UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

46 lines (45 loc) 2.06 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import type { Construct } from 'constructs'; import { Resource } from '../../../core'; import type { Grant } from '../grant'; import type { RoleReference } from '../iam.generated'; import type { IManagedPolicy } from '../managed-policy'; import type { Policy } from '../policy'; import type { PolicyStatement } from '../policy-statement'; import type { AddToPrincipalPolicyResult, IPrincipal } from '../principals'; import type { IRole } from '../role'; /** * An immutable wrapper around an IRole * * This wrapper ignores all mutating operations, like attaching policies or * adding policy statements. * * Useful in cases where you want to turn off CDK's automatic permissions * management, and instead have full control over all permissions. * * Note: if you want to ignore all mutations for an externally defined role * which was imported into the CDK with `Role.fromRoleArn`, you don't have to use this class - * simply pass the property mutable = false when calling `Role.fromRoleArn`. */ export declare class ImmutableRole extends Resource implements IRole { private readonly role; private readonly addGrantsToResources; /** Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; readonly assumeRoleAction: string; readonly policyFragment: any; readonly grantPrincipal: IPrincipal; readonly principalAccount: string | undefined; readonly roleArn: string; readonly roleName: string; private readonly _stack; constructor(scope: Construct, id: string, role: IRole, addGrantsToResources: boolean); get stack(): import("../../../core").Stack; get roleRef(): RoleReference; attachInlinePolicy(_policy: Policy): void; addManagedPolicy(_policy: IManagedPolicy): void; addToPolicy(statement: PolicyStatement): boolean; addToPrincipalPolicy(_statement: PolicyStatement): AddToPrincipalPolicyResult; grant(grantee: IPrincipal, ...actions: string[]): Grant; grantPassRole(grantee: IPrincipal): Grant; grantAssumeRole(identity: IPrincipal): Grant; }