UNPKG

576 kBPlain TextView Raw
1{
2 "author": {
3 "name": "Amazon Web Services",
4 "organization": true,
5 "roles": [
6 "author"
7 ],
8 "url": "https://aws.amazon.com"
9 },
10 "dependencies": {
11 "@aws-cdk/core": "1.156.1",
12 "@aws-cdk/cx-api": "1.156.1",
13 "@aws-cdk/region-info": "1.156.1",
14 "constructs": "^3.3.69"
15 },
16 "dependencyClosure": {
17 "@aws-cdk/cloud-assembly-schema": {
18 "targets": {
19 "dotnet": {
20 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
21 "namespace": "Amazon.CDK.CloudAssembly.Schema",
22 "packageId": "Amazon.CDK.CloudAssembly.Schema"
23 },
24 "java": {
25 "maven": {
26 "artifactId": "cdk-cloud-assembly-schema",
27 "groupId": "software.amazon.awscdk"
28 },
29 "package": "software.amazon.awscdk.cloudassembly.schema"
30 },
31 "js": {
32 "npm": "@aws-cdk/cloud-assembly-schema"
33 },
34 "python": {
35 "classifiers": [
36 "Framework :: AWS CDK",
37 "Framework :: AWS CDK :: 1"
38 ],
39 "distName": "aws-cdk.cloud-assembly-schema",
40 "module": "aws_cdk.cloud_assembly_schema"
41 }
42 }
43 },
44 "@aws-cdk/core": {
45 "targets": {
46 "dotnet": {
47 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
48 "namespace": "Amazon.CDK",
49 "packageId": "Amazon.CDK"
50 },
51 "java": {
52 "maven": {
53 "artifactId": "core",
54 "groupId": "software.amazon.awscdk"
55 },
56 "package": "software.amazon.awscdk.core"
57 },
58 "js": {
59 "npm": "@aws-cdk/core"
60 },
61 "python": {
62 "classifiers": [
63 "Framework :: AWS CDK",
64 "Framework :: AWS CDK :: 1"
65 ],
66 "distName": "aws-cdk.core",
67 "module": "aws_cdk.core"
68 }
69 }
70 },
71 "@aws-cdk/cx-api": {
72 "targets": {
73 "dotnet": {
74 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
75 "namespace": "Amazon.CDK.CXAPI",
76 "packageId": "Amazon.CDK.CXAPI"
77 },
78 "java": {
79 "maven": {
80 "artifactId": "cdk-cx-api",
81 "groupId": "software.amazon.awscdk"
82 },
83 "package": "software.amazon.awscdk.cxapi"
84 },
85 "js": {
86 "npm": "@aws-cdk/cx-api"
87 },
88 "python": {
89 "classifiers": [
90 "Framework :: AWS CDK",
91 "Framework :: AWS CDK :: 1"
92 ],
93 "distName": "aws-cdk.cx-api",
94 "module": "aws_cdk.cx_api"
95 }
96 }
97 },
98 "@aws-cdk/region-info": {
99 "targets": {
100 "dotnet": {
101 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
102 "namespace": "Amazon.CDK.RegionInfo",
103 "packageId": "Amazon.CDK.RegionInfo"
104 },
105 "java": {
106 "maven": {
107 "artifactId": "cdk-region-info",
108 "groupId": "software.amazon.awscdk"
109 },
110 "package": "software.amazon.awscdk.regioninfo"
111 },
112 "js": {
113 "npm": "@aws-cdk/region-info"
114 },
115 "python": {
116 "classifiers": [
117 "Framework :: AWS CDK",
118 "Framework :: AWS CDK :: 1"
119 ],
120 "distName": "aws-cdk.region-info",
121 "module": "aws_cdk.region_info"
122 }
123 }
124 },
125 "constructs": {
126 "targets": {
127 "dotnet": {
128 "namespace": "Constructs",
129 "packageId": "Constructs"
130 },
131 "go": {
132 "moduleName": "github.com/aws/constructs-go"
133 },
134 "java": {
135 "maven": {
136 "artifactId": "constructs",
137 "groupId": "software.constructs"
138 },
139 "package": "software.constructs"
140 },
141 "js": {
142 "npm": "constructs"
143 },
144 "python": {
145 "distName": "constructs",
146 "module": "constructs"
147 }
148 }
149 }
150 },
151 "description": "CDK routines for easily assigning correct and minimal IAM permissions",
152 "docs": {
153 "stability": "stable"
154 },
155 "homepage": "https://github.com/aws/aws-cdk",
156 "jsiiVersion": "1.58.0 (build f8ba112)",
157 "keywords": [
158 "aws",
159 "cdk",
160 "constructs",
161 "iam"
162 ],
163 "license": "Apache-2.0",
164 "metadata": {
165 "jsii": {
166 "compiledWithDeprecationWarnings": true,
167 "pacmak": {
168 "hasDefaultInterfaces": true
169 },
170 "rosetta": {
171 "strict": true
172 }
173 }
174 },
175 "name": "@aws-cdk/aws-iam",
176 "readme": {
177 "markdown": "# AWS Identity and Access Management Construct Library\n<!--BEGIN STABILITY BANNER-->\n\n---\n\n![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)\n\n![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge)\n\n---\n\n<!--END STABILITY BANNER-->\n\nDefine a role and add permissions to it. This will automatically create and\nattach an IAM policy to the role:\n\n```ts lit=test/example.role.lit.ts\n const role = new Role(this, 'MyRole', {\n assumedBy: new ServicePrincipal('sns.amazonaws.com'),\n });\n\n role.addToPolicy(new PolicyStatement({\n resources: ['*'],\n actions: ['lambda:InvokeFunction'],\n }));\n```\n\nDefine a policy and attach it to groups, users and roles. Note that it is possible to attach\nthe policy either by calling `xxx.attachInlinePolicy(policy)` or `policy.attachToXxx(xxx)`.\n\n```ts lit=test/example.attaching.lit.ts\n const user = new User(this, 'MyUser', { password: cdk.SecretValue.unsafePlainText('1234') });\n const group = new Group(this, 'MyGroup');\n\n const policy = new Policy(this, 'MyPolicy');\n policy.attachToUser(user);\n group.attachInlinePolicy(policy);\n```\n\nManaged policies can be attached using `xxx.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`:\n\n```ts lit=test/example.managedpolicy.lit.ts\nconst group = new Group(this, 'MyGroup');\ngroup.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'));\n```\n\n## Granting permissions to resources\n\nMany of the AWS CDK resources have `grant*` methods that allow you to grant other resources access to that resource. As an example, the following code gives a Lambda function write permissions (Put, Update, Delete) to a DynamoDB table.\n\n```ts\ndeclare const fn: lambda.Function;\ndeclare const table: dynamodb.Table;\n\ntable.grantWriteData(fn);\n```\n\nThe more generic `grant` method allows you to give specific permissions to a resource:\n\n```ts\ndeclare const fn: lambda.Function;\ndeclare const table: dynamodb.Table;\n\ntable.grant(fn, 'dynamodb:PutItem');\n```\n\nThe `grant*` methods accept an `IGrantable` object. This interface is implemented by IAM principlal resources (groups, users and roles) and resources that assume a role such as a Lambda function, EC2 instance or a Codebuild project.\n\nYou can find which `grant*` methods exist for a resource in the [AWS CDK API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-construct-library.html).\n\n## Roles\n\nMany AWS resources require *Roles* to operate. These Roles define the AWS API\ncalls an instance or other AWS service is allowed to make.\n\nCreating Roles and populating them with the right permissions *Statements* is\na necessary but tedious part of setting up AWS infrastructure. In order to\nhelp you focus on your business logic, CDK will take care of creating\nroles and populating them with least-privilege permissions automatically.\n\nAll constructs that require Roles will create one for you if don't specify\none at construction time. Permissions will be added to that role\nautomatically if you associate the construct with other constructs from the\nAWS Construct Library (for example, if you tell an *AWS CodePipeline* to trigger\nan *AWS Lambda Function*, the Pipeline's Role will automatically get\n`lambda:InvokeFunction` permissions on that particular Lambda Function),\nor if you explicitly grant permissions using `grant` functions (see the\nprevious section).\n\n### Opting out of automatic permissions management\n\nYou may prefer to manage a Role's permissions yourself instead of having the\nCDK automatically manage them for you. This may happen in one of the\nfollowing cases:\n\n* You don't like the permissions that CDK automatically generates and\n want to substitute your own set.\n* The least-permissions policy that the CDK generates is becoming too\n big for IAM to store, and you need to add some wildcards to keep the\n policy size down.\n\nTo prevent constructs from updating your Role's policy, pass the object\nreturned by `myRole.withoutPolicyUpdates()` instead of `myRole` itself.\n\nFor example, to have an AWS CodePipeline *not* automatically add the required\npermissions to trigger the expected targets, do the following:\n\n```ts\nconst role = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('codepipeline.amazonaws.com'),\n // custom description if desired\n description: 'This is a custom role...',\n});\n\nnew codepipeline.Pipeline(this, 'Pipeline', {\n // Give the Pipeline an immutable view of the Role\n role: role.withoutPolicyUpdates(),\n});\n\n// You now have to manage the Role policies yourself\nrole.addToPolicy(new iam.PolicyStatement({\n actions: [/* whatever actions you want */],\n resources: [/* whatever resources you intend to touch */],\n}));\n```\n\n### Using existing roles\n\nIf there are Roles in your account that have already been created which you\nwould like to use in your CDK application, you can use `Role.fromRoleArn` to\nimport them, as follows:\n\n```ts\nconst role = iam.Role.fromRoleArn(this, 'Role', 'arn:aws:iam::123456789012:role/MyExistingRole', {\n // Set 'mutable' to 'false' to use the role as-is and prevent adding new\n // policies to it. The default is 'true', which means the role may be\n // modified as part of the deployment.\n mutable: false,\n});\n```\n\n## Configuring an ExternalId\n\nIf you need to create Roles that will be assumed by third parties, it is generally a good idea to [require an `ExternalId`\nto assume them](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html). Configuring\nan `ExternalId` works like this:\n\n```ts lit=test/example.external-id.lit.ts\nconst role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.AccountPrincipal('123456789012'),\n externalIds: ['SUPPLY-ME'],\n});\n```\n\n## Principals vs Identities\n\nWhen we say *Principal*, we mean an entity you grant permissions to. This\nentity can be an AWS Service, a Role, or something more abstract such as \"all\nusers in this account\" or even \"all users in this organization\". An\n*Identity* is an IAM representing a single IAM entity that can have\na policy attached, one of `Role`, `User`, or `Group`.\n\n## IAM Principals\n\nWhen defining policy statements as part of an AssumeRole policy or as part of a\nresource policy, statements would usually refer to a specific IAM principal\nunder `Principal`.\n\nIAM principals are modeled as classes that derive from the `iam.PolicyPrincipal`\nabstract class. Principal objects include principal type (string) and value\n(array of string), optional set of conditions and the action that this principal\nrequires when it is used in an assume role policy document.\n\nTo add a principal to a policy statement you can either use the abstract\n`statement.addPrincipal`, one of the concrete `addXxxPrincipal` methods:\n\n* `addAwsPrincipal`, `addArnPrincipal` or `new ArnPrincipal(arn)` for `{ \"AWS\": arn }`\n* `addAwsAccountPrincipal` or `new AccountPrincipal(accountId)` for `{ \"AWS\": account-arn }`\n* `addServicePrincipal` or `new ServicePrincipal(service)` for `{ \"Service\": service }`\n* `addAccountRootPrincipal` or `new AccountRootPrincipal()` for `{ \"AWS\": { \"Ref: \"AWS::AccountId\" } }`\n* `addCanonicalUserPrincipal` or `new CanonicalUserPrincipal(id)` for `{ \"CanonicalUser\": id }`\n* `addFederatedPrincipal` or `new FederatedPrincipal(federated, conditions, assumeAction)` for\n `{ \"Federated\": arn }` and a set of optional conditions and the assume role action to use.\n* `addAnyPrincipal` or `new AnyPrincipal` for `{ \"AWS\": \"*\" }`\n\nIf multiple principals are added to the policy statement, they will be merged together:\n\n```ts\nconst statement = new iam.PolicyStatement();\nstatement.addServicePrincipal('cloudwatch.amazonaws.com');\nstatement.addServicePrincipal('ec2.amazonaws.com');\nstatement.addArnPrincipal('arn:aws:boom:boom');\n```\n\nWill result in:\n\n```json\n{\n \"Principal\": {\n \"Service\": [ \"cloudwatch.amazonaws.com\", \"ec2.amazonaws.com\" ],\n \"AWS\": \"arn:aws:boom:boom\"\n }\n}\n```\n\nThe `CompositePrincipal` class can also be used to define complex principals, for example:\n\n```ts\nconst role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.CompositePrincipal(\n new iam.ServicePrincipal('ec2.amazonaws.com'),\n new iam.AccountPrincipal('1818188181818187272')\n ),\n});\n```\n\nThe `PrincipalWithConditions` class can be used to add conditions to a\nprincipal, especially those that don't take a `conditions` parameter in their\nconstructor. The `principal.withConditions()` method can be used to create a\n`PrincipalWithConditions` from an existing principal, for example:\n\n```ts\nconst principal = new iam.AccountPrincipal('123456789000')\n .withConditions({ StringEquals: { foo: \"baz\" } });\n```\n\n> NOTE: If you need to define an IAM condition that uses a token (such as a\n> deploy-time attribute of another resource) in a JSON map key, use `CfnJson` to\n> render this condition. See [this test](./test/integ.condition-with-ref.ts) for\n> an example.\n\nThe `WebIdentityPrincipal` class can be used as a principal for web identities like\nCognito, Amazon, Google or Facebook, for example:\n\n```ts\nconst principal = new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com', {\n 'StringEquals': { 'cognito-identity.amazonaws.com:aud': 'us-east-2:12345678-abcd-abcd-abcd-123456' },\n 'ForAnyValue:StringLike': {'cognito-identity.amazonaws.com:amr': 'unauthenticated' },\n});\n```\n\nIf your identity provider is configured to assume a Role with [session\ntags](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html), you\nneed to call `.withSessionTags()` to add the required permissions to the Role's\npolicy document:\n\n```ts\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com', {\n 'StringEquals': {\n 'cognito-identity.amazonaws.com:aud': 'us-east-2:12345678-abcd-abcd-abcd-123456',\n },\n 'ForAnyValue:StringLike': {\n 'cognito-identity.amazonaws.com:amr': 'unauthenticated',\n },\n }).withSessionTags(),\n});\n```\n\n\n## Parsing JSON Policy Documents\n\nThe `PolicyDocument.fromJson` and `PolicyStatement.fromJson` static methods can be used to parse JSON objects. For example:\n\n```ts\nconst policyDocument = {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"FirstStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\"iam:ChangePassword\"],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"SecondStatement\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListAllMyBuckets\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"ThirdStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:List*\",\n \"s3:Get*\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::confidential-data\",\n \"arn:aws:s3:::confidential-data/*\"\n ],\n \"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": \"true\"}}\n }\n ]\n};\n\nconst customPolicyDocument = iam.PolicyDocument.fromJson(policyDocument);\n\n// You can pass this document as an initial document to a ManagedPolicy\n// or inline Policy.\nconst newManagedPolicy = new iam.ManagedPolicy(this, 'MyNewManagedPolicy', {\n document: customPolicyDocument,\n});\nconst newPolicy = new iam.Policy(this, 'MyNewPolicy', {\n document: customPolicyDocument,\n});\n```\n\n## Permissions Boundaries\n\n[Permissions\nBoundaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)\ncan be used as a mechanism to prevent privilege esclation by creating new\n`Role`s. Permissions Boundaries are a Managed Policy, attached to Roles or\nUsers, that represent the *maximum* set of permissions they can have. The\neffective set of permissions of a Role (or User) will be the intersection of\nthe Identity Policy and the Permissions Boundary attached to the Role (or\nUser). Permissions Boundaries are typically created by account\nAdministrators, and their use on newly created `Role`s will be enforced by\nIAM policies.\n\nIt is possible to attach Permissions Boundaries to all Roles created in a construct\ntree all at once:\n\n```ts\n// This imports an existing policy.\nconst boundary = iam.ManagedPolicy.fromManagedPolicyArn(this, 'Boundary', 'arn:aws:iam::123456789012:policy/boundary');\n\n// This creates a new boundary\nconst boundary2 = new iam.ManagedPolicy(this, 'Boundary2', {\n statements: [\n new iam.PolicyStatement({\n effect: iam.Effect.DENY,\n actions: ['iam:*'],\n resources: ['*'],\n }),\n ],\n});\n\n// Directly apply the boundary to a Role you create\ndeclare const role: iam.Role;\niam.PermissionsBoundary.of(role).apply(boundary);\n\n// Apply the boundary to an Role that was implicitly created for you\ndeclare const fn: lambda.Function;\niam.PermissionsBoundary.of(fn).apply(boundary);\n\n// Apply the boundary to all Roles in a stack\niam.PermissionsBoundary.of(this).apply(boundary);\n\n// Remove a Permissions Boundary that is inherited, for example from the Stack level\ndeclare const customResource: CustomResource;\niam.PermissionsBoundary.of(customResource).clear();\n```\n\n## OpenID Connect Providers\n\nOIDC identity providers are entities in IAM that describe an external identity\nprovider (IdP) service that supports the [OpenID Connect] (OIDC) standard, such\nas Google or Salesforce. You use an IAM OIDC identity provider when you want to\nestablish trust between an OIDC-compatible IdP and your AWS account. This is\nuseful when creating a mobile app or web application that requires access to AWS\nresources, but you don't want to create custom sign-in code or manage your own\nuser identities. For more information about this scenario, see [About Web\nIdentity Federation] and the relevant documentation in the [Amazon Cognito\nIdentity Pools Developer Guide].\n\n[OpenID Connect]: http://openid.net/connect\n[About Web Identity Federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html\n[Amazon Cognito Identity Pools Developer Guide]: https://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html\n\nThe following examples defines an OpenID Connect provider. Two client IDs\n(audiences) are will be able to send authentication requests to\n<https://openid/connect>.\n\n```ts\nconst provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});\n```\n\nYou can specify an optional list of `thumbprints`. If not specified, the\nthumbprint of the root certificate authority (CA) will automatically be obtained\nfrom the host as described\n[here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html).\n\nOnce you define an OpenID connect provider, you can use it with AWS services\nthat expect an IAM OIDC provider. For example, when you define an [Amazon\nCognito identity\npool](https://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html)\nyou can reference the provider's ARN as follows:\n\n```ts\nimport * as cognito from '@aws-cdk/aws-cognito';\n\ndeclare const myProvider: iam.OpenIdConnectProvider;\nnew cognito.CfnIdentityPool(this, 'IdentityPool', {\n openIdConnectProviderArns: [myProvider.openIdConnectProviderArn],\n // And the other properties for your identity pool\n allowUnauthenticatedIdentities: false,\n});\n```\n\nThe `OpenIdConnectPrincipal` class can be used as a principal used with a `OpenIdConnectProvider`, for example:\n\n```ts\nconst provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});\nconst principal = new iam.OpenIdConnectPrincipal(provider);\n```\n\n## SAML provider\n\nAn IAM SAML 2.0 identity provider is an entity in IAM that describes an external\nidentity provider (IdP) service that supports the SAML 2.0 (Security Assertion\nMarkup Language 2.0) standard. You use an IAM identity provider when you want\nto establish trust between a SAML-compatible IdP such as Shibboleth or Active\nDirectory Federation Services and AWS, so that users in your organization can\naccess AWS resources. IAM SAML identity providers are used as principals in an\nIAM trust policy.\n\n```ts\nnew iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\n```\n\nThe `SamlPrincipal` class can be used as a principal with a `SamlProvider`:\n\n```ts\nconst provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nconst principal = new iam.SamlPrincipal(provider, {\n StringEquals: {\n 'SAML:iss': 'issuer',\n },\n});\n```\n\nWhen creating a role for programmatic and AWS Management Console access, use the `SamlConsolePrincipal`\nclass:\n\n```ts\nconst provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.SamlConsolePrincipal(provider),\n});\n```\n\n## Users\n\nIAM manages users for your AWS account. To create a new user:\n\n```ts\nconst user = new iam.User(this, 'MyUser');\n```\n\nTo import an existing user by name [with path](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names):\n\n```ts\nconst user = iam.User.fromUserName(this, 'MyImportedUserByName', 'johnsmith');\n```\n\nTo import an existing user by ARN:\n\n```ts\nconst user = iam.User.fromUserArn(this, 'MyImportedUserByArn', 'arn:aws:iam::123456789012:user/johnsmith');\n```\n\nTo import an existing user by attributes:\n\n```ts\nconst user = iam.User.fromUserAttributes(this, 'MyImportedUserByAttributes', {\n userArn: 'arn:aws:iam::123456789012:user/johnsmith',\n});\n```\n\n### Access Keys\n\nThe ability for a user to make API calls via the CLI or an SDK is enabled by the user having an\naccess key pair. To create an access key:\n\n```ts\nconst user = new iam.User(this, 'MyUser');\nconst accessKey = new iam.AccessKey(this, 'MyAccessKey', { user: user });\n```\n\nYou can force CloudFormation to rotate the access key by providing a monotonically increasing `serial`\nproperty. Simply provide a higher serial value than any number used previously:\n\n```ts\nconst user = new iam.User(this, 'MyUser');\nconst accessKey = new iam.AccessKey(this, 'MyAccessKey', { user: user, serial: 1 });\n```\n\nAn access key may only be associated with a single user and cannot be \"moved\" between users. Changing\nthe user associated with an access key replaces the access key (and its ID and secret value).\n\n## Groups\n\nAn IAM user group is a collection of IAM users. User groups let you specify permissions for multiple users.\n\n```ts\nconst group = new iam.Group(this, 'MyGroup');\n```\n\nTo import an existing group by ARN:\n\n```ts\nconst group = iam.Group.fromGroupArn(this, 'MyImportedGroupByArn', 'arn:aws:iam::account-id:group/group-name');\n```\n\nTo import an existing group by name [with path](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names):\n\n```ts\nconst group = iam.Group.fromGroupName(this, 'MyImportedGroupByName', 'group-name');\n```\n\nTo add a user to a group (both for a new and imported user/group):\n\n```ts\nconst user = new iam.User(this, 'MyUser'); // or User.fromUserName(stack, 'User', 'johnsmith');\nconst group = new iam.Group(this, 'MyGroup'); // or Group.fromGroupArn(stack, 'Group', 'arn:aws:iam::account-id:group/group-name');\n\nuser.addToGroup(group);\n// or\ngroup.addUser(user);\n```\n\n## Features\n\n* Policy name uniqueness is enforced. If two policies by the same name are attached to the same\n principal, the attachment will fail.\n* Policy names are not required - the CDK logical ID will be used and ensured to be unique.\n* Policies are validated during synthesis to ensure that they have actions, and that policies\n attached to IAM principals specify relevant resources, while policies attached to resources\n specify which IAM principals they apply to.\n"
178 },
179 "repository": {
180 "directory": "packages/@aws-cdk/aws-iam",
181 "type": "git",
182 "url": "https://github.com/aws/aws-cdk.git"
183 },
184 "schema": "jsii/0.10.0",
185 "targets": {
186 "dotnet": {
187 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
188 "namespace": "Amazon.CDK.AWS.IAM",
189 "packageId": "Amazon.CDK.AWS.IAM"
190 },
191 "java": {
192 "maven": {
193 "artifactId": "iam",
194 "groupId": "software.amazon.awscdk"
195 },
196 "package": "software.amazon.awscdk.services.iam"
197 },
198 "js": {
199 "npm": "@aws-cdk/aws-iam"
200 },
201 "python": {
202 "classifiers": [
203 "Framework :: AWS CDK",
204 "Framework :: AWS CDK :: 1"
205 ],
206 "distName": "aws-cdk.aws-iam",
207 "module": "aws_cdk.aws_iam"
208 }
209 },
210 "types": {
211 "@aws-cdk/aws-iam.AccessKey": {
212 "assembly": "@aws-cdk/aws-iam",
213 "base": "@aws-cdk/core.Resource",
214 "docs": {
215 "custom": {
216 "exampleMetadata": "infused"
217 },
218 "example": "// Creates a new IAM user, access and secret keys, and stores the secret access key in a Secret.\nconst user = new iam.User(this, 'User');\nconst accessKey = new iam.AccessKey(this, 'AccessKey', { user });\nconst secretValue = secretsmanager.SecretStringValueBeta1.fromToken(accessKey.secretAccessKey.toString());\nnew secretsmanager.Secret(this, 'Secret', {\n secretStringBeta1: secretValue,\n});",
219 "stability": "stable",
220 "summary": "Define a new IAM Access Key."
221 },
222 "fqn": "@aws-cdk/aws-iam.AccessKey",
223 "initializer": {
224 "docs": {
225 "stability": "stable"
226 },
227 "locationInModule": {
228 "filename": "lib/access-key.ts",
229 "line": 80
230 },
231 "parameters": [
232 {
233 "name": "scope",
234 "type": {
235 "fqn": "constructs.Construct"
236 }
237 },
238 {
239 "name": "id",
240 "type": {
241 "primitive": "string"
242 }
243 },
244 {
245 "name": "props",
246 "type": {
247 "fqn": "@aws-cdk/aws-iam.AccessKeyProps"
248 }
249 }
250 ]
251 },
252 "interfaces": [
253 "@aws-cdk/aws-iam.IAccessKey"
254 ],
255 "kind": "class",
256 "locationInModule": {
257 "filename": "lib/access-key.ts",
258 "line": 76
259 },
260 "name": "AccessKey",
261 "properties": [
262 {
263 "docs": {
264 "stability": "stable",
265 "summary": "The Access Key ID."
266 },
267 "immutable": true,
268 "locationInModule": {
269 "filename": "lib/access-key.ts",
270 "line": 77
271 },
272 "name": "accessKeyId",
273 "overrides": "@aws-cdk/aws-iam.IAccessKey",
274 "type": {
275 "primitive": "string"
276 }
277 },
278 {
279 "docs": {
280 "stability": "stable",
281 "summary": "The Secret Access Key."
282 },
283 "immutable": true,
284 "locationInModule": {
285 "filename": "lib/access-key.ts",
286 "line": 78
287 },
288 "name": "secretAccessKey",
289 "overrides": "@aws-cdk/aws-iam.IAccessKey",
290 "type": {
291 "fqn": "@aws-cdk/core.SecretValue"
292 }
293 }
294 ],
295 "symbolId": "lib/access-key:AccessKey"
296 },
297 "@aws-cdk/aws-iam.AccessKeyProps": {
298 "assembly": "@aws-cdk/aws-iam",
299 "datatype": true,
300 "docs": {
301 "custom": {
302 "exampleMetadata": "infused"
303 },
304 "example": "// Creates a new IAM user, access and secret keys, and stores the secret access key in a Secret.\nconst user = new iam.User(this, 'User');\nconst accessKey = new iam.AccessKey(this, 'AccessKey', { user });\nconst secretValue = secretsmanager.SecretStringValueBeta1.fromToken(accessKey.secretAccessKey.toString());\nnew secretsmanager.Secret(this, 'Secret', {\n secretStringBeta1: secretValue,\n});",
305 "stability": "stable",
306 "summary": "Properties for defining an IAM access key."
307 },
308 "fqn": "@aws-cdk/aws-iam.AccessKeyProps",
309 "kind": "interface",
310 "locationInModule": {
311 "filename": "lib/access-key.ts",
312 "line": 45
313 },
314 "name": "AccessKeyProps",
315 "properties": [
316 {
317 "abstract": true,
318 "docs": {
319 "remarks": "Changing this value will result in the access key being deleted and a new\naccess key (with a different ID and secret value) being assigned to the new\nuser.",
320 "stability": "stable",
321 "summary": "The IAM user this key will belong to."
322 },
323 "immutable": true,
324 "locationInModule": {
325 "filename": "lib/access-key.ts",
326 "line": 70
327 },
328 "name": "user",
329 "type": {
330 "fqn": "@aws-cdk/aws-iam.IUser"
331 }
332 },
333 {
334 "abstract": true,
335 "docs": {
336 "default": "- No serial value",
337 "remarks": "This value can only be incremented. Incrementing this\nvalue will cause CloudFormation to replace the Access Key resource.",
338 "stability": "stable",
339 "summary": "A CloudFormation-specific value that signifies the access key should be replaced/rotated."
340 },
341 "immutable": true,
342 "locationInModule": {
343 "filename": "lib/access-key.ts",
344 "line": 53
345 },
346 "name": "serial",
347 "optional": true,
348 "type": {
349 "primitive": "number"
350 }
351 },
352 {
353 "abstract": true,
354 "docs": {
355 "default": "- The access key is active",
356 "remarks": "An Active access key is allowed to be used\nto make API calls; An Inactive key cannot.",
357 "stability": "stable",
358 "summary": "The status of the access key."
359 },
360 "immutable": true,
361 "locationInModule": {
362 "filename": "lib/access-key.ts",
363 "line": 61
364 },
365 "name": "status",
366 "optional": true,
367 "type": {
368 "fqn": "@aws-cdk/aws-iam.AccessKeyStatus"
369 }
370 }
371 ],
372 "symbolId": "lib/access-key:AccessKeyProps"
373 },
374 "@aws-cdk/aws-iam.AccessKeyStatus": {
375 "assembly": "@aws-cdk/aws-iam",
376 "docs": {
377 "stability": "stable",
378 "summary": "Valid statuses for an IAM Access Key."
379 },
380 "fqn": "@aws-cdk/aws-iam.AccessKeyStatus",
381 "kind": "enum",
382 "locationInModule": {
383 "filename": "lib/access-key.ts",
384 "line": 9
385 },
386 "members": [
387 {
388 "docs": {
389 "remarks": "An active key can be used to make API calls.",
390 "stability": "stable",
391 "summary": "An active access key."
392 },
393 "name": "ACTIVE"
394 },
395 {
396 "docs": {
397 "remarks": "An inactive key cannot be used to make API calls.",
398 "stability": "stable",
399 "summary": "An inactive access key."
400 },
401 "name": "INACTIVE"
402 }
403 ],
404 "name": "AccessKeyStatus",
405 "symbolId": "lib/access-key:AccessKeyStatus"
406 },
407 "@aws-cdk/aws-iam.AccountPrincipal": {
408 "assembly": "@aws-cdk/aws-iam",
409 "base": "@aws-cdk/aws-iam.ArnPrincipal",
410 "docs": {
411 "custom": {
412 "exampleMetadata": "infused"
413 },
414 "example": "const cluster = new neptune.DatabaseCluster(this, 'Cluster', {\n vpc,\n instanceType: neptune.InstanceType.R5_LARGE,\n iamAuthentication: true, // Optional - will be automatically set if you call grantConnect().\n});\nconst role = new iam.Role(this, 'DBRole', { assumedBy: new iam.AccountPrincipal(this.account) });\ncluster.grantConnect(role); // Grant the role connection access to the DB.",
415 "stability": "stable",
416 "summary": "Specify AWS account ID as the principal entity in a policy to delegate authority to the account."
417 },
418 "fqn": "@aws-cdk/aws-iam.AccountPrincipal",
419 "initializer": {
420 "docs": {
421 "stability": "stable"
422 },
423 "locationInModule": {
424 "filename": "lib/principals.ts",
425 "line": 395
426 },
427 "parameters": [
428 {
429 "docs": {
430 "summary": "AWS account ID (i.e. 123456789012)."
431 },
432 "name": "accountId",
433 "type": {
434 "primitive": "any"
435 }
436 }
437 ]
438 },
439 "kind": "class",
440 "locationInModule": {
441 "filename": "lib/principals.ts",
442 "line": 388
443 },
444 "methods": [
445 {
446 "docs": {
447 "stability": "stable",
448 "summary": "Returns a string representation of an object."
449 },
450 "locationInModule": {
451 "filename": "lib/principals.ts",
452 "line": 400
453 },
454 "name": "toString",
455 "overrides": "@aws-cdk/aws-iam.ArnPrincipal",
456 "returns": {
457 "type": {
458 "primitive": "string"
459 }
460 }
461 }
462 ],
463 "name": "AccountPrincipal",
464 "properties": [
465 {
466 "docs": {
467 "stability": "stable",
468 "summary": "AWS account ID (i.e. 123456789012)."
469 },
470 "immutable": true,
471 "locationInModule": {
472 "filename": "lib/principals.ts",
473 "line": 395
474 },
475 "name": "accountId",
476 "type": {
477 "primitive": "any"
478 }
479 },
480 {
481 "docs": {
482 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
483 "stability": "stable",
484 "summary": "The AWS account ID of this principal."
485 },
486 "immutable": true,
487 "locationInModule": {
488 "filename": "lib/principals.ts",
489 "line": 389
490 },
491 "name": "principalAccount",
492 "optional": true,
493 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
494 "type": {
495 "primitive": "string"
496 }
497 }
498 ],
499 "symbolId": "lib/principals:AccountPrincipal"
500 },
501 "@aws-cdk/aws-iam.AccountRootPrincipal": {
502 "assembly": "@aws-cdk/aws-iam",
503 "base": "@aws-cdk/aws-iam.AccountPrincipal",
504 "docs": {
505 "custom": {
506 "exampleMetadata": "infused"
507 },
508 "example": "const bucket = new s3.Bucket(this, 'MyBucket');\nconst result = bucket.addToResourcePolicy(new iam.PolicyStatement({\n actions: ['s3:GetObject'],\n resources: [bucket.arnForObjects('file.txt')],\n principals: [new iam.AccountRootPrincipal()],\n}));",
509 "stability": "stable",
510 "summary": "Use the AWS account into which a stack is deployed as the principal entity in a policy."
511 },
512 "fqn": "@aws-cdk/aws-iam.AccountRootPrincipal",
513 "initializer": {
514 "docs": {
515 "stability": "stable"
516 },
517 "locationInModule": {
518 "filename": "lib/principals.ts",
519 "line": 629
520 }
521 },
522 "kind": "class",
523 "locationInModule": {
524 "filename": "lib/principals.ts",
525 "line": 628
526 },
527 "methods": [
528 {
529 "docs": {
530 "stability": "stable",
531 "summary": "Returns a string representation of an object."
532 },
533 "locationInModule": {
534 "filename": "lib/principals.ts",
535 "line": 633
536 },
537 "name": "toString",
538 "overrides": "@aws-cdk/aws-iam.AccountPrincipal",
539 "returns": {
540 "type": {
541 "primitive": "string"
542 }
543 }
544 }
545 ],
546 "name": "AccountRootPrincipal",
547 "symbolId": "lib/principals:AccountRootPrincipal"
548 },
549 "@aws-cdk/aws-iam.AddToPrincipalPolicyResult": {
550 "assembly": "@aws-cdk/aws-iam",
551 "datatype": true,
552 "docs": {
553 "stability": "stable",
554 "summary": "Result of calling `addToPrincipalPolicy`.",
555 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const dependable: cdk.IDependable;\nconst addToPrincipalPolicyResult: iam.AddToPrincipalPolicyResult = {\n statementAdded: false,\n\n // the properties below are optional\n policyDependable: dependable,\n};",
556 "custom": {
557 "exampleMetadata": "fixture=_generated"
558 }
559 },
560 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult",
561 "kind": "interface",
562 "locationInModule": {
563 "filename": "lib/principals.ts",
564 "line": 95
565 },
566 "name": "AddToPrincipalPolicyResult",
567 "properties": [
568 {
569 "abstract": true,
570 "docs": {
571 "stability": "stable",
572 "summary": "Whether the statement was added to the identity's policies."
573 },
574 "immutable": true,
575 "locationInModule": {
576 "filename": "lib/principals.ts",
577 "line": 100
578 },
579 "name": "statementAdded",
580 "type": {
581 "primitive": "boolean"
582 }
583 },
584 {
585 "abstract": true,
586 "docs": {
587 "default": "- Required if `statementAdded` is true.",
588 "stability": "stable",
589 "summary": "Dependable which allows depending on the policy change being applied."
590 },
591 "immutable": true,
592 "locationInModule": {
593 "filename": "lib/principals.ts",
594 "line": 107
595 },
596 "name": "policyDependable",
597 "optional": true,
598 "type": {
599 "fqn": "@aws-cdk/core.IDependable"
600 }
601 }
602 ],
603 "symbolId": "lib/principals:AddToPrincipalPolicyResult"
604 },
605 "@aws-cdk/aws-iam.AddToResourcePolicyResult": {
606 "assembly": "@aws-cdk/aws-iam",
607 "datatype": true,
608 "docs": {
609 "custom": {
610 "exampleMetadata": "infused"
611 },
612 "example": "const bucket = s3.Bucket.fromBucketName(this, 'existingBucket', 'bucket-name');\n\n// No policy statement will be added to the resource\nconst result = bucket.addToResourcePolicy(new iam.PolicyStatement({\n actions: ['s3:GetObject'],\n resources: [bucket.arnForObjects('file.txt')],\n principals: [new iam.AccountRootPrincipal()],\n}));",
613 "stability": "stable",
614 "summary": "Result of calling addToResourcePolicy."
615 },
616 "fqn": "@aws-cdk/aws-iam.AddToResourcePolicyResult",
617 "kind": "interface",
618 "locationInModule": {
619 "filename": "lib/grant.ts",
620 "line": 316
621 },
622 "name": "AddToResourcePolicyResult",
623 "properties": [
624 {
625 "abstract": true,
626 "docs": {
627 "stability": "stable",
628 "summary": "Whether the statement was added."
629 },
630 "immutable": true,
631 "locationInModule": {
632 "filename": "lib/grant.ts",
633 "line": 320
634 },
635 "name": "statementAdded",
636 "type": {
637 "primitive": "boolean"
638 }
639 },
640 {
641 "abstract": true,
642 "docs": {
643 "default": "- If `statementAdded` is true, the resource object itself.\nOtherwise, no dependable.",
644 "stability": "stable",
645 "summary": "Dependable which allows depending on the policy change being applied."
646 },
647 "immutable": true,
648 "locationInModule": {
649 "filename": "lib/grant.ts",
650 "line": 328
651 },
652 "name": "policyDependable",
653 "optional": true,
654 "type": {
655 "fqn": "@aws-cdk/core.IDependable"
656 }
657 }
658 ],
659 "symbolId": "lib/grant:AddToResourcePolicyResult"
660 },
661 "@aws-cdk/aws-iam.AnyPrincipal": {
662 "assembly": "@aws-cdk/aws-iam",
663 "base": "@aws-cdk/aws-iam.ArnPrincipal",
664 "docs": {
665 "custom": {
666 "exampleMetadata": "infused"
667 },
668 "example": "const topic = new sns.Topic(this, 'Topic');\nconst topicPolicy = new sns.TopicPolicy(this, 'TopicPolicy', {\n topics: [topic],\n});\n\ntopicPolicy.document.addStatements(new iam.PolicyStatement({\n actions: [\"sns:Subscribe\"],\n principals: [new iam.AnyPrincipal()],\n resources: [topic.topicArn],\n}));",
669 "remarks": "Some services behave differently when you specify `Principal: '*'`\nor `Principal: { AWS: \"*\" }` in their resource policy.\n\n`AnyPrincipal` renders to `Principal: { AWS: \"*\" }`. This is correct\nmost of the time, but in cases where you need the other principal,\nuse `StarPrincipal` instead.",
670 "stability": "stable",
671 "summary": "A principal representing all AWS identities in all accounts."
