UNPKG

@aws-cdk/aws-iam

Version:

CDK routines for easily assigning correct and minimal IAM permissions

github.com/aws/aws-cdk

aws/aws-cdk

78 lines (77 loc) 2.83 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import * as cdk from '@aws-cdk/core'; import { Construct } from 'constructs'; import { Grant } from './grant'; import { IManagedPolicy } from './managed-policy'; import { Policy } from './policy'; import { PolicyStatement } from './policy-statement'; import { AddToPrincipalPolicyResult, IPrincipal, PrincipalPolicyFragment } from './principals'; import { IRole, RoleProps } from './role'; /** * Properties for defining a LazyRole */ export interface LazyRoleProps extends RoleProps { } /** * An IAM role that only gets attached to the construct tree once it gets used, not before * * This construct can be used to simplify logic in other constructs * which need to create a role but only if certain configurations occur * (such as when AutoScaling is configured). The role can be configured in one * place, but if it never gets used it doesn't get instantiated and will * not be synthesized or deployed. * * @resource AWS::IAM::Role */ export declare class LazyRole extends cdk.Resource implements IRole { private readonly props; readonly grantPrincipal: IPrincipal; readonly principalAccount: string | undefined; readonly assumeRoleAction: string; private role?; private readonly statements; private readonly policies; private readonly managedPolicies; constructor(scope: Construct, id: string, props: LazyRoleProps); /** * Adds a permission to the role's default policy document. * If there is no default policy attached to this role, it will be created. * @param statement The permission statement to add to the policy document */ addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult; addToPolicy(statement: PolicyStatement): boolean; /** * Attaches a policy to this role. * @param policy The policy to attach */ attachInlinePolicy(policy: Policy): void; /** * Attaches a managed policy to this role. * @param policy The managed policy to attach. */ addManagedPolicy(policy: IManagedPolicy): void; /** * Returns the ARN of this role. */ get roleArn(): string; /** * Returns the stable and unique string identifying the role (i.e. AIDAJQABLZS4A3QDU576Q) * * @attribute */ get roleId(): string; get roleName(): string; get policyFragment(): PrincipalPolicyFragment; /** * Grant the actions defined in actions to the identity Principal on this resource. */ grant(identity: IPrincipal, ...actions: string[]): Grant; /** * Grant permissions to the given principal to pass this role. */ grantPassRole(identity: IPrincipal): Grant; /** * Grant permissions to the given principal to assume this role. */ grantAssumeRole(identity: IPrincipal): Grant; private instantiate; }