.managedPolicyArns));
errors.collect(cdk.propertyValidator('maxSessionDuration', cdk.validateNumber)(properties.maxSessionDuration));
errors.collect(cdk.propertyValidator('path', cdk.validateString)(properties.path));
errors.collect(cdk.propertyValidator('permissionsBoundary', cdk.validateString)(properties.permissionsBoundary));
errors.collect(cdk.propertyValidator('policies', cdk.listValidator(CfnRole_PolicyPropertyValidator))(properties.policies));
errors.collect(cdk.propertyValidator('roleName', cdk.validateString)(properties.roleName));
errors.collect(cdk.propertyValidator('tags', cdk.listValidator(cdk.validateCfnTag))(properties.tags));
return errors.wrap('supplied properties not correct for "CfnRoleProps"');
}
/**
* Renders the AWS CloudFormation properties of an `AWS::IAM::Role` resource
*
* @param properties - the TypeScript properties of a `CfnRoleProps`
*
* @returns the AWS CloudFormation properties of an `AWS::IAM::Role` resource.
*/
// @ts-ignore TS6133
function cfnRolePropsToCloudFormation(properties) {
if (!cdk.canInspect(properties)) {
return properties;
}
CfnRolePropsValidator(properties).assertSuccess();
return {
AssumeRolePolicyDocument: cdk.objectToCloudFormation(properties.assumeRolePolicyDocument),
Description: cdk.stringToCloudFormation(properties.description),
ManagedPolicyArns: cdk.listMapper(cdk.stringToCloudFormation)(properties.managedPolicyArns),
MaxSessionDuration: cdk.numberToCloudFormation(properties.maxSessionDuration),
Path: cdk.stringToCloudFormation(properties.path),
PermissionsBoundary: cdk.stringToCloudFormation(properties.permissionsBoundary),
Policies: cdk.listMapper(cfnRolePolicyPropertyToCloudFormation)(properties.policies),
RoleName: cdk.stringToCloudFormation(properties.roleName),
Tags: cdk.listMapper(cdk.cfnTagToCloudFormation)(properties.tags),
};
}
// @ts-ignore TS6133
function CfnRolePropsFromCloudFormation(properties) {
properties = properties == null ? {} : properties;
if (typeof properties !== 'object') {
return new cfn_parse.FromCloudFormationResult(properties);
}
const ret = new cfn_parse.FromCloudFormationPropertyObject();
ret.addPropertyResult('assumeRolePolicyDocument', 'AssumeRolePolicyDocument', cfn_parse.FromCloudFormation.getAny(properties.AssumeRolePolicyDocument));
ret.addPropertyResult('description', 'Description', properties.Description != null ? cfn_parse.FromCloudFormation.getString(properties.Description) : undefined);
ret.addPropertyResult('managedPolicyArns', 'ManagedPolicyArns', properties.ManagedPolicyArns != null ? cfn_parse.FromCloudFormation.getStringArray(properties.ManagedPolicyArns) : undefined);
ret.addPropertyResult('maxSessionDuration', 'MaxSessionDuration', properties.MaxSessionDuration != null ? cfn_parse.FromCloudFormation.getNumber(properties.MaxSessionDuration) : undefined);
ret.addPropertyResult('path', 'Path', properties.Path != null ? cfn_parse.FromCloudFormation.getString(properties.Path) : undefined);
ret.addPropertyResult('permissionsBoundary', 'PermissionsBoundary', properties.PermissionsBoundary != null ? cfn_parse.FromCloudFormation.getString(properties.PermissionsBoundary) : undefined);
ret.addPropertyResult('policies', 'Policies', properties.Policies != null ? cfn_parse.FromCloudFormation.getArray(CfnRolePolicyPropertyFromCloudFormation)(properties.Polic