672 },
673 "fqn": "@aws-cdk/aws-iam.AnyPrincipal",
674 "initializer": {
675 "docs": {
676 "stability": "stable"
677 },
678 "locationInModule": {
679 "filename": "lib/principals.ts",
680 "line": 649
681 }
682 },
683 "kind": "class",
684 "locationInModule": {
685 "filename": "lib/principals.ts",
686 "line": 648
687 },
688 "methods": [
689 {
690 "docs": {
691 "stability": "stable",
692 "summary": "Returns a string representation of an object."
693 },
694 "locationInModule": {
695 "filename": "lib/principals.ts",
696 "line": 653
697 },
698 "name": "toString",
699 "overrides": "@aws-cdk/aws-iam.ArnPrincipal",
700 "returns": {
701 "type": {
702 "primitive": "string"
703 }
704 }
705 }
706 ],
707 "name": "AnyPrincipal",
708 "symbolId": "lib/principals:AnyPrincipal"
709 },
710 "@aws-cdk/aws-iam.Anyone": {
711 "assembly": "@aws-cdk/aws-iam",
712 "base": "@aws-cdk/aws-iam.AnyPrincipal",
713 "docs": {
714 "deprecated": "use `AnyPrincipal`",
715 "stability": "deprecated",
716 "summary": "A principal representing all identities in all accounts.",
717 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst anyone = new iam.Anyone();",
718 "custom": {
719 "exampleMetadata": "fixture=_generated"
720 }
721 },
722 "fqn": "@aws-cdk/aws-iam.Anyone",
723 "initializer": {
724 "docs": {
725 "stability": "stable"
726 },
727 "locationInModule": {
728 "filename": "lib/principals.ts",
729 "line": 649
730 }
731 },
732 "kind": "class",
733 "locationInModule": {
734 "filename": "lib/principals.ts",
735 "line": 662
736 },
737 "name": "Anyone",
738 "symbolId": "lib/principals:Anyone"
739 },
740 "@aws-cdk/aws-iam.ArnPrincipal": {
741 "assembly": "@aws-cdk/aws-iam",
742 "base": "@aws-cdk/aws-iam.PrincipalBase",
743 "docs": {
744 "custom": {
745 "exampleMetadata": "infused"
746 },
747 "example": "declare const networkLoadBalancer1: elbv2.NetworkLoadBalancer;\ndeclare const networkLoadBalancer2: elbv2.NetworkLoadBalancer;\n\nnew ec2.VpcEndpointService(this, 'EndpointService', {\n vpcEndpointServiceLoadBalancers: [networkLoadBalancer1, networkLoadBalancer2],\n acceptanceRequired: true,\n allowedPrincipals: [new iam.ArnPrincipal('arn:aws:iam::123456789012:root')]\n});",
748 "remarks": "You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions.\nYou cannot specify IAM groups or instance profiles as principals",
749 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html",
750 "stability": "stable",
751 "summary": "Specify a principal by the Amazon Resource Name (ARN)."
752 },
753 "fqn": "@aws-cdk/aws-iam.ArnPrincipal",
754 "initializer": {
755 "docs": {
756 "stability": "stable"
757 },
758 "locationInModule": {
759 "filename": "lib/principals.ts",
760 "line": 360
761 },
762 "parameters": [
763 {
764 "docs": {
765 "summary": "Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name)."
766 },
767 "name": "arn",
768 "type": {
769 "primitive": "string"
770 }
771 }
772 ]
773 },
774 "kind": "class",
775 "locationInModule": {
776 "filename": "lib/principals.ts",
777 "line": 355
778 },
779 "methods": [
780 {
781 "docs": {
782 "stability": "stable",
783 "summary": "A convenience method for adding a condition that the principal is part of the specified AWS Organization."
784 },
785 "locationInModule": {
786 "filename": "lib/principals.ts",
787 "line": 376
788 },
789 "name": "inOrganization",
790 "parameters": [
791 {
792 "name": "organizationId",
793 "type": {
794 "primitive": "string"
795 }
796 }
797 ],
798 "returns": {
799 "type": {
800 "fqn": "@aws-cdk/aws-iam.PrincipalBase"
801 }
802 }
803 },
804 {
805 "docs": {
806 "stability": "stable",
807 "summary": "Returns a string representation of an object."
808 },
809 "locationInModule": {
810 "filename": "lib/principals.ts",
811 "line": 368
812 },
813 "name": "toString",
814 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
815 "returns": {
816 "type": {
817 "primitive": "string"
818 }
819 }
820 }
821 ],
822 "name": "ArnPrincipal",
823 "properties": [
824 {
825 "docs": {
826 "stability": "stable",
827 "summary": "Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name)."
828 },
829 "immutable": true,
830 "locationInModule": {
831 "filename": "lib/principals.ts",
832 "line": 360
833 },
834 "name": "arn",
835 "type": {
836 "primitive": "string"
837 }
838 },
839 {
840 "docs": {
841 "stability": "stable",
842 "summary": "Return the policy fragment that identifies this principal in a Policy."
843 },
844 "immutable": true,
845 "locationInModule": {
846 "filename": "lib/principals.ts",
847 "line": 364
848 },
849 "name": "policyFragment",
850 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
851 "type": {
852 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
853 }
854 }
855 ],
856 "symbolId": "lib/principals:ArnPrincipal"
857 },
858 "@aws-cdk/aws-iam.CanonicalUserPrincipal": {
859 "assembly": "@aws-cdk/aws-iam",
860 "base": "@aws-cdk/aws-iam.PrincipalBase",
861 "docs": {
862 "remarks": "See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html\n\nand\n\nhttps://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html\n\nfor more details.",
863 "stability": "stable",
864 "summary": "A policy principal for canonicalUserIds - useful for S3 bucket policies that use Origin Access identities.",
865 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst canonicalUserPrincipal = new iam.CanonicalUserPrincipal('canonicalUserId');",
866 "custom": {
867 "exampleMetadata": "fixture=_generated"
868 }
869 },
870 "fqn": "@aws-cdk/aws-iam.CanonicalUserPrincipal",
871 "initializer": {
872 "docs": {
873 "stability": "stable"
874 },
875 "locationInModule": {
876 "filename": "lib/principals.ts",
877 "line": 494
878 },
879 "parameters": [
880 {
881 "docs": {
882 "remarks": "root user and IAM users for an account all see the same ID.\n(i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)",
883 "summary": "unique identifier assigned by AWS for every account."
884 },
885 "name": "canonicalUserId",
886 "type": {
887 "primitive": "string"
888 }
889 }
890 ]
891 },
892 "kind": "class",
893 "locationInModule": {
894 "filename": "lib/principals.ts",
895 "line": 487
896 },
897 "methods": [
898 {
899 "docs": {
900 "stability": "stable",
901 "summary": "Returns a string representation of an object."
902 },
903 "locationInModule": {
904 "filename": "lib/principals.ts",
905 "line": 502
906 },
907 "name": "toString",
908 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
909 "returns": {
910 "type": {
911 "primitive": "string"
912 }
913 }
914 }
915 ],
916 "name": "CanonicalUserPrincipal",
917 "properties": [
918 {
919 "docs": {
920 "remarks": "root user and IAM users for an account all see the same ID.\n(i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)",
921 "stability": "stable",
922 "summary": "unique identifier assigned by AWS for every account."
923 },
924 "immutable": true,
925 "locationInModule": {
926 "filename": "lib/principals.ts",
927 "line": 494
928 },
929 "name": "canonicalUserId",
930 "type": {
931 "primitive": "string"
932 }
933 },
934 {
935 "docs": {
936 "stability": "stable",
937 "summary": "Return the policy fragment that identifies this principal in a Policy."
938 },
939 "immutable": true,
940 "locationInModule": {
941 "filename": "lib/principals.ts",
942 "line": 498
943 },
944 "name": "policyFragment",
945 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
946 "type": {
947 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
948 }
949 }
950 ],
951 "symbolId": "lib/principals:CanonicalUserPrincipal"
952 },
953 "@aws-cdk/aws-iam.CfnAccessKey": {
954 "assembly": "@aws-cdk/aws-iam",
955 "base": "@aws-cdk/core.CfnResource",
956 "docs": {
957 "custom": {
958 "cloudformationResource": "AWS::IAM::AccessKey",
959 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html",
960 "exampleMetadata": "fixture=_generated"
961 },
962 "remarks": "Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is `Active` .\n\nIf you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. This operation works for access keys under the AWS account . Consequently, you can use this operation to manage AWS account root user credentials. This is true even if the AWS account has no associated users.\n\nFor information about quotas on the number of keys you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .\n\n> To ensure the security of your AWS account , the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.",
963 "stability": "external",
964 "summary": "A CloudFormation `AWS::IAM::AccessKey`.",
965 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnAccessKey = new iam.CfnAccessKey(this, 'MyCfnAccessKey', {\n userName: 'userName',\n\n // the properties below are optional\n serial: 123,\n status: 'status',\n});"
966 },
967 "fqn": "@aws-cdk/aws-iam.CfnAccessKey",
968 "initializer": {
969 "docs": {
970 "stability": "external",
971 "summary": "Create a new `AWS::IAM::AccessKey`."
972 },
973 "locationInModule": {
974 "filename": "lib/iam.generated.ts",
975 "line": 174
976 },
977 "parameters": [
978 {
979 "docs": {
980 "summary": "- scope in which this resource is defined."
981 },
982 "name": "scope",
983 "type": {
984 "fqn": "@aws-cdk/core.Construct"
985 }
986 },
987 {
988 "docs": {
989 "summary": "- scoped id of the resource."
990 },
991 "name": "id",
992 "type": {
993 "primitive": "string"
994 }
995 },
996 {
997 "docs": {
998 "summary": "- resource properties."
999 },
1000 "name": "props",
1001 "type": {
1002 "fqn": "@aws-cdk/aws-iam.CfnAccessKeyProps"
1003 }
1004 }
1005 ]
1006 },
1007 "interfaces": [
1008 "@aws-cdk/core.IInspectable"
1009 ],
1010 "kind": "class",
1011 "locationInModule": {
1012 "filename": "lib/iam.generated.ts",
1013 "line": 113
1014 },
1015 "methods": [
1016 {
1017 "docs": {
1018 "stability": "external",
1019 "summary": "Examines the CloudFormation resource and discloses attributes."
1020 },
1021 "locationInModule": {
1022 "filename": "lib/iam.generated.ts",
1023 "line": 190
1024 },
1025 "name": "inspect",
1026 "overrides": "@aws-cdk/core.IInspectable",
1027 "parameters": [
1028 {
1029 "docs": {
1030 "summary": "- tree inspector to collect and process attributes."
1031 },
1032 "name": "inspector",
1033 "type": {
1034 "fqn": "@aws-cdk/core.TreeInspector"
1035 }
1036 }
1037 ]
1038 },
1039 {
1040 "docs": {
1041 "stability": "external"
1042 },
1043 "locationInModule": {
1044 "filename": "lib/iam.generated.ts",
1045 "line": 203
1046 },
1047 "name": "renderProperties",
1048 "overrides": "@aws-cdk/core.CfnResource",
1049 "parameters": [
1050 {
1051 "name": "props",
1052 "type": {
1053 "collection": {
1054 "elementtype": {
1055 "primitive": "any"
1056 },
1057 "kind": "map"
1058 }
1059 }
1060 }
1061 ],
1062 "protected": true,
1063 "returns": {
1064 "type": {
1065 "collection": {
1066 "elementtype": {
1067 "primitive": "any"
1068 },
1069 "kind": "map"
1070 }
1071 }
1072 }
1073 }
1074 ],
1075 "name": "CfnAccessKey",
1076 "properties": [
1077 {
1078 "const": true,
1079 "docs": {
1080 "stability": "external",
1081 "summary": "The CloudFormation resource type name for this resource class."
1082 },
1083 "immutable": true,
1084 "locationInModule": {
1085 "filename": "lib/iam.generated.ts",
1086 "line": 117
1087 },
1088 "name": "CFN_RESOURCE_TYPE_NAME",
1089 "static": true,
1090 "type": {
1091 "primitive": "string"
1092 }
1093 },
1094 {
1095 "docs": {
1096 "custom": {
1097 "cloudformationAttribute": "SecretAccessKey"
1098 },
1099 "remarks": "For example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY.",
1100 "stability": "external",
1101 "summary": "Returns the secret access key for the specified AWS::IAM::AccessKey resource."
1102 },
1103 "immutable": true,
1104 "locationInModule": {
1105 "filename": "lib/iam.generated.ts",
1106 "line": 142
1107 },
1108 "name": "attrSecretAccessKey",
1109 "type": {
1110 "primitive": "string"
1111 }
1112 },
1113 {
1114 "docs": {
1115 "stability": "external"
1116 },
1117 "immutable": true,
1118 "locationInModule": {
1119 "filename": "lib/iam.generated.ts",
1120 "line": 195
1121 },
1122 "name": "cfnProperties",
1123 "overrides": "@aws-cdk/core.CfnResource",
1124 "protected": true,
1125 "type": {
1126 "collection": {
1127 "elementtype": {
1128 "primitive": "any"
1129 },
1130 "kind": "map"
1131 }
1132 }
1133 },
1134 {
1135 "docs": {
1136 "custom": {
1137 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-username"
1138 },
1139 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
1140 "stability": "external",
1141 "summary": "The name of the IAM user that the new key will belong to."
1142 },
1143 "locationInModule": {
1144 "filename": "lib/iam.generated.ts",
1145 "line": 151
1146 },
1147 "name": "userName",
1148 "type": {
1149 "primitive": "string"
1150 }
1151 },
1152 {
1153 "docs": {
1154 "custom": {
1155 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-serial"
1156 },
1157 "remarks": "Incrementing this value notifies CloudFormation that you want to rotate your access key. When you update your stack, CloudFormation will replace the existing access key with a new key.",
1158 "stability": "external",
1159 "summary": "This value is specific to CloudFormation and can only be *incremented* ."
1160 },
1161 "locationInModule": {
1162 "filename": "lib/iam.generated.ts",
1163 "line": 158
1164 },
1165 "name": "serial",
1166 "optional": true,
1167 "type": {
1168 "primitive": "number"
1169 }
1170 },
1171 {
1172 "docs": {
1173 "custom": {
1174 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-status"
1175 },
1176 "remarks": "`Active` means that the key is valid for API calls, while `Inactive` means it is not.",
1177 "stability": "external",
1178 "summary": "The status of the access key."
1179 },
1180 "locationInModule": {
1181 "filename": "lib/iam.generated.ts",
1182 "line": 165
1183 },
1184 "name": "status",
1185 "optional": true,
1186 "type": {
1187 "primitive": "string"
1188 }
1189 }
1190 ],
1191 "symbolId": "lib/iam.generated:CfnAccessKey"
1192 },
1193 "@aws-cdk/aws-iam.CfnAccessKeyProps": {
1194 "assembly": "@aws-cdk/aws-iam",
1195 "datatype": true,
1196 "docs": {
1197 "custom": {
1198 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html",
1199 "exampleMetadata": "fixture=_generated"
1200 },
1201 "stability": "external",
1202 "summary": "Properties for defining a `CfnAccessKey`.",
1203 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnAccessKeyProps: iam.CfnAccessKeyProps = {\n userName: 'userName',\n\n // the properties below are optional\n serial: 123,\n status: 'status',\n};"
1204 },
1205 "fqn": "@aws-cdk/aws-iam.CfnAccessKeyProps",
1206 "kind": "interface",
1207 "locationInModule": {
1208 "filename": "lib/iam.generated.ts",
1209 "line": 19
1210 },
1211 "name": "CfnAccessKeyProps",
1212 "properties": [
1213 {
1214 "abstract": true,
1215 "docs": {
1216 "custom": {
1217 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-username"
1218 },
1219 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
1220 "stability": "external",
1221 "summary": "The name of the IAM user that the new key will belong to."
1222 },
1223 "immutable": true,
1224 "locationInModule": {
1225 "filename": "lib/iam.generated.ts",
1226 "line": 28
1227 },
1228 "name": "userName",
1229 "type": {
1230 "primitive": "string"
1231 }
1232 },
1233 {
1234 "abstract": true,
1235 "docs": {
1236 "custom": {
1237 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-serial"
1238 },
1239 "remarks": "Incrementing this value notifies CloudFormation that you want to rotate your access key. When you update your stack, CloudFormation will replace the existing access key with a new key.",
1240 "stability": "external",
1241 "summary": "This value is specific to CloudFormation and can only be *incremented* ."
1242 },
1243 "immutable": true,
1244 "locationInModule": {
1245 "filename": "lib/iam.generated.ts",
1246 "line": 35
1247 },
1248 "name": "serial",
1249 "optional": true,
1250 "type": {
1251 "primitive": "number"
1252 }
1253 },
1254 {
1255 "abstract": true,
1256 "docs": {
1257 "custom": {
1258 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-status"
1259 },
1260 "remarks": "`Active` means that the key is valid for API calls, while `Inactive` means it is not.",
1261 "stability": "external",
1262 "summary": "The status of the access key."
1263 },
1264 "immutable": true,
1265 "locationInModule": {
1266 "filename": "lib/iam.generated.ts",
1267 "line": 42
1268 },
1269 "name": "status",
1270 "optional": true,
1271 "type": {
1272 "primitive": "string"
1273 }
1274 }
1275 ],
1276 "symbolId": "lib/iam.generated:CfnAccessKeyProps"
1277 },
1278 "@aws-cdk/aws-iam.CfnGroup": {
1279 "assembly": "@aws-cdk/aws-iam",
1280 "base": "@aws-cdk/core.CfnResource",
1281 "docs": {
1282 "custom": {
1283 "cloudformationResource": "AWS::IAM::Group",
1284 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html",
1285 "exampleMetadata": "fixture=_generated"
1286 },
1287 "remarks": "Creates a new group.\n\nFor information about the number of groups you can create, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
1288 "stability": "external",
1289 "summary": "A CloudFormation `AWS::IAM::Group`.",
1290 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnGroup = new iam.CfnGroup(this, 'MyCfnGroup', /* all optional props */ {\n groupName: 'groupName',\n managedPolicyArns: ['managedPolicyArns'],\n path: 'path',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n});"
1291 },
1292 "fqn": "@aws-cdk/aws-iam.CfnGroup",
1293 "initializer": {
1294 "docs": {
1295 "stability": "external",
1296 "summary": "Create a new `AWS::IAM::Group`."
1297 },
1298 "locationInModule": {
1299 "filename": "lib/iam.generated.ts",
1300 "line": 415
1301 },
1302 "parameters": [
1303 {
1304 "docs": {
1305 "summary": "- scope in which this resource is defined."
1306 },
1307 "name": "scope",
1308 "type": {
1309 "fqn": "@aws-cdk/core.Construct"
1310 }
1311 },
1312 {
1313 "docs": {
1314 "summary": "- scoped id of the resource."
1315 },
1316 "name": "id",
1317 "type": {
1318 "primitive": "string"
1319 }
1320 },
1321 {
1322 "docs": {
1323 "summary": "- resource properties."
1324 },
1325 "name": "props",
1326 "optional": true,
1327 "type": {
1328 "fqn": "@aws-cdk/aws-iam.CfnGroupProps"
1329 }
1330 }
1331 ]
1332 },
1333 "interfaces": [
1334 "@aws-cdk/core.IInspectable"
1335 ],
1336 "kind": "class",
1337 "locationInModule": {
1338 "filename": "lib/iam.generated.ts",
1339 "line": 331
1340 },
1341 "methods": [
1342 {
1343 "docs": {
1344 "stability": "external",
1345 "summary": "Examines the CloudFormation resource and discloses attributes."
1346 },
1347 "locationInModule": {
1348 "filename": "lib/iam.generated.ts",
1349 "line": 431
1350 },
1351 "name": "inspect",
1352 "overrides": "@aws-cdk/core.IInspectable",
1353 "parameters": [
1354 {
1355 "docs": {
1356 "summary": "- tree inspector to collect and process attributes."
1357 },
1358 "name": "inspector",
1359 "type": {
1360 "fqn": "@aws-cdk/core.TreeInspector"
1361 }
1362 }
1363 ]
1364 },
1365 {
1366 "docs": {
1367 "stability": "external"
1368 },
1369 "locationInModule": {
1370 "filename": "lib/iam.generated.ts",
1371 "line": 445
1372 },
1373 "name": "renderProperties",
1374 "overrides": "@aws-cdk/core.CfnResource",
1375 "parameters": [
1376 {
1377 "name": "props",
1378 "type": {
1379 "collection": {
1380 "elementtype": {
1381 "primitive": "any"
1382 },
1383 "kind": "map"
1384 }
1385 }
1386 }
1387 ],
1388 "protected": true,
1389 "returns": {
1390 "type": {
1391 "collection": {
1392 "elementtype": {
1393 "primitive": "any"
1394 },
1395 "kind": "map"
1396 }
1397 }
1398 }
1399 }
1400 ],
1401 "name": "CfnGroup",
1402 "properties": [
1403 {
1404 "const": true,
1405 "docs": {
1406 "stability": "external",
1407 "summary": "The CloudFormation resource type name for this resource class."
1408 },
1409 "immutable": true,
1410 "locationInModule": {
1411 "filename": "lib/iam.generated.ts",
1412 "line": 335
1413 },
1414 "name": "CFN_RESOURCE_TYPE_NAME",
1415 "static": true,
1416 "type": {
1417 "primitive": "string"
1418 }
1419 },
1420 {
1421 "docs": {
1422 "custom": {
1423 "cloudformationAttribute": "Arn"
1424 },
1425 "remarks": "For example: `arn:aws:iam::123456789012:group/mystack-mygroup-1DZETITOWEKVO` .",
1426 "stability": "external",
1427 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::Group` resource."
1428 },
1429 "immutable": true,
1430 "locationInModule": {
1431 "filename": "lib/iam.generated.ts",
1432 "line": 360
1433 },
1434 "name": "attrArn",
1435 "type": {
1436 "primitive": "string"
1437 }
1438 },
1439 {
1440 "docs": {
1441 "stability": "external"
1442 },
1443 "immutable": true,
1444 "locationInModule": {
1445 "filename": "lib/iam.generated.ts",
1446 "line": 436
1447 },
1448 "name": "cfnProperties",
1449 "overrides": "@aws-cdk/core.CfnResource",
1450 "protected": true,
1451 "type": {
1452 "collection": {
1453 "elementtype": {
1454 "primitive": "any"
1455 },
1456 "kind": "map"
1457 }
1458 }
1459 },
1460 {
1461 "docs": {
1462 "custom": {
1463 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-groupname"
1464 },
1465 "remarks": "The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both \"ADMINS\" and \"admins\". If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.\n\n> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
1466 "stability": "external",
1467 "summary": "The name of the group to create. Do not include the path in this value."
1468 },
1469 "locationInModule": {
1470 "filename": "lib/iam.generated.ts",
1471 "line": 375
1472 },
1473 "name": "groupName",
1474 "optional": true,
1475 "type": {
1476 "primitive": "string"
1477 }
1478 },
1479 {
1480 "docs": {
1481 "custom": {
1482 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-managepolicyarns"
1483 },
1484 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
1485 "stability": "external",
1486 "summary": "The Amazon Resource Name (ARN) of the IAM policy you want to attach."
1487 },
1488 "locationInModule": {
1489 "filename": "lib/iam.generated.ts",
1490 "line": 384
1491 },
1492 "name": "managedPolicyArns",
1493 "optional": true,
1494 "type": {
1495 "collection": {
1496 "elementtype": {
1497 "primitive": "string"
1498 },
1499 "kind": "array"
1500 }
1501 }
1502 },
1503 {
1504 "docs": {
1505 "custom": {
1506 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-path"
1507 },
1508 "remarks": "This parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
1509 "stability": "external",
1510 "summary": "The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* ."
1511 },
1512 "locationInModule": {
1513 "filename": "lib/iam.generated.ts",
1514 "line": 395
1515 },
1516 "name": "path",
1517 "optional": true,
1518 "type": {
1519 "primitive": "string"
1520 }
1521 },
1522 {
1523 "docs": {
1524 "custom": {
1525 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-policies"
1526 },
1527 "remarks": "To view AWS::IAM::Group snippets, see [Declaring an IAM Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group) .\n\n> The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.\n\nFor information about limits on the number of inline policies that you can embed in a group, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
1528 "stability": "external",
1529 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM group."
1530 },
1531 "locationInModule": {
1532 "filename": "lib/iam.generated.ts",
1533 "line": 406
1534 },
1535 "name": "policies",
1536 "optional": true,
1537 "type": {
1538 "union": {
1539 "types": [
1540 {
1541 "fqn": "@aws-cdk/core.IResolvable"
1542 },
1543 {
1544 "collection": {
1545 "elementtype": {
1546 "union": {
1547 "types": [
1548 {
1549 "fqn": "@aws-cdk/core.IResolvable"
1550 },
1551 {
1552 "fqn": "@aws-cdk/aws-iam.CfnGroup.PolicyProperty"
1553 }
1554 ]
1555 }
1556 },
1557 "kind": "array"
1558 }
1559 }
1560 ]
1561 }
1562 }
1563 }
1564 ],
1565 "symbolId": "lib/iam.generated:CfnGroup"
1566 },
1567 "@aws-cdk/aws-iam.CfnGroup.PolicyProperty": {
1568 "assembly": "@aws-cdk/aws-iam",
1569 "datatype": true,
1570 "docs": {
1571 "custom": {
1572 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html",
1573 "exampleMetadata": "fixture=_generated"
1574 },
1575 "remarks": "An attached policy is a managed policy that has been attached to a user, group, or role.\n\nFor more information about managed policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .",
1576 "stability": "external",
1577 "summary": "Contains information about an attached policy.",
1578 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst policyProperty: iam.CfnGroup.PolicyProperty = {\n policyDocument: policyDocument,\n policyName: 'policyName',\n};"
1579 },
1580 "fqn": "@aws-cdk/aws-iam.CfnGroup.PolicyProperty",
1581 "kind": "interface",
1582 "locationInModule": {
1583 "filename": "lib/iam.generated.ts",
1584 "line": 463
1585 },
1586 "name": "PolicyProperty",
1587 "namespace": "CfnGroup",
1588 "properties": [
1589 {
1590 "abstract": true,
1591 "docs": {
1592 "custom": {
1593 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument"
1594 },
1595 "stability": "external",
1596 "summary": "The policy document."
1597 },
1598 "immutable": true,
1599 "locationInModule": {
1600 "filename": "lib/iam.generated.ts",
1601 "line": 469
1602 },
1603 "name": "policyDocument",
1604 "type": {
1605 "primitive": "any"
1606 }
1607 },
1608 {
1609 "abstract": true,
1610 "docs": {
1611 "custom": {
1612 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname"
1613 },
1614 "stability": "external",
1615 "summary": "The friendly name (not ARN) identifying the policy."
1616 },
1617 "immutable": true,
1618 "locationInModule": {
1619 "filename": "lib/iam.generated.ts",
1620 "line": 475
1621 },
1622 "name": "policyName",
1623 "type": {
1624 "primitive": "string"
1625 }
1626 }
1627 ],
1628 "symbolId": "lib/iam.generated:CfnGroup.PolicyProperty"
1629 },
1630 "@aws-cdk/aws-iam.CfnGroupProps": {
1631 "assembly": "@aws-cdk/aws-iam",
1632 "datatype": true,
1633 "docs": {
1634 "custom": {
1635 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html",
1636 "exampleMetadata": "fixture=_generated"
1637 },
1638 "stability": "external",
1639 "summary": "Properties for defining a `CfnGroup`.",
1640 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnGroupProps: iam.CfnGroupProps = {\n groupName: 'groupName',\n managedPolicyArns: ['managedPolicyArns'],\n path: 'path',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n};"
1641 },
1642 "fqn": "@aws-cdk/aws-iam.CfnGroupProps",
1643 "kind": "interface",
1644 "locationInModule": {
1645 "filename": "lib/iam.generated.ts",
1646 "line": 216
1647 },
1648 "name": "CfnGroupProps",
1649 "properties": [
1650 {
1651 "abstract": true,
1652 "docs": {
1653 "custom": {
1654 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-groupname"
1655 },
1656 "remarks": "The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both \"ADMINS\" and \"admins\". If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.\n\n> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
1657 "stability": "external",
1658 "summary": "The name of the group to create. Do not include the path in this value."
1659 },
1660 "immutable": true,
1661 "locationInModule": {
1662 "filename": "lib/iam.generated.ts",
1663 "line": 231
1664 },
1665 "name": "groupName",
1666 "optional": true,
1667 "type": {
1668 "primitive": "string"
1669 }
1670 },
1671 {
1672 "abstract": true,
1673 "docs": {
1674 "custom": {
1675 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-managepolicyarns"
1676 },
1677 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
1678 "stability": "external",
1679 "summary": "The Amazon Resource Name (ARN) of the IAM policy you want to attach."
1680 },
1681 "immutable": true,
1682 "locationInModule": {
1683 "filename": "lib/iam.generated.ts",
1684 "line": 240
1685 },
1686 "name": "managedPolicyArns",
1687 "optional": true,
1688 "type": {
1689 "collection": {
1690 "elementtype": {
1691 "primitive": "string"
1692 },
1693 "kind": "array"
1694 }
1695 }
1696 },
1697 {
1698 "abstract": true,
1699 "docs": {
1700 "custom": {
1701 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-path"
1702 },
1703 "remarks": "This parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
1704 "stability": "external",
1705 "summary": "The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* ."
1706 },
1707 "immutable": true,
1708 "locationInModule": {
1709 "filename": "lib/iam.generated.ts",
1710 "line": 251
1711 },
1712 "name": "path",
1713 "optional": true,
1714 "type": {
1715 "primitive": "string"
1716 }
1717 },
1718 {
1719 "abstract": true,
1720 "docs": {
1721 "custom": {
1722 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-policies"
1723 },
1724 "remarks": "To view AWS::IAM::Group snippets, see [Declaring an IAM Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group) .\n\n> The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.\n\nFor information about limits on the number of inline policies that you can embed in a group, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
1725 "stability": "external",
1726 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM group."
1727 },
1728 "immutable": true,
1729 "locationInModule": {
1730 "filename": "lib/iam.generated.ts",
1731 "line": 262
1732 },
1733 "name": "policies",
1734 "optional": true,
1735 "type": {
1736 "union": {
1737 "types": [
1738 {
1739 "fqn": "@aws-cdk/core.IResolvable"
1740 },
1741 {
1742 "collection": {
1743 "elementtype": {
1744 "union": {
1745 "types": [
1746 {
1747 "fqn": "@aws-cdk/core.IResolvable"
1748 },
1749 {
1750 "fqn": "@aws-cdk/aws-iam.CfnGroup.PolicyProperty"
1751 }
1752 ]
1753 }
1754 },
1755 "kind": "array"
1756 }
1757 }
1758 ]
1759 }
1760 }
1761 }
1762 ],
1763 "symbolId": "lib/iam.generated:CfnGroupProps"
1764 },
1765 "@aws-cdk/aws-iam.CfnInstanceProfile": {
1766 "assembly": "@aws-cdk/aws-iam",
1767 "base": "@aws-cdk/core.CfnResource",
1768 "docs": {
1769 "custom": {
1770 "cloudformationResource": "AWS::IAM::InstanceProfile",
1771 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html",
1772 "exampleMetadata": "fixture=_generated"
1773 },
1774 "remarks": "Creates a new instance profile. For information about instance profiles, see [Using instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) .\n\nFor information about the number of instance profiles you can create, see [IAM object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .",
1775 "stability": "external",
1776 "summary": "A CloudFormation `AWS::IAM::InstanceProfile`.",
1777 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnInstanceProfile = new iam.CfnInstanceProfile(this, 'MyCfnInstanceProfile', {\n roles: ['roles'],\n\n // the properties below are optional\n instanceProfileName: 'instanceProfileName',\n path: 'path',\n});"
1778 },
1779 "fqn": "@aws-cdk/aws-iam.CfnInstanceProfile",
1780 "initializer": {
1781 "docs": {
1782 "stability": "external",
1783 "summary": "Create a new `AWS::IAM::InstanceProfile`."
1784 },
1785 "locationInModule": {
1786 "filename": "lib/iam.generated.ts",
1787 "line": 703
1788 },
1789 "parameters": [
1790 {
1791 "docs": {
1792 "summary": "- scope in which this resource is defined."
1793 },
1794 "name": "scope",
1795 "type": {
1796 "fqn": "@aws-cdk/core.Construct"
1797 }
1798 },
1799 {
1800 "docs": {
1801 "summary": "- scoped id of the resource."
1802 },
1803 "name": "id",
1804 "type": {
1805 "primitive": "string"
1806 }
1807 },
1808 {
1809 "docs": {
1810 "summary": "- resource properties."
1811 },
1812 "name": "props",
1813 "type": {
1814 "fqn": "@aws-cdk/aws-iam.CfnInstanceProfileProps"
1815 }
1816 }
1817 ]
1818 },
1819 "interfaces": [
1820 "@aws-cdk/core.IInspectable"
1821 ],
1822 "kind": "class",
1823 "locationInModule": {
1824 "filename": "lib/iam.generated.ts",
1825 "line": 634
1826 },
1827 "methods": [
1828 {
1829 "docs": {
1830 "stability": "external",
1831 "summary": "Examines the CloudFormation resource and discloses attributes."
1832 },
1833 "locationInModule": {
1834 "filename": "lib/iam.generated.ts",
1835 "line": 719
1836 },
1837 "name": "inspect",
1838 "overrides": "@aws-cdk/core.IInspectable",
1839 "parameters": [
1840 {
1841 "docs": {
1842 "summary": "- tree inspector to collect and process attributes."
1843 },
1844 "name": "inspector",
1845 "type": {
1846 "fqn": "@aws-cdk/core.TreeInspector"
1847 }
1848 }
1849 ]
1850 },
1851 {
1852 "docs": {
1853 "stability": "external"
1854 },
1855 "locationInModule": {
1856 "filename": "lib/iam.generated.ts",
1857 "line": 732
1858 },
1859 "name": "renderProperties",
1860 "overrides": "@aws-cdk/core.CfnResource",
1861 "parameters": [
1862 {
1863 "name": "props",
1864 "type": {
1865 "collection": {
1866 "elementtype": {
1867 "primitive": "any"
1868 },
1869 "kind": "map"
1870 }
1871 }
1872 }
1873 ],
1874 "protected": true,
1875 "returns": {
1876 "type": {
1877 "collection": {
1878 "elementtype": {
1879 "primitive": "any"
1880 },
1881 "kind": "map"
1882 }
1883 }
1884 }
1885 }
1886 ],
1887 "name": "CfnInstanceProfile",
1888 "properties": [
1889 {
1890 "const": true,
1891 "docs": {
1892 "stability": "external",
1893 "summary": "The CloudFormation resource type name for this resource class."
1894 },
1895 "immutable": true,
1896 "locationInModule": {
1897 "filename": "lib/iam.generated.ts",
1898 "line": 638
1899 },
1900 "name": "CFN_RESOURCE_TYPE_NAME",
1901 "static": true,
1902 "type": {
1903 "primitive": "string"
1904 }
1905 },
1906 {
1907 "docs": {
1908 "custom": {
1909 "cloudformationAttribute": "Arn"
1910 },
1911 "remarks": "`{\"Fn::GetAtt\" : [\"MyProfile\", \"Arn\"] }`\n\nThis returns a value such as `arn:aws:iam::1234567890:instance-profile/MyProfile-ASDNSDLKJ` .",
1912 "stability": "external",
1913 "summary": "Returns the Amazon Resource Name (ARN) for the instance profile. For example:."
1914 },
1915 "immutable": true,
1916 "locationInModule": {
1917 "filename": "lib/iam.generated.ts",
1918 "line": 667
1919 },
1920 "name": "attrArn",
1921 "type": {
1922 "primitive": "string"
1923 }
1924 },
1925 {
1926 "docs": {
1927 "stability": "external"
1928 },
1929 "immutable": true,
1930 "locationInModule": {
1931 "filename": "lib/iam.generated.ts",
1932 "line": 724
1933 },
1934 "name": "cfnProperties",
1935 "overrides": "@aws-cdk/core.CfnResource",
1936 "protected": true,
1937 "type": {
1938 "collection": {
1939 "elementtype": {
1940 "primitive": "any"
1941 },
1942 "kind": "map"
1943 }
1944 }
1945 },
1946 {
1947 "docs": {
1948 "custom": {
1949 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-roles"
1950 },
1951 "remarks": "Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.",
1952 "stability": "external",
1953 "summary": "The name of the role to associate with the instance profile."
1954 },
1955 "locationInModule": {
1956 "filename": "lib/iam.generated.ts",
1957 "line": 674
1958 },
1959 "name": "roles",
1960 "type": {
1961 "collection": {
1962 "elementtype": {
1963 "primitive": "string"
1964 },
1965 "kind": "array"
1966 }
1967 }
1968 },
1969 {
1970 "docs": {
1971 "custom": {
1972 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-instanceprofilename"
1973 },
1974 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
1975 "stability": "external",
1976 "summary": "The name of the instance profile to create."
1977 },
1978 "locationInModule": {
1979 "filename": "lib/iam.generated.ts",
1980 "line": 683
1981 },
1982 "name": "instanceProfileName",
1983 "optional": true,
1984 "type": {
1985 "primitive": "string"
1986 }
1987 },
1988 {
1989 "docs": {
1990 "custom": {
1991 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-path"
1992 },
1993 "remarks": "For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
1994 "stability": "external",
1995 "summary": "The path to the instance profile."
1996 },
1997 "locationInModule": {
1998 "filename": "lib/iam.generated.ts",
1999 "line": 694
2000 },
2001 "name": "path",
2002 "optional": true,
2003 "type": {
2004 "primitive": "string"
2005 }
2006 }
2007 ],
2008 "symbolId": "lib/iam.generated:CfnInstanceProfile"
2009 },
2010 "@aws-cdk/aws-iam.CfnInstanceProfileProps": {
2011 "assembly": "@aws-cdk/aws-iam",
2012 "datatype": true,
2013 "docs": {
2014 "custom": {
2015 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html",
2016 "exampleMetadata": "fixture=_generated"
2017 },
2018 "stability": "external",
2019 "summary": "Properties for defining a `CfnInstanceProfile`.",
2020 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnInstanceProfileProps: iam.CfnInstanceProfileProps = {\n roles: ['roles'],\n\n // the properties below are optional\n instanceProfileName: 'instanceProfileName',\n path: 'path',\n};"
2021 },
2022 "fqn": "@aws-cdk/aws-iam.CfnInstanceProfileProps",
2023 "kind": "interface",
2024 "locationInModule": {
2025 "filename": "lib/iam.generated.ts",
2026 "line": 540
2027 },
2028 "name": "CfnInstanceProfileProps",
2029 "properties": [
2030 {
2031 "abstract": true,
2032 "docs": {
2033 "custom": {
2034 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-roles"
2035 },
2036 "remarks": "Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.",
2037 "stability": "external",
2038 "summary": "The name of the role to associate with the instance profile."
2039 },
2040 "immutable": true,
2041 "locationInModule": {
2042 "filename": "lib/iam.generated.ts",
2043 "line": 547
2044 },
2045 "name": "roles",
2046 "type": {
2047 "collection": {
2048 "elementtype": {
2049 "primitive": "string"
2050 },
2051 "kind": "array"
2052 }
2053 }
2054 },
2055 {
2056 "abstract": true,
2057 "docs": {
2058 "custom": {
2059 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-instanceprofilename"
2060 },
2061 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2062 "stability": "external",
2063 "summary": "The name of the instance profile to create."
2064 },
2065 "immutable": true,
2066 "locationInModule": {
2067 "filename": "lib/iam.generated.ts",
2068 "line": 556
2069 },
2070 "name": "instanceProfileName",
2071 "optional": true,
2072 "type": {
2073 "primitive": "string"
2074 }
2075 },
2076 {
2077 "abstract": true,
2078 "docs": {
2079 "custom": {
2080 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-path"
2081 },
2082 "remarks": "For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
2083 "stability": "external",
2084 "summary": "The path to the instance profile."
2085 },
2086 "immutable": true,
2087 "locationInModule": {
2088 "filename": "lib/iam.generated.ts",
2089 "line": 567
2090 },
2091 "name": "path",
2092 "optional": true,
2093 "type": {
2094 "primitive": "string"
2095 }
2096 }
2097 ],
2098 "symbolId": "lib/iam.generated:CfnInstanceProfileProps"
2099 },
2100 "@aws-cdk/aws-iam.CfnManagedPolicy": {
2101 "assembly": "@aws-cdk/aws-iam",
2102 "base": "@aws-cdk/core.CfnResource",
2103 "docs": {
2104 "custom": {
2105 "cloudformationResource": "AWS::IAM::ManagedPolicy",
2106 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html",
2107 "exampleMetadata": "fixture=_generated"
2108 },
2109 "remarks": "Creates a new managed policy for your AWS account .\n\nThis operation creates a policy version with a version identifier of `v1` and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide* .\n\nAs a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide* .\n\nFor more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .",
2110 "stability": "external",
2111 "summary": "A CloudFormation `AWS::IAM::ManagedPolicy`.",
2112 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnManagedPolicy = new iam.CfnManagedPolicy(this, 'MyCfnManagedPolicy', {\n policyDocument: policyDocument,\n\n // the properties below are optional\n description: 'description',\n groups: ['groups'],\n managedPolicyName: 'managedPolicyName',\n path: 'path',\n roles: ['roles'],\n users: ['users'],\n});"
2113 },
2114 "fqn": "@aws-cdk/aws-iam.CfnManagedPolicy",
2115 "initializer": {
2116 "docs": {
2117 "stability": "external",
2118 "summary": "Create a new `AWS::IAM::ManagedPolicy`."
2119 },
2120 "locationInModule": {
2121 "filename": "lib/iam.generated.ts",
2122 "line": 1034
2123 },
2124 "parameters": [
2125 {
2126 "docs": {
2127 "summary": "- scope in which this resource is defined."
2128 },
2129 "name": "scope",
2130 "type": {
2131 "fqn": "@aws-cdk/core.Construct"
2132 }
2133 },
2134 {
2135 "docs": {
2136 "summary": "- scoped id of the resource."
2137 },
2138 "name": "id",
2139 "type": {
2140 "primitive": "string"
2141 }
2142 },
2143 {
2144 "docs": {
2145 "summary": "- resource properties."
2146 },
2147 "name": "props",
2148 "type": {
2149 "fqn": "@aws-cdk/aws-iam.CfnManagedPolicyProps"
2150 }
2151 }
2152 ]
2153 },
2154 "interfaces": [
2155 "@aws-cdk/core.IInspectable"
2156 ],
2157 "kind": "class",
2158 "locationInModule": {
2159 "filename": "lib/iam.generated.ts",
2160 "line": 915
2161 },
2162 "methods": [
2163 {
2164 "docs": {
2165 "stability": "external",
2166 "summary": "Examines the CloudFormation resource and discloses attributes."
2167 },
2168 "locationInModule": {
2169 "filename": "lib/iam.generated.ts",
2170 "line": 1053
2171 },
2172 "name": "inspect",
2173 "overrides": "@aws-cdk/core.IInspectable",
2174 "parameters": [
2175 {
2176 "docs": {
2177 "summary": "- tree inspector to collect and process attributes."
2178 },
2179 "name": "inspector",
2180 "type": {
2181 "fqn": "@aws-cdk/core.TreeInspector"
2182 }
2183 }
2184 ]
2185 },
2186 {
2187 "docs": {
2188 "stability": "external"
2189 },
2190 "locationInModule": {
2191 "filename": "lib/iam.generated.ts",
2192 "line": 1070
2193 },
2194 "name": "renderProperties",
2195 "overrides": "@aws-cdk/core.CfnResource",
2196 "parameters": [
2197 {
2198 "name": "props",
2199 "type": {
2200 "collection": {
2201 "elementtype": {
2202 "primitive": "any"
2203 },
2204 "kind": "map"
2205 }
2206 }
2207 }
2208 ],
2209 "protected": true,
2210 "returns": {
2211 "type": {
2212 "collection": {
2213 "elementtype": {
2214 "primitive": "any"
2215 },
2216 "kind": "map"
2217 }
2218 }
2219 }
2220 }
2221 ],
2222 "name": "CfnManagedPolicy",
2223 "properties": [
2224 {
2225 "const": true,
2226 "docs": {
2227 "stability": "external",
2228 "summary": "The CloudFormation resource type name for this resource class."
2229 },
2230 "immutable": true,
2231 "locationInModule": {
2232 "filename": "lib/iam.generated.ts",
2233 "line": 919
2234 },
2235 "name": "CFN_RESOURCE_TYPE_NAME",
2236 "static": true,
2237 "type": {
2238 "primitive": "string"
2239 }
2240 },
2241 {
2242 "docs": {
2243 "stability": "external"
2244 },
2245 "immutable": true,
2246 "locationInModule": {
2247 "filename": "lib/iam.generated.ts",
2248 "line": 1058
2249 },
2250 "name": "cfnProperties",
2251 "overrides": "@aws-cdk/core.CfnResource",
2252 "protected": true,
2253 "type": {
2254 "collection": {
2255 "elementtype": {
2256 "primitive": "any"
2257 },
2258 "kind": "map"
2259 }
2260 }
2261 },
2262 {
2263 "docs": {
2264 "custom": {
2265 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-policydocument"
2266 },
2267 "remarks": "You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.\n\nThe maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and AWS STS character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length) .\n\nTo learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide* .\n\nThe [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
2268 "stability": "external",
2269 "summary": "The JSON policy document that you want to use as the content for the new policy."
2270 },
2271 "locationInModule": {
2272 "filename": "lib/iam.generated.ts",
2273 "line": 957
2274 },
2275 "name": "policyDocument",
2276 "type": {
2277 "primitive": "any"
2278 }
2279 },
2280 {
2281 "docs": {
2282 "custom": {
2283 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-description"
2284 },
2285 "remarks": "Typically used to store information about the permissions defined in the policy. For example, \"Grants access to production DynamoDB tables.\"\n\nThe policy description is immutable. After a value is assigned, it cannot be changed.",
2286 "stability": "external",
2287 "summary": "A friendly description of the policy."
2288 },
2289 "locationInModule": {
2290 "filename": "lib/iam.generated.ts",
2291 "line": 968
2292 },
2293 "name": "description",
2294 "optional": true,
2295 "type": {
2296 "primitive": "string"
2297 }
2298 },
2299 {
2300 "docs": {
2301 "custom": {
2302 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-groups"
2303 },
2304 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2305 "stability": "external",
2306 "summary": "The name (friendly name, not ARN) of the group to attach the policy to."
2307 },
2308 "locationInModule": {
2309 "filename": "lib/iam.generated.ts",
2310 "line": 977
2311 },
2312 "name": "groups",
2313 "optional": true,
2314 "type": {
2315 "collection": {
2316 "elementtype": {
2317 "primitive": "string"
2318 },
2319 "kind": "array"
2320 }
2321 }
2322 },
2323 {
2324 "docs": {
2325 "custom": {
2326 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-managedpolicyname"
2327 },
2328 "remarks": "> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
2329 "stability": "external",
2330 "summary": "The friendly name of the policy."
2331 },
2332 "locationInModule": {
2333 "filename": "lib/iam.generated.ts",
2334 "line": 990
2335 },
2336 "name": "managedPolicyName",
2337 "optional": true,
2338 "type": {
2339 "primitive": "string"
2340 }
2341 },
2342 {
2343 "docs": {
2344 "custom": {
2345 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-ec2-dhcpoptions-path"
2346 },
2347 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.\n\n> You cannot use an asterisk (*) in the path name.",
2348 "stability": "external",
2349 "summary": "The path for the policy."
2350 },
2351 "locationInModule": {
2352 "filename": "lib/iam.generated.ts",
2353 "line": 1005
2354 },
2355 "name": "path",
2356 "optional": true,
2357 "type": {
2358 "primitive": "string"
2359 }
2360 },
2361 {
2362 "docs": {
2363 "custom": {
2364 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-roles"
2365 },
2366 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
2367 "stability": "external",
2368 "summary": "The name (friendly name, not ARN) of the role to attach the policy to."
2369 },
2370 "locationInModule": {
2371 "filename": "lib/iam.generated.ts",
2372 "line": 1016
2373 },
2374 "name": "roles",
2375 "optional": true,
2376 "type": {
2377 "collection": {
2378 "elementtype": {
2379 "primitive": "string"
2380 },
2381 "kind": "array"
2382 }
2383 }
2384 },
2385 {
2386 "docs": {
2387 "custom": {
2388 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-users"
2389 },
2390 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2391 "stability": "external",
2392 "summary": "The name (friendly name, not ARN) of the IAM user to attach the policy to."
2393 },
2394 "locationInModule": {
2395 "filename": "lib/iam.generated.ts",
2396 "line": 1025
2397 },
2398 "name": "users",
2399 "optional": true,
2400 "type": {
2401 "collection": {
2402 "elementtype": {
2403 "primitive": "string"
2404 },
2405 "kind": "array"
2406 }
2407 }
2408 }
2409 ],
2410 "symbolId": "lib/iam.generated:CfnManagedPolicy"
2411 },
2412 "@aws-cdk/aws-iam.CfnManagedPolicyProps": {
2413 "assembly": "@aws-cdk/aws-iam",
2414 "datatype": true,
2415 "docs": {
2416 "custom": {
2417 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html",
2418 "exampleMetadata": "fixture=_generated"
2419 },
2420 "stability": "external",
2421 "summary": "Properties for defining a `CfnManagedPolicy`.",
2422 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnManagedPolicyProps: iam.CfnManagedPolicyProps = {\n policyDocument: policyDocument,\n\n // the properties below are optional\n description: 'description',\n groups: ['groups'],\n managedPolicyName: 'managedPolicyName',\n path: 'path',\n roles: ['roles'],\n users: ['users'],\n};"
2423 },
2424 "fqn": "@aws-cdk/aws-iam.CfnManagedPolicyProps",
2425 "kind": "interface",
2426 "locationInModule": {
2427 "filename": "lib/iam.generated.ts",
2428 "line": 745
2429 },
2430 "name": "CfnManagedPolicyProps",
2431 "properties": [
2432 {
2433 "abstract": true,
2434 "docs": {
2435 "custom": {
2436 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-policydocument"
2437 },
2438 "remarks": "You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.\n\nThe maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and AWS STS character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length) .\n\nTo learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide* .\n\nThe [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
2439 "stability": "external",
2440 "summary": "The JSON policy document that you want to use as the content for the new policy."
2441 },
2442 "immutable": true,
2443 "locationInModule": {
2444 "filename": "lib/iam.generated.ts",
2445 "line": 764
2446 },
2447 "name": "policyDocument",
2448 "type": {
2449 "primitive": "any"
2450 }
2451 },
2452 {
2453 "abstract": true,
2454 "docs": {
2455 "custom": {
2456 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-description"
2457 },
2458 "remarks": "Typically used to store information about the permissions defined in the policy. For example, \"Grants access to production DynamoDB tables.\"\n\nThe policy description is immutable. After a value is assigned, it cannot be changed.",
2459 "stability": "external",
2460 "summary": "A friendly description of the policy."
2461 },
2462 "immutable": true,
2463 "locationInModule": {
2464 "filename": "lib/iam.generated.ts",
2465 "line": 775
2466 },
2467 "name": "description",
2468 "optional": true,
2469 "type": {
2470 "primitive": "string"
2471 }
2472 },
2473 {
2474 "abstract": true,
2475 "docs": {
2476 "custom": {
2477 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-groups"
2478 },
2479 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2480 "stability": "external",
2481 "summary": "The name (friendly name, not ARN) of the group to attach the policy to."
2482 },
2483 "immutable": true,
2484 "locationInModule": {
2485 "filename": "lib/iam.generated.ts",
2486 "line": 784
2487 },
2488 "name": "groups",
2489 "optional": true,
2490 "type": {
2491 "collection": {
2492 "elementtype": {
2493 "primitive": "string"
2494 },
2495 "kind": "array"
2496 }
2497 }
2498 },
2499 {
2500 "abstract": true,
2501 "docs": {
2502 "custom": {
2503 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-managedpolicyname"
2504 },
2505 "remarks": "> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
2506 "stability": "external",
2507 "summary": "The friendly name of the policy."
2508 },
2509 "immutable": true,
2510 "locationInModule": {
2511 "filename": "lib/iam.generated.ts",
2512 "line": 797
2513 },
2514 "name": "managedPolicyName",
2515 "optional": true,
2516 "type": {
2517 "primitive": "string"
2518 }
2519 },
2520 {
2521 "abstract": true,
2522 "docs": {
2523 "custom": {
2524 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-ec2-dhcpoptions-path"
2525 },
2526 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.\n\n> You cannot use an asterisk (*) in the path name.",
2527 "stability": "external",
2528 "summary": "The path for the policy."
2529 },
2530 "immutable": true,
2531 "locationInModule": {
2532 "filename": "lib/iam.generated.ts",
2533 "line": 812
2534 },
2535 "name": "path",
2536 "optional": true,
2537 "type": {
2538 "primitive": "string"
2539 }
2540 },
2541 {
2542 "abstract": true,
2543 "docs": {
2544 "custom": {
2545 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-roles"
2546 },
2547 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
2548 "stability": "external",
2549 "summary": "The name (friendly name, not ARN) of the role to attach the policy to."
2550 },
2551 "immutable": true,
2552 "locationInModule": {
2553 "filename": "lib/iam.generated.ts",
2554 "line": 823
2555 },
2556 "name": "roles",
2557 "optional": true,
2558 "type": {
2559 "collection": {
2560 "elementtype": {
2561 "primitive": "string"
2562 },
2563 "kind": "array"
2564 }
2565 }
2566 },
2567 {
2568 "abstract": true,
2569 "docs": {
2570 "custom": {
2571 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-users"
2572 },
2573 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2574 "stability": "external",
2575 "summary": "The name (friendly name, not ARN) of the IAM user to attach the policy to."
2576 },
2577 "immutable": true,
2578 "locationInModule": {
2579 "filename": "lib/iam.generated.ts",
2580 "line": 832
2581 },
2582 "name": "users",
2583 "optional": true,
2584 "type": {
2585 "collection": {
2586 "elementtype": {
2587 "primitive": "string"
2588 },
2589 "kind": "array"
2590 }
2591 }
2592 }
2593 ],
2594 "symbolId": "lib/iam.generated:CfnManagedPolicyProps"
2595 },
2596 "@aws-cdk/aws-iam.CfnOIDCProvider": {
2597 "assembly": "@aws-cdk/aws-iam",
2598 "base": "@aws-cdk/core.CfnResource",
2599 "docs": {
2600 "custom": {
2601 "cloudformationResource": "AWS::IAM::OIDCProvider",
2602 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html",
2603 "exampleMetadata": "fixture=_generated"
2604 },
2605 "remarks": "Creates an IAM entity to describe an identity provider (IdP) that supports [OpenID Connect (OIDC)](https://docs.aws.amazon.com/http://openid.net/connect/) .\n\nThe OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between AWS and the OIDC provider.\n\nWhen you create the IAM OIDC provider, you specify the following:\n\n- The URL of the OIDC identity provider (IdP) to trust\n- A list of client IDs (also known as audiences) that identify the application or applications that are allowed to authenticate using the OIDC provider\n- A list of thumbprints of one or more server certificates that the IdP uses\n\nYou get all of this information from the OIDC IdP that you want to use to access AWS .\n\n> The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is best to limit access to the [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) operation to highly privileged users.",
2606 "stability": "external",
2607 "summary": "A CloudFormation `AWS::IAM::OIDCProvider`.",
2608 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnOIDCProvider = new iam.CfnOIDCProvider(this, 'MyCfnOIDCProvider', {\n thumbprintList: ['thumbprintList'],\n\n // the properties below are optional\n clientIdList: ['clientIdList'],\n tags: [{\n key: 'key',\n value: 'value',\n }],\n url: 'url',\n});"
2609 },
2610 "fqn": "@aws-cdk/aws-iam.CfnOIDCProvider",
2611 "initializer": {
2612 "docs": {
2613 "stability": "external",
2614 "summary": "Create a new `AWS::IAM::OIDCProvider`."
2615 },
2616 "locationInModule": {
2617 "filename": "lib/iam.generated.ts",
2618 "line": 1257
2619 },
2620 "parameters": [
2621 {
2622 "docs": {
2623 "summary": "- scope in which this resource is defined."
2624 },
2625 "name": "scope",
2626 "type": {
2627 "fqn": "@aws-cdk/core.Construct"
2628 }
2629 },
2630 {
2631 "docs": {
2632 "summary": "- scoped id of the resource."
2633 },
2634 "name": "id",
2635 "type": {
2636 "primitive": "string"
2637 }
2638 },
2639 {
2640 "docs": {
2641 "summary": "- resource properties."
2642 },
2643 "name": "props",
2644 "type": {
2645 "fqn": "@aws-cdk/aws-iam.CfnOIDCProviderProps"
2646 }
2647 }
2648 ]
2649 },
2650 "interfaces": [
2651 "@aws-cdk/core.IInspectable"
2652 ],
2653 "kind": "class",
2654 "locationInModule": {
2655 "filename": "lib/iam.generated.ts",
2656 "line": 1191
2657 },
2658 "methods": [
2659 {
2660 "docs": {
2661 "stability": "external",
2662 "summary": "Examines the CloudFormation resource and discloses attributes."
2663 },
2664 "locationInModule": {
2665 "filename": "lib/iam.generated.ts",
2666 "line": 1274
2667 },
2668 "name": "inspect",
2669 "overrides": "@aws-cdk/core.IInspectable",
2670 "parameters": [
2671 {
2672 "docs": {
2673 "summary": "- tree inspector to collect and process attributes."
2674 },
2675 "name": "inspector",
2676 "type": {
2677 "fqn": "@aws-cdk/core.TreeInspector"
2678 }
2679 }
2680 ]
2681 },
2682 {
2683 "docs": {
2684 "stability": "external"
2685 },
2686 "locationInModule": {
2687 "filename": "lib/iam.generated.ts",
2688 "line": 1288
2689 },
2690 "name": "renderProperties",
2691 "overrides": "@aws-cdk/core.CfnResource",
2692 "parameters": [
2693 {
2694 "name": "props",
2695 "type": {
2696 "collection": {
2697 "elementtype": {
2698 "primitive": "any"
2699 },
2700 "kind": "map"
2701 }
2702 }
2703 }
2704 ],
2705 "protected": true,
2706 "returns": {
2707 "type": {
2708 "collection": {
2709 "elementtype": {
2710 "primitive": "any"
2711 },
2712 "kind": "map"
2713 }
2714 }
2715 }
2716 }
2717 ],
2718 "name": "CfnOIDCProvider",
2719 "properties": [
2720 {
2721 "const": true,
2722 "docs": {
2723 "stability": "external",
2724 "summary": "The CloudFormation resource type name for this resource class."
2725 },
2726 "immutable": true,
2727 "locationInModule": {
2728 "filename": "lib/iam.generated.ts",
2729 "line": 1195
2730 },
2731 "name": "CFN_RESOURCE_TYPE_NAME",
2732 "static": true,
2733 "type": {
2734 "primitive": "string"
2735 }
2736 },
2737 {
2738 "docs": {
2739 "custom": {
2740 "cloudformationAttribute": "Arn"
2741 },
2742 "stability": "external",
2743 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::OIDCProvider` resource."
2744 },
2745 "immutable": true,
2746 "locationInModule": {
2747 "filename": "lib/iam.generated.ts",
2748 "line": 1220
2749 },
2750 "name": "attrArn",
2751 "type": {
2752 "primitive": "string"
2753 }
2754 },
2755 {
2756 "docs": {
2757 "stability": "external"
2758 },
2759 "immutable": true,
2760 "locationInModule": {
2761 "filename": "lib/iam.generated.ts",
2762 "line": 1279
2763 },
2764 "name": "cfnProperties",
2765 "overrides": "@aws-cdk/core.CfnResource",
2766 "protected": true,
2767 "type": {
2768 "collection": {
2769 "elementtype": {
2770 "primitive": "any"
2771 },
2772 "kind": "map"
2773 }
2774 }
2775 },
2776 {
2777 "docs": {
2778 "custom": {
2779 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-tags"
2780 },
2781 "remarks": "The returned list of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
2782 "stability": "external",
2783 "summary": "A list of tags that are attached to the specified IAM OIDC provider."
2784 },
2785 "immutable": true,
2786 "locationInModule": {
2787 "filename": "lib/iam.generated.ts",
2788 "line": 1241
2789 },
2790 "name": "tags",
2791 "type": {
2792 "fqn": "@aws-cdk/core.TagManager"
2793 }
2794 },
2795 {
2796 "docs": {
2797 "custom": {
2798 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-thumbprintlist"
2799 },
2800 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2801 "stability": "external",
2802 "summary": "A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object."
2803 },
2804 "locationInModule": {
2805 "filename": "lib/iam.generated.ts",
2806 "line": 1227
2807 },
2808 "name": "thumbprintList",
2809 "type": {
2810 "collection": {
2811 "elementtype": {
2812 "primitive": "string"
2813 },
2814 "kind": "array"
2815 }
2816 }
2817 },
2818 {
2819 "docs": {
2820 "custom": {
2821 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-clientidlist"
2822 },
2823 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2824 "stability": "external",
2825 "summary": "A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object."
2826 },
2827 "locationInModule": {
2828 "filename": "lib/iam.generated.ts",
2829 "line": 1234
2830 },
2831 "name": "clientIdList",
2832 "optional": true,
2833 "type": {
2834 "collection": {
2835 "elementtype": {
2836 "primitive": "string"
2837 },
2838 "kind": "array"
2839 }
2840 }
2841 },
2842 {
2843 "docs": {
2844 "custom": {
2845 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-url"
2846 },
2847 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2848 "stability": "external",
2849 "summary": "The URL that the IAM OIDC provider resource object is associated with."
2850 },
2851 "locationInModule": {
2852 "filename": "lib/iam.generated.ts",
2853 "line": 1248
2854 },
2855 "name": "url",
2856 "optional": true,
2857 "type": {
2858 "primitive": "string"
2859 }
2860 }
2861 ],
2862 "symbolId": "lib/iam.generated:CfnOIDCProvider"
2863 },
2864 "@aws-cdk/aws-iam.CfnOIDCProviderProps": {
2865 "assembly": "@aws-cdk/aws-iam",
2866 "datatype": true,
2867 "docs": {
2868 "custom": {
2869 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html",
2870 "exampleMetadata": "fixture=_generated"
2871 },
2872 "stability": "external",
2873 "summary": "Properties for defining a `CfnOIDCProvider`.",
2874 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnOIDCProviderProps: iam.CfnOIDCProviderProps = {\n thumbprintList: ['thumbprintList'],\n\n // the properties below are optional\n clientIdList: ['clientIdList'],\n tags: [{\n key: 'key',\n value: 'value',\n }],\n url: 'url',\n};"
2875 },
2876 "fqn": "@aws-cdk/aws-iam.CfnOIDCProviderProps",
2877 "kind": "interface",
2878 "locationInModule": {
2879 "filename": "lib/iam.generated.ts",
2880 "line": 1083
2881 },
2882 "name": "CfnOIDCProviderProps",
2883 "properties": [
2884 {
2885 "abstract": true,
2886 "docs": {
2887 "custom": {
2888 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-thumbprintlist"
2889 },
2890 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2891 "stability": "external",
2892 "summary": "A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object."
2893 },
2894 "immutable": true,
2895 "locationInModule": {
2896 "filename": "lib/iam.generated.ts",
2897 "line": 1090
2898 },
2899 "name": "thumbprintList",
2900 "type": {
2901 "collection": {
2902 "elementtype": {
2903 "primitive": "string"
2904 },
2905 "kind": "array"
2906 }
2907 }
2908 },
2909 {
2910 "abstract": true,
2911 "docs": {
2912 "custom": {
2913 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-clientidlist"
2914 },
2915 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2916 "stability": "external",
2917 "summary": "A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object."
2918 },
2919 "immutable": true,
2920 "locationInModule": {
2921 "filename": "lib/iam.generated.ts",
2922 "line": 1097
2923 },
2924 "name": "clientIdList",
2925 "optional": true,
2926 "type": {
2927 "collection": {
2928 "elementtype": {
2929 "primitive": "string"
2930 },
2931 "kind": "array"
2932 }
2933 }
2934 },
2935 {
2936 "abstract": true,
2937 "docs": {
2938 "custom": {
2939 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-tags"
2940 },
2941 "remarks": "The returned list of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
2942 "stability": "external",
2943 "summary": "A list of tags that are attached to the specified IAM OIDC provider."
2944 },
2945 "immutable": true,
2946 "locationInModule": {
2947 "filename": "lib/iam.generated.ts",
2948 "line": 1104
2949 },
2950 "name": "tags",
2951 "optional": true,
2952 "type": {
2953 "collection": {
2954 "elementtype": {
2955 "fqn": "@aws-cdk/core.CfnTag"
2956 },
2957 "kind": "array"
2958 }
2959 }
2960 },
2961 {
2962 "abstract": true,
2963 "docs": {
2964 "custom": {
2965 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-url"
2966 },
2967 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2968 "stability": "external",
2969 "summary": "The URL that the IAM OIDC provider resource object is associated with."
2970 },
2971 "immutable": true,
2972 "locationInModule": {
2973 "filename": "lib/iam.generated.ts",
2974 "line": 1111
2975 },
2976 "name": "url",
2977 "optional": true,
2978 "type": {
2979 "primitive": "string"
2980 }
2981 }
2982 ],
2983 "symbolId": "lib/iam.generated:CfnOIDCProviderProps"
2984 },
2985 "@aws-cdk/aws-iam.CfnPolicy": {
2986 "assembly": "@aws-cdk/aws-iam",
2987 "base": "@aws-cdk/core.CfnResource",
2988 "docs": {
2989 "custom": {
2990 "cloudformationResource": "AWS::IAM::Policy",
2991 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html",
2992 "exampleMetadata": "fixture=_generated"
2993 },
2994 "remarks": "Adds or updates an inline policy document that is embedded in the specified IAM user, group, or role.\n\nAn IAM user can also have a managed policy attached to it. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .\n\nThe Groups, Roles, and Users properties are optional. However, you must specify at least one of these properties.\n\nFor information about limits on the number of inline policies that you can embed in an identity, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
2995 "stability": "external",
2996 "summary": "A CloudFormation `AWS::IAM::Policy`.",
2997 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnPolicy = new iam.CfnPolicy(this, 'MyCfnPolicy', {\n policyDocument: policyDocument,\n policyName: 'policyName',\n\n // the properties below are optional\n groups: ['groups'],\n roles: ['roles'],\n users: ['users'],\n});"
2998 },
2999 "fqn": "@aws-cdk/aws-iam.CfnPolicy",
3000 "initializer": {
3001 "docs": {
3002 "stability": "external",
3003 "summary": "Create a new `AWS::IAM::Policy`."
3004 },
3005 "locationInModule": {
3006 "filename": "lib/iam.generated.ts",
3007 "line": 1517
3008 },
3009 "parameters": [
3010 {
3011 "docs": {
3012 "summary": "- scope in which this resource is defined."
3013 },
3014 "name": "scope",
3015 "type": {
3016 "fqn": "@aws-cdk/core.Construct"
3017 }
3018 },
3019 {
3020 "docs": {
3021 "summary": "- scoped id of the resource."
3022 },
3023 "name": "id",
3024 "type": {
3025 "primitive": "string"
3026 }
3027 },
3028 {
3029 "docs": {
3030 "summary": "- resource properties."
3031 },
3032 "name": "props",
3033 "type": {
3034 "fqn": "@aws-cdk/aws-iam.CfnPolicyProps"
3035 }
3036 }
3037 ]
3038 },
3039 "interfaces": [
3040 "@aws-cdk/core.IInspectable"
3041 ],
3042 "kind": "class",
3043 "locationInModule": {
3044 "filename": "lib/iam.generated.ts",
3045 "line": 1432
3046 },
3047 "methods": [
3048 {
3049 "docs": {
3050 "stability": "external",
3051 "summary": "Examines the CloudFormation resource and discloses attributes."
3052 },
3053 "locationInModule": {
3054 "filename": "lib/iam.generated.ts",
3055 "line": 1535
3056 },
3057 "name": "inspect",
3058 "overrides": "@aws-cdk/core.IInspectable",
3059 "parameters": [
3060 {
3061 "docs": {
3062 "summary": "- tree inspector to collect and process attributes."
3063 },
3064 "name": "inspector",
3065 "type": {
3066 "fqn": "@aws-cdk/core.TreeInspector"
3067 }
3068 }
3069 ]
3070 },
3071 {
3072 "docs": {
3073 "stability": "external"
3074 },
3075 "locationInModule": {
3076 "filename": "lib/iam.generated.ts",
3077 "line": 1550
3078 },
3079 "name": "renderProperties",
3080 "overrides": "@aws-cdk/core.CfnResource",
3081 "parameters": [
3082 {
3083 "name": "props",
3084 "type": {
3085 "collection": {
3086 "elementtype": {
3087 "primitive": "any"
3088 },
3089 "kind": "map"
3090 }
3091 }
3092 }
3093 ],
3094 "protected": true,
3095 "returns": {
3096 "type": {
3097 "collection": {
3098 "elementtype": {
3099 "primitive": "any"
3100 },
3101 "kind": "map"
3102 }
3103 }
3104 }
3105 }
3106 ],
3107 "name": "CfnPolicy",
3108 "properties": [
3109 {
3110 "const": true,
3111 "docs": {
3112 "stability": "external",
3113 "summary": "The CloudFormation resource type name for this resource class."
3114 },
3115 "immutable": true,
3116 "locationInModule": {
3117 "filename": "lib/iam.generated.ts",
3118 "line": 1436
3119 },
3120 "name": "CFN_RESOURCE_TYPE_NAME",
3121 "static": true,
3122 "type": {
3123 "primitive": "string"
3124 }
3125 },
3126 {
3127 "docs": {
3128 "stability": "external"
3129 },
3130 "immutable": true,
3131 "locationInModule": {
3132 "filename": "lib/iam.generated.ts",
3133 "line": 1540
3134 },
3135 "name": "cfnProperties",
3136 "overrides": "@aws-cdk/core.CfnResource",
3137 "protected": true,
3138 "type": {
3139 "collection": {
3140 "elementtype": {
3141 "primitive": "any"
3142 },
3143 "kind": "map"
3144 }
3145 }
3146 },
3147 {
3148 "docs": {
3149 "custom": {
3150 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument"
3151 },
3152 "remarks": "You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.\n\nThe [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
3153 "stability": "external",
3154 "summary": "The policy document."
3155 },
3156 "locationInModule": {
3157 "filename": "lib/iam.generated.ts",
3158 "line": 1470
3159 },
3160 "name": "policyDocument",
3161 "type": {
3162 "primitive": "any"
3163 }
3164 },
3165 {
3166 "docs": {
3167 "custom": {
3168 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policyname"
3169 },
3170 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
3171 "stability": "external",
3172 "summary": "The name of the policy document."
3173 },
3174 "locationInModule": {
3175 "filename": "lib/iam.generated.ts",
3176 "line": 1479
3177 },
3178 "name": "policyName",
3179 "type": {
3180 "primitive": "string"
3181 }
3182 },
3183 {
3184 "docs": {
3185 "custom": {
3186 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-groups"
3187 },
3188 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.",
3189 "stability": "external",
3190 "summary": "The name of the group to associate the policy with."
3191 },
3192 "locationInModule": {
3193 "filename": "lib/iam.generated.ts",
3194 "line": 1488
3195 },
3196 "name": "groups",
3197 "optional": true,
3198 "type": {
3199 "collection": {
3200 "elementtype": {
3201 "primitive": "string"
3202 },
3203 "kind": "array"
3204 }
3205 }
3206 },
3207 {
3208 "docs": {
3209 "custom": {
3210 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-roles"
3211 },
3212 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
3213 "stability": "external",
3214 "summary": "The name of the role to associate the policy with."
3215 },
3216 "locationInModule": {
3217 "filename": "lib/iam.generated.ts",
3218 "line": 1499
3219 },
3220 "name": "roles",
3221 "optional": true,
3222 "type": {
3223 "collection": {
3224 "elementtype": {
3225 "primitive": "string"
3226 },
3227 "kind": "array"
3228 }
3229 }
3230 },
3231 {
3232 "docs": {
3233 "custom": {
3234 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-users"
3235 },
3236 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
3237 "stability": "external",
3238 "summary": "The name of the user to associate the policy with."
3239 },
3240 "locationInModule": {
3241 "filename": "lib/iam.generated.ts",
3242 "line": 1508
3243 },
3244 "name": "users",
3245 "optional": true,
3246 "type": {
3247 "collection": {
3248 "elementtype": {
3249 "primitive": "string"
3250 },
3251 "kind": "array"
3252 }
3253 }
3254 }
3255 ],
3256 "symbolId": "lib/iam.generated:CfnPolicy"
3257 },
3258 "@aws-cdk/aws-iam.CfnPolicyProps": {
3259 "assembly": "@aws-cdk/aws-iam",
3260 "datatype": true,
3261 "docs": {
3262 "custom": {
3263 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html",
3264 "exampleMetadata": "fixture=_generated"
3265 },
3266 "stability": "external",
3267 "summary": "Properties for defining a `CfnPolicy`.",
3268 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnPolicyProps: iam.CfnPolicyProps = {\n policyDocument: policyDocument,\n policyName: 'policyName',\n\n // the properties below are optional\n groups: ['groups'],\n roles: ['roles'],\n users: ['users'],\n};"
3269 },
3270 "fqn": "@aws-cdk/aws-iam.CfnPolicyProps",
3271 "kind": "interface",
3272 "locationInModule": {
3273 "filename": "lib/iam.generated.ts",
3274 "line": 1301
3275 },
3276 "name": "CfnPolicyProps",
3277 "properties": [
3278 {
3279 "abstract": true,
3280 "docs": {
3281 "custom": {
3282 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument"
3283 },
3284 "remarks": "You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.\n\nThe [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
3285 "stability": "external",
3286 "summary": "The policy document."
3287 },
3288 "immutable": true,
3289 "locationInModule": {
3290 "filename": "lib/iam.generated.ts",
3291 "line": 1316
3292 },
3293 "name": "policyDocument",
3294 "type": {
3295 "primitive": "any"
3296 }
3297 },
3298 {
3299 "abstract": true,
3300 "docs": {
3301 "custom": {
3302 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policyname"
3303 },
3304 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
3305 "stability": "external",
3306 "summary": "The name of the policy document."
3307 },
3308 "immutable": true,
3309 "locationInModule": {
3310 "filename": "lib/iam.generated.ts",
3311 "line": 1325
3312 },
3313 "name": "policyName",
3314 "type": {
3315 "primitive": "string"
3316 }
3317 },
3318 {
3319 "abstract": true,
3320 "docs": {
3321 "custom": {
3322 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-groups"
3323 },
3324 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.",
3325 "stability": "external",
3326 "summary": "The name of the group to associate the policy with."
3327 },
3328 "immutable": true,
3329 "locationInModule": {
3330 "filename": "lib/iam.generated.ts",
3331 "line": 1334
3332 },
3333 "name": "groups",
3334 "optional": true,
3335 "type": {
3336 "collection": {
3337 "elementtype": {
3338 "primitive": "string"
3339 },
3340 "kind": "array"
3341 }
3342 }
3343 },
3344 {
3345 "abstract": true,
3346 "docs": {
3347 "custom": {
3348 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-roles"
3349 },
3350 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
3351 "stability": "external",
3352 "summary": "The name of the role to associate the policy with."
3353 },
3354 "immutable": true,
3355 "locationInModule": {
3356 "filename": "lib/iam.generated.ts",
3357 "line": 1345
3358 },
3359 "name": "roles",
3360 "optional": true,
3361 "type": {
3362 "collection": {
3363 "elementtype": {
3364 "primitive": "string"
3365 },
3366 "kind": "array"
3367 }
3368 }
3369 },
3370 {
3371 "abstract": true,
3372 "docs": {
3373 "custom": {
3374 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-users"
3375 },
3376 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
3377 "stability": "external",
3378 "summary": "The name of the user to associate the policy with."
3379 },
3380 "immutable": true,
3381 "locationInModule": {
3382 "filename": "lib/iam.generated.ts",
3383 "line": 1354
3384 },
3385 "name": "users",
3386 "optional": true,
3387 "type": {
3388 "collection": {
3389 "elementtype": {
3390 "primitive": "string"
3391 },
3392 "kind": "array"
3393 }
3394 }
3395 }
3396 ],
3397 "symbolId": "lib/iam.generated:CfnPolicyProps"
3398 },
3399 "@aws-cdk/aws-iam.CfnRole": {
3400 "assembly": "@aws-cdk/aws-iam",
3401 "base": "@aws-cdk/core.CfnResource",
3402 "docs": {
3403 "custom": {
3404 "cloudformationResource": "AWS::IAM::Role",
3405 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html",
3406 "exampleMetadata": "fixture=_generated"
3407 },
3408 "remarks": "Creates a new role for your AWS account . For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html) . For information about quotas for role names and the number of roles you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .",
3409 "stability": "external",
3410 "summary": "A CloudFormation `AWS::IAM::Role`.",
3411 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const assumeRolePolicyDocument: any;\ndeclare const policyDocument: any;\nconst cfnRole = new iam.CfnRole(this, 'MyCfnRole', {\n assumeRolePolicyDocument: assumeRolePolicyDocument,\n\n // the properties below are optional\n description: 'description',\n managedPolicyArns: ['managedPolicyArns'],\n maxSessionDuration: 123,\n path: 'path',\n permissionsBoundary: 'permissionsBoundary',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n roleName: 'roleName',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n});"
3412 },
3413 "fqn": "@aws-cdk/aws-iam.CfnRole",
3414 "initializer": {
3415 "docs": {
3416 "stability": "external",
3417 "summary": "Create a new `AWS::IAM::Role`."
3418 },
3419 "locationInModule": {
3420 "filename": "lib/iam.generated.ts",
3421 "line": 1874
3422 },
3423 "parameters": [
3424 {
3425 "docs": {
3426 "summary": "- scope in which this resource is defined."
3427 },
3428 "name": "scope",
3429 "type": {
3430 "fqn": "@aws-cdk/core.Construct"
3431 }
3432 },
3433 {
3434 "docs": {
3435 "summary": "- scoped id of the resource."
3436 },
3437 "name": "id",
3438 "type": {
3439 "primitive": "string"
3440 }
3441 },
3442 {
3443 "docs": {
3444 "summary": "- resource properties."
3445 },
3446 "name": "props",
3447 "type": {
3448 "fqn": "@aws-cdk/aws-iam.CfnRoleProps"
3449 }
3450 }
3451 ]
3452 },
3453 "interfaces": [
3454 "@aws-cdk/core.IInspectable"
3455 ],
3456 "kind": "class",
3457 "locationInModule": {
3458 "filename": "lib/iam.generated.ts",
3459 "line": 1735
3460 },
3461 "methods": [
3462 {
3463 "docs": {
3464 "stability": "external",
3465 "summary": "Examines the CloudFormation resource and discloses attributes."
3466 },
3467 "locationInModule": {
3468 "filename": "lib/iam.generated.ts",
3469 "line": 1897
3470 },
3471 "name": "inspect",
3472 "overrides": "@aws-cdk/core.IInspectable",
3473 "parameters": [
3474 {
3475 "docs": {
3476 "summary": "- tree inspector to collect and process attributes."
3477 },
3478 "name": "inspector",
3479 "type": {
3480 "fqn": "@aws-cdk/core.TreeInspector"
3481 }
3482 }
3483 ]
3484 },
3485 {
3486 "docs": {
3487 "stability": "external"
3488 },
3489 "locationInModule": {
3490 "filename": "lib/iam.generated.ts",
3491 "line": 1916
3492 },
3493 "name": "renderProperties",
3494 "overrides": "@aws-cdk/core.CfnResource",
3495 "parameters": [
3496 {
3497 "name": "props",
3498 "type": {
3499 "collection": {
3500 "elementtype": {
3501 "primitive": "any"
3502 },
3503 "kind": "map"
3504 }
3505 }
3506 }
3507 ],
3508 "protected": true,
3509 "returns": {
3510 "type": {
3511 "collection": {
3512 "elementtype": {
3513 "primitive": "any"
3514 },
3515 "kind": "map"
3516 }
3517 }
3518 }
3519 }
3520 ],
3521 "name": "CfnRole",
3522 "properties": [
3523 {
3524 "const": true,
3525 "docs": {
3526 "stability": "external",
3527 "summary": "The CloudFormation resource type name for this resource class."
3528 },
3529 "immutable": true,
3530 "locationInModule": {
3531 "filename": "lib/iam.generated.ts",
3532 "line": 1739
3533 },
3534 "name": "CFN_RESOURCE_TYPE_NAME",
3535 "static": true,
3536 "type": {
3537 "primitive": "string"
3538 }
3539 },
3540 {
3541 "docs": {
3542 "custom": {
3543 "cloudformationAttribute": "Arn"
3544 },
3545 "remarks": "`{\"Fn::GetAtt\" : [\"MyRole\", \"Arn\"] }`\n\nThis will return a value such as `arn:aws:iam::1234567890:role/MyRole-AJJHDSKSDF` .",
3546 "stability": "external",
3547 "summary": "Returns the Amazon Resource Name (ARN) for the role. For example:."
3548 },
3549 "immutable": true,
3550 "locationInModule": {
3551 "filename": "lib/iam.generated.ts",
3552 "line": 1768
3553 },
3554 "name": "attrArn",
3555 "type": {
3556 "primitive": "string"
3557 }
3558 },
3559 {
3560 "docs": {
3561 "custom": {
3562 "cloudformationAttribute": "RoleId"
3563 },
3564 "remarks": "For more information about IDs, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in the *IAM User Guide* .",
3565 "stability": "external",
3566 "summary": "Returns the stable and unique string identifying the role. For example, `AIDAJQABLZS4A3QDU576Q` ."
3567 },
3568 "immutable": true,
3569 "locationInModule": {
3570 "filename": "lib/iam.generated.ts",
3571 "line": 1776
3572 },
3573 "name": "attrRoleId",
3574 "type": {
3575 "primitive": "string"
3576 }
3577 },
3578 {
3579 "docs": {
3580 "stability": "external"
3581 },
3582 "immutable": true,
3583 "locationInModule": {
3584 "filename": "lib/iam.generated.ts",
3585 "line": 1902
3586 },
3587 "name": "cfnProperties",
3588 "overrides": "@aws-cdk/core.CfnResource",
3589 "protected": true,
3590 "type": {
3591 "collection": {
3592 "elementtype": {
3593 "primitive": "any"
3594 },
3595 "kind": "map"
3596 }
3597 }
3598 },
3599 {
3600 "docs": {
3601 "custom": {
3602 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-tags"
3603 },
3604 "remarks": "For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
3605 "stability": "external",
3606 "summary": "A list of tags that are attached to the role."
3607 },
3608 "immutable": true,
3609 "locationInModule": {
3610 "filename": "lib/iam.generated.ts",
3611 "line": 1865
3612 },
3613 "name": "tags",
3614 "type": {
3615 "fqn": "@aws-cdk/core.TagManager"
3616 }
3617 },
3618 {
3619 "docs": {
3620 "custom": {
3621 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-assumerolepolicydocument"
3622 },
3623 "remarks": "Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples) . For more information about the elements that you can use in an IAM policy, see [IAM Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *IAM User Guide* .",
3624 "stability": "external",
3625 "summary": "The trust policy that is associated with this role."
3626 },
3627 "locationInModule": {
3628 "filename": "lib/iam.generated.ts",
3629 "line": 1783
3630 },
3631 "name": "assumeRolePolicyDocument",
3632 "type": {
3633 "primitive": "any"
3634 }
3635 },
3636 {
3637 "docs": {
3638 "custom": {
3639 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-description"
3640 },
3641 "stability": "external",
3642 "summary": "A description of the role that you provide."
3643 },
3644 "locationInModule": {
3645 "filename": "lib/iam.generated.ts",
3646 "line": 1790
3647 },
3648 "name": "description",
3649 "optional": true,
3650 "type": {
3651 "primitive": "string"
3652 }
3653 },
3654 {
3655 "docs": {
3656 "custom": {
3657 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-managepolicyarns"
3658 },
3659 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
3660 "stability": "external",
3661 "summary": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role."
3662 },
3663 "locationInModule": {
3664 "filename": "lib/iam.generated.ts",
3665 "line": 1799
3666 },
3667 "name": "managedPolicyArns",
3668 "optional": true,
3669 "type": {
3670 "collection": {
3671 "elementtype": {
3672 "primitive": "string"
3673 },
3674 "kind": "array"
3675 }
3676 }
3677 },
3678 {
3679 "docs": {
3680 "custom": {
3681 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-maxsessionduration"
3682 },
3683 "remarks": "If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.\n\nAnyone who assumes the role from the or API can use the `DurationSeconds` API parameter or the `duration-seconds` CLI parameter to request a longer session. The `MaxSessionDuration` setting determines the maximum duration that can be requested using the `DurationSeconds` parameter. If users don't specify a value for the `DurationSeconds` parameter, their security credentials are valid for one hour by default. This applies when you use the `AssumeRole*` API operations or the `assume-role*` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide* .",
3684 "stability": "external",
3685 "summary": "The maximum session duration (in seconds) that you want to set for the specified role."
3686 },
3687 "locationInModule": {
3688 "filename": "lib/iam.generated.ts",
3689 "line": 1808
3690 },
3691 "name": "maxSessionDuration",
3692 "optional": true,
3693 "type": {
3694 "primitive": "number"
3695 }
3696 },
3697 {
3698 "docs": {
3699 "custom": {
3700 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path"
3701 },
3702 "remarks": "This parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
3703 "stability": "external",
3704 "summary": "The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* ."
3705 },
3706 "locationInModule": {
3707 "filename": "lib/iam.generated.ts",
3708 "line": 1819
3709 },
3710 "name": "path",
3711 "optional": true,
3712 "type": {
3713 "primitive": "string"
3714 }
3715 },
3716 {
3717 "docs": {
3718 "custom": {
3719 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary"
3720 },
3721 "remarks": "For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .",
3722 "stability": "external",
3723 "summary": "The ARN of the policy used to set the permissions boundary for the role."
3724 },
3725 "locationInModule": {
3726 "filename": "lib/iam.generated.ts",
3727 "line": 1828
3728 },
3729 "name": "permissionsBoundary",
3730 "optional": true,
3731 "type": {
3732 "primitive": "string"
3733 }
3734 },
3735 {
3736 "docs": {
3737 "custom": {
3738 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-policies"
3739 },
3740 "remarks": "When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) .\n\nA role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .\n\nFor information about limits on the number of inline policies that you can embed with a role, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
3741 "stability": "external",
3742 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM role."
3743 },
3744 "locationInModule": {
3745 "filename": "lib/iam.generated.ts",
3746 "line": 1843
3747 },
3748 "name": "policies",
3749 "optional": true,
3750 "type": {
3751 "union": {
3752 "types": [
3753 {
3754 "fqn": "@aws-cdk/core.IResolvable"
3755 },
3756 {
3757 "collection": {
3758 "elementtype": {
3759 "union": {
3760 "types": [
3761 {
3762 "fqn": "@aws-cdk/core.IResolvable"
3763 },
3764 {
3765 "fqn": "@aws-cdk/aws-iam.CfnRole.PolicyProperty"
3766 }
3767 ]
3768 }
3769 },
3770 "kind": "array"
3771 }
3772 }
3773 ]
3774 }
3775 }
3776 },
3777 {
3778 "docs": {
3779 "custom": {
3780 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-rolename"
3781 },
3782 "remarks": "For valid values, see the `RoleName` parameter for the [`CreateRole`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *IAM User Guide* .\n\nThis parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both \"Role1\" and \"role1\".\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
3783 "stability": "external",
3784 "summary": "A name for the IAM role, up to 64 characters in length."
3785 },
3786 "locationInModule": {
3787 "filename": "lib/iam.generated.ts",
3788 "line": 1858
3789 },
3790 "name": "roleName",
3791 "optional": true,
3792 "type": {
3793 "primitive": "string"
3794 }
3795 }
3796 ],
3797 "symbolId": "lib/iam.generated:CfnRole"
3798 },
3799 "@aws-cdk/aws-iam.CfnRole.PolicyProperty": {
3800 "assembly": "@aws-cdk/aws-iam",
3801 "datatype": true,
3802 "docs": {
3803 "custom": {
3804 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html",
3805 "exampleMetadata": "fixture=_generated"
3806 },
3807 "remarks": "An attached policy is a managed policy that has been attached to a user, group, or role.\n\nFor more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .",
3808 "stability": "external",
3809 "summary": "Contains information about an attached policy.",
3810 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst policyProperty: iam.CfnRole.PolicyProperty = {\n policyDocument: policyDocument,\n policyName: 'policyName',\n};"
3811 },
3812 "fqn": "@aws-cdk/aws-iam.CfnRole.PolicyProperty",
3813 "kind": "interface",
3814 "locationInModule": {
3815 "filename": "lib/iam.generated.ts",
3816 "line": 1934
3817 },
3818 "name": "PolicyProperty",
3819 "namespace": "CfnRole",
3820 "properties": [
3821 {
3822 "abstract": true,
3823 "docs": {
3824 "custom": {
3825 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument"
3826 },
3827 "stability": "external",
3828 "summary": "The policy document."
3829 },
3830 "immutable": true,
3831 "locationInModule": {
3832 "filename": "lib/iam.generated.ts",
3833 "line": 1940
3834 },
3835 "name": "policyDocument",
3836 "type": {
3837 "primitive": "any"
3838 }
3839 },
3840 {
3841 "abstract": true,
3842 "docs": {
3843 "custom": {
3844 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname"
3845 },
3846 "stability": "external",
3847 "summary": "The friendly name (not ARN) identifying the policy."
3848 },
3849 "immutable": true,
3850 "locationInModule": {
3851 "filename": "lib/iam.generated.ts",
3852 "line": 1946
3853 },
3854 "name": "policyName",
3855 "type": {
3856 "primitive": "string"
3857 }
3858 }
3859 ],
3860 "symbolId": "lib/iam.generated:CfnRole.PolicyProperty"
3861 },
3862 "@aws-cdk/aws-iam.CfnRoleProps": {
3863 "assembly": "@aws-cdk/aws-iam",
3864 "datatype": true,
3865 "docs": {
3866 "custom": {
3867 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html",
3868 "exampleMetadata": "fixture=_generated"
3869 },
3870 "stability": "external",
3871 "summary": "Properties for defining a `CfnRole`.",
3872 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const assumeRolePolicyDocument: any;\ndeclare const policyDocument: any;\nconst cfnRoleProps: iam.CfnRoleProps = {\n assumeRolePolicyDocument: assumeRolePolicyDocument,\n\n // the properties below are optional\n description: 'description',\n managedPolicyArns: ['managedPolicyArns'],\n maxSessionDuration: 123,\n path: 'path',\n permissionsBoundary: 'permissionsBoundary',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n roleName: 'roleName',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n};"
3873 },
3874 "fqn": "@aws-cdk/aws-iam.CfnRoleProps",
3875 "kind": "interface",
3876 "locationInModule": {
3877 "filename": "lib/iam.generated.ts",
3878 "line": 1563
3879 },
3880 "name": "CfnRoleProps",
3881 "properties": [
3882 {
3883 "abstract": true,
3884 "docs": {
3885 "custom": {
3886 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-assumerolepolicydocument"
3887 },
3888 "remarks": "Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples) . For more information about the elements that you can use in an IAM policy, see [IAM Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *IAM User Guide* .",
3889 "stability": "external",
3890 "summary": "The trust policy that is associated with this role."
3891 },
3892 "immutable": true,
3893 "locationInModule": {
3894 "filename": "lib/iam.generated.ts",
3895 "line": 1570
3896 },
3897 "name": "assumeRolePolicyDocument",
3898 "type": {
3899 "primitive": "any"
3900 }
3901 },
3902 {
3903 "abstract": true,
3904 "docs": {
3905 "custom": {
3906 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-description"
3907 },
3908 "stability": "external",
3909 "summary": "A description of the role that you provide."
3910 },
3911 "immutable": true,
3912 "locationInModule": {
3913 "filename": "lib/iam.generated.ts",
3914 "line": 1577
3915 },
3916 "name": "description",
3917 "optional": true,
3918 "type": {
3919 "primitive": "string"
3920 }
3921 },
3922 {
3923 "abstract": true,
3924 "docs": {
3925 "custom": {
3926 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-managepolicyarns"
3927 },
3928 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
3929 "stability": "external",
3930 "summary": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role."
3931 },
3932 "immutable": true,
3933 "locationInModule": {
3934 "filename": "lib/iam.generated.ts",
3935 "line": 1586
3936 },
3937 "name": "managedPolicyArns",
3938 "optional": true,
3939 "type": {
3940 "collection": {
3941 "elementtype": {
3942 "primitive": "string"
3943 },
3944 "kind": "array"
3945 }
3946 }
3947 },
3948 {
3949 "abstract": true,
3950 "docs": {
3951 "custom": {
3952 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-maxsessionduration"
3953 },
3954 "remarks": "If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.\n\nAnyone who assumes the role from the or API can use the `DurationSeconds` API parameter or the `duration-seconds` CLI parameter to request a longer session. The `MaxSessionDuration` setting determines the maximum duration that can be requested using the `DurationSeconds` parameter. If users don't specify a value for the `DurationSeconds` parameter, their security credentials are valid for one hour by default. This applies when you use the `AssumeRole*` API operations or the `assume-role*` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide* .",
3955 "stability": "external",
3956 "summary": "The maximum session duration (in seconds) that you want to set for the specified role."
3957 },
3958 "immutable": true,
3959 "locationInModule": {
3960 "filename": "lib/iam.generated.ts",
3961 "line": 1595
3962 },
3963 "name": "maxSessionDuration",
3964 "optional": true,
3965 "type": {
3966 "primitive": "number"
3967 }
3968 },
3969 {
3970 "abstract": true,
3971 "docs": {
3972 "custom": {
3973 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path"
3974 },
3975 "remarks": "This parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
3976 "stability": "external",
3977 "summary": "The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* ."
3978 },
3979 "immutable": true,
3980 "locationInModule": {
3981 "filename": "lib/iam.generated.ts",
3982 "line": 1606
3983 },
3984 "name": "path",
3985 "optional": true,
3986 "type": {
3987 "primitive": "string"
3988 }
3989 },
3990 {
3991 "abstract": true,
3992 "docs": {
3993 "custom": {
3994 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary"
3995 },
3996 "remarks": "For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .",
3997 "stability": "external",
3998 "summary": "The ARN of the policy used to set the permissions boundary for the role."
3999 },
4000 "immutable": true,
4001 "locationInModule": {
4002 "filename": "lib/iam.generated.ts",
4003 "line": 1615
4004 },
4005 "name": "permissionsBoundary",
4006 "optional": true,
4007 "type": {
4008 "primitive": "string"
4009 }
4010 },
4011 {
4012 "abstract": true,
4013 "docs": {
4014 "custom": {
4015 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-policies"
4016 },
4017 "remarks": "When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) .\n\nA role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .\n\nFor information about limits on the number of inline policies that you can embed with a role, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
4018 "stability": "external",
4019 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM role."
4020 },
4021 "immutable": true,
4022 "locationInModule": {
4023 "filename": "lib/iam.generated.ts",
4024 "line": 1630
4025 },
4026 "name": "policies",
4027 "optional": true,
4028 "type": {
4029 "union": {
4030 "types": [
4031 {
4032 "fqn": "@aws-cdk/core.IResolvable"
4033 },
4034 {
4035 "collection": {
4036 "elementtype": {
4037 "union": {
4038 "types": [
4039 {
4040 "fqn": "@aws-cdk/core.IResolvable"
4041 },
4042 {
4043 "fqn": "@aws-cdk/aws-iam.CfnRole.PolicyProperty"
4044 }
4045 ]
4046 }
4047 },
4048 "kind": "array"
4049 }
4050 }
4051 ]
4052 }
4053 }
4054 },
4055 {
4056 "abstract": true,
4057 "docs": {
4058 "custom": {
4059 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-rolename"
4060 },
4061 "remarks": "For valid values, see the `RoleName` parameter for the [`CreateRole`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *IAM User Guide* .\n\nThis parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both \"Role1\" and \"role1\".\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
4062 "stability": "external",
4063 "summary": "A name for the IAM role, up to 64 characters in length."
4064 },
4065 "immutable": true,
4066 "locationInModule": {
4067 "filename": "lib/iam.generated.ts",
4068 "line": 1645
4069 },
4070 "name": "roleName",
4071 "optional": true,
4072 "type": {
4073 "primitive": "string"
4074 }
4075 },
4076 {
4077 "abstract": true,
4078 "docs": {
4079 "custom": {
4080 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-tags"
4081 },
4082 "remarks": "For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
4083 "stability": "external",
4084 "summary": "A list of tags that are attached to the role."
4085 },
4086 "immutable": true,
4087 "locationInModule": {
4088 "filename": "lib/iam.generated.ts",
4089 "line": 1652
4090 },
4091 "name": "tags",
4092 "optional": true,
4093 "type": {
4094 "collection": {
4095 "elementtype": {
4096 "fqn": "@aws-cdk/core.CfnTag"
4097 },
4098 "kind": "array"
4099 }
4100 }
4101 }
4102 ],
4103 "symbolId": "lib/iam.generated:CfnRoleProps"
4104 },
4105 "@aws-cdk/aws-iam.CfnSAMLProvider": {
4106 "assembly": "@aws-cdk/aws-iam",
4107 "base": "@aws-cdk/core.CfnResource",
4108 "docs": {
4109 "custom": {
4110 "cloudformationResource": "AWS::IAM::SAMLProvider",
4111 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html",
4112 "exampleMetadata": "fixture=_generated"
4113 },
4114 "remarks": "Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.\n\nThe SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .\n\nWhen you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.\n\n> This operation requires [Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) .\n\nFor more information, see [Enabling SAML 2.0 federated users to access the AWS Management Console](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html) and [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide* .",
4115 "stability": "external",
4116 "summary": "A CloudFormation `AWS::IAM::SAMLProvider`.",
4117 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnSAMLProvider = new iam.CfnSAMLProvider(this, 'MyCfnSAMLProvider', {\n samlMetadataDocument: 'samlMetadataDocument',\n\n // the properties below are optional\n name: 'name',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n});"
4118 },
4119 "fqn": "@aws-cdk/aws-iam.CfnSAMLProvider",
4120 "initializer": {
4121 "docs": {
4122 "stability": "external",
4123 "summary": "Create a new `AWS::IAM::SAMLProvider`."
4124 },
4125 "locationInModule": {
4126 "filename": "lib/iam.generated.ts",
4127 "line": 2176
4128 },
4129 "parameters": [
4130 {
4131 "docs": {
4132 "summary": "- scope in which this resource is defined."
4133 },
4134 "name": "scope",
4135 "type": {
4136 "fqn": "@aws-cdk/core.Construct"
4137 }
4138 },
4139 {
4140 "docs": {
4141 "summary": "- scoped id of the resource."
4142 },
4143 "name": "id",
4144 "type": {
4145 "primitive": "string"
4146 }
4147 },
4148 {
4149 "docs": {
4150 "summary": "- resource properties."
4151 },
4152 "name": "props",
4153 "type": {
4154 "fqn": "@aws-cdk/aws-iam.CfnSAMLProviderProps"
4155 }
4156 }
4157 ]
4158 },
4159 "interfaces": [
4160 "@aws-cdk/core.IInspectable"
4161 ],
4162 "kind": "class",
4163 "locationInModule": {
4164 "filename": "lib/iam.generated.ts",
4165 "line": 2111
4166 },
4167 "methods": [
4168 {
4169 "docs": {
4170 "stability": "external",
4171 "summary": "Examines the CloudFormation resource and discloses attributes."
4172 },
4173 "locationInModule": {
4174 "filename": "lib/iam.generated.ts",
4175 "line": 2192
4176 },
4177 "name": "inspect",
4178 "overrides": "@aws-cdk/core.IInspectable",
4179 "parameters": [
4180 {
4181 "docs": {
4182 "summary": "- tree inspector to collect and process attributes."
4183 },
4184 "name": "inspector",
4185 "type": {
4186 "fqn": "@aws-cdk/core.TreeInspector"
4187 }
4188 }
4189 ]
4190 },
4191 {
4192 "docs": {
4193 "stability": "external"
4194 },
4195 "locationInModule": {
4196 "filename": "lib/iam.generated.ts",
4197 "line": 2205
4198 },
4199 "name": "renderProperties",
4200 "overrides": "@aws-cdk/core.CfnResource",
4201 "parameters": [
4202 {
4203 "name": "props",
4204 "type": {
4205 "collection": {
4206 "elementtype": {
4207 "primitive": "any"
4208 },
4209 "kind": "map"
4210 }
4211 }
4212 }
4213 ],
4214 "protected": true,
4215 "returns": {
4216 "type": {
4217 "collection": {
4218 "elementtype": {
4219 "primitive": "any"
4220 },
4221 "kind": "map"
4222 }
4223 }
4224 }
4225 }
4226 ],
4227 "name": "CfnSAMLProvider",
4228 "properties": [
4229 {
4230 "const": true,
4231 "docs": {
4232 "stability": "external",
4233 "summary": "The CloudFormation resource type name for this resource class."
4234 },
4235 "immutable": true,
4236 "locationInModule": {
4237 "filename": "lib/iam.generated.ts",
4238 "line": 2115
4239 },
4240 "name": "CFN_RESOURCE_TYPE_NAME",
4241 "static": true,
4242 "type": {
4243 "primitive": "string"
4244 }
4245 },
4246 {
4247 "docs": {
4248 "custom": {
4249 "cloudformationAttribute": "Arn"
4250 },
4251 "stability": "external",
4252 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::SAMLProvider` resource."
4253 },
4254 "immutable": true,
4255 "locationInModule": {
4256 "filename": "lib/iam.generated.ts",
4257 "line": 2140
4258 },
4259 "name": "attrArn",
4260 "type": {
4261 "primitive": "string"
4262 }
4263 },
4264 {
4265 "docs": {
4266 "stability": "external"
4267 },
4268 "immutable": true,
4269 "locationInModule": {
4270 "filename": "lib/iam.generated.ts",
4271 "line": 2197
4272 },
4273 "name": "cfnProperties",
4274 "overrides": "@aws-cdk/core.CfnResource",
4275 "protected": true,
4276 "type": {
4277 "collection": {
4278 "elementtype": {
4279 "primitive": "any"
4280 },
4281 "kind": "map"
4282 }
4283 }
4284 },
4285 {
4286 "docs": {
4287 "custom": {
4288 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-tags"
4289 },
4290 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
4291 "stability": "external",
4292 "summary": "A list of tags that you want to attach to the new IAM SAML provider."
4293 },
4294 "immutable": true,
4295 "locationInModule": {
4296 "filename": "lib/iam.generated.ts",
4297 "line": 2167
4298 },
4299 "name": "tags",
4300 "type": {
4301 "fqn": "@aws-cdk/core.TagManager"
4302 }
4303 },
4304 {
4305 "docs": {
4306 "custom": {
4307 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-samlmetadatadocument"
4308 },
4309 "remarks": "For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*",
4310 "stability": "external",
4311 "summary": "An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP."
4312 },
4313 "locationInModule": {
4314 "filename": "lib/iam.generated.ts",
4315 "line": 2149
4316 },
4317 "name": "samlMetadataDocument",
4318 "type": {
4319 "primitive": "string"
4320 }
4321 },
4322 {
4323 "docs": {
4324 "custom": {
4325 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-name"
4326 },
4327 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
4328 "stability": "external",
4329 "summary": "The name of the provider to create."
4330 },
4331 "locationInModule": {
4332 "filename": "lib/iam.generated.ts",
4333 "line": 2158
4334 },
4335 "name": "name",
4336 "optional": true,
4337 "type": {
4338 "primitive": "string"
4339 }
4340 }
4341 ],
4342 "symbolId": "lib/iam.generated:CfnSAMLProvider"
4343 },
4344 "@aws-cdk/aws-iam.CfnSAMLProviderProps": {
4345 "assembly": "@aws-cdk/aws-iam",
4346 "datatype": true,
4347 "docs": {
4348 "custom": {
4349 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html",
4350 "exampleMetadata": "fixture=_generated"
4351 },
4352 "stability": "external",
4353 "summary": "Properties for defining a `CfnSAMLProvider`.",
4354 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnSAMLProviderProps: iam.CfnSAMLProviderProps = {\n samlMetadataDocument: 'samlMetadataDocument',\n\n // the properties below are optional\n name: 'name',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n};"
4355 },
4356 "fqn": "@aws-cdk/aws-iam.CfnSAMLProviderProps",
4357 "kind": "interface",
4358 "locationInModule": {
4359 "filename": "lib/iam.generated.ts",
4360 "line": 2011
4361 },
4362 "name": "CfnSAMLProviderProps",
4363 "properties": [
4364 {
4365 "abstract": true,
4366 "docs": {
4367 "custom": {
4368 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-samlmetadatadocument"
4369 },
4370 "remarks": "For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*",
4371 "stability": "external",
4372 "summary": "An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP."
4373 },
4374 "immutable": true,
4375 "locationInModule": {
4376 "filename": "lib/iam.generated.ts",
4377 "line": 2020
4378 },
4379 "name": "samlMetadataDocument",
4380 "type": {
4381 "primitive": "string"
4382 }
4383 },
4384 {
4385 "abstract": true,
4386 "docs": {
4387 "custom": {
4388 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-name"
4389 },
4390 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
4391 "stability": "external",
4392 "summary": "The name of the provider to create."
4393 },
4394 "immutable": true,
4395 "locationInModule": {
4396 "filename": "lib/iam.generated.ts",
4397 "line": 2029
4398 },
4399 "name": "name",
4400 "optional": true,
4401 "type": {
4402 "primitive": "string"
4403 }
4404 },
4405 {
4406 "abstract": true,
4407 "docs": {
4408 "custom": {
4409 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-tags"
4410 },
4411 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
4412 "stability": "external",
4413 "summary": "A list of tags that you want to attach to the new IAM SAML provider."
4414 },
4415 "immutable": true,
4416 "locationInModule": {
4417 "filename": "lib/iam.generated.ts",
4418 "line": 2038
4419 },
4420 "name": "tags",
4421 "optional": true,
4422 "type": {
4423 "collection": {
4424 "elementtype": {
4425 "fqn": "@aws-cdk/core.CfnTag"
4426 },
4427 "kind": "array"
4428 }
4429 }
4430 }
4431 ],
4432 "symbolId": "lib/iam.generated:CfnSAMLProviderProps"
4433 },
4434 "@aws-cdk/aws-iam.CfnServerCertificate": {
4435 "assembly": "@aws-cdk/aws-iam",
4436 "base": "@aws-cdk/core.CfnResource",
4437 "docs": {
4438 "custom": {
4439 "cloudformationResource": "AWS::IAM::ServerCertificate",
4440 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html",
4441 "exampleMetadata": "fixture=_generated"
4442 },
4443 "remarks": "Uploads a server certificate entity for the AWS account . The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.\n\nWe recommend that you use [AWS Certificate Manager](https://docs.aws.amazon.com/acm/) to provision, manage, and deploy your server certificates. With ACM you can request a certificate, deploy it to AWS resources, and let ACM handle certificate renewals for you. Certificates provided by ACM are free. For more information about using ACM, see the [AWS Certificate Manager User Guide](https://docs.aws.amazon.com/acm/latest/userguide/) .\n\nFor more information about working with server certificates, see [Working with server certificates](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) in the *IAM User Guide* . This topic includes a list of AWS services that can use the server certificates that you manage with IAM.\n\nFor information about the number of server certificates you can upload, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .\n\n> Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET when calling `UploadServerCertificate` . For information about setting up signatures and authorization through the API, see [Signing AWS API requests](https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) in the *AWS General Reference* . For general information about using the Query API with IAM, see [Calling the API by making HTTP query requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html) in the *IAM User Guide* .",
4444 "stability": "external",
4445 "summary": "A CloudFormation `AWS::IAM::ServerCertificate`.",
4446 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnServerCertificate = new iam.CfnServerCertificate(this, 'MyCfnServerCertificate', /* all optional props */ {\n certificateBody: 'certificateBody',\n certificateChain: 'certificateChain',\n path: 'path',\n privateKey: 'privateKey',\n serverCertificateName: 'serverCertificateName',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n});"
4447 },
4448 "fqn": "@aws-cdk/aws-iam.CfnServerCertificate",
4449 "initializer": {
4450 "docs": {
4451 "stability": "external",
4452 "summary": "Create a new `AWS::IAM::ServerCertificate`."
4453 },
4454 "locationInModule": {
4455 "filename": "lib/iam.generated.ts",
4456 "line": 2445
4457 },
4458 "parameters": [
4459 {
4460 "docs": {
4461 "summary": "- scope in which this resource is defined."
4462 },
4463 "name": "scope",
4464 "type": {
4465 "fqn": "@aws-cdk/core.Construct"
4466 }
4467 },
4468 {
4469 "docs": {
4470 "summary": "- scoped id of the resource."
4471 },
4472 "name": "id",
4473 "type": {
4474 "primitive": "string"
4475 }
4476 },
4477 {
4478 "docs": {
4479 "summary": "- resource properties."
4480 },
4481 "name": "props",
4482 "optional": true,
4483 "type": {
4484 "fqn": "@aws-cdk/aws-iam.CfnServerCertificateProps"
4485 }
4486 }
4487 ]
4488 },
4489 "interfaces": [
4490 "@aws-cdk/core.IInspectable"
4491 ],
4492 "kind": "class",
4493 "locationInModule": {
4494 "filename": "lib/iam.generated.ts",
4495 "line": 2353
4496 },
4497 "methods": [
4498 {
4499 "docs": {
4500 "stability": "external",
4501 "summary": "Examines the CloudFormation resource and discloses attributes."
4502 },
4503 "locationInModule": {
4504 "filename": "lib/iam.generated.ts",
4505 "line": 2463
4506 },
4507 "name": "inspect",
4508 "overrides": "@aws-cdk/core.IInspectable",
4509 "parameters": [
4510 {
4511 "docs": {
4512 "summary": "- tree inspector to collect and process attributes."
4513 },
4514 "name": "inspector",
4515 "type": {
4516 "fqn": "@aws-cdk/core.TreeInspector"
4517 }
4518 }
4519 ]
4520 },
4521 {
4522 "docs": {
4523 "stability": "external"
4524 },
4525 "locationInModule": {
4526 "filename": "lib/iam.generated.ts",
4527 "line": 2479
4528 },
4529 "name": "renderProperties",
4530 "overrides": "@aws-cdk/core.CfnResource",
4531 "parameters": [
4532 {
4533 "name": "props",
4534 "type": {
4535 "collection": {
4536 "elementtype": {
4537 "primitive": "any"
4538 },
4539 "kind": "map"
4540 }
4541 }
4542 }
4543 ],
4544 "protected": true,
4545 "returns": {
4546 "type": {
4547 "collection": {
4548 "elementtype": {
4549 "primitive": "any"
4550 },
4551 "kind": "map"
4552 }
4553 }
4554 }
4555 }
4556 ],
4557 "name": "CfnServerCertificate",
4558 "properties": [
4559 {
4560 "const": true,
4561 "docs": {
4562 "stability": "external",
4563 "summary": "The CloudFormation resource type name for this resource class."
4564 },
4565 "immutable": true,
4566 "locationInModule": {
4567 "filename": "lib/iam.generated.ts",
4568 "line": 2357
4569 },
4570 "name": "CFN_RESOURCE_TYPE_NAME",
4571 "static": true,
4572 "type": {
4573 "primitive": "string"
4574 }
4575 },
4576 {
4577 "docs": {
4578 "custom": {
4579 "cloudformationAttribute": "Arn"
4580 },
4581 "stability": "external",
4582 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::ServerCertificate` resource."
4583 },
4584 "immutable": true,
4585 "locationInModule": {
4586 "filename": "lib/iam.generated.ts",
4587 "line": 2382
4588 },
4589 "name": "attrArn",
4590 "type": {
4591 "primitive": "string"
4592 }
4593 },
4594 {
4595 "docs": {
4596 "stability": "external"
4597 },
4598 "immutable": true,
4599 "locationInModule": {
4600 "filename": "lib/iam.generated.ts",
4601 "line": 2468
4602 },
4603 "name": "cfnProperties",
4604 "overrides": "@aws-cdk/core.CfnResource",
4605 "protected": true,
4606 "type": {
4607 "collection": {
4608 "elementtype": {
4609 "primitive": "any"
4610 },
4611 "kind": "map"
4612 }
4613 }
4614 },
4615 {
4616 "docs": {
4617 "custom": {
4618 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-tags"
4619 },
4620 "remarks": "For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
4621 "stability": "external",
4622 "summary": "A list of tags that are attached to the server certificate."
4623 },
4624 "immutable": true,
4625 "locationInModule": {
4626 "filename": "lib/iam.generated.ts",
4627 "line": 2436
4628 },
4629 "name": "tags",
4630 "type": {
4631 "fqn": "@aws-cdk/core.TagManager"
4632 }
4633 },
4634 {
4635 "docs": {
4636 "custom": {
4637 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatebody"
4638 },
4639 "stability": "external",
4640 "summary": "The contents of the public key certificate."
4641 },
4642 "locationInModule": {
4643 "filename": "lib/iam.generated.ts",
4644 "line": 2389
4645 },
4646 "name": "certificateBody",
4647 "optional": true,
4648 "type": {
4649 "primitive": "string"
4650 }
4651 },
4652 {
4653 "docs": {
4654 "custom": {
4655 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatechain"
4656 },
4657 "stability": "external",
4658 "summary": "The contents of the public key certificate chain."
4659 },
4660 "locationInModule": {
4661 "filename": "lib/iam.generated.ts",
4662 "line": 2396
4663 },
4664 "name": "certificateChain",
4665 "optional": true,
4666 "type": {
4667 "primitive": "string"
4668 }
4669 },
4670 {
4671 "docs": {
4672 "custom": {
4673 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-path"
4674 },
4675 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.\n\n> If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the `path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/` ).",
4676 "stability": "external",
4677 "summary": "The path for the server certificate."
4678 },
4679 "locationInModule": {
4680 "filename": "lib/iam.generated.ts",
4681 "line": 2407
4682 },
4683 "name": "path",
4684 "optional": true,
4685 "type": {
4686 "primitive": "string"
4687 }
4688 },
4689 {
4690 "docs": {
4691 "custom": {
4692 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-privatekey"
4693 },
4694 "remarks": "The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
4695 "stability": "external",
4696 "summary": "The contents of the private key in PEM-encoded format."
4697 },
4698 "locationInModule": {
4699 "filename": "lib/iam.generated.ts",
4700 "line": 2420
4701 },
4702 "name": "privateKey",
4703 "optional": true,
4704 "type": {
4705 "primitive": "string"
4706 }
4707 },
4708 {
4709 "docs": {
4710 "custom": {
4711 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-servercertificatename"
4712 },
4713 "remarks": "Do not include the path in this value. The name of the certificate cannot contain any spaces.\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
4714 "stability": "external",
4715 "summary": "The name for the server certificate."
4716 },
4717 "locationInModule": {
4718 "filename": "lib/iam.generated.ts",
4719 "line": 2429
4720 },
4721 "name": "serverCertificateName",
4722 "optional": true,
4723 "type": {
4724 "primitive": "string"
4725 }
4726 }
4727 ],
4728 "symbolId": "lib/iam.generated:CfnServerCertificate"
4729 },
4730 "@aws-cdk/aws-iam.CfnServerCertificateProps": {
4731 "assembly": "@aws-cdk/aws-iam",
4732 "datatype": true,
4733 "docs": {
4734 "custom": {
4735 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html",
4736 "exampleMetadata": "fixture=_generated"
4737 },
4738 "stability": "external",
4739 "summary": "Properties for defining a `CfnServerCertificate`.",
4740 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnServerCertificateProps: iam.CfnServerCertificateProps = {\n certificateBody: 'certificateBody',\n certificateChain: 'certificateChain',\n path: 'path',\n privateKey: 'privateKey',\n serverCertificateName: 'serverCertificateName',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n};"
4741 },
4742 "fqn": "@aws-cdk/aws-iam.CfnServerCertificateProps",
4743 "kind": "interface",
4744 "locationInModule": {
4745 "filename": "lib/iam.generated.ts",
4746 "line": 2218
4747 },
4748 "name": "CfnServerCertificateProps",
4749 "properties": [
4750 {
4751 "abstract": true,
4752 "docs": {
4753 "custom": {
4754 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatebody"
4755 },
4756 "stability": "external",
4757 "summary": "The contents of the public key certificate."
4758 },
4759 "immutable": true,
4760 "locationInModule": {
4761 "filename": "lib/iam.generated.ts",
4762 "line": 2225
4763 },
4764 "name": "certificateBody",
4765 "optional": true,
4766 "type": {
4767 "primitive": "string"
4768 }
4769 },
4770 {
4771 "abstract": true,
4772 "docs": {
4773 "custom": {
4774 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatechain"
4775 },
4776 "stability": "external",
4777 "summary": "The contents of the public key certificate chain."
4778 },
4779 "immutable": true,
4780 "locationInModule": {
4781 "filename": "lib/iam.generated.ts",
4782 "line": 2232
4783 },
4784 "name": "certificateChain",
4785 "optional": true,
4786 "type": {
4787 "primitive": "string"
4788 }
4789 },
4790 {
4791 "abstract": true,
4792 "docs": {
4793 "custom": {
4794 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-path"
4795 },
4796 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.\n\n> If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the `path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/` ).",
4797 "stability": "external",
4798 "summary": "The path for the server certificate."
4799 },
4800 "immutable": true,
4801 "locationInModule": {
4802 "filename": "lib/iam.generated.ts",
4803 "line": 2243
4804 },
4805 "name": "path",
4806 "optional": true,
4807 "type": {
4808 "primitive": "string"
4809 }
4810 },
4811 {
4812 "abstract": true,
4813 "docs": {
4814 "custom": {
4815 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-privatekey"
4816 },
4817 "remarks": "The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
4818 "stability": "external",
4819 "summary": "The contents of the private key in PEM-encoded format."
4820 },
4821 "immutable": true,
4822 "locationInModule": {
4823 "filename": "lib/iam.generated.ts",
4824 "line": 2256
4825 },
4826 "name": "privateKey",
4827 "optional": true,
4828 "type": {
4829 "primitive": "string"
4830 }
4831 },
4832 {
4833 "abstract": true,
4834 "docs": {
4835 "custom": {
4836 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-servercertificatename"
4837 },
4838 "remarks": "Do not include the path in this value. The name of the certificate cannot contain any spaces.\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
4839 "stability": "external",
4840 "summary": "The name for the server certificate."
4841 },
4842 "immutable": true,
4843 "locationInModule": {
4844 "filename": "lib/iam.generated.ts",
4845 "line": 2265
4846 },
4847 "name": "serverCertificateName",
4848 "optional": true,
4849 "type": {
4850 "primitive": "string"
4851 }
4852 },
4853 {
4854 "abstract": true,
4855 "docs": {
4856 "custom": {
4857 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-tags"
4858 },
4859 "remarks": "For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
4860 "stability": "external",
4861 "summary": "A list of tags that are attached to the server certificate."
4862 },
4863 "immutable": true,
4864 "locationInModule": {
4865 "filename": "lib/iam.generated.ts",
4866 "line": 2272
4867 },
4868 "name": "tags",
4869 "optional": true,
4870 "type": {
4871 "collection": {
4872 "elementtype": {
4873 "fqn": "@aws-cdk/core.CfnTag"
4874 },
4875 "kind": "array"
4876 }
4877 }
4878 }
4879 ],
4880 "symbolId": "lib/iam.generated:CfnServerCertificateProps"
4881 },
4882 "@aws-cdk/aws-iam.CfnServiceLinkedRole": {
4883 "assembly": "@aws-cdk/aws-iam",
4884 "base": "@aws-cdk/core.CfnResource",
4885 "docs": {
4886 "custom": {
4887 "cloudformationResource": "AWS::IAM::ServiceLinkedRole",
4888 "exampleMetadata": "infused",
4889 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html"
4890 },
4891 "example": "const slr = new iam.CfnServiceLinkedRole(this, 'ElasticSLR', {\n awsServiceName: 'es.amazonaws.com',\n});",
4892 "remarks": "Creates an IAM role that is linked to a specific AWS service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your AWS resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed. For more information, see [Using service-linked roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) in the *IAM User Guide* .\n\nTo attach a policy to this service-linked role, you must make the request using the AWS service that depends on this role.",
4893 "stability": "external",
4894 "summary": "A CloudFormation `AWS::IAM::ServiceLinkedRole`."
4895 },
4896 "fqn": "@aws-cdk/aws-iam.CfnServiceLinkedRole",
4897 "initializer": {
4898 "docs": {
4899 "stability": "external",
4900 "summary": "Create a new `AWS::IAM::ServiceLinkedRole`."
4901 },
4902 "locationInModule": {
4903 "filename": "lib/iam.generated.ts",
4904 "line": 2641
4905 },
4906 "parameters": [
4907 {
4908 "docs": {
4909 "summary": "- scope in which this resource is defined."
4910 },
4911 "name": "scope",
4912 "type": {
4913 "fqn": "@aws-cdk/core.Construct"
4914 }
4915 },
4916 {
4917 "docs": {
4918 "summary": "- scoped id of the resource."
4919 },
4920 "name": "id",
4921 "type": {
4922 "primitive": "string"
4923 }
4924 },
4925 {
4926 "docs": {
4927 "summary": "- resource properties."
4928 },
4929 "name": "props",
4930 "type": {
4931 "fqn": "@aws-cdk/aws-iam.CfnServiceLinkedRoleProps"
4932 }
4933 }
4934 ]
4935 },
4936 "interfaces": [
4937 "@aws-cdk/core.IInspectable"
4938 ],
4939 "kind": "class",
4940 "locationInModule": {
4941 "filename": "lib/iam.generated.ts",
4942 "line": 2584
4943 },
4944 "methods": [
4945 {
4946 "docs": {
4947 "stability": "external",
4948 "summary": "Examines the CloudFormation resource and discloses attributes."
4949 },
4950 "locationInModule": {
4951 "filename": "lib/iam.generated.ts",
4952 "line": 2656
4953 },
4954 "name": "inspect",
4955 "overrides": "@aws-cdk/core.IInspectable",
4956 "parameters": [
4957 {
4958 "docs": {
4959 "summary": "- tree inspector to collect and process attributes."
4960 },
4961 "name": "inspector",
4962 "type": {
4963 "fqn": "@aws-cdk/core.TreeInspector"
4964 }
4965 }
4966 ]
4967 },
4968 {
4969 "docs": {
4970 "stability": "external"
4971 },
4972 "locationInModule": {
4973 "filename": "lib/iam.generated.ts",
4974 "line": 2669
4975 },
4976 "name": "renderProperties",
4977 "overrides": "@aws-cdk/core.CfnResource",
4978 "parameters": [
4979 {
4980 "name": "props",
4981 "type": {
4982 "collection": {
4983 "elementtype": {
4984 "primitive": "any"
4985 },
4986 "kind": "map"
4987 }
4988 }
4989 }
4990 ],
4991 "protected": true,
4992 "returns": {
4993 "type": {
4994 "collection": {
4995 "elementtype": {
4996 "primitive": "any"
4997 },
4998 "kind": "map"
4999 }
5000 }
5001 }
5002 }
5003 ],
5004 "name": "CfnServiceLinkedRole",
5005 "properties": [
5006 {
5007 "const": true,
5008 "docs": {
5009 "stability": "external",
5010 "summary": "The CloudFormation resource type name for this resource class."
5011 },
5012 "immutable": true,
5013 "locationInModule": {
5014 "filename": "lib/iam.generated.ts",
5015 "line": 2588
5016 },
5017 "name": "CFN_RESOURCE_TYPE_NAME",
5018 "static": true,
5019 "type": {
5020 "primitive": "string"
5021 }
5022 },
5023 {
5024 "docs": {
5025 "stability": "external"
5026 },
5027 "immutable": true,
5028 "locationInModule": {
5029 "filename": "lib/iam.generated.ts",
5030 "line": 2661
5031 },
5032 "name": "cfnProperties",
5033 "overrides": "@aws-cdk/core.CfnResource",
5034 "protected": true,
5035 "type": {
5036 "collection": {
5037 "elementtype": {
5038 "primitive": "any"
5039 },
5040 "kind": "map"
5041 }
5042 }
5043 },
5044 {
5045 "docs": {
5046 "custom": {
5047 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-awsservicename"
5048 },
5049 "remarks": "You use a string similar to a URL but without the http:// in front. For example: `elasticbeanstalk.amazonaws.com` .\n\nService principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the *IAM User Guide* . Look for the services that have *Yes* in the *Service-Linked Role* column. Choose the *Yes* link to view the service-linked role documentation for that service.",
5050 "stability": "external",
5051 "summary": "The service principal for the AWS service to which this role is attached."
5052 },
5053 "locationInModule": {
5054 "filename": "lib/iam.generated.ts",
5055 "line": 2616
5056 },
5057 "name": "awsServiceName",
5058 "type": {
5059 "primitive": "string"
5060 }
5061 },
5062 {
5063 "docs": {
5064 "custom": {
5065 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-customsuffix"
5066 },
5067 "remarks": "If you make multiple requests for the same service, then you must supply a different `CustomSuffix` for each request. Otherwise the request fails with a duplicate role name error. For example, you could add `-1` or `-debug` to the suffix.\n\nSome services do not support the `CustomSuffix` parameter. If you provide an optional suffix and the operation fails, try the operation again without the suffix.",
5068 "stability": "external",
5069 "summary": "A string that you provide, which is combined with the service-provided prefix to form the complete role name."
5070 },
5071 "locationInModule": {
5072 "filename": "lib/iam.generated.ts",
5073 "line": 2625
5074 },
5075 "name": "customSuffix",
5076 "optional": true,
5077 "type": {
5078 "primitive": "string"
5079 }
5080 },
5081 {
5082 "docs": {
5083 "custom": {
5084 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-description"
5085 },
5086 "stability": "external",
5087 "summary": "The description of the role."
5088 },
5089 "locationInModule": {
5090 "filename": "lib/iam.generated.ts",
5091 "line": 2632
5092 },
5093 "name": "description",
5094 "optional": true,
5095 "type": {
5096 "primitive": "string"
5097 }
5098 }
5099 ],
5100 "symbolId": "lib/iam.generated:CfnServiceLinkedRole"
5101 },
5102 "@aws-cdk/aws-iam.CfnServiceLinkedRoleProps": {
5103 "assembly": "@aws-cdk/aws-iam",
5104 "datatype": true,
5105 "docs": {
5106 "custom": {
5107 "exampleMetadata": "infused",
5108 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html"
5109 },
5110 "example": "const slr = new iam.CfnServiceLinkedRole(this, 'ElasticSLR', {\n awsServiceName: 'es.amazonaws.com',\n});",
5111 "stability": "external",
5112 "summary": "Properties for defining a `CfnServiceLinkedRole`."
5113 },
5114 "fqn": "@aws-cdk/aws-iam.CfnServiceLinkedRoleProps",
5115 "kind": "interface",
5116 "locationInModule": {
5117 "filename": "lib/iam.generated.ts",
5118 "line": 2492
5119 },
5120 "name": "CfnServiceLinkedRoleProps",
5121 "properties": [
5122 {
5123 "abstract": true,
5124 "docs": {
5125 "custom": {
5126 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-awsservicename"
5127 },
5128 "remarks": "You use a string similar to a URL but without the http:// in front. For example: `elasticbeanstalk.amazonaws.com` .\n\nService principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the *IAM User Guide* . Look for the services that have *Yes* in the *Service-Linked Role* column. Choose the *Yes* link to view the service-linked role documentation for that service.",
5129 "stability": "external",
5130 "summary": "The service principal for the AWS service to which this role is attached."
5131 },
5132 "immutable": true,
5133 "locationInModule": {
5134 "filename": "lib/iam.generated.ts",
5135 "line": 2501
5136 },
5137 "name": "awsServiceName",
5138 "type": {
5139 "primitive": "string"
5140 }
5141 },
5142 {
5143 "abstract": true,
5144 "docs": {
5145 "custom": {
5146 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-customsuffix"
5147 },
5148 "remarks": "If you make multiple requests for the same service, then you must supply a different `CustomSuffix` for each request. Otherwise the request fails with a duplicate role name error. For example, you could add `-1` or `-debug` to the suffix.\n\nSome services do not support the `CustomSuffix` parameter. If you provide an optional suffix and the operation fails, try the operation again without the suffix.",
5149 "stability": "external",
5150 "summary": "A string that you provide, which is combined with the service-provided prefix to form the complete role name."
5151 },
5152 "immutable": true,
5153 "locationInModule": {
5154 "filename": "lib/iam.generated.ts",
5155 "line": 2510
5156 },
5157 "name": "customSuffix",
5158 "optional": true,
5159 "type": {
5160 "primitive": "string"
5161 }
5162 },
5163 {
5164 "abstract": true,
5165 "docs": {
5166 "custom": {
5167 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-description"
5168 },
5169 "stability": "external",
5170 "summary": "The description of the role."
5171 },
5172 "immutable": true,
5173 "locationInModule": {
5174 "filename": "lib/iam.generated.ts",
5175 "line": 2517
5176 },
5177 "name": "description",
5178 "optional": true,
5179 "type": {
5180 "primitive": "string"
5181 }
5182 }
5183 ],
5184 "symbolId": "lib/iam.generated:CfnServiceLinkedRoleProps"
5185 },
5186 "@aws-cdk/aws-iam.CfnUser": {
5187 "assembly": "@aws-cdk/aws-iam",
5188 "base": "@aws-cdk/core.CfnResource",
5189 "docs": {
5190 "custom": {
5191 "cloudformationResource": "AWS::IAM::User",
5192 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html",
5193 "exampleMetadata": "fixture=_generated"
5194 },
5195 "remarks": "Creates a new IAM user for your AWS account .\n\nFor information about quotas for the number of IAM users you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .",
5196 "stability": "external",
5197 "summary": "A CloudFormation `AWS::IAM::User`.",
5198 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnUser = new iam.CfnUser(this, 'MyCfnUser', /* all optional props */ {\n groups: ['groups'],\n loginProfile: {\n password: 'password',\n\n // the properties below are optional\n passwordResetRequired: false,\n },\n managedPolicyArns: ['managedPolicyArns'],\n path: 'path',\n permissionsBoundary: 'permissionsBoundary',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n tags: [{\n key: 'key',\n value: 'value',\n }],\n userName: 'userName',\n});"
5199 },
5200 "fqn": "@aws-cdk/aws-iam.CfnUser",
5201 "initializer": {
5202 "docs": {
5203 "stability": "external",
5204 "summary": "Create a new `AWS::IAM::User`."
5205 },
5206 "locationInModule": {
5207 "filename": "lib/iam.generated.ts",
5208 "line": 2961
5209 },
5210 "parameters": [
5211 {
5212 "docs": {
5213 "summary": "- scope in which this resource is defined."
5214 },
5215 "name": "scope",
5216 "type": {
5217 "fqn": "@aws-cdk/core.Construct"
5218 }
5219 },
5220 {
5221 "docs": {
5222 "summary": "- scoped id of the resource."
5223 },
5224 "name": "id",
5225 "type": {
5226 "primitive": "string"
5227 }
5228 },
5229 {
5230 "docs": {
5231 "summary": "- resource properties."
5232 },
5233 "name": "props",
5234 "optional": true,
5235 "type": {
5236 "fqn": "@aws-cdk/aws-iam.CfnUserProps"
5237 }
5238 }
5239 ]
5240 },
5241 "interfaces": [
5242 "@aws-cdk/core.IInspectable"
5243 ],
5244 "kind": "class",
5245 "locationInModule": {
5246 "filename": "lib/iam.generated.ts",
5247 "line": 2843
5248 },
5249 "methods": [
5250 {
5251 "docs": {
5252 "stability": "external",
5253 "summary": "Examines the CloudFormation resource and discloses attributes."
5254 },
5255 "locationInModule": {
5256 "filename": "lib/iam.generated.ts",
5257 "line": 2981
5258 },
5259 "name": "inspect",
5260 "overrides": "@aws-cdk/core.IInspectable",
5261 "parameters": [
5262 {
5263 "docs": {
5264 "summary": "- tree inspector to collect and process attributes."
5265 },
5266 "name": "inspector",
5267 "type": {
5268 "fqn": "@aws-cdk/core.TreeInspector"
5269 }
5270 }
5271 ]
5272 },
5273 {
5274 "docs": {
5275 "stability": "external"
5276 },
5277 "locationInModule": {
5278 "filename": "lib/iam.generated.ts",
5279 "line": 2999
5280 },
5281 "name": "renderProperties",
5282 "overrides": "@aws-cdk/core.CfnResource",
5283 "parameters": [
5284 {
5285 "name": "props",
5286 "type": {
5287 "collection": {
5288 "elementtype": {
5289 "primitive": "any"
5290 },
5291 "kind": "map"
5292 }
5293 }
5294 }
5295 ],
5296 "protected": true,
5297 "returns": {
5298 "type": {
5299 "collection": {
5300 "elementtype": {
5301 "primitive": "any"
5302 },
5303 "kind": "map"
5304 }
5305 }
5306 }
5307 }
5308 ],
5309 "name": "CfnUser",
5310 "properties": [
5311 {
5312 "const": true,
5313 "docs": {
5314 "stability": "external",
5315 "summary": "The CloudFormation resource type name for this resource class."
5316 },
5317 "immutable": true,
5318 "locationInModule": {
5319 "filename": "lib/iam.generated.ts",
5320 "line": 2847
5321 },
5322 "name": "CFN_RESOURCE_TYPE_NAME",
5323 "static": true,
5324 "type": {
5325 "primitive": "string"
5326 }
5327 },
5328 {
5329 "docs": {
5330 "custom": {
5331 "cloudformationAttribute": "Arn"
5332 },
5333 "remarks": "For example: `arn:aws:iam::123456789012:user/mystack-myuser-1CCXAFG2H2U4D` .",
5334 "stability": "external",
5335 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::User` resource."
5336 },
5337 "immutable": true,
5338 "locationInModule": {
5339 "filename": "lib/iam.generated.ts",
5340 "line": 2872
5341 },
5342 "name": "attrArn",
5343 "type": {
5344 "primitive": "string"
5345 }
5346 },
5347 {
5348 "docs": {
5349 "stability": "external"
5350 },
5351 "immutable": true,
5352 "locationInModule": {
5353 "filename": "lib/iam.generated.ts",
5354 "line": 2986
5355 },
5356 "name": "cfnProperties",
5357 "overrides": "@aws-cdk/core.CfnResource",
5358 "protected": true,
5359 "type": {
5360 "collection": {
5361 "elementtype": {
5362 "primitive": "any"
5363 },
5364 "kind": "map"
5365 }
5366 }
5367 },
5368 {
5369 "docs": {
5370 "custom": {
5371 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-tags"
5372 },
5373 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
5374 "stability": "external",
5375 "summary": "A list of tags that you want to attach to the new user."
5376 },
5377 "immutable": true,
5378 "locationInModule": {
5379 "filename": "lib/iam.generated.ts",
5380 "line": 2937
5381 },
5382 "name": "tags",
5383 "type": {
5384 "fqn": "@aws-cdk/core.TagManager"
5385 }
5386 },
5387 {
5388 "docs": {
5389 "custom": {
5390 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-groups"
5391 },
5392 "stability": "external",
5393 "summary": "A list of group names to which you want to add the user."
5394 },
5395 "locationInModule": {
5396 "filename": "lib/iam.generated.ts",
5397 "line": 2879
5398 },
5399 "name": "groups",
5400 "optional": true,
5401 "type": {
5402 "collection": {
5403 "elementtype": {
5404 "primitive": "string"
5405 },
5406 "kind": "array"
5407 }
5408 }
5409 },
5410 {
5411 "docs": {
5412 "custom": {
5413 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-loginprofile"
5414 },
5415 "remarks": "A password allows an IAM user to access AWS services through the AWS Management Console .\n\nYou can use the AWS CLI , the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the AWS Management Console .\n\nFor more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .",
5416 "stability": "external",
5417 "summary": "Creates a password for the specified IAM user."
5418 },
5419 "locationInModule": {
5420 "filename": "lib/iam.generated.ts",
5421 "line": 2890
5422 },
5423 "name": "loginProfile",
5424 "optional": true,
5425 "type": {
5426 "union": {
5427 "types": [
5428 {
5429 "fqn": "@aws-cdk/core.IResolvable"
5430 },
5431 {
5432 "fqn": "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty"
5433 }
5434 ]
5435 }
5436 }
5437 },
5438 {
5439 "docs": {
5440 "custom": {
5441 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-managepolicyarns"
5442 },
5443 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
5444 "stability": "external",
5445 "summary": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user."
5446 },
5447 "locationInModule": {
5448 "filename": "lib/iam.generated.ts",
5449 "line": 2899
5450 },
5451 "name": "managedPolicyArns",
5452 "optional": true,
5453 "type": {
5454 "collection": {
5455 "elementtype": {
5456 "primitive": "string"
5457 },
5458 "kind": "array"
5459 }
5460 }
5461 },
5462 {
5463 "docs": {
5464 "custom": {
5465 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-path"
5466 },
5467 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
5468 "stability": "external",
5469 "summary": "The path for the user name."
5470 },
5471 "locationInModule": {
5472 "filename": "lib/iam.generated.ts",
5473 "line": 2910
5474 },
5475 "name": "path",
5476 "optional": true,
5477 "type": {
5478 "primitive": "string"
5479 }
5480 },
5481 {
5482 "docs": {
5483 "custom": {
5484 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-permissionsboundary"
5485 },
5486 "stability": "external",
5487 "summary": "The ARN of the policy that is used to set the permissions boundary for the user."
5488 },
5489 "locationInModule": {
5490 "filename": "lib/iam.generated.ts",
5491 "line": 2917
5492 },
5493 "name": "permissionsBoundary",
5494 "optional": true,
5495 "type": {
5496 "primitive": "string"
5497 }
5498 },
5499 {
5500 "docs": {
5501 "custom": {
5502 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-policies"
5503 },
5504 "remarks": "To view AWS::IAM::User snippets, see [Declaring an IAM User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user) .\n\n> The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.\n\nFor information about limits on the number of inline policies that you can embed in a user, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
5505 "stability": "external",
5506 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM user."
5507 },
5508 "locationInModule": {
5509 "filename": "lib/iam.generated.ts",
5510 "line": 2928
5511 },
5512 "name": "policies",
5513 "optional": true,
5514 "type": {
5515 "union": {
5516 "types": [
5517 {
5518 "fqn": "@aws-cdk/core.IResolvable"
5519 },
5520 {
5521 "collection": {
5522 "elementtype": {
5523 "union": {
5524 "types": [
5525 {
5526 "fqn": "@aws-cdk/core.IResolvable"
5527 },
5528 {
5529 "fqn": "@aws-cdk/aws-iam.CfnUser.PolicyProperty"
5530 }
5531 ]
5532 }
5533 },
5534 "kind": "array"
5535 }
5536 }
5537 ]
5538 }
5539 }
5540 },
5541 {
5542 "docs": {
5543 "custom": {
5544 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-username"
5545 },
5546 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both \"John\" and \"john\".\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
5547 "stability": "external",
5548 "summary": "The name of the user to create. Do not include the path in this value."
5549 },
5550 "locationInModule": {
5551 "filename": "lib/iam.generated.ts",
5552 "line": 2952
5553 },
5554 "name": "userName",
5555 "optional": true,
5556 "type": {
5557 "primitive": "string"
5558 }
5559 }
5560 ],
5561 "symbolId": "lib/iam.generated:CfnUser"
5562 },
5563 "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty": {
5564 "assembly": "@aws-cdk/aws-iam",
5565 "datatype": true,
5566 "docs": {
5567 "custom": {
5568 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html",
5569 "exampleMetadata": "fixture=_generated"
5570 },
5571 "remarks": "For more information about managing passwords, see [Managing Passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .",
5572 "stability": "external",
5573 "summary": "Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console .",
5574 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst loginProfileProperty: iam.CfnUser.LoginProfileProperty = {\n password: 'password',\n\n // the properties below are optional\n passwordResetRequired: false,\n};"
5575 },
5576 "fqn": "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty",
5577 "kind": "interface",
5578 "locationInModule": {
5579 "filename": "lib/iam.generated.ts",
5580 "line": 3013
5581 },
5582 "name": "LoginProfileProperty",
5583 "namespace": "CfnUser",
5584 "properties": [
5585 {
5586 "abstract": true,
5587 "docs": {
5588 "custom": {
5589 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html#cfn-iam-user-loginprofile-password"
5590 },
5591 "stability": "external",
5592 "summary": "The user's password."
5593 },
5594 "immutable": true,
5595 "locationInModule": {
5596 "filename": "lib/iam.generated.ts",
5597 "line": 3019
5598 },
5599 "name": "password",
5600 "type": {
5601 "primitive": "string"
5602 }
5603 },
5604 {
5605 "abstract": true,
5606 "docs": {
5607 "custom": {
5608 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html#cfn-iam-user-loginprofile-passwordresetrequired"
5609 },
5610 "stability": "external",
5611 "summary": "Specifies whether the user is required to set a new password on next sign-in."
5612 },
5613 "immutable": true,
5614 "locationInModule": {
5615 "filename": "lib/iam.generated.ts",
5616 "line": 3025
5617 },
5618 "name": "passwordResetRequired",
5619 "optional": true,
5620 "type": {
5621 "union": {
5622 "types": [
5623 {
5624 "primitive": "boolean"
5625 },
5626 {
5627 "fqn": "@aws-cdk/core.IResolvable"
5628 }
5629 ]
5630 }
5631 }
5632 }
5633 ],
5634 "symbolId": "lib/iam.generated:CfnUser.LoginProfileProperty"
5635 },
5636 "@aws-cdk/aws-iam.CfnUser.PolicyProperty": {
5637 "assembly": "@aws-cdk/aws-iam",
5638 "datatype": true,
5639 "docs": {
5640 "custom": {
5641 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html",
5642 "exampleMetadata": "fixture=_generated"
5643 },
5644 "remarks": "An attached policy is a managed policy that has been attached to a user, group, or role.\n\nFor more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .",
5645 "stability": "external",
5646 "summary": "Contains information about an attached policy.",
5647 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst policyProperty: iam.CfnUser.PolicyProperty = {\n policyDocument: policyDocument,\n policyName: 'policyName',\n};"
5648 },
5649 "fqn": "@aws-cdk/aws-iam.CfnUser.PolicyProperty",
5650 "kind": "interface",
5651 "locationInModule": {
5652 "filename": "lib/iam.generated.ts",
5653 "line": 3094
5654 },
5655 "name": "PolicyProperty",
5656 "namespace": "CfnUser",
5657 "properties": [
5658 {
5659 "abstract": true,
5660 "docs": {
5661 "custom": {
5662 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument"
5663 },
5664 "stability": "external",
5665 "summary": "The policy document."
5666 },
5667 "immutable": true,
5668 "locationInModule": {
5669 "filename": "lib/iam.generated.ts",
5670 "line": 3100
5671 },
5672 "name": "policyDocument",
5673 "type": {
5674 "primitive": "any"
5675 }
5676 },
5677 {
5678 "abstract": true,
5679 "docs": {
5680 "custom": {
5681 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname"
5682 },
5683 "stability": "external",
5684 "summary": "The friendly name (not ARN) identifying the policy."
5685 },
5686 "immutable": true,
5687 "locationInModule": {
5688 "filename": "lib/iam.generated.ts",
5689 "line": 3106
5690 },
5691 "name": "policyName",
5692 "type": {
5693 "primitive": "string"
5694 }
5695 }
5696 ],
5697 "symbolId": "lib/iam.generated:CfnUser.PolicyProperty"
5698 },
5699 "@aws-cdk/aws-iam.CfnUserProps": {
5700 "assembly": "@aws-cdk/aws-iam",
5701 "datatype": true,
5702 "docs": {
5703 "custom": {
5704 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html",
5705 "exampleMetadata": "fixture=_generated"
5706 },
5707 "stability": "external",
5708 "summary": "Properties for defining a `CfnUser`.",
5709 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnUserProps: iam.CfnUserProps = {\n groups: ['groups'],\n loginProfile: {\n password: 'password',\n\n // the properties below are optional\n passwordResetRequired: false,\n },\n managedPolicyArns: ['managedPolicyArns'],\n path: 'path',\n permissionsBoundary: 'permissionsBoundary',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n tags: [{\n key: 'key',\n value: 'value',\n }],\n userName: 'userName',\n};"
5710 },
5711 "fqn": "@aws-cdk/aws-iam.CfnUserProps",
5712 "kind": "interface",
5713 "locationInModule": {
5714 "filename": "lib/iam.generated.ts",
5715 "line": 2682
5716 },
5717 "name": "CfnUserProps",
5718 "properties": [
5719 {
5720 "abstract": true,
5721 "docs": {
5722 "custom": {
5723 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-groups"
5724 },
5725 "stability": "external",
5726 "summary": "A list of group names to which you want to add the user."
5727 },
5728 "immutable": true,
5729 "locationInModule": {
5730 "filename": "lib/iam.generated.ts",
5731 "line": 2689
5732 },
5733 "name": "groups",
5734 "optional": true,
5735 "type": {
5736 "collection": {
5737 "elementtype": {
5738 "primitive": "string"
5739 },
5740 "kind": "array"
5741 }
5742 }
5743 },
5744 {
5745 "abstract": true,
5746 "docs": {
5747 "custom": {
5748 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-loginprofile"
5749 },
5750 "remarks": "A password allows an IAM user to access AWS services through the AWS Management Console .\n\nYou can use the AWS CLI , the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the AWS Management Console .\n\nFor more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .",
5751 "stability": "external",
5752 "summary": "Creates a password for the specified IAM user."
5753 },
5754 "immutable": true,
5755 "locationInModule": {
5756 "filename": "lib/iam.generated.ts",
5757 "line": 2700
5758 },
5759 "name": "loginProfile",
5760 "optional": true,
5761 "type": {
5762 "union": {
5763 "types": [
5764 {
5765 "fqn": "@aws-cdk/core.IResolvable"
5766 },
5767 {
5768 "fqn": "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty"
5769 }
5770 ]
5771 }
5772 }
5773 },
5774 {
5775 "abstract": true,
5776 "docs": {
5777 "custom": {
5778 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-managepolicyarns"
5779 },
5780 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
5781 "stability": "external",
5782 "summary": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user."
5783 },
5784 "immutable": true,
5785 "locationInModule": {
5786 "filename": "lib/iam.generated.ts",
5787 "line": 2709
5788 },
5789 "name": "managedPolicyArns",
5790 "optional": true,
5791 "type": {
5792 "collection": {
5793 "elementtype": {
5794 "primitive": "string"
5795 },
5796 "kind": "array"
5797 }
5798 }
5799 },
5800 {
5801 "abstract": true,
5802 "docs": {
5803 "custom": {
5804 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-path"
5805 },
5806 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
5807 "stability": "external",
5808 "summary": "The path for the user name."
5809 },
5810 "immutable": true,
5811 "locationInModule": {
5812 "filename": "lib/iam.generated.ts",
5813 "line": 2720
5814 },
5815 "name": "path",
5816 "optional": true,
5817 "type": {
5818 "primitive": "string"
5819 }
5820 },
5821 {
5822 "abstract": true,
5823 "docs": {
5824 "custom": {
5825 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-permissionsboundary"
5826 },
5827 "stability": "external",
5828 "summary": "The ARN of the policy that is used to set the permissions boundary for the user."
5829 },
5830 "immutable": true,
5831 "locationInModule": {
5832 "filename": "lib/iam.generated.ts",
5833 "line": 2727
5834 },
5835 "name": "permissionsBoundary",
5836 "optional": true,
5837 "type": {
5838 "primitive": "string"
5839 }
5840 },
5841 {
5842 "abstract": true,
5843 "docs": {
5844 "custom": {
5845 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-policies"
5846 },
5847 "remarks": "To view AWS::IAM::User snippets, see [Declaring an IAM User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user) .\n\n> The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.\n\nFor information about limits on the number of inline policies that you can embed in a user, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
5848 "stability": "external",
5849 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM user."
5850 },
5851 "immutable": true,
5852 "locationInModule": {
5853 "filename": "lib/iam.generated.ts",
5854 "line": 2738
5855 },
5856 "name": "policies",
5857 "optional": true,
5858 "type": {
5859 "union": {
5860 "types": [
5861 {
5862 "fqn": "@aws-cdk/core.IResolvable"
5863 },
5864 {
5865 "collection": {
5866 "elementtype": {
5867 "union": {
5868 "types": [
5869 {
5870 "fqn": "@aws-cdk/core.IResolvable"
5871 },
5872 {
5873 "fqn": "@aws-cdk/aws-iam.CfnUser.PolicyProperty"
5874 }
5875 ]
5876 }
5877 },
5878 "kind": "array"
5879 }
5880 }
5881 ]
5882 }
5883 }
5884 },
5885 {
5886 "abstract": true,
5887 "docs": {
5888 "custom": {
5889 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-tags"
5890 },
5891 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
5892 "stability": "external",
5893 "summary": "A list of tags that you want to attach to the new user."
5894 },
5895 "immutable": true,
5896 "locationInModule": {
5897 "filename": "lib/iam.generated.ts",
5898 "line": 2747
5899 },
5900 "name": "tags",
5901 "optional": true,
5902 "type": {
5903 "collection": {
5904 "elementtype": {
5905 "fqn": "@aws-cdk/core.CfnTag"
5906 },
5907 "kind": "array"
5908 }
5909 }
5910 },
5911 {
5912 "abstract": true,
5913 "docs": {
5914 "custom": {
5915 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-username"
5916 },
5917 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both \"John\" and \"john\".\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
5918 "stability": "external",
5919 "summary": "The name of the user to create. Do not include the path in this value."
5920 },
5921 "immutable": true,
5922 "locationInModule": {
5923 "filename": "lib/iam.generated.ts",
5924 "line": 2762
5925 },
5926 "name": "userName",
5927 "optional": true,
5928 "type": {
5929 "primitive": "string"
5930 }
5931 }
5932 ],
5933 "symbolId": "lib/iam.generated:CfnUserProps"
5934 },
5935 "@aws-cdk/aws-iam.CfnUserToGroupAddition": {
5936 "assembly": "@aws-cdk/aws-iam",
5937 "base": "@aws-cdk/core.CfnResource",
5938 "docs": {
5939 "custom": {
5940 "cloudformationResource": "AWS::IAM::UserToGroupAddition",
5941 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html",
5942 "exampleMetadata": "fixture=_generated"
5943 },
5944 "remarks": "Adds the specified user to the specified group.",
5945 "stability": "external",
5946 "summary": "A CloudFormation `AWS::IAM::UserToGroupAddition`.",
5947 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnUserToGroupAddition = new iam.CfnUserToGroupAddition(this, 'MyCfnUserToGroupAddition', {\n groupName: 'groupName',\n users: ['users'],\n});"
5948 },
5949 "fqn": "@aws-cdk/aws-iam.CfnUserToGroupAddition",
5950 "initializer": {
5951 "docs": {
5952 "stability": "external",
5953 "summary": "Create a new `AWS::IAM::UserToGroupAddition`."
5954 },
5955 "locationInModule": {
5956 "filename": "lib/iam.generated.ts",
5957 "line": 3298
5958 },
5959 "parameters": [
5960 {
5961 "docs": {
5962 "summary": "- scope in which this resource is defined."
5963 },
5964 "name": "scope",
5965 "type": {
5966 "fqn": "@aws-cdk/core.Construct"
5967 }
5968 },
5969 {
5970 "docs": {
5971 "summary": "- scoped id of the resource."
5972 },
5973 "name": "id",
5974 "type": {
5975 "primitive": "string"
5976 }
5977 },
5978 {
5979 "docs": {
5980 "summary": "- resource properties."
5981 },
5982 "name": "props",
5983 "type": {
5984 "fqn": "@aws-cdk/aws-iam.CfnUserToGroupAdditionProps"
5985 }
5986 }
5987 ]
5988 },
5989 "interfaces": [
5990 "@aws-cdk/core.IInspectable"
5991 ],
5992 "kind": "class",
5993 "locationInModule": {
5994 "filename": "lib/iam.generated.ts",
5995 "line": 3250
5996 },
5997 "methods": [
5998 {
5999 "docs": {
6000 "stability": "external",
6001 "summary": "Examines the CloudFormation resource and discloses attributes."
6002 },
6003 "locationInModule": {
6004 "filename": "lib/iam.generated.ts",
6005 "line": 3313
6006 },
6007 "name": "inspect",
6008 "overrides": "@aws-cdk/core.IInspectable",
6009 "parameters": [
6010 {
6011 "docs": {
6012 "summary": "- tree inspector to collect and process attributes."
6013 },
6014 "name": "inspector",
6015 "type": {
6016 "fqn": "@aws-cdk/core.TreeInspector"
6017 }
6018 }
6019 ]
6020 },
6021 {
6022 "docs": {
6023 "stability": "external"
6024 },
6025 "locationInModule": {
6026 "filename": "lib/iam.generated.ts",
6027 "line": 3325
6028 },
6029 "name": "renderProperties",
6030 "overrides": "@aws-cdk/core.CfnResource",
6031 "parameters": [
6032 {
6033 "name": "props",
6034 "type": {
6035 "collection": {
6036 "elementtype": {
6037 "primitive": "any"
6038 },
6039 "kind": "map"
6040 }
6041 }
6042 }
6043 ],
6044 "protected": true,
6045 "returns": {
6046 "type": {
6047 "collection": {
6048 "elementtype": {
6049 "primitive": "any"
6050 },
6051 "kind": "map"
6052 }
6053 }
6054 }
6055 }
6056 ],
6057 "name": "CfnUserToGroupAddition",
6058 "properties": [
6059 {
6060 "const": true,
6061 "docs": {
6062 "stability": "external",
6063 "summary": "The CloudFormation resource type name for this resource class."
6064 },
6065 "immutable": true,
6066 "locationInModule": {
6067 "filename": "lib/iam.generated.ts",
6068 "line": 3254
6069 },
6070 "name": "CFN_RESOURCE_TYPE_NAME",
6071 "static": true,
6072 "type": {
6073 "primitive": "string"
6074 }
6075 },
6076 {
6077 "docs": {
6078 "stability": "external"
6079 },
6080 "immutable": true,
6081 "locationInModule": {
6082 "filename": "lib/iam.generated.ts",
6083 "line": 3318
6084 },
6085 "name": "cfnProperties",
6086 "overrides": "@aws-cdk/core.CfnResource",
6087 "protected": true,
6088 "type": {
6089 "collection": {
6090 "elementtype": {
6091 "primitive": "any"
6092 },
6093 "kind": "map"
6094 }
6095 }
6096 },
6097 {
6098 "docs": {
6099 "custom": {
6100 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-groupname"
6101 },
6102 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
6103 "stability": "external",
6104 "summary": "The name of the group to update."
6105 },
6106 "locationInModule": {
6107 "filename": "lib/iam.generated.ts",
6108 "line": 3282
6109 },
6110 "name": "groupName",
6111 "type": {
6112 "primitive": "string"
6113 }
6114 },
6115 {
6116 "docs": {
6117 "custom": {
6118 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-users"
6119 },
6120 "stability": "external",
6121 "summary": "A list of the names of the users that you want to add to the group."
6122 },
6123 "locationInModule": {
6124 "filename": "lib/iam.generated.ts",
6125 "line": 3289
6126 },
6127 "name": "users",
6128 "type": {
6129 "collection": {
6130 "elementtype": {
6131 "primitive": "string"
6132 },
6133 "kind": "array"
6134 }
6135 }
6136 }
6137 ],
6138 "symbolId": "lib/iam.generated:CfnUserToGroupAddition"
6139 },
6140 "@aws-cdk/aws-iam.CfnUserToGroupAdditionProps": {
6141 "assembly": "@aws-cdk/aws-iam",
6142 "datatype": true,
6143 "docs": {
6144 "custom": {
6145 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html",
6146 "exampleMetadata": "fixture=_generated"
6147 },
6148 "stability": "external",
6149 "summary": "Properties for defining a `CfnUserToGroupAddition`.",
6150 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnUserToGroupAdditionProps: iam.CfnUserToGroupAdditionProps = {\n groupName: 'groupName',\n users: ['users'],\n};"
6151 },
6152 "fqn": "@aws-cdk/aws-iam.CfnUserToGroupAdditionProps",
6153 "kind": "interface",
6154 "locationInModule": {
6155 "filename": "lib/iam.generated.ts",
6156 "line": 3171
6157 },
6158 "name": "CfnUserToGroupAdditionProps",
6159 "properties": [
6160 {
6161 "abstract": true,
6162 "docs": {
6163 "custom": {
6164 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-groupname"
6165 },
6166 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
6167 "stability": "external",
6168 "summary": "The name of the group to update."
6169 },
6170 "immutable": true,
6171 "locationInModule": {
6172 "filename": "lib/iam.generated.ts",
6173 "line": 3180
6174 },
6175 "name": "groupName",
6176 "type": {
6177 "primitive": "string"
6178 }
6179 },
6180 {
6181 "abstract": true,
6182 "docs": {
6183 "custom": {
6184 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-users"
6185 },
6186 "stability": "external",
6187 "summary": "A list of the names of the users that you want to add to the group."
6188 },
6189 "immutable": true,
6190 "locationInModule": {
6191 "filename": "lib/iam.generated.ts",
6192 "line": 3187
6193 },
6194 "name": "users",
6195 "type": {
6196 "collection": {
6197 "elementtype": {
6198 "primitive": "string"
6199 },
6200 "kind": "array"
6201 }
6202 }
6203 }
6204 ],
6205 "symbolId": "lib/iam.generated:CfnUserToGroupAdditionProps"
6206 },
6207 "@aws-cdk/aws-iam.CfnVirtualMFADevice": {
6208 "assembly": "@aws-cdk/aws-iam",
6209 "base": "@aws-cdk/core.CfnResource",
6210 "docs": {
6211 "custom": {
6212 "cloudformationResource": "AWS::IAM::VirtualMFADevice",
6213 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html",
6214 "exampleMetadata": "fixture=_generated"
6215 },
6216 "remarks": "Creates a new virtual MFA device for the AWS account . After creating the virtual MFA, use [EnableMFADevice](https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html) to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, see [Using a virtual MFA device](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) in the *IAM User Guide* .\n\nFor information about the maximum number of MFA devices you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .\n\n> The seed information contained in the QR code and the Base32 string should be treated like any other secret access information. In other words, protect the seed information as you would your AWS access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.",
6217 "stability": "external",
6218 "summary": "A CloudFormation `AWS::IAM::VirtualMFADevice`.",
6219 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnVirtualMFADevice = new iam.CfnVirtualMFADevice(this, 'MyCfnVirtualMFADevice', {\n users: ['users'],\n\n // the properties below are optional\n path: 'path',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n virtualMfaDeviceName: 'virtualMfaDeviceName',\n});"
6220 },
6221 "fqn": "@aws-cdk/aws-iam.CfnVirtualMFADevice",
6222 "initializer": {
6223 "docs": {
6224 "stability": "external",
6225 "summary": "Create a new `AWS::IAM::VirtualMFADevice`."
6226 },
6227 "locationInModule": {
6228 "filename": "lib/iam.generated.ts",
6229 "line": 3520
6230 },
6231 "parameters": [
6232 {
6233 "docs": {
6234 "summary": "- scope in which this resource is defined."
6235 },
6236 "name": "scope",
6237 "type": {
6238 "fqn": "@aws-cdk/core.Construct"
6239 }
6240 },
6241 {
6242 "docs": {
6243 "summary": "- scoped id of the resource."
6244 },
6245 "name": "id",
6246 "type": {
6247 "primitive": "string"
6248 }
6249 },
6250 {
6251 "docs": {
6252 "summary": "- resource properties."
6253 },
6254 "name": "props",
6255 "type": {
6256 "fqn": "@aws-cdk/aws-iam.CfnVirtualMFADeviceProps"
6257 }
6258 }
6259 ]
6260 },
6261 "interfaces": [
6262 "@aws-cdk/core.IInspectable"
6263 ],
6264 "kind": "class",
6265 "locationInModule": {
6266 "filename": "lib/iam.generated.ts",
6267 "line": 3446
6268 },
6269 "methods": [
6270 {
6271 "docs": {
6272 "stability": "external",
6273 "summary": "Examines the CloudFormation resource and discloses attributes."
6274 },
6275 "locationInModule": {
6276 "filename": "lib/iam.generated.ts",
6277 "line": 3537
6278 },
6279 "name": "inspect",
6280 "overrides": "@aws-cdk/core.IInspectable",
6281 "parameters": [
6282 {
6283 "docs": {
6284 "summary": "- tree inspector to collect and process attributes."
6285 },
6286 "name": "inspector",
6287 "type": {
6288 "fqn": "@aws-cdk/core.TreeInspector"
6289 }
6290 }
6291 ]
6292 },
6293 {
6294 "docs": {
6295 "stability": "external"
6296 },
6297 "locationInModule": {
6298 "filename": "lib/iam.generated.ts",
6299 "line": 3551
6300 },
6301 "name": "renderProperties",
6302 "overrides": "@aws-cdk/core.CfnResource",
6303 "parameters": [
6304 {
6305 "name": "props",
6306 "type": {
6307 "collection": {
6308 "elementtype": {
6309 "primitive": "any"
6310 },
6311 "kind": "map"
6312 }
6313 }
6314 }
6315 ],
6316 "protected": true,
6317 "returns": {
6318 "type": {
6319 "collection": {
6320 "elementtype": {
6321 "primitive": "any"
6322 },
6323 "kind": "map"
6324 }
6325 }
6326 }
6327 }
6328 ],
6329 "name": "CfnVirtualMFADevice",
6330 "properties": [
6331 {
6332 "const": true,
6333 "docs": {
6334 "stability": "external",
6335 "summary": "The CloudFormation resource type name for this resource class."
6336 },
6337 "immutable": true,
6338 "locationInModule": {
6339 "filename": "lib/iam.generated.ts",
6340 "line": 3450
6341 },
6342 "name": "CFN_RESOURCE_TYPE_NAME",
6343 "static": true,
6344 "type": {
6345 "primitive": "string"
6346 }
6347 },
6348 {
6349 "docs": {
6350 "custom": {
6351 "cloudformationAttribute": "SerialNumber"
6352 },
6353 "stability": "external",
6354 "summary": "Returns the serial number for the specified `AWS::IAM::VirtualMFADevice` resource."
6355 },
6356 "immutable": true,
6357 "locationInModule": {
6358 "filename": "lib/iam.generated.ts",
6359 "line": 3475
6360 },
6361 "name": "attrSerialNumber",
6362 "type": {
6363 "primitive": "string"
6364 }
6365 },
6366 {
6367 "docs": {
6368 "stability": "external"
6369 },
6370 "immutable": true,
6371 "locationInModule": {
6372 "filename": "lib/iam.generated.ts",
6373 "line": 3542
6374 },
6375 "name": "cfnProperties",
6376 "overrides": "@aws-cdk/core.CfnResource",
6377 "protected": true,
6378 "type": {
6379 "collection": {
6380 "elementtype": {
6381 "primitive": "any"
6382 },
6383 "kind": "map"
6384 }
6385 }
6386 },
6387 {
6388 "docs": {
6389 "custom": {
6390 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-tags"
6391 },
6392 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
6393 "stability": "external",
6394 "summary": "A list of tags that you want to attach to the new IAM virtual MFA device."
6395 },
6396 "immutable": true,
6397 "locationInModule": {
6398 "filename": "lib/iam.generated.ts",
6399 "line": 3502
6400 },
6401 "name": "tags",
6402 "type": {
6403 "fqn": "@aws-cdk/core.TagManager"
6404 }
6405 },
6406 {
6407 "docs": {
6408 "custom": {
6409 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-users"
6410 },
6411 "stability": "external",
6412 "summary": "The IAM user associated with this virtual MFA device."
6413 },
6414 "locationInModule": {
6415 "filename": "lib/iam.generated.ts",
6416 "line": 3482
6417 },
6418 "name": "users",
6419 "type": {
6420 "collection": {
6421 "elementtype": {
6422 "primitive": "string"
6423 },
6424 "kind": "array"
6425 }
6426 }
6427 },
6428 {
6429 "docs": {
6430 "custom": {
6431 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-path"
6432 },
6433 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
6434 "stability": "external",
6435 "summary": "The path for the virtual MFA device."
6436 },
6437 "locationInModule": {
6438 "filename": "lib/iam.generated.ts",
6439 "line": 3493
6440 },
6441 "name": "path",
6442 "optional": true,
6443 "type": {
6444 "primitive": "string"
6445 }
6446 },
6447 {
6448 "docs": {
6449 "custom": {
6450 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-virtualmfadevicename"
6451 },
6452 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
6453 "stability": "external",
6454 "summary": "The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device."
6455 },
6456 "locationInModule": {
6457 "filename": "lib/iam.generated.ts",
6458 "line": 3511
6459 },
6460 "name": "virtualMfaDeviceName",
6461 "optional": true,
6462 "type": {
6463 "primitive": "string"
6464 }
6465 }
6466 ],
6467 "symbolId": "lib/iam.generated:CfnVirtualMFADevice"
6468 },
6469 "@aws-cdk/aws-iam.CfnVirtualMFADeviceProps": {
6470 "assembly": "@aws-cdk/aws-iam",
6471 "datatype": true,
6472 "docs": {
6473 "custom": {
6474 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html",
6475 "exampleMetadata": "fixture=_generated"
6476 },
6477 "stability": "external",
6478 "summary": "Properties for defining a `CfnVirtualMFADevice`.",
6479 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnVirtualMFADeviceProps: iam.CfnVirtualMFADeviceProps = {\n users: ['users'],\n\n // the properties below are optional\n path: 'path',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n virtualMfaDeviceName: 'virtualMfaDeviceName',\n};"
6480 },
6481 "fqn": "@aws-cdk/aws-iam.CfnVirtualMFADeviceProps",
6482 "kind": "interface",
6483 "locationInModule": {
6484 "filename": "lib/iam.generated.ts",
6485 "line": 3338
6486 },
6487 "name": "CfnVirtualMFADeviceProps",
6488 "properties": [
6489 {
6490 "abstract": true,
6491 "docs": {
6492 "custom": {
6493 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-users"
6494 },
6495 "stability": "external",
6496 "summary": "The IAM user associated with this virtual MFA device."
6497 },
6498 "immutable": true,
6499 "locationInModule": {
6500 "filename": "lib/iam.generated.ts",
6501 "line": 3345
6502 },
6503 "name": "users",
6504 "type": {
6505 "collection": {
6506 "elementtype": {
6507 "primitive": "string"
6508 },
6509 "kind": "array"
6510 }
6511 }
6512 },
6513 {
6514 "abstract": true,
6515 "docs": {
6516 "custom": {
6517 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-path"
6518 },
6519 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
6520 "stability": "external",
6521 "summary": "The path for the virtual MFA device."
6522 },
6523 "immutable": true,
6524 "locationInModule": {
6525 "filename": "lib/iam.generated.ts",
6526 "line": 3356
6527 },
6528 "name": "path",
6529 "optional": true,
6530 "type": {
6531 "primitive": "string"
6532 }
6533 },
6534 {
6535 "abstract": true,
6536 "docs": {
6537 "custom": {
6538 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-tags"
6539 },
6540 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
6541 "stability": "external",
6542 "summary": "A list of tags that you want to attach to the new IAM virtual MFA device."
6543 },
6544 "immutable": true,
6545 "locationInModule": {
6546 "filename": "lib/iam.generated.ts",
6547 "line": 3365
6548 },
6549 "name": "tags",
6550 "optional": true,
6551 "type": {
6552 "collection": {
6553 "elementtype": {
6554 "fqn": "@aws-cdk/core.CfnTag"
6555 },
6556 "kind": "array"
6557 }
6558 }
6559 },
6560 {
6561 "abstract": true,
6562 "docs": {
6563 "custom": {
6564 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-virtualmfadevicename"
6565 },
6566 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
6567 "stability": "external",
6568 "summary": "The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device."
6569 },
6570 "immutable": true,
6571 "locationInModule": {
6572 "filename": "lib/iam.generated.ts",
6573 "line": 3374
6574 },
6575 "name": "virtualMfaDeviceName",
6576 "optional": true,
6577 "type": {
6578 "primitive": "string"
6579 }
6580 }
6581 ],
6582 "symbolId": "lib/iam.generated:CfnVirtualMFADeviceProps"
6583 },
6584 "@aws-cdk/aws-iam.CommonGrantOptions": {
6585 "assembly": "@aws-cdk/aws-iam",
6586 "datatype": true,
6587 "docs": {
6588 "stability": "stable",
6589 "summary": "Basic options for a grant operation.",
6590 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const grantable: iam.IGrantable;\nconst commonGrantOptions: iam.CommonGrantOptions = {\n actions: ['actions'],\n grantee: grantable,\n resourceArns: ['resourceArns'],\n};",
6591 "custom": {
6592 "exampleMetadata": "fixture=_generated"
6593 }
6594 },
6595 "fqn": "@aws-cdk/aws-iam.CommonGrantOptions",
6596 "kind": "interface",
6597 "locationInModule": {
6598 "filename": "lib/grant.ts",
6599 "line": 9
6600 },
6601 "name": "CommonGrantOptions",
6602 "properties": [
6603 {
6604 "abstract": true,
6605 "docs": {
6606 "stability": "stable",
6607 "summary": "The actions to grant."
6608 },
6609 "immutable": true,
6610 "locationInModule": {
6611 "filename": "lib/grant.ts",
6612 "line": 20
6613 },
6614 "name": "actions",
6615 "type": {
6616 "collection": {
6617 "elementtype": {
6618 "primitive": "string"
6619 },
6620 "kind": "array"
6621 }
6622 }
6623 },
6624 {
6625 "abstract": true,
6626 "docs": {
6627 "default": "if principal is undefined, no work is done.",
6628 "stability": "stable",
6629 "summary": "The principal to grant to."
6630 },
6631 "immutable": true,
6632 "locationInModule": {
6633 "filename": "lib/grant.ts",
6634 "line": 15
6635 },
6636 "name": "grantee",
6637 "type": {
6638 "fqn": "@aws-cdk/aws-iam.IGrantable"
6639 }
6640 },
6641 {
6642 "abstract": true,
6643 "docs": {
6644 "stability": "stable",
6645 "summary": "The resource ARNs to grant to."
6646 },
6647 "immutable": true,
6648 "locationInModule": {
6649 "filename": "lib/grant.ts",
6650 "line": 25
6651 },
6652 "name": "resourceArns",
6653 "type": {
6654 "collection": {
6655 "elementtype": {
6656 "primitive": "string"
6657 },
6658 "kind": "array"
6659 }
6660 }
6661 }
6662 ],
6663 "symbolId": "lib/grant:CommonGrantOptions"
6664 },
6665 "@aws-cdk/aws-iam.CompositeDependable": {
6666 "assembly": "@aws-cdk/aws-iam",
6667 "docs": {
6668 "remarks": "Not as simple as eagerly getting the dependency roots from the\ninner dependables, as they may be mutable so we need to defer\nthe query.",
6669 "stability": "stable",
6670 "summary": "Composite dependable.",
6671 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const dependable: cdk.IDependable;\nconst compositeDependable = new iam.CompositeDependable(dependable);",
6672 "custom": {
6673 "exampleMetadata": "fixture=_generated"
6674 }
6675 },
6676 "fqn": "@aws-cdk/aws-iam.CompositeDependable",
6677 "initializer": {
6678 "docs": {
6679 "stability": "stable"
6680 },
6681 "locationInModule": {
6682 "filename": "lib/grant.ts",
6683 "line": 339
6684 },
6685 "parameters": [
6686 {
6687 "name": "dependables",
6688 "type": {
6689 "fqn": "@aws-cdk/core.IDependable"
6690 },
6691 "variadic": true
6692 }
6693 ],
6694 "variadic": true
6695 },
6696 "interfaces": [
6697 "@aws-cdk/core.IDependable"
6698 ],
6699 "kind": "class",
6700 "locationInModule": {
6701 "filename": "lib/grant.ts",
6702 "line": 338
6703 },
6704 "name": "CompositeDependable",
6705 "symbolId": "lib/grant:CompositeDependable"
6706 },
6707 "@aws-cdk/aws-iam.CompositePrincipal": {
6708 "assembly": "@aws-cdk/aws-iam",
6709 "base": "@aws-cdk/aws-iam.PrincipalBase",
6710 "docs": {
6711 "custom": {
6712 "exampleMetadata": "infused"
6713 },
6714 "example": "const role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.CompositePrincipal(\n new iam.ServicePrincipal('ec2.amazonaws.com'),\n new iam.AccountPrincipal('1818188181818187272')\n ),\n});",
6715 "remarks": "A composite principal cannot\nhave conditions. i.e. multiple ServicePrincipals that form a composite principal",
6716 "stability": "stable",
6717 "summary": "Represents a principal that has multiple types of principals."
6718 },
6719 "fqn": "@aws-cdk/aws-iam.CompositePrincipal",
6720 "initializer": {
6721 "docs": {
6722 "stability": "stable"
6723 },
6724 "locationInModule": {
6725 "filename": "lib/principals.ts",
6726 "line": 692
6727 },
6728 "parameters": [
6729 {
6730 "name": "principals",
6731 "type": {
6732 "fqn": "@aws-cdk/aws-iam.IPrincipal"
6733 },
6734 "variadic": true
6735 }
6736 ],
6737 "variadic": true
6738 },
6739 "kind": "class",
6740 "locationInModule": {
6741 "filename": "lib/principals.ts",
6742 "line": 688
6743 },
6744 "methods": [
6745 {
6746 "docs": {
6747 "remarks": "Composite principals cannot have\nconditions.",
6748 "stability": "stable",
6749 "summary": "Adds IAM principals to the composite principal."
6750 },
6751 "locationInModule": {
6752 "filename": "lib/principals.ts",
6753 "line": 707
6754 },
6755 "name": "addPrincipals",
6756 "parameters": [
6757 {
6758 "docs": {
6759 "summary": "IAM principals that will be added to the composite principal."
6760 },
6761 "name": "principals",
6762 "type": {
6763 "fqn": "@aws-cdk/aws-iam.IPrincipal"
6764 },
6765 "variadic": true
6766 }
6767 ],
6768 "returns": {
6769 "type": {
6770 "fqn": "@aws-cdk/aws-iam.CompositePrincipal"
6771 }
6772 },
6773 "variadic": true
6774 },
6775 {
6776 "docs": {
6777 "remarks": "Add the statements to the AssumeRolePolicyDocument necessary to give this principal\npermissions to assume the given role.",
6778 "stability": "stable",
6779 "summary": "Add the princpial to the AssumeRolePolicyDocument."
6780 },
6781 "locationInModule": {
6782 "filename": "lib/principals.ts",
6783 "line": 712
6784 },
6785 "name": "addToAssumeRolePolicy",
6786 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6787 "parameters": [
6788 {
6789 "name": "doc",
6790 "type": {
6791 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
6792 }
6793 }
6794 ]
6795 },
6796 {
6797 "docs": {
6798 "stability": "stable",
6799 "summary": "Returns a string representation of an object."
6800 },
6801 "locationInModule": {
6802 "filename": "lib/principals.ts",
6803 "line": 739
6804 },
6805 "name": "toString",
6806 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6807 "returns": {
6808 "type": {
6809 "primitive": "string"
6810 }
6811 }
6812 }
6813 ],
6814 "name": "CompositePrincipal",
6815 "properties": [
6816 {
6817 "docs": {
6818 "stability": "stable",
6819 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
6820 },
6821 "immutable": true,
6822 "locationInModule": {
6823 "filename": "lib/principals.ts",
6824 "line": 689
6825 },
6826 "name": "assumeRoleAction",
6827 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6828 "type": {
6829 "primitive": "string"
6830 }
6831 },
6832 {
6833 "docs": {
6834 "stability": "stable",
6835 "summary": "Return the policy fragment that identifies this principal in a Policy."
6836 },
6837 "immutable": true,
6838 "locationInModule": {
6839 "filename": "lib/principals.ts",
6840 "line": 718
6841 },
6842 "name": "policyFragment",
6843 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6844 "type": {
6845 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
6846 }
6847 }
6848 ],
6849 "symbolId": "lib/principals:CompositePrincipal"
6850 },
6851 "@aws-cdk/aws-iam.Effect": {
6852 "assembly": "@aws-cdk/aws-iam",
6853 "docs": {
6854 "custom": {
6855 "exampleMetadata": "infused"
6856 },
6857 "example": "declare const books: apigateway.Resource;\ndeclare const iamUser: iam.User;\n\nconst getBooks = books.addMethod('GET', new apigateway.HttpIntegration('http://amazon.com'), {\n authorizationType: apigateway.AuthorizationType.IAM\n});\n\niamUser.attachInlinePolicy(new iam.Policy(this, 'AllowBooks', {\n statements: [\n new iam.PolicyStatement({\n actions: [ 'execute-api:Invoke' ],\n effect: iam.Effect.ALLOW,\n resources: [ getBooks.methodArn ]\n })\n ]\n}))",
6858 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_effect.html",
6859 "stability": "stable",
6860 "summary": "The Effect element of an IAM policy."
6861 },
6862 "fqn": "@aws-cdk/aws-iam.Effect",
6863 "kind": "enum",
6864 "locationInModule": {
6865 "filename": "lib/policy-statement.ts",
6866 "line": 485
6867 },
6868 "members": [
6869 {
6870 "docs": {
6871 "remarks": "By default, access to resources are denied.",
6872 "stability": "stable",
6873 "summary": "Allows access to a resource in an IAM policy statement."
6874 },
6875 "name": "ALLOW"
6876 },
6877 {
6878 "docs": {
6879 "remarks": "By default, all requests are denied implicitly.",
6880 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html",
6881 "stability": "stable",
6882 "summary": "Explicitly deny access to a resource."
6883 },
6884 "name": "DENY"
6885 }
6886 ],
6887 "name": "Effect",
6888 "symbolId": "lib/policy-statement:Effect"
6889 },
6890 "@aws-cdk/aws-iam.FederatedPrincipal": {
6891 "assembly": "@aws-cdk/aws-iam",
6892 "base": "@aws-cdk/aws-iam.PrincipalBase",
6893 "docs": {
6894 "remarks": "Additional condition keys are available when the temporary security credentials are used to make a request.\nYou can use these keys to write policies that limit the access of federated users.",
6895 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif",
6896 "stability": "stable",
6897 "summary": "Principal entity that represents a federated identity provider such as Amazon Cognito, that can be used to provide temporary security credentials to users who have been authenticated.",
6898 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const conditions: any;\nconst federatedPrincipal = new iam.FederatedPrincipal('federated', {\n conditionsKey: conditions,\n}, /* all optional props */ 'assumeRoleAction');",
6899 "custom": {
6900 "exampleMetadata": "fixture=_generated"
6901 }
6902 },
6903 "fqn": "@aws-cdk/aws-iam.FederatedPrincipal",
6904 "initializer": {
6905 "docs": {
6906 "stability": "stable"
6907 },
6908 "locationInModule": {
6909 "filename": "lib/principals.ts",
6910 "line": 525
6911 },
6912 "parameters": [
6913 {
6914 "docs": {
6915 "summary": "federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito)."
6916 },
6917 "name": "federated",
6918 "type": {
6919 "primitive": "string"
6920 }
6921 },
6922 {
6923 "docs": {
6924 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
6925 "summary": "The conditions under which the policy is in effect."
6926 },
6927 "name": "conditions",
6928 "type": {
6929 "collection": {
6930 "elementtype": {
6931 "primitive": "any"
6932 },
6933 "kind": "map"
6934 }
6935 }
6936 },
6937 {
6938 "name": "assumeRoleAction",
6939 "optional": true,
6940 "type": {
6941 "primitive": "string"
6942 }
6943 }
6944 ]
6945 },
6946 "kind": "class",
6947 "locationInModule": {
6948 "filename": "lib/principals.ts",
6949 "line": 515
6950 },
6951 "methods": [
6952 {
6953 "docs": {
6954 "stability": "stable",
6955 "summary": "Returns a string representation of an object."
6956 },
6957 "locationInModule": {
6958 "filename": "lib/principals.ts",
6959 "line": 538
6960 },
6961 "name": "toString",
6962 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6963 "returns": {
6964 "type": {
6965 "primitive": "string"
6966 }
6967 }
6968 }
6969 ],
6970 "name": "FederatedPrincipal",
6971 "properties": [
6972 {
6973 "docs": {
6974 "stability": "stable",
6975 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
6976 },
6977 "immutable": true,
6978 "locationInModule": {
6979 "filename": "lib/principals.ts",
6980 "line": 516
6981 },
6982 "name": "assumeRoleAction",
6983 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6984 "type": {
6985 "primitive": "string"
6986 }
6987 },
6988 {
6989 "docs": {
6990 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
6991 "stability": "stable",
6992 "summary": "The conditions under which the policy is in effect."
6993 },
6994 "immutable": true,
6995 "locationInModule": {
6996 "filename": "lib/principals.ts",
6997 "line": 527
6998 },
6999 "name": "conditions",
7000 "type": {
7001 "collection": {
7002 "elementtype": {
7003 "primitive": "any"
7004 },
7005 "kind": "map"
7006 }
7007 }
7008 },
7009 {
7010 "docs": {
7011 "stability": "stable",
7012 "summary": "federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito)."
7013 },
7014 "immutable": true,
7015 "locationInModule": {
7016 "filename": "lib/principals.ts",
7017 "line": 526
7018 },
7019 "name": "federated",
7020 "type": {
7021 "primitive": "string"
7022 }
7023 },
7024 {
7025 "docs": {
7026 "stability": "stable",
7027 "summary": "Return the policy fragment that identifies this principal in a Policy."
7028 },
7029 "immutable": true,
7030 "locationInModule": {
7031 "filename": "lib/principals.ts",
7032 "line": 534
7033 },
7034 "name": "policyFragment",
7035 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
7036 "type": {
7037 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
7038 }
7039 }
7040 ],
7041 "symbolId": "lib/principals:FederatedPrincipal"
7042 },
7043 "@aws-cdk/aws-iam.FromRoleArnOptions": {
7044 "assembly": "@aws-cdk/aws-iam",
7045 "datatype": true,
7046 "docs": {
7047 "custom": {
7048 "exampleMetadata": "infused"
7049 },
7050 "example": "const role = iam.Role.fromRoleArn(this, 'Role', 'arn:aws:iam::123456789012:role/MyExistingRole', {\n // Set 'mutable' to 'false' to use the role as-is and prevent adding new\n // policies to it. The default is 'true', which means the role may be\n // modified as part of the deployment.\n mutable: false,\n});",
7051 "stability": "stable",
7052 "summary": "Options allowing customizing the behavior of {@link Role.fromRoleArn}."
7053 },
7054 "fqn": "@aws-cdk/aws-iam.FromRoleArnOptions",
7055 "kind": "interface",
7056 "locationInModule": {
7057 "filename": "lib/role.ts",
7058 "line": 143
7059 },
7060 "name": "FromRoleArnOptions",
7061 "properties": [
7062 {
7063 "abstract": true,
7064 "docs": {
7065 "default": "false",
7066 "remarks": "If this is `false` or not specified, grant permissions added to this role are ignored.\nIt is your own responsibility to make sure the role has the required permissions.\n\nIf this is `true`, any grant permissions will be added to the resource instead.",
7067 "stability": "stable",
7068 "summary": "For immutable roles: add grants to resources instead of dropping them."
7069 },
7070 "immutable": true,
7071 "locationInModule": {
7072 "filename": "lib/role.ts",
7073 "line": 161
7074 },
7075 "name": "addGrantsToResources",
7076 "optional": true,
7077 "type": {
7078 "primitive": "boolean"
7079 }
7080 },
7081 {
7082 "abstract": true,
7083 "docs": {
7084 "default": "true",
7085 "stability": "stable",
7086 "summary": "Whether the imported role can be modified by attaching policy resources to it."
7087 },
7088 "immutable": true,
7089 "locationInModule": {
7090 "filename": "lib/role.ts",
7091 "line": 149
7092 },
7093 "name": "mutable",
7094 "optional": true,
7095 "type": {
7096 "primitive": "boolean"
7097 }
7098 }
7099 ],
7100 "symbolId": "lib/role:FromRoleArnOptions"
7101 },
7102 "@aws-cdk/aws-iam.Grant": {
7103 "assembly": "@aws-cdk/aws-iam",
7104 "docs": {
7105 "custom": {
7106 "exampleMetadata": "infused"
7107 },
7108 "example": "declare const instance: ec2.Instance;\ndeclare const volume: ec2.Volume;\n\nconst attachGrant = volume.grantAttachVolumeByResourceTag(instance.grantPrincipal, [instance]);\nconst detachGrant = volume.grantDetachVolumeByResourceTag(instance.grantPrincipal, [instance]);",
7109 "remarks": "This class is not instantiable by consumers on purpose, so that they will be\nrequired to call the Grant factory functions.",
7110 "stability": "stable",
7111 "summary": "Result of a grant() operation."
7112 },
7113 "fqn": "@aws-cdk/aws-iam.Grant",
7114 "interfaces": [
7115 "@aws-cdk/core.IDependable"
7116 ],
7117 "kind": "class",
7118 "locationInModule": {
7119 "filename": "lib/grant.ts",
7120 "line": 99
7121 },
7122 "methods": [
7123 {
7124 "docs": {
7125 "remarks": "Absence of a principal leads to a warning, but failing to add\nthe permissions to a present principal is not an error.",
7126 "stability": "stable",
7127 "summary": "Try to grant the given permissions to the given principal."
7128 },
7129 "locationInModule": {
7130 "filename": "lib/grant.ts",
7131 "line": 158
7132 },
7133 "name": "addToPrincipal",
7134 "parameters": [
7135 {
7136 "name": "options",
7137 "type": {
7138 "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalOptions"
7139 }
7140 }
7141 ],
7142 "returns": {
7143 "type": {
7144 "fqn": "@aws-cdk/aws-iam.Grant"
7145 }
7146 },
7147 "static": true
7148 },
7149 {
7150 "docs": {
7151 "remarks": "As long as any principal is given, granting on the principal may fail (in\ncase of a non-identity principal), but granting on the resource will\nnever fail.\n\nStatement will be the resource statement.",
7152 "stability": "stable",
7153 "summary": "Add a grant both on the principal and on the resource."
7154 },
7155 "locationInModule": {
7156 "filename": "lib/grant.ts",
7157 "line": 185
7158 },
7159 "name": "addToPrincipalAndResource",
7160 "parameters": [
7161 {
7162 "name": "options",
7163 "type": {
7164 "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalAndResourceOptions"
7165 }
7166 }
7167 ],
7168 "returns": {
7169 "type": {
7170 "fqn": "@aws-cdk/aws-iam.Grant"
7171 }
7172 },
7173 "static": true
7174 },
7175 {
7176 "docs": {
7177 "remarks": "The permissions will be added to the principal policy primarily, falling\nback to the resource policy if necessary. The permissions must be granted\nsomewhere.\n\n- Trying to grant permissions to a principal that does not admit adding to\n the principal policy while not providing a resource with a resource policy\n is an error.\n- Trying to grant permissions to an absent principal (possible in the\n case of imported resources) leads to a warning being added to the\n resource construct.",
7178 "stability": "stable",
7179 "summary": "Grant the given permissions to the principal."
7180 },
7181 "locationInModule": {
7182 "filename": "lib/grant.ts",
7183 "line": 114
7184 },
7185 "name": "addToPrincipalOrResource",
7186 "parameters": [
7187 {
7188 "name": "options",
7189 "type": {
7190 "fqn": "@aws-cdk/aws-iam.GrantWithResourceOptions"
7191 }
7192 }
7193 ],
7194 "returns": {
7195 "type": {
7196 "fqn": "@aws-cdk/aws-iam.Grant"
7197 }
7198 },
7199 "static": true
7200 },
7201 {
7202 "docs": {
7203 "remarks": "This can be used for e.g. imported resources where you may not be able to modify\nthe resource's policy or some underlying policy which you don't know about.",
7204 "stability": "stable",
7205 "summary": "Returns a \"no-op\" `Grant` object which represents a \"dropped grant\"."
7206 },
7207 "locationInModule": {
7208 "filename": "lib/grant.ts",
7209 "line": 217
7210 },
7211 "name": "drop",
7212 "parameters": [
7213 {
7214 "docs": {
7215 "summary": "The intended grantee."
7216 },
7217 "name": "grantee",
7218 "type": {
7219 "fqn": "@aws-cdk/aws-iam.IGrantable"
7220 }
7221 },
7222 {
7223 "docs": {
7224 "summary": "The user's intent (will be ignored at the moment)."
7225 },
7226 "name": "_intent",
7227 "type": {
7228 "primitive": "string"
7229 }
7230 }
7231 ],
7232 "returns": {
7233 "type": {
7234 "fqn": "@aws-cdk/aws-iam.Grant"
7235 }
7236 },
7237 "static": true
7238 },
7239 {
7240 "docs": {
7241 "remarks": "The same as construct.node.addDependency(grant), but slightly nicer to read.",
7242 "stability": "stable",
7243 "summary": "Make sure this grant is applied before the given constructs are deployed."
7244 },
7245 "locationInModule": {
7246 "filename": "lib/grant.ts",
7247 "line": 279
7248 },
7249 "name": "applyBefore",
7250 "parameters": [
7251 {
7252 "name": "constructs",
7253 "type": {
7254 "fqn": "@aws-cdk/core.IConstruct"
7255 },
7256 "variadic": true
7257 }
7258 ],
7259 "variadic": true
7260 },
7261 {
7262 "docs": {
7263 "stability": "stable",
7264 "summary": "Throw an error if this grant wasn't successful."
7265 },
7266 "locationInModule": {
7267 "filename": "lib/grant.ts",
7268 "line": 267
7269 },
7270 "name": "assertSuccess"
7271 }
7272 ],
7273 "name": "Grant",
7274 "properties": [
7275 {
7276 "docs": {
7277 "stability": "stable",
7278 "summary": "Whether the grant operation was successful."
7279 },
7280 "immutable": true,
7281 "locationInModule": {
7282 "filename": "lib/grant.ts",
7283 "line": 260
7284 },
7285 "name": "success",
7286 "type": {
7287 "primitive": "boolean"
7288 }
7289 },
7290 {
7291 "docs": {
7292 "remarks": "Can be accessed to (e.g.) add additional conditions to the statement.",
7293 "stability": "stable",
7294 "summary": "The statement that was added to the principal's policy."
7295 },
7296 "immutable": true,
7297 "locationInModule": {
7298 "filename": "lib/grant.ts",
7299 "line": 228
7300 },
7301 "name": "principalStatement",
7302 "optional": true,
7303 "type": {
7304 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
7305 }
7306 },
7307 {
7308 "docs": {
7309 "remarks": "Can be accessed to (e.g.) add additional conditions to the statement.",
7310 "stability": "stable",
7311 "summary": "The statement that was added to the resource policy."
7312 },
7313 "immutable": true,
7314 "locationInModule": {
7315 "filename": "lib/grant.ts",
7316 "line": 235
7317 },
7318 "name": "resourceStatement",
7319 "optional": true,
7320 "type": {
7321 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
7322 }
7323 }
7324 ],
7325 "symbolId": "lib/grant:Grant"
7326 },
7327 "@aws-cdk/aws-iam.GrantOnPrincipalAndResourceOptions": {
7328 "assembly": "@aws-cdk/aws-iam",
7329 "datatype": true,
7330 "docs": {
7331 "stability": "stable",
7332 "summary": "Options for a grant operation to both identity and resource.",
7333 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const grantable: iam.IGrantable;\ndeclare const principal: iam.IPrincipal;\ndeclare const resourceWithPolicy: iam.IResourceWithPolicy;\nconst grantOnPrincipalAndResourceOptions: iam.GrantOnPrincipalAndResourceOptions = {\n actions: ['actions'],\n grantee: grantable,\n resource: resourceWithPolicy,\n resourceArns: ['resourceArns'],\n\n // the properties below are optional\n resourcePolicyPrincipal: principal,\n resourceSelfArns: ['resourceSelfArns'],\n};",
7334 "custom": {
7335 "exampleMetadata": "fixture=_generated"
7336 }
7337 },
7338 "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalAndResourceOptions",
7339 "interfaces": [
7340 "@aws-cdk/aws-iam.CommonGrantOptions"
7341 ],
7342 "kind": "interface",
7343 "locationInModule": {
7344 "filename": "lib/grant.ts",
7345 "line": 68
7346 },
7347 "name": "GrantOnPrincipalAndResourceOptions",
7348 "properties": [
7349 {
7350 "abstract": true,
7351 "docs": {
7352 "remarks": "The statement will always be added to the resource policy.",
7353 "stability": "stable",
7354 "summary": "The resource with a resource policy."
7355 },
7356 "immutable": true,
7357 "locationInModule": {
7358 "filename": "lib/grant.ts",
7359 "line": 74
7360 },
7361 "name": "resource",
7362 "type": {
7363 "fqn": "@aws-cdk/aws-iam.IResourceWithPolicy"
7364 }
7365 },
7366 {
7367 "abstract": true,
7368 "docs": {
7369 "default": "- the principal of the grantee will be used",
7370 "stability": "stable",
7371 "summary": "The principal to use in the statement for the resource policy."
7372 },
7373 "immutable": true,
7374 "locationInModule": {
7375 "filename": "lib/grant.ts",
7376 "line": 90
7377 },
7378 "name": "resourcePolicyPrincipal",
7379 "optional": true,
7380 "type": {
7381 "fqn": "@aws-cdk/aws-iam.IPrincipal"
7382 }
7383 },
7384 {
7385 "abstract": true,
7386 "docs": {
7387 "default": "Same as regular resource ARNs",
7388 "remarks": "(Depending on the resource type, this needs to be '*' in a resource policy).",
7389 "stability": "stable",
7390 "summary": "When referring to the resource in a resource policy, use this as ARN."
7391 },
7392 "immutable": true,
7393 "locationInModule": {
7394 "filename": "lib/grant.ts",
7395 "line": 83
7396 },
7397 "name": "resourceSelfArns",
7398 "optional": true,
7399 "type": {
7400 "collection": {
7401 "elementtype": {
7402 "primitive": "string"
7403 },
7404 "kind": "array"
7405 }
7406 }
7407 }
7408 ],
7409 "symbolId": "lib/grant:GrantOnPrincipalAndResourceOptions"
7410 },
7411 "@aws-cdk/aws-iam.GrantOnPrincipalOptions": {
7412 "assembly": "@aws-cdk/aws-iam",
7413 "datatype": true,
7414 "docs": {
7415 "stability": "stable",
7416 "summary": "Options for a grant operation that only applies to principals.",
7417 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const construct: cdk.Construct;\ndeclare const grantable: iam.IGrantable;\nconst grantOnPrincipalOptions: iam.GrantOnPrincipalOptions = {\n actions: ['actions'],\n grantee: grantable,\n resourceArns: ['resourceArns'],\n\n // the properties below are optional\n scope: construct,\n};",
7418 "custom": {
7419 "exampleMetadata": "fixture=_generated"
7420 }
7421 },
7422 "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalOptions",
7423 "interfaces": [
7424 "@aws-cdk/aws-iam.CommonGrantOptions"
7425 ],
7426 "kind": "interface",
7427 "locationInModule": {
7428 "filename": "lib/grant.ts",
7429 "line": 55
7430 },
7431 "name": "GrantOnPrincipalOptions",
7432 "properties": [
7433 {
7434 "abstract": true,
7435 "docs": {
7436 "default": "- the construct in which this construct is defined",
7437 "stability": "stable",
7438 "summary": "Construct to report warnings on in case grant could not be registered."
7439 },
7440 "immutable": true,
7441 "locationInModule": {
7442 "filename": "lib/grant.ts",
7443 "line": 61
7444 },
7445 "name": "scope",
7446 "optional": true,
7447 "type": {
7448 "fqn": "@aws-cdk/core.IConstruct"
7449 }
7450 }
7451 ],
7452 "symbolId": "lib/grant:GrantOnPrincipalOptions"
7453 },
7454 "@aws-cdk/aws-iam.GrantWithResourceOptions": {
7455 "assembly": "@aws-cdk/aws-iam",
7456 "datatype": true,
7457 "docs": {
7458 "stability": "stable",
7459 "summary": "Options for a grant operation.",
7460 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const grantable: iam.IGrantable;\ndeclare const resourceWithPolicy: iam.IResourceWithPolicy;\nconst grantWithResourceOptions: iam.GrantWithResourceOptions = {\n actions: ['actions'],\n grantee: grantable,\n resource: resourceWithPolicy,\n resourceArns: ['resourceArns'],\n\n // the properties below are optional\n resourceSelfArns: ['resourceSelfArns'],\n};",
7461 "custom": {
7462 "exampleMetadata": "fixture=_generated"
7463 }
7464 },
7465 "fqn": "@aws-cdk/aws-iam.GrantWithResourceOptions",
7466 "interfaces": [
7467 "@aws-cdk/aws-iam.CommonGrantOptions"
7468 ],
7469 "kind": "interface",
7470 "locationInModule": {
7471 "filename": "lib/grant.ts",
7472 "line": 32
7473 },
7474 "name": "GrantWithResourceOptions",
7475 "properties": [
7476 {
7477 "abstract": true,
7478 "docs": {
7479 "remarks": "The statement will be added to the resource policy if it couldn't be\nadded to the principal policy.",
7480 "stability": "stable",
7481 "summary": "The resource with a resource policy."
7482 },
7483 "immutable": true,
7484 "locationInModule": {
7485 "filename": "lib/grant.ts",
7486 "line": 39
7487 },
7488 "name": "resource",
7489 "type": {
7490 "fqn": "@aws-cdk/aws-iam.IResourceWithPolicy"
7491 }
7492 },
7493 {
7494 "abstract": true,
7495 "docs": {
7496 "default": "Same as regular resource ARNs",
7497 "remarks": "(Depending on the resource type, this needs to be '*' in a resource policy).",
7498 "stability": "stable",
7499 "summary": "When referring to the resource in a resource policy, use this as ARN."
7500 },
7501 "immutable": true,
7502 "locationInModule": {
7503 "filename": "lib/grant.ts",
7504 "line": 48
7505 },
7506 "name": "resourceSelfArns",
7507 "optional": true,
7508 "type": {
7509 "collection": {
7510 "elementtype": {
7511 "primitive": "string"
7512 },
7513 "kind": "array"
7514 }
7515 }
7516 }
7517 ],
7518 "symbolId": "lib/grant:GrantWithResourceOptions"
7519 },
7520 "@aws-cdk/aws-iam.Group": {
7521 "assembly": "@aws-cdk/aws-iam",
7522 "base": "@aws-cdk/core.Resource",
7523 "docs": {
7524 "custom": {
7525 "exampleMetadata": "infused"
7526 },
7527 "example": "const user = new iam.User(this, 'MyUser'); // or User.fromUserName(stack, 'User', 'johnsmith');\nconst group = new iam.Group(this, 'MyGroup'); // or Group.fromGroupArn(stack, 'Group', 'arn:aws:iam::account-id:group/group-name');\n\nuser.addToGroup(group);\n// or\ngroup.addUser(user);",
7528 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html",
7529 "stability": "stable",
7530 "summary": "An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users."
7531 },
7532 "fqn": "@aws-cdk/aws-iam.Group",
7533 "initializer": {
7534 "docs": {
7535 "stability": "stable"
7536 },
7537 "locationInModule": {
7538 "filename": "lib/group.ts",
7539 "line": 182
7540 },
7541 "parameters": [
7542 {
7543 "name": "scope",
7544 "type": {
7545 "fqn": "constructs.Construct"
7546 }
7547 },
7548 {
7549 "name": "id",
7550 "type": {
7551 "primitive": "string"
7552 }
7553 },
7554 {
7555 "name": "props",
7556 "optional": true,
7557 "type": {
7558 "fqn": "@aws-cdk/aws-iam.GroupProps"
7559 }
7560 }
7561 ]
7562 },
7563 "interfaces": [
7564 "@aws-cdk/aws-iam.IGroup"
7565 ],
7566 "kind": "class",
7567 "locationInModule": {
7568 "filename": "lib/group.ts",
7569 "line": 130
7570 },
7571 "methods": [
7572 {
7573 "docs": {
7574 "remarks": "If the imported Group ARN is a Token (such as a\n`CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced\ngroup has a `path` (like `arn:...:group/AdminGroup/NetworkAdmin`), the\n`groupName` property will not resolve to the correct value. Instead it\nwill resolve to the first path component. We unfortunately cannot express\nthe correct calculation of the full path name as a CloudFormation\nexpression. In this scenario the Group ARN should be supplied without the\n`path` in order to resolve the correct group resource.",
7575 "stability": "stable",
7576 "summary": "Import an external group by ARN."
7577 },
7578 "locationInModule": {
7579 "filename": "lib/group.ts",
7580 "line": 147
7581 },
7582 "name": "fromGroupArn",
7583 "parameters": [
7584 {
7585 "docs": {
7586 "summary": "construct scope."
7587 },
7588 "name": "scope",
7589 "type": {
7590 "fqn": "constructs.Construct"
7591 }
7592 },
7593 {
7594 "docs": {
7595 "summary": "construct id."
7596 },
7597 "name": "id",
7598 "type": {
7599 "primitive": "string"
7600 }
7601 },
7602 {
7603 "docs": {
7604 "summary": "the ARN of the group to import (e.g. `arn:aws:iam::account-id:group/group-name`)."
7605 },
7606 "name": "groupArn",
7607 "type": {
7608 "primitive": "string"
7609 }
7610 }
7611 ],
7612 "returns": {
7613 "type": {
7614 "fqn": "@aws-cdk/aws-iam.IGroup"
7615 }
7616 },
7617 "static": true
7618 },
7619 {
7620 "docs": {
7621 "remarks": "This method has same caveats of `fromGroupArn`",
7622 "stability": "stable",
7623 "summary": "Import an existing group by given name (with path)."
7624 },
7625 "locationInModule": {
7626 "filename": "lib/group.ts",
7627 "line": 167
7628 },
7629 "name": "fromGroupName",
7630 "parameters": [
7631 {
7632 "docs": {
7633 "summary": "construct scope."
7634 },
7635 "name": "scope",
7636 "type": {
7637 "fqn": "constructs.Construct"
7638 }
7639 },
7640 {
7641 "docs": {
7642 "summary": "construct id."
7643 },
7644 "name": "id",
7645 "type": {
7646 "primitive": "string"
7647 }
7648 },
7649 {
7650 "docs": {
7651 "summary": "the groupName (path included) of the existing group to import."
7652 },
7653 "name": "groupName",
7654 "type": {
7655 "primitive": "string"
7656 }
7657 }
7658 ],
7659 "returns": {
7660 "type": {
7661 "fqn": "@aws-cdk/aws-iam.IGroup"
7662 }
7663 },
7664 "static": true
7665 },
7666 {
7667 "docs": {
7668 "stability": "stable",
7669 "summary": "Attaches a managed policy to this group."
7670 },
7671 "locationInModule": {
7672 "filename": "lib/group.ts",
7673 "line": 209
7674 },
7675 "name": "addManagedPolicy",
7676 "overrides": "@aws-cdk/aws-iam.IIdentity",
7677 "parameters": [
7678 {
7679 "docs": {
7680 "summary": "The managed policy to attach."
7681 },
7682 "name": "policy",
7683 "type": {
7684 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
7685 }
7686 }
7687 ]
7688 },
7689 {
7690 "docs": {
7691 "stability": "stable",
7692 "summary": "Add to the policy of this principal."
7693 },
7694 "locationInModule": {
7695 "filename": "lib/group.ts",
7696 "line": 119
7697 },
7698 "name": "addToPolicy",
7699 "overrides": "@aws-cdk/aws-iam.IPrincipal",
7700 "parameters": [
7701 {
7702 "name": "statement",
7703 "type": {
7704 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
7705 }
7706 }
7707 ],
7708 "returns": {
7709 "type": {
7710 "primitive": "boolean"
7711 }
7712 }
7713 },
7714 {
7715 "docs": {
7716 "stability": "stable",
7717 "summary": "Adds an IAM statement to the default policy."
7718 },
7719 "locationInModule": {
7720 "filename": "lib/group.ts",
7721 "line": 109
7722 },
7723 "name": "addToPrincipalPolicy",
7724 "overrides": "@aws-cdk/aws-iam.IPrincipal",
7725 "parameters": [
7726 {
7727 "name": "statement",
7728 "type": {
7729 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
7730 }
7731 }
7732 ],
7733 "returns": {
7734 "type": {
7735 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
7736 }
7737 }
7738 },
7739 {
7740 "docs": {
7741 "stability": "stable",
7742 "summary": "Adds a user to this group."
7743 },
7744 "locationInModule": {
7745 "filename": "lib/group.ts",
7746 "line": 102
7747 },
7748 "name": "addUser",
7749 "parameters": [
7750 {
7751 "name": "user",
7752 "type": {
7753 "fqn": "@aws-cdk/aws-iam.IUser"
7754 }
7755 }
7756 ]
7757 },
7758 {
7759 "docs": {
7760 "stability": "stable",
7761 "summary": "Attaches a policy to this group."
7762 },
7763 "locationInModule": {
7764 "filename": "lib/group.ts",
7765 "line": 90
7766 },
7767 "name": "attachInlinePolicy",
7768 "overrides": "@aws-cdk/aws-iam.IIdentity",
7769 "parameters": [
7770 {
7771 "docs": {
7772 "summary": "The policy to attach."
7773 },
7774 "name": "policy",
7775 "type": {
7776 "fqn": "@aws-cdk/aws-iam.Policy"
7777 }
7778 }
7779 ]
7780 }
7781 ],
7782 "name": "Group",
7783 "properties": [
7784 {
7785 "docs": {
7786 "stability": "stable",
7787 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
7788 },
7789 "immutable": true,
7790 "locationInModule": {
7791 "filename": "lib/group.ts",
7792 "line": 77
7793 },
7794 "name": "assumeRoleAction",
7795 "overrides": "@aws-cdk/aws-iam.IPrincipal",
7796 "type": {
7797 "primitive": "string"
7798 }
7799 },
7800 {
7801 "docs": {
7802 "stability": "stable",
7803 "summary": "The principal to grant permissions to."
7804 },
7805 "immutable": true,
7806 "locationInModule": {
7807 "filename": "lib/group.ts",
7808 "line": 75
7809 },
7810 "name": "grantPrincipal",
7811 "overrides": "@aws-cdk/aws-iam.IGrantable",
7812 "type": {
7813 "fqn": "@aws-cdk/aws-iam.IPrincipal"
7814 }
7815 },
7816 {
7817 "docs": {
7818 "stability": "stable",
7819 "summary": "Returns the IAM Group ARN."
7820 },
7821 "immutable": true,
7822 "locationInModule": {
7823 "filename": "lib/group.ts",
7824 "line": 178
7825 },
7826 "name": "groupArn",
7827 "overrides": "@aws-cdk/aws-iam.IGroup",
7828 "type": {
7829 "primitive": "string"
7830 }
7831 },
7832 {
7833 "docs": {
7834 "stability": "stable",
7835 "summary": "Returns the IAM Group Name."
7836 },
7837 "immutable": true,
7838 "locationInModule": {
7839 "filename": "lib/group.ts",
7840 "line": 177
7841 },
7842 "name": "groupName",
7843 "overrides": "@aws-cdk/aws-iam.IGroup",
7844 "type": {
7845 "primitive": "string"
7846 }
7847 },
7848 {
7849 "docs": {
7850 "stability": "stable",
7851 "summary": "Return the policy fragment that identifies this principal in a Policy."
7852 },
7853 "immutable": true,
7854 "locationInModule": {
7855 "filename": "lib/group.ts",
7856 "line": 82
7857 },
7858 "name": "policyFragment",
7859 "overrides": "@aws-cdk/aws-iam.IPrincipal",
7860 "type": {
7861 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
7862 }
7863 },
7864 {
7865 "docs": {
7866 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
7867 "stability": "stable",
7868 "summary": "The AWS account ID of this principal."
7869 },
7870 "immutable": true,
7871 "locationInModule": {
7872 "filename": "lib/group.ts",
7873 "line": 76
7874 },
7875 "name": "principalAccount",
7876 "optional": true,
7877 "overrides": "@aws-cdk/aws-iam.IPrincipal",
7878 "type": {
7879 "primitive": "string"
7880 }
7881 }
7882 ],
7883 "symbolId": "lib/group:Group"
7884 },
7885 "@aws-cdk/aws-iam.GroupProps": {
7886 "assembly": "@aws-cdk/aws-iam",
7887 "datatype": true,
7888 "docs": {
7889 "stability": "stable",
7890 "summary": "Properties for defining an IAM group.",
7891 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const managedPolicy: iam.ManagedPolicy;\nconst groupProps: iam.GroupProps = {\n groupName: 'groupName',\n managedPolicies: [managedPolicy],\n path: 'path',\n};",
7892 "custom": {
7893 "exampleMetadata": "fixture=_generated"
7894 }
7895 },
7896 "fqn": "@aws-cdk/aws-iam.GroupProps",
7897 "kind": "interface",
7898 "locationInModule": {
7899 "filename": "lib/group.ts",
7900 "line": 36
7901 },
7902 "name": "GroupProps",
7903 "properties": [
7904 {
7905 "abstract": true,
7906 "docs": {
7907 "default": "Generated by CloudFormation (recommended)",
7908 "remarks": "For valid values, see the GroupName parameter\nfor the CreateGroup action in the IAM API Reference. If you don't specify\na name, AWS CloudFormation generates a unique physical ID and uses that\nID for the group name.\n\nIf you specify a name, you must specify the CAPABILITY_NAMED_IAM value to\nacknowledge your template's capabilities. For more information, see\nAcknowledging IAM Resources in AWS CloudFormation Templates.",
7909 "stability": "stable",
7910 "summary": "A name for the IAM group."
7911 },
7912 "immutable": true,
7913 "locationInModule": {
7914 "filename": "lib/group.ts",
7915 "line": 49
7916 },
7917 "name": "groupName",
7918 "optional": true,
7919 "type": {
7920 "primitive": "string"
7921 }
7922 },
7923 {
7924 "abstract": true,
7925 "docs": {
7926 "default": "- No managed policies.",
7927 "remarks": "You can add managed policies later using\n`addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.",
7928 "stability": "stable",
7929 "summary": "A list of managed policies associated with this role."
7930 },
7931 "immutable": true,
7932 "locationInModule": {
7933 "filename": "lib/group.ts",
7934 "line": 59
7935 },
7936 "name": "managedPolicies",
7937 "optional": true,
7938 "type": {
7939 "collection": {
7940 "elementtype": {
7941 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
7942 },
7943 "kind": "array"
7944 }
7945 }
7946 },
7947 {
7948 "abstract": true,
7949 "docs": {
7950 "default": "/",
7951 "remarks": "For more information about paths, see [IAM\nIdentifiers](http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html)\nin the IAM User Guide.",
7952 "stability": "stable",
7953 "summary": "The path to the group."
7954 },
7955 "immutable": true,
7956 "locationInModule": {
7957 "filename": "lib/group.ts",
7958 "line": 68
7959 },
7960 "name": "path",
7961 "optional": true,
7962 "type": {
7963 "primitive": "string"
7964 }
7965 }
7966 ],
7967 "symbolId": "lib/group:GroupProps"
7968 },
7969 "@aws-cdk/aws-iam.IAccessKey": {
7970 "assembly": "@aws-cdk/aws-iam",
7971 "docs": {
7972 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html",
7973 "stability": "stable",
7974 "summary": "Represents an IAM Access Key."
7975 },
7976 "fqn": "@aws-cdk/aws-iam.IAccessKey",
7977 "interfaces": [
7978 "@aws-cdk/core.IResource"
7979 ],
7980 "kind": "interface",
7981 "locationInModule": {
7982 "filename": "lib/access-key.ts",
7983 "line": 26
7984 },
7985 "name": "IAccessKey",
7986 "properties": [
7987 {
7988 "abstract": true,
7989 "docs": {
7990 "custom": {
7991 "attribute": "true"
7992 },
7993 "stability": "stable",
7994 "summary": "The Access Key ID."
7995 },
7996 "immutable": true,
7997 "locationInModule": {
7998 "filename": "lib/access-key.ts",
7999 "line": 32
8000 },
8001 "name": "accessKeyId",
8002 "type": {
8003 "primitive": "string"
8004 }
8005 },
8006 {
8007 "abstract": true,
8008 "docs": {
8009 "custom": {
8010 "attribute": "true"
8011 },
8012 "stability": "stable",
8013 "summary": "The Secret Access Key."
8014 },
8015 "immutable": true,
8016 "locationInModule": {
8017 "filename": "lib/access-key.ts",
8018 "line": 39
8019 },
8020 "name": "secretAccessKey",
8021 "type": {
8022 "fqn": "@aws-cdk/core.SecretValue"
8023 }
8024 }
8025 ],
8026 "symbolId": "lib/access-key:IAccessKey"
8027 },
8028 "@aws-cdk/aws-iam.IAssumeRolePrincipal": {
8029 "assembly": "@aws-cdk/aws-iam",
8030 "docs": {
8031 "remarks": "More complex types of identity providers need more control over Role's policy documents\nthan simply `{ Effect: 'Allow', Action: 'AssumeRole', Principal: <Whatever> }`.\n\nIf that control is necessary, they can implement `IAssumeRolePrincipal` to get full\naccess to a Role's AssumeRolePolicyDocument.",
8032 "stability": "stable",
8033 "summary": "A type of principal that has more control over its own representation in AssumeRolePolicyDocuments."
8034 },
8035 "fqn": "@aws-cdk/aws-iam.IAssumeRolePrincipal",
8036 "interfaces": [
8037 "@aws-cdk/aws-iam.IPrincipal"
8038 ],
8039 "kind": "interface",
8040 "locationInModule": {
8041 "filename": "lib/principals.ts",
8042 "line": 82
8043 },
8044 "methods": [
8045 {
8046 "abstract": true,
8047 "docs": {
8048 "remarks": "Add the statements to the AssumeRolePolicyDocument necessary to give this principal\npermissions to assume the given role.",
8049 "stability": "stable",
8050 "summary": "Add the princpial to the AssumeRolePolicyDocument."
8051 },
8052 "locationInModule": {
8053 "filename": "lib/principals.ts",
8054 "line": 89
8055 },
8056 "name": "addToAssumeRolePolicy",
8057 "parameters": [
8058 {
8059 "name": "document",
8060 "type": {
8061 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
8062 }
8063 }
8064 ]
8065 }
8066 ],
8067 "name": "IAssumeRolePrincipal",
8068 "symbolId": "lib/principals:IAssumeRolePrincipal"
8069 },
8070 "@aws-cdk/aws-iam.IGrantable": {
8071 "assembly": "@aws-cdk/aws-iam",
8072 "docs": {
8073 "stability": "stable",
8074 "summary": "Any object that has an associated principal that a permission can be granted to."
8075 },
8076 "fqn": "@aws-cdk/aws-iam.IGrantable",
8077 "kind": "interface",
8078 "locationInModule": {
8079 "filename": "lib/principals.ts",
8080 "line": 13
8081 },
8082 "name": "IGrantable",
8083 "properties": [
8084 {
8085 "abstract": true,
8086 "docs": {
8087 "stability": "stable",
8088 "summary": "The principal to grant permissions to."
8089 },
8090 "immutable": true,
8091 "locationInModule": {
8092 "filename": "lib/principals.ts",
8093 "line": 17
8094 },
8095 "name": "grantPrincipal",
8096 "type": {
8097 "fqn": "@aws-cdk/aws-iam.IPrincipal"
8098 }
8099 }
8100 ],
8101 "symbolId": "lib/principals:IGrantable"
8102 },
8103 "@aws-cdk/aws-iam.IGroup": {
8104 "assembly": "@aws-cdk/aws-iam",
8105 "docs": {
8106 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html",
8107 "stability": "stable",
8108 "summary": "Represents an IAM Group."
8109 },
8110 "fqn": "@aws-cdk/aws-iam.IGroup",
8111 "interfaces": [
8112 "@aws-cdk/aws-iam.IIdentity"
8113 ],
8114 "kind": "interface",
8115 "locationInModule": {
8116 "filename": "lib/group.ts",
8117 "line": 17
8118 },
8119 "name": "IGroup",
8120 "properties": [
8121 {
8122 "abstract": true,
8123 "docs": {
8124 "custom": {
8125 "attribute": "true"
8126 },
8127 "stability": "stable",
8128 "summary": "Returns the IAM Group ARN."
8129 },
8130 "immutable": true,
8131 "locationInModule": {
8132 "filename": "lib/group.ts",
8133 "line": 30
8134 },
8135 "name": "groupArn",
8136 "type": {
8137 "primitive": "string"
8138 }
8139 },
8140 {
8141 "abstract": true,
8142 "docs": {
8143 "custom": {
8144 "attribute": "true"
8145 },
8146 "stability": "stable",
8147 "summary": "Returns the IAM Group Name."
8148 },
8149 "immutable": true,
8150 "locationInModule": {
8151 "filename": "lib/group.ts",
8152 "line": 23
8153 },
8154 "name": "groupName",
8155 "type": {
8156 "primitive": "string"
8157 }
8158 }
8159 ],
8160 "symbolId": "lib/group:IGroup"
8161 },
8162 "@aws-cdk/aws-iam.IIdentity": {
8163 "assembly": "@aws-cdk/aws-iam",
8164 "docs": {
8165 "stability": "stable",
8166 "summary": "A construct that represents an IAM principal, such as a user, group or role."
8167 },
8168 "fqn": "@aws-cdk/aws-iam.IIdentity",
8169 "interfaces": [
8170 "@aws-cdk/aws-iam.IPrincipal",
8171 "@aws-cdk/core.IResource"
8172 ],
8173 "kind": "interface",
8174 "locationInModule": {
8175 "filename": "lib/identity-base.ts",
8176 "line": 9
8177 },
8178 "methods": [
8179 {
8180 "abstract": true,
8181 "docs": {
8182 "stability": "stable",
8183 "summary": "Attaches a managed policy to this principal."
8184 },
8185 "locationInModule": {
8186 "filename": "lib/identity-base.ts",
8187 "line": 21
8188 },
8189 "name": "addManagedPolicy",
8190 "parameters": [
8191 {
8192 "docs": {
8193 "summary": "The managed policy."
8194 },
8195 "name": "policy",
8196 "type": {
8197 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
8198 }
8199 }
8200 ]
8201 },
8202 {
8203 "abstract": true,
8204 "docs": {
8205 "remarks": "This is the same as calling `policy.addToXxx(principal)`.",
8206 "stability": "stable",
8207 "summary": "Attaches an inline policy to this principal."
8208 },
8209 "locationInModule": {
8210 "filename": "lib/identity-base.ts",
8211 "line": 15
8212 },
8213 "name": "attachInlinePolicy",
8214 "parameters": [
8215 {
8216 "docs": {
8217 "summary": "The policy resource to attach to this principal [disable-awslint:ref-via-interface]."
8218 },
8219 "name": "policy",
8220 "type": {
8221 "fqn": "@aws-cdk/aws-iam.Policy"
8222 }
8223 }
8224 ]
8225 }
8226 ],
8227 "name": "IIdentity",
8228 "symbolId": "lib/identity-base:IIdentity"
8229 },
8230 "@aws-cdk/aws-iam.IManagedPolicy": {
8231 "assembly": "@aws-cdk/aws-iam",
8232 "docs": {
8233 "stability": "stable",
8234 "summary": "A managed policy."
8235 },
8236 "fqn": "@aws-cdk/aws-iam.IManagedPolicy",
8237 "kind": "interface",
8238 "locationInModule": {
8239 "filename": "lib/managed-policy.ts",
8240 "line": 14
8241 },
8242 "name": "IManagedPolicy",
8243 "properties": [
8244 {
8245 "abstract": true,
8246 "docs": {
8247 "custom": {
8248 "attribute": "true"
8249 },
8250 "stability": "stable",
8251 "summary": "The ARN of the managed policy."
8252 },
8253 "immutable": true,
8254 "locationInModule": {
8255 "filename": "lib/managed-policy.ts",
8256 "line": 19
8257 },
8258 "name": "managedPolicyArn",
8259 "type": {
8260 "primitive": "string"
8261 }
8262 }
8263 ],
8264 "symbolId": "lib/managed-policy:IManagedPolicy"
8265 },
8266 "@aws-cdk/aws-iam.IOpenIdConnectProvider": {
8267 "assembly": "@aws-cdk/aws-iam",
8268 "docs": {
8269 "stability": "stable",
8270 "summary": "Represents an IAM OpenID Connect provider."
8271 },
8272 "fqn": "@aws-cdk/aws-iam.IOpenIdConnectProvider",
8273 "interfaces": [
8274 "@aws-cdk/core.IResource"
8275 ],
8276 "kind": "interface",
8277 "locationInModule": {
8278 "filename": "lib/oidc-provider.ts",
8279 "line": 19
8280 },
8281 "name": "IOpenIdConnectProvider",
8282 "properties": [
8283 {
8284 "abstract": true,
8285 "docs": {
8286 "stability": "stable",
8287 "summary": "The Amazon Resource Name (ARN) of the IAM OpenID Connect provider."
8288 },
8289 "immutable": true,
8290 "locationInModule": {
8291 "filename": "lib/oidc-provider.ts",
8292 "line": 23
8293 },
8294 "name": "openIdConnectProviderArn",
8295 "type": {
8296 "primitive": "string"
8297 }
8298 },
8299 {
8300 "abstract": true,
8301 "docs": {
8302 "stability": "stable",
8303 "summary": "The issuer for OIDC Provider."
8304 },
8305 "immutable": true,
8306 "locationInModule": {
8307 "filename": "lib/oidc-provider.ts",
8308 "line": 28
8309 },
8310 "name": "openIdConnectProviderIssuer",
8311 "type": {
8312 "primitive": "string"
8313 }
8314 }
8315 ],
8316 "symbolId": "lib/oidc-provider:IOpenIdConnectProvider"
8317 },
8318 "@aws-cdk/aws-iam.IPolicy": {
8319 "assembly": "@aws-cdk/aws-iam",
8320 "docs": {
8321 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage.html",
8322 "stability": "stable",
8323 "summary": "Represents an IAM Policy."
8324 },
8325 "fqn": "@aws-cdk/aws-iam.IPolicy",
8326 "interfaces": [
8327 "@aws-cdk/core.IResource"
8328 ],
8329 "kind": "interface",
8330 "locationInModule": {
8331 "filename": "lib/policy.ts",
8332 "line": 16
8333 },
8334 "name": "IPolicy",
8335 "properties": [
8336 {
8337 "abstract": true,
8338 "docs": {
8339 "custom": {
8340 "attribute": "true"
8341 },
8342 "stability": "stable",
8343 "summary": "The name of this policy."
8344 },
8345 "immutable": true,
8346 "locationInModule": {
8347 "filename": "lib/policy.ts",
8348 "line": 22
8349 },
8350 "name": "policyName",
8351 "type": {
8352 "primitive": "string"
8353 }
8354 }
8355 ],
8356 "symbolId": "lib/policy:IPolicy"
8357 },
8358 "@aws-cdk/aws-iam.IPrincipal": {
8359 "assembly": "@aws-cdk/aws-iam",
8360 "docs": {
8361 "remarks": "An IPrincipal describes a logical entity that can perform AWS API calls\nagainst sets of resources, optionally under certain conditions.\n\nExamples of simple principals are IAM objects that you create, such\nas Users or Roles.\n\nAn example of a more complex principals is a `ServicePrincipal` (such as\n`new ServicePrincipal(\"sns.amazonaws.com\")`, which represents the Simple\nNotifications Service).\n\nA single logical Principal may also map to a set of physical principals.\nFor example, `new OrganizationPrincipal('o-1234')` represents all\nidentities that are part of the given AWS Organization.",
8362 "stability": "stable",
8363 "summary": "Represents a logical IAM principal."
8364 },
8365 "fqn": "@aws-cdk/aws-iam.IPrincipal",
8366 "interfaces": [
8367 "@aws-cdk/aws-iam.IGrantable"
8368 ],
8369 "kind": "interface",
8370 "locationInModule": {
8371 "filename": "lib/principals.ts",
8372 "line": 37
8373 },
8374 "methods": [
8375 {
8376 "abstract": true,
8377 "docs": {
8378 "deprecated": "Use `addToPrincipalPolicy` instead.",
8379 "returns": "true if the statement was added, false if the principal in\nquestion does not have a policy document to add the statement to.",
8380 "stability": "deprecated",
8381 "summary": "Add to the policy of this principal."
8382 },
8383 "locationInModule": {
8384 "filename": "lib/principals.ts",
8385 "line": 65
8386 },
8387 "name": "addToPolicy",
8388 "parameters": [
8389 {
8390 "name": "statement",
8391 "type": {
8392 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
8393 }
8394 }
8395 ],
8396 "returns": {
8397 "type": {
8398 "primitive": "boolean"
8399 }
8400 }
8401 },
8402 {
8403 "abstract": true,
8404 "docs": {
8405 "stability": "stable",
8406 "summary": "Add to the policy of this principal."
8407 },
8408 "locationInModule": {
8409 "filename": "lib/principals.ts",
8410 "line": 70
8411 },
8412 "name": "addToPrincipalPolicy",
8413 "parameters": [
8414 {
8415 "name": "statement",
8416 "type": {
8417 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
8418 }
8419 }
8420 ],
8421 "returns": {
8422 "type": {
8423 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
8424 }
8425 }
8426 }
8427 ],
8428 "name": "IPrincipal",
8429 "properties": [
8430 {
8431 "abstract": true,
8432 "docs": {
8433 "stability": "stable",
8434 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
8435 },
8436 "immutable": true,
8437 "locationInModule": {
8438 "filename": "lib/principals.ts",
8439 "line": 41
8440 },
8441 "name": "assumeRoleAction",
8442 "type": {
8443 "primitive": "string"
8444 }
8445 },
8446 {
8447 "abstract": true,
8448 "docs": {
8449 "stability": "stable",
8450 "summary": "Return the policy fragment that identifies this principal in a Policy."
8451 },
8452 "immutable": true,
8453 "locationInModule": {
8454 "filename": "lib/principals.ts",
8455 "line": 46
8456 },
8457 "name": "policyFragment",
8458 "type": {
8459 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
8460 }
8461 },
8462 {
8463 "abstract": true,
8464 "docs": {
8465 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
8466 "stability": "stable",
8467 "summary": "The AWS account ID of this principal."
8468 },
8469 "immutable": true,
8470 "locationInModule": {
8471 "filename": "lib/principals.ts",
8472 "line": 55
8473 },
8474 "name": "principalAccount",
8475 "optional": true,
8476 "type": {
8477 "primitive": "string"
8478 }
8479 }
8480 ],
8481 "symbolId": "lib/principals:IPrincipal"
8482 },
8483 "@aws-cdk/aws-iam.IResourceWithPolicy": {
8484 "assembly": "@aws-cdk/aws-iam",
8485 "docs": {
8486 "stability": "stable",
8487 "summary": "A resource with a resource policy that can be added to."
8488 },
8489 "fqn": "@aws-cdk/aws-iam.IResourceWithPolicy",
8490 "interfaces": [
8491 "@aws-cdk/core.IResource"
8492 ],
8493 "kind": "interface",
8494 "locationInModule": {
8495 "filename": "lib/grant.ts",
8496 "line": 306
8497 },
8498 "methods": [
8499 {
8500 "abstract": true,
8501 "docs": {
8502 "stability": "stable",
8503 "summary": "Add a statement to the resource's resource policy."
8504 },
8505 "locationInModule": {
8506 "filename": "lib/grant.ts",
8507 "line": 310
8508 },
8509 "name": "addToResourcePolicy",
8510 "parameters": [
8511 {
8512 "name": "statement",
8513 "type": {
8514 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
8515 }
8516 }
8517 ],
8518 "returns": {
8519 "type": {
8520 "fqn": "@aws-cdk/aws-iam.AddToResourcePolicyResult"
8521 }
8522 }
8523 }
8524 ],
8525 "name": "IResourceWithPolicy",
8526 "symbolId": "lib/grant:IResourceWithPolicy"
8527 },
8528 "@aws-cdk/aws-iam.IRole": {
8529 "assembly": "@aws-cdk/aws-iam",
8530 "docs": {
8531 "stability": "stable",
8532 "summary": "A Role object."
8533 },
8534 "fqn": "@aws-cdk/aws-iam.IRole",
8535 "interfaces": [
8536 "@aws-cdk/aws-iam.IIdentity"
8537 ],
8538 "kind": "interface",
8539 "locationInModule": {
8540 "filename": "lib/role.ts",
8541 "line": 478
8542 },
8543 "methods": [
8544 {
8545 "abstract": true,
8546 "docs": {
8547 "stability": "stable",
8548 "summary": "Grant the actions defined in actions to the identity Principal on this resource."
8549 },
8550 "locationInModule": {
8551 "filename": "lib/role.ts",
8552 "line": 496
8553 },
8554 "name": "grant",
8555 "parameters": [
8556 {
8557 "name": "grantee",
8558 "type": {
8559 "fqn": "@aws-cdk/aws-iam.IPrincipal"
8560 }
8561 },
8562 {
8563 "name": "actions",
8564 "type": {
8565 "primitive": "string"
8566 },
8567 "variadic": true
8568 }
8569 ],
8570 "returns": {
8571 "type": {
8572 "fqn": "@aws-cdk/aws-iam.Grant"
8573 }
8574 },
8575 "variadic": true
8576 },
8577 {
8578 "abstract": true,
8579 "docs": {
8580 "stability": "stable",
8581 "summary": "Grant permissions to the given principal to pass this role."
8582 },
8583 "locationInModule": {
8584 "filename": "lib/role.ts",
8585 "line": 501
8586 },
8587 "name": "grantPassRole",
8588 "parameters": [
8589 {
8590 "name": "grantee",
8591 "type": {
8592 "fqn": "@aws-cdk/aws-iam.IPrincipal"
8593 }
8594 }
8595 ],
8596 "returns": {
8597 "type": {
8598 "fqn": "@aws-cdk/aws-iam.Grant"
8599 }
8600 }
8601 }
8602 ],
8603 "name": "IRole",
8604 "properties": [
8605 {
8606 "abstract": true,
8607 "docs": {
8608 "custom": {
8609 "attribute": "true"
8610 },
8611 "stability": "stable",
8612 "summary": "Returns the ARN of this role."
8613 },
8614 "immutable": true,
8615 "locationInModule": {
8616 "filename": "lib/role.ts",
8617 "line": 484
8618 },
8619 "name": "roleArn",
8620 "type": {
8621 "primitive": "string"
8622 }
8623 },
8624 {
8625 "abstract": true,
8626 "docs": {
8627 "custom": {
8628 "attribute": "true"
8629 },
8630 "stability": "stable",
8631 "summary": "Returns the name of this role."
8632 },
8633 "immutable": true,
8634 "locationInModule": {
8635 "filename": "lib/role.ts",
8636 "line": 491
8637 },
8638 "name": "roleName",
8639 "type": {
8640 "primitive": "string"
8641 }
8642 }
8643 ],
8644 "symbolId": "lib/role:IRole"
8645 },
8646 "@aws-cdk/aws-iam.ISamlProvider": {
8647 "assembly": "@aws-cdk/aws-iam",
8648 "docs": {
8649 "stability": "stable",
8650 "summary": "A SAML provider."
8651 },
8652 "fqn": "@aws-cdk/aws-iam.ISamlProvider",
8653 "interfaces": [
8654 "@aws-cdk/core.IResource"
8655 ],
8656 "kind": "interface",
8657 "locationInModule": {
8658 "filename": "lib/saml-provider.ts",
8659 "line": 9
8660 },
8661 "name": "ISamlProvider",
8662 "properties": [
8663 {
8664 "abstract": true,
8665 "docs": {
8666 "custom": {
8667 "attribute": "true"
8668 },
8669 "stability": "stable",
8670 "summary": "The Amazon Resource Name (ARN) of the provider."
8671 },
8672 "immutable": true,
8673 "locationInModule": {
8674 "filename": "lib/saml-provider.ts",
8675 "line": 15
8676 },
8677 "name": "samlProviderArn",
8678 "type": {
8679 "primitive": "string"
8680 }
8681 }
8682 ],
8683 "symbolId": "lib/saml-provider:ISamlProvider"
8684 },
8685 "@aws-cdk/aws-iam.IUser": {
8686 "assembly": "@aws-cdk/aws-iam",
8687 "docs": {
8688 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html",
8689 "stability": "stable",
8690 "summary": "Represents an IAM user."
8691 },
8692 "fqn": "@aws-cdk/aws-iam.IUser",
8693 "interfaces": [
8694 "@aws-cdk/aws-iam.IIdentity"
8695 ],
8696 "kind": "interface",
8697 "locationInModule": {
8698 "filename": "lib/user.ts",
8699 "line": 17
8700 },
8701 "methods": [
8702 {
8703 "abstract": true,
8704 "docs": {
8705 "stability": "stable",
8706 "summary": "Adds this user to a group."
8707 },
8708 "locationInModule": {
8709 "filename": "lib/user.ts",
8710 "line": 33
8711 },
8712 "name": "addToGroup",
8713 "parameters": [
8714 {
8715 "name": "group",
8716 "type": {
8717 "fqn": "@aws-cdk/aws-iam.IGroup"
8718 }
8719 }
8720 ]
8721 }
8722 ],
8723 "name": "IUser",
8724 "properties": [
8725 {
8726 "abstract": true,
8727 "docs": {
8728 "custom": {
8729 "attribute": "true"
8730 },
8731 "stability": "stable",
8732 "summary": "The user's ARN."
8733 },
8734 "immutable": true,
8735 "locationInModule": {
8736 "filename": "lib/user.ts",
8737 "line": 28
8738 },
8739 "name": "userArn",
8740 "type": {
8741 "primitive": "string"
8742 }
8743 },
8744 {
8745 "abstract": true,
8746 "docs": {
8747 "custom": {
8748 "attribute": "true"
8749 },
8750 "stability": "stable",
8751 "summary": "The user's name."
8752 },
8753 "immutable": true,
8754 "locationInModule": {
8755 "filename": "lib/user.ts",
8756 "line": 22
8757 },
8758 "name": "userName",
8759 "type": {
8760 "primitive": "string"
8761 }
8762 }
8763 ],
8764 "symbolId": "lib/user:IUser"
8765 },
8766 "@aws-cdk/aws-iam.LazyRole": {
8767 "assembly": "@aws-cdk/aws-iam",
8768 "base": "@aws-cdk/core.Resource",
8769 "docs": {
8770 "custom": {
8771 "resource": "AWS::IAM::Role",
8772 "exampleMetadata": "fixture=_generated"
8773 },
8774 "remarks": "This construct can be used to simplify logic in other constructs\nwhich need to create a role but only if certain configurations occur\n(such as when AutoScaling is configured). The role can be configured in one\nplace, but if it never gets used it doesn't get instantiated and will\nnot be synthesized or deployed.",
8775 "stability": "stable",
8776 "summary": "An IAM role that only gets attached to the construct tree once it gets used, not before.",
8777 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const managedPolicy: iam.ManagedPolicy;\ndeclare const policyDocument: iam.PolicyDocument;\ndeclare const principal: iam.IPrincipal;\nconst lazyRole = new iam.LazyRole(this, 'MyLazyRole', {\n assumedBy: principal,\n\n // the properties below are optional\n description: 'description',\n externalId: 'externalId',\n externalIds: ['externalIds'],\n inlinePolicies: {\n inlinePoliciesKey: policyDocument,\n },\n managedPolicies: [managedPolicy],\n maxSessionDuration: cdk.Duration.minutes(30),\n path: 'path',\n permissionsBoundary: managedPolicy,\n roleName: 'roleName',\n});"
8778 },
8779 "fqn": "@aws-cdk/aws-iam.LazyRole",
8780 "initializer": {
8781 "docs": {
8782 "stability": "stable"
8783 },
8784 "locationInModule": {
8785 "filename": "lib/lazy-role.ts",
8786 "line": 38
8787 },
8788 "parameters": [
8789 {
8790 "name": "scope",
8791 "type": {
8792 "fqn": "constructs.Construct"
8793 }
8794 },
8795 {
8796 "name": "id",
8797 "type": {
8798 "primitive": "string"
8799 }
8800 },
8801 {
8802 "name": "props",
8803 "type": {
8804 "fqn": "@aws-cdk/aws-iam.LazyRoleProps"
8805 }
8806 }
8807 ]
8808 },
8809 "interfaces": [
8810 "@aws-cdk/aws-iam.IRole"
8811 ],
8812 "kind": "class",
8813 "locationInModule": {
8814 "filename": "lib/lazy-role.ts",
8815 "line": 28
8816 },
8817 "methods": [
8818 {
8819 "docs": {
8820 "stability": "stable",
8821 "summary": "Attaches a managed policy to this role."
8822 },
8823 "locationInModule": {
8824 "filename": "lib/lazy-role.ts",
8825 "line": 76
8826 },
8827 "name": "addManagedPolicy",
8828 "overrides": "@aws-cdk/aws-iam.IIdentity",
8829 "parameters": [
8830 {
8831 "docs": {
8832 "summary": "The managed policy to attach."
8833 },
8834 "name": "policy",
8835 "type": {
8836 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
8837 }
8838 }
8839 ]
8840 },
8841 {
8842 "docs": {
8843 "stability": "stable",
8844 "summary": "Add to the policy of this principal."
8845 },
8846 "locationInModule": {
8847 "filename": "lib/lazy-role.ts",
8848 "line": 56
8849 },
8850 "name": "addToPolicy",
8851 "overrides": "@aws-cdk/aws-iam.IPrincipal",
8852 "parameters": [
8853 {
8854 "name": "statement",
8855 "type": {
8856 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
8857 }
8858 }
8859 ],
8860 "returns": {
8861 "type": {
8862 "primitive": "boolean"
8863 }
8864 }
8865 },
8866 {
8867 "docs": {
8868 "remarks": "If there is no default policy attached to this role, it will be created.",
8869 "stability": "stable",
8870 "summary": "Adds a permission to the role's default policy document."
8871 },
8872 "locationInModule": {
8873 "filename": "lib/lazy-role.ts",
8874 "line": 47
8875 },
8876 "name": "addToPrincipalPolicy",
8877 "overrides": "@aws-cdk/aws-iam.IPrincipal",
8878 "parameters": [
8879 {
8880 "docs": {
8881 "summary": "The permission statement to add to the policy document."
8882 },
8883 "name": "statement",
8884 "type": {
8885 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
8886 }
8887 }
8888 ],
8889 "returns": {
8890 "type": {
8891 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
8892 }
8893 }
8894 },
8895 {
8896 "docs": {
8897 "stability": "stable",
8898 "summary": "Attaches a policy to this role."
8899 },
8900 "locationInModule": {
8901 "filename": "lib/lazy-role.ts",
8902 "line": 64
8903 },
8904 "name": "attachInlinePolicy",
8905 "overrides": "@aws-cdk/aws-iam.IIdentity",
8906 "parameters": [
8907 {
8908 "docs": {
8909 "summary": "The policy to attach."
8910 },
8911 "name": "policy",
8912 "type": {
8913 "fqn": "@aws-cdk/aws-iam.Policy"
8914 }
8915 }
8916 ]
8917 },
8918 {
8919 "docs": {
8920 "stability": "stable",
8921 "summary": "Grant the actions defined in actions to the identity Principal on this resource."
8922 },
8923 "locationInModule": {
8924 "filename": "lib/lazy-role.ts",
8925 "line": 111
8926 },
8927 "name": "grant",
8928 "overrides": "@aws-cdk/aws-iam.IRole",
8929 "parameters": [
8930 {
8931 "name": "identity",
8932 "type": {
8933 "fqn": "@aws-cdk/aws-iam.IPrincipal"
8934 }
8935 },
8936 {
8937 "name": "actions",
8938 "type": {
8939 "primitive": "string"
8940 },
8941 "variadic": true
8942 }
8943 ],
8944 "returns": {
8945 "type": {
8946 "fqn": "@aws-cdk/aws-iam.Grant"
8947 }
8948 },
8949 "variadic": true
8950 },
8951 {
8952 "docs": {
8953 "stability": "stable",
8954 "summary": "Grant permissions to the given principal to pass this role."
8955 },
8956 "locationInModule": {
8957 "filename": "lib/lazy-role.ts",
8958 "line": 118
8959 },
8960 "name": "grantPassRole",
8961 "overrides": "@aws-cdk/aws-iam.IRole",
8962 "parameters": [
8963 {
8964 "name": "identity",
8965 "type": {
8966 "fqn": "@aws-cdk/aws-iam.IPrincipal"
8967 }
8968 }
8969 ],
8970 "returns": {
8971 "type": {
8972 "fqn": "@aws-cdk/aws-iam.Grant"
8973 }
8974 }
8975 }
8976 ],
8977 "name": "LazyRole",
8978 "properties": [
8979 {
8980 "docs": {
8981 "stability": "stable",
8982 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
8983 },
8984 "immutable": true,
8985 "locationInModule": {
8986 "filename": "lib/lazy-role.ts",
8987 "line": 31
8988 },
8989 "name": "assumeRoleAction",
8990 "overrides": "@aws-cdk/aws-iam.IPrincipal",
8991 "type": {
8992 "primitive": "string"
8993 }
8994 },
8995 {
8996 "docs": {
8997 "stability": "stable",
8998 "summary": "The principal to grant permissions to."
8999 },
9000 "immutable": true,
9001 "locationInModule": {
9002 "filename": "lib/lazy-role.ts",
9003 "line": 29
9004 },
9005 "name": "grantPrincipal",
9006 "overrides": "@aws-cdk/aws-iam.IGrantable",
9007 "type": {
9008 "fqn": "@aws-cdk/aws-iam.IPrincipal"
9009 }
9010 },
9011 {
9012 "docs": {
9013 "stability": "stable",
9014 "summary": "Return the policy fragment that identifies this principal in a Policy."
9015 },
9016 "immutable": true,
9017 "locationInModule": {
9018 "filename": "lib/lazy-role.ts",
9019 "line": 104
9020 },
9021 "name": "policyFragment",
9022 "overrides": "@aws-cdk/aws-iam.IPrincipal",
9023 "type": {
9024 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
9025 }
9026 },
9027 {
9028 "docs": {
9029 "stability": "stable",
9030 "summary": "Returns the ARN of this role."
9031 },
9032 "immutable": true,
9033 "locationInModule": {
9034 "filename": "lib/lazy-role.ts",
9035 "line": 87
9036 },
9037 "name": "roleArn",
9038 "overrides": "@aws-cdk/aws-iam.IRole",
9039 "type": {
9040 "primitive": "string"
9041 }
9042 },
9043 {
9044 "docs": {
9045 "custom": {
9046 "attribute": "true"
9047 },
9048 "stability": "stable",
9049 "summary": "Returns the stable and unique string identifying the role (i.e. AIDAJQABLZS4A3QDU576Q)."
9050 },
9051 "immutable": true,
9052 "locationInModule": {
9053 "filename": "lib/lazy-role.ts",
9054 "line": 96
9055 },
9056 "name": "roleId",
9057 "type": {
9058 "primitive": "string"
9059 }
9060 },
9061 {
9062 "docs": {
9063 "stability": "stable",
9064 "summary": "Returns the name of this role."
9065 },
9066 "immutable": true,
9067 "locationInModule": {
9068 "filename": "lib/lazy-role.ts",
9069 "line": 100
9070 },
9071 "name": "roleName",
9072 "overrides": "@aws-cdk/aws-iam.IRole",
9073 "type": {
9074 "primitive": "string"
9075 }
9076 },
9077 {
9078 "docs": {
9079 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
9080 "stability": "stable",
9081 "summary": "The AWS account ID of this principal."
9082 },
9083 "immutable": true,
9084 "locationInModule": {
9085 "filename": "lib/lazy-role.ts",
9086 "line": 30
9087 },
9088 "name": "principalAccount",
9089 "optional": true,
9090 "overrides": "@aws-cdk/aws-iam.IPrincipal",
9091 "type": {
9092 "primitive": "string"
9093 }
9094 }
9095 ],
9096 "symbolId": "lib/lazy-role:LazyRole"
9097 },
9098 "@aws-cdk/aws-iam.LazyRoleProps": {
9099 "assembly": "@aws-cdk/aws-iam",
9100 "datatype": true,
9101 "docs": {
9102 "stability": "stable",
9103 "summary": "Properties for defining a LazyRole.",
9104 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const managedPolicy: iam.ManagedPolicy;\ndeclare const policyDocument: iam.PolicyDocument;\ndeclare const principal: iam.IPrincipal;\nconst lazyRoleProps: iam.LazyRoleProps = {\n assumedBy: principal,\n\n // the properties below are optional\n description: 'description',\n externalId: 'externalId',\n externalIds: ['externalIds'],\n inlinePolicies: {\n inlinePoliciesKey: policyDocument,\n },\n managedPolicies: [managedPolicy],\n maxSessionDuration: cdk.Duration.minutes(30),\n path: 'path',\n permissionsBoundary: managedPolicy,\n roleName: 'roleName',\n};",
9105 "custom": {
9106 "exampleMetadata": "fixture=_generated"
9107 }
9108 },
9109 "fqn": "@aws-cdk/aws-iam.LazyRoleProps",
9110 "interfaces": [
9111 "@aws-cdk/aws-iam.RoleProps"
9112 ],
9113 "kind": "interface",
9114 "locationInModule": {
9115 "filename": "lib/lazy-role.ts",
9116 "line": 13
9117 },
9118 "name": "LazyRoleProps",
9119 "symbolId": "lib/lazy-role:LazyRoleProps"
9120 },
9121 "@aws-cdk/aws-iam.ManagedPolicy": {
9122 "assembly": "@aws-cdk/aws-iam",
9123 "base": "@aws-cdk/core.Resource",
9124 "docs": {
9125 "custom": {
9126 "exampleMetadata": "infused"
9127 },
9128 "example": "const myRole = new iam.Role(this, 'My Role', {\n assumedBy: new iam.ServicePrincipal('sns.amazonaws.com'),\n});\n\nconst fn = new lambda.Function(this, 'MyFunction', {\n runtime: lambda.Runtime.NODEJS_16_X,\n handler: 'index.handler',\n code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')),\n role: myRole, // user-provided role\n});\n\nmyRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName(\"service-role/AWSLambdaBasicExecutionRole\"));\nmyRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName(\"service-role/AWSLambdaVPCAccessExecutionRole\")); // only required if your function lives in a VPC",
9129 "stability": "stable",
9130 "summary": "Managed policy."
9131 },
9132 "fqn": "@aws-cdk/aws-iam.ManagedPolicy",
9133 "initializer": {
9134 "docs": {
9135 "stability": "stable"
9136 },
9137 "locationInModule": {
9138 "filename": "lib/managed-policy.ts",
9139 "line": 208
9140 },
9141 "parameters": [
9142 {
9143 "name": "scope",
9144 "type": {
9145 "fqn": "constructs.Construct"
9146 }
9147 },
9148 {
9149 "name": "id",
9150 "type": {
9151 "primitive": "string"
9152 }
9153 },
9154 {
9155 "name": "props",
9156 "optional": true,
9157 "type": {
9158 "fqn": "@aws-cdk/aws-iam.ManagedPolicyProps"
9159 }
9160 }
9161 ]
9162 },
9163 "interfaces": [
9164 "@aws-cdk/aws-iam.IManagedPolicy"
9165 ],
9166 "kind": "class",
9167 "locationInModule": {
9168 "filename": "lib/managed-policy.ts",
9169 "line": 102
9170 },
9171 "methods": [
9172 {
9173 "docs": {
9174 "remarks": "For this managed policy, you only need to know the name to be able to use it.\n\nSome managed policy names start with \"service-role/\", some start with\n\"job-function/\", and some don't start with anything. Include the\nprefix when constructing this object.",
9175 "stability": "stable",
9176 "summary": "Import a managed policy from one of the policies that AWS manages."
9177 },
9178 "locationInModule": {
9179 "filename": "lib/managed-policy.ts",
9180 "line": 157
9181 },
9182 "name": "fromAwsManagedPolicyName",
9183 "parameters": [
9184 {
9185 "name": "managedPolicyName",
9186 "type": {
9187 "primitive": "string"
9188 }
9189 }
9190 ],
9191 "returns": {
9192 "type": {
9193 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
9194 }
9195 },
9196 "static": true
9197 },
9198 {
9199 "docs": {
9200 "remarks": "For this managed policy, you only need to know the ARN to be able to use it.\nThis can be useful if you got the ARN from a CloudFormation Export.\n\nIf the imported Managed Policy ARN is a Token (such as a\n`CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced\nmanaged policy has a `path` (like `arn:...:policy/AdminPolicy/AdminAllow`), the\n`managedPolicyName` property will not resolve to the correct value. Instead it\nwill resolve to the first path component. We unfortunately cannot express\nthe correct calculation of the full path name as a CloudFormation\nexpression. In this scenario the Managed Policy ARN should be supplied without the\n`path` in order to resolve the correct managed policy resource.",
9201 "stability": "stable",
9202 "summary": "Import an external managed policy by ARN."
9203 },
9204 "locationInModule": {
9205 "filename": "lib/managed-policy.ts",
9206 "line": 141
9207 },
9208 "name": "fromManagedPolicyArn",
9209 "parameters": [
9210 {
9211 "docs": {
9212 "summary": "construct scope."
9213 },
9214 "name": "scope",
9215 "type": {
9216 "fqn": "constructs.Construct"
9217 }
9218 },
9219 {
9220 "docs": {
9221 "summary": "construct id."
9222 },
9223 "name": "id",
9224 "type": {
9225 "primitive": "string"
9226 }
9227 },
9228 {
9229 "docs": {
9230 "summary": "the ARN of the managed policy to import."
9231 },
9232 "name": "managedPolicyArn",
9233 "type": {
9234 "primitive": "string"
9235 }
9236 }
9237 ],
9238 "returns": {
9239 "type": {
9240 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
9241 }
9242 },
9243 "static": true
9244 },
9245 {
9246 "docs": {
9247 "remarks": "For this managed policy, you only need to know the name to be able to use it.",
9248 "stability": "stable",
9249 "summary": "Import a customer managed policy from the managedPolicyName."
9250 },
9251 "locationInModule": {
9252 "filename": "lib/managed-policy.ts",
9253 "line": 109
9254 },
9255 "name": "fromManagedPolicyName",
9256 "parameters": [
9257 {
9258 "name": "scope",
9259 "type": {
9260 "fqn": "constructs.Construct"
9261 }
9262 },
9263 {
9264 "name": "id",
9265 "type": {
9266 "primitive": "string"
9267 }
9268 },
9269 {
9270 "name": "managedPolicyName",
9271 "type": {
9272 "primitive": "string"
9273 }
9274 }
9275 ],
9276 "returns": {
9277 "type": {
9278 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
9279 }
9280 },
9281 "static": true
9282 },
9283 {
9284 "docs": {
9285 "stability": "stable",
9286 "summary": "Adds a statement to the policy document."
9287 },
9288 "locationInModule": {
9289 "filename": "lib/managed-policy.ts",
9290 "line": 259
9291 },
9292 "name": "addStatements",
9293 "parameters": [
9294 {
9295 "name": "statement",
9296 "type": {
9297 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
9298 },
9299 "variadic": true
9300 }
9301 ],
9302 "variadic": true
9303 },
9304 {
9305 "docs": {
9306 "stability": "stable",
9307 "summary": "Attaches this policy to a group."
9308 },
9309 "locationInModule": {
9310 "filename": "lib/managed-policy.ts",
9311 "line": 282
9312 },
9313 "name": "attachToGroup",
9314 "parameters": [
9315 {
9316 "name": "group",
9317 "type": {
9318 "fqn": "@aws-cdk/aws-iam.IGroup"
9319 }
9320 }
9321 ]
9322 },
9323 {
9324 "docs": {
9325 "stability": "stable",
9326 "summary": "Attaches this policy to a role."
9327 },
9328 "locationInModule": {
9329 "filename": "lib/managed-policy.ts",
9330 "line": 274
9331 },
9332 "name": "attachToRole",
9333 "parameters": [
9334 {
9335 "name": "role",
9336 "type": {
9337 "fqn": "@aws-cdk/aws-iam.IRole"
9338 }
9339 }
9340 ]
9341 },
9342 {
9343 "docs": {
9344 "stability": "stable",
9345 "summary": "Attaches this policy to a user."
9346 },
9347 "locationInModule": {
9348 "filename": "lib/managed-policy.ts",
9349 "line": 266
9350 },
9351 "name": "attachToUser",
9352 "parameters": [
9353 {
9354 "name": "user",
9355 "type": {
9356 "fqn": "@aws-cdk/aws-iam.IUser"
9357 }
9358 }
9359 ]
9360 },
9361 {
9362 "docs": {
9363 "remarks": "This method can be implemented by derived constructs in order to perform\nvalidation logic. It is called on all constructs before synthesis.",
9364 "stability": "stable",
9365 "summary": "Validate the current construct."
9366 },
9367 "locationInModule": {
9368 "filename": "lib/managed-policy.ts",
9369 "line": 287
9370 },
9371 "name": "validate",
9372 "overrides": "@aws-cdk/core.Construct",
9373 "protected": true,
9374 "returns": {
9375 "type": {
9376 "collection": {
9377 "elementtype": {
9378 "primitive": "string"
9379 },
9380 "kind": "array"
9381 }
9382 }
9383 }
9384 }
9385 ],
9386 "name": "ManagedPolicy",
9387 "properties": [
9388 {
9389 "docs": {
9390 "custom": {
9391 "attribute": "true"
9392 },
9393 "stability": "stable",
9394 "summary": "The description of this policy."
9395 },
9396 "immutable": true,
9397 "locationInModule": {
9398 "filename": "lib/managed-policy.ts",
9399 "line": 195
9400 },
9401 "name": "description",
9402 "type": {
9403 "primitive": "string"
9404 }
9405 },
9406 {
9407 "docs": {
9408 "stability": "stable",
9409 "summary": "The policy document."
9410 },
9411 "immutable": true,
9412 "locationInModule": {
9413 "filename": "lib/managed-policy.ts",
9414 "line": 181
9415 },
9416 "name": "document",
9417 "type": {
9418 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
9419 }
9420 },
9421 {
9422 "docs": {
9423 "custom": {
9424 "attribute": "true"
9425 },
9426 "stability": "stable",
9427 "summary": "Returns the ARN of this managed policy."
9428 },
9429 "immutable": true,
9430 "locationInModule": {
9431 "filename": "lib/managed-policy.ts",
9432 "line": 176
9433 },
9434 "name": "managedPolicyArn",
9435 "overrides": "@aws-cdk/aws-iam.IManagedPolicy",
9436 "type": {
9437 "primitive": "string"
9438 }
9439 },
9440 {
9441 "docs": {
9442 "custom": {
9443 "attribute": "true"
9444 },
9445 "stability": "stable",
9446 "summary": "The name of this policy."
9447 },
9448 "immutable": true,
9449 "locationInModule": {
9450 "filename": "lib/managed-policy.ts",
9451 "line": 188
9452 },
9453 "name": "managedPolicyName",
9454 "type": {
9455 "primitive": "string"
9456 }
9457 },
9458 {
9459 "docs": {
9460 "custom": {
9461 "attribute": "true"
9462 },
9463 "stability": "stable",
9464 "summary": "The path of this policy."
9465 },
9466 "immutable": true,
9467 "locationInModule": {
9468 "filename": "lib/managed-policy.ts",
9469 "line": 202
9470 },
9471 "name": "path",
9472 "type": {
9473 "primitive": "string"
9474 }
9475 }
9476 ],
9477 "symbolId": "lib/managed-policy:ManagedPolicy"
9478 },
9479 "@aws-cdk/aws-iam.ManagedPolicyProps": {
9480 "assembly": "@aws-cdk/aws-iam",
9481 "datatype": true,
9482 "docs": {
9483 "custom": {
9484 "exampleMetadata": "infused"
9485 },
9486 "example": "const policyDocument = {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"FirstStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\"iam:ChangePassword\"],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"SecondStatement\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListAllMyBuckets\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"ThirdStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:List*\",\n \"s3:Get*\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::confidential-data\",\n \"arn:aws:s3:::confidential-data/*\"\n ],\n \"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": \"true\"}}\n }\n ]\n};\n\nconst customPolicyDocument = iam.PolicyDocument.fromJson(policyDocument);\n\n// You can pass this document as an initial document to a ManagedPolicy\n// or inline Policy.\nconst newManagedPolicy = new iam.ManagedPolicy(this, 'MyNewManagedPolicy', {\n document: customPolicyDocument,\n});\nconst newPolicy = new iam.Policy(this, 'MyNewPolicy', {\n document: customPolicyDocument,\n});",
9487 "stability": "stable",
9488 "summary": "Properties for defining an IAM managed policy."
9489 },
9490 "fqn": "@aws-cdk/aws-iam.ManagedPolicyProps",
9491 "kind": "interface",
9492 "locationInModule": {
9493 "filename": "lib/managed-policy.ts",
9494 "line": 25
9495 },
9496 "name": "ManagedPolicyProps",
9497 "properties": [
9498 {
9499 "abstract": true,
9500 "docs": {
9501 "default": "- empty",
9502 "remarks": "Typically used to store information about the\npermissions defined in the policy. For example, \"Grants access to production DynamoDB tables.\"\nThe policy description is immutable. After a value is assigned, it cannot be changed.",
9503 "stability": "stable",
9504 "summary": "A description of the managed policy."
9505 },
9506 "immutable": true,
9507 "locationInModule": {
9508 "filename": "lib/managed-policy.ts",
9509 "line": 42
9510 },
9511 "name": "description",
9512 "optional": true,
9513 "type": {
9514 "primitive": "string"
9515 }
9516 },
9517 {
9518 "abstract": true,
9519 "docs": {
9520 "default": "- An empty policy.",
9521 "remarks": "If omited, any\n`PolicyStatement` provided in the `statements` property will be applied\nagainst the empty default `PolicyDocument`.",
9522 "stability": "stable",
9523 "summary": "Initial PolicyDocument to use for this ManagedPolicy."
9524 },
9525 "immutable": true,
9526 "locationInModule": {
9527 "filename": "lib/managed-policy.ts",
9528 "line": 95
9529 },
9530 "name": "document",
9531 "optional": true,
9532 "type": {
9533 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
9534 }
9535 },
9536 {
9537 "abstract": true,
9538 "docs": {
9539 "default": "- No groups.",
9540 "remarks": "You can also use `attachToGroup(group)` to attach this policy to a group.",
9541 "stability": "stable",
9542 "summary": "Groups to attach this policy to."
9543 },
9544 "immutable": true,
9545 "locationInModule": {
9546 "filename": "lib/managed-policy.ts",
9547 "line": 78
9548 },
9549 "name": "groups",
9550 "optional": true,
9551 "type": {
9552 "collection": {
9553 "elementtype": {
9554 "fqn": "@aws-cdk/aws-iam.IGroup"
9555 },
9556 "kind": "array"
9557 }
9558 }
9559 },
9560 {
9561 "abstract": true,
9562 "docs": {
9563 "default": "- A name is automatically generated.",
9564 "remarks": "If you specify multiple policies for an entity,\nspecify unique names. For example, if you specify a list of policies for\nan IAM role, each policy must have a unique name.",
9565 "stability": "stable",
9566 "summary": "The name of the managed policy."
9567 },
9568 "immutable": true,
9569 "locationInModule": {
9570 "filename": "lib/managed-policy.ts",
9571 "line": 33
9572 },
9573 "name": "managedPolicyName",
9574 "optional": true,
9575 "type": {
9576 "primitive": "string"
9577 }
9578 },
9579 {
9580 "abstract": true,
9581 "docs": {
9582 "default": "- \"/\"",
9583 "remarks": "This parameter allows (through its regex pattern) a string of characters\nconsisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes.\nIn addition, it can contain any ASCII character from the ! (\\u0021) through the DEL character (\\u007F),\nincluding most punctuation characters, digits, and upper and lowercased letters.\n\nFor more information about paths, see IAM Identifiers in the IAM User Guide.",
9584 "stability": "stable",
9585 "summary": "The path for the policy."
9586 },
9587 "immutable": true,
9588 "locationInModule": {
9589 "filename": "lib/managed-policy.ts",
9590 "line": 54
9591 },
9592 "name": "path",
9593 "optional": true,
9594 "type": {
9595 "primitive": "string"
9596 }
9597 },
9598 {
9599 "abstract": true,
9600 "docs": {
9601 "default": "- No roles.",
9602 "remarks": "You can also use `attachToRole(role)` to attach this policy to a role.",
9603 "stability": "stable",
9604 "summary": "Roles to attach this policy to."
9605 },
9606 "immutable": true,
9607 "locationInModule": {
9608 "filename": "lib/managed-policy.ts",
9609 "line": 70
9610 },
9611 "name": "roles",
9612 "optional": true,
9613 "type": {
9614 "collection": {
9615 "elementtype": {
9616 "fqn": "@aws-cdk/aws-iam.IRole"
9617 },
9618 "kind": "array"
9619 }
9620 }
9621 },
9622 {
9623 "abstract": true,
9624 "docs": {
9625 "default": "- No statements.",
9626 "remarks": "You can also use `addPermission(statement)` to add permissions later.",
9627 "stability": "stable",
9628 "summary": "Initial set of permissions to add to this policy document."
9629 },
9630 "immutable": true,
9631 "locationInModule": {
9632 "filename": "lib/managed-policy.ts",
9633 "line": 86
9634 },
9635 "name": "statements",
9636 "optional": true,
9637 "type": {
9638 "collection": {
9639 "elementtype": {
9640 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
9641 },
9642 "kind": "array"
9643 }
9644 }
9645 },
9646 {
9647 "abstract": true,
9648 "docs": {
9649 "default": "- No users.",
9650 "remarks": "You can also use `attachToUser(user)` to attach this policy to a user.",
9651 "stability": "stable",
9652 "summary": "Users to attach this policy to."
9653 },
9654 "immutable": true,
9655 "locationInModule": {
9656 "filename": "lib/managed-policy.ts",
9657 "line": 62
9658 },
9659 "name": "users",
9660 "optional": true,
9661 "type": {
9662 "collection": {
9663 "elementtype": {
9664 "fqn": "@aws-cdk/aws-iam.IUser"
9665 },
9666 "kind": "array"
9667 }
9668 }
9669 }
9670 ],
9671 "symbolId": "lib/managed-policy:ManagedPolicyProps"
9672 },
9673 "@aws-cdk/aws-iam.OpenIdConnectPrincipal": {
9674 "assembly": "@aws-cdk/aws-iam",
9675 "base": "@aws-cdk/aws-iam.WebIdentityPrincipal",
9676 "docs": {
9677 "custom": {
9678 "exampleMetadata": "infused"
9679 },
9680 "example": "const provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});\nconst principal = new iam.OpenIdConnectPrincipal(provider);",
9681 "stability": "stable",
9682 "summary": "A principal that represents a federated identity provider as from a OpenID Connect provider."
9683 },
9684 "fqn": "@aws-cdk/aws-iam.OpenIdConnectPrincipal",
9685 "initializer": {
9686 "docs": {
9687 "stability": "stable"
9688 },
9689 "locationInModule": {
9690 "filename": "lib/principals.ts",
9691 "line": 580
9692 },
9693 "parameters": [
9694 {
9695 "docs": {
9696 "summary": "OpenID Connect provider."
9697 },
9698 "name": "openIdConnectProvider",
9699 "type": {
9700 "fqn": "@aws-cdk/aws-iam.IOpenIdConnectProvider"
9701 }
9702 },
9703 {
9704 "docs": {
9705 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
9706 "summary": "The conditions under which the policy is in effect."
9707 },
9708 "name": "conditions",
9709 "optional": true,
9710 "type": {
9711 "collection": {
9712 "elementtype": {
9713 "primitive": "any"
9714 },
9715 "kind": "map"
9716 }
9717 }
9718 }
9719 ]
9720 },
9721 "kind": "class",
9722 "locationInModule": {
9723 "filename": "lib/principals.ts",
9724 "line": 572
9725 },
9726 "methods": [
9727 {
9728 "docs": {
9729 "stability": "stable",
9730 "summary": "Returns a string representation of an object."
9731 },
9732 "locationInModule": {
9733 "filename": "lib/principals.ts",
9734 "line": 588
9735 },
9736 "name": "toString",
9737 "overrides": "@aws-cdk/aws-iam.WebIdentityPrincipal",
9738 "returns": {
9739 "type": {
9740 "primitive": "string"
9741 }
9742 }
9743 }
9744 ],
9745 "name": "OpenIdConnectPrincipal",
9746 "properties": [
9747 {
9748 "docs": {
9749 "stability": "stable",
9750 "summary": "Return the policy fragment that identifies this principal in a Policy."
9751 },
9752 "immutable": true,
9753 "locationInModule": {
9754 "filename": "lib/principals.ts",
9755 "line": 584
9756 },
9757 "name": "policyFragment",
9758 "overrides": "@aws-cdk/aws-iam.WebIdentityPrincipal",
9759 "type": {
9760 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
9761 }
9762 }
9763 ],
9764 "symbolId": "lib/principals:OpenIdConnectPrincipal"
9765 },
9766 "@aws-cdk/aws-iam.OpenIdConnectProvider": {
9767 "assembly": "@aws-cdk/aws-iam",
9768 "base": "@aws-cdk/core.Resource",
9769 "docs": {
9770 "custom": {
9771 "exampleMetadata": "infused",
9772 "resource": "AWS::CloudFormation::CustomResource"
9773 },
9774 "example": "const provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});",
9775 "remarks": "You use an IAM OIDC identity provider\nwhen you want to establish trust between an OIDC-compatible IdP and your AWS\naccount. This is useful when creating a mobile app or web application that\nrequires access to AWS resources, but you don't want to create custom sign-in\ncode or manage your own user identities.",
9776 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html",
9777 "stability": "stable",
9778 "summary": "IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce."
9779 },
9780 "fqn": "@aws-cdk/aws-iam.OpenIdConnectProvider",
9781 "initializer": {
9782 "docs": {
9783 "stability": "stable",
9784 "summary": "Defines an OpenID Connect provider."
9785 },
9786 "locationInModule": {
9787 "filename": "lib/oidc-provider.ts",
9788 "line": 135
9789 },
9790 "parameters": [
9791 {
9792 "docs": {
9793 "summary": "The definition scope."
9794 },
9795 "name": "scope",
9796 "type": {
9797 "fqn": "constructs.Construct"
9798 }
9799 },
9800 {
9801 "docs": {
9802 "summary": "Construct ID."
9803 },
9804 "name": "id",
9805 "type": {
9806 "primitive": "string"
9807 }
9808 },
9809 {
9810 "docs": {
9811 "summary": "Initialization properties."
9812 },
9813 "name": "props",
9814 "type": {
9815 "fqn": "@aws-cdk/aws-iam.OpenIdConnectProviderProps"
9816 }
9817 }
9818 ]
9819 },
9820 "interfaces": [
9821 "@aws-cdk/aws-iam.IOpenIdConnectProvider"
9822 ],
9823 "kind": "class",
9824 "locationInModule": {
9825 "filename": "lib/oidc-provider.ts",
9826 "line": 104
9827 },
9828 "methods": [
9829 {
9830 "docs": {
9831 "stability": "stable",
9832 "summary": "Imports an Open ID connect provider from an ARN."
9833 },
9834 "locationInModule": {
9835 "filename": "lib/oidc-provider.ts",
9836 "line": 111
9837 },
9838 "name": "fromOpenIdConnectProviderArn",
9839 "parameters": [
9840 {
9841 "docs": {
9842 "summary": "The definition scope."
9843 },
9844 "name": "scope",
9845 "type": {
9846 "fqn": "constructs.Construct"
9847 }
9848 },
9849 {
9850 "docs": {
9851 "summary": "ID of the construct."
9852 },
9853 "name": "id",
9854 "type": {
9855 "primitive": "string"
9856 }
9857 },
9858 {
9859 "docs": {
9860 "summary": "the ARN to import."
9861 },
9862 "name": "openIdConnectProviderArn",
9863 "type": {
9864 "primitive": "string"
9865 }
9866 }
9867 ],
9868 "returns": {
9869 "type": {
9870 "fqn": "@aws-cdk/aws-iam.IOpenIdConnectProvider"
9871 }
9872 },
9873 "static": true
9874 }
9875 ],
9876 "name": "OpenIdConnectProvider",
9877 "properties": [
9878 {
9879 "docs": {
9880 "stability": "stable",
9881 "summary": "The Amazon Resource Name (ARN) of the IAM OpenID Connect provider."
9882 },
9883 "immutable": true,
9884 "locationInModule": {
9885 "filename": "lib/oidc-provider.ts",
9886 "line": 125
9887 },
9888 "name": "openIdConnectProviderArn",
9889 "overrides": "@aws-cdk/aws-iam.IOpenIdConnectProvider",
9890 "type": {
9891 "primitive": "string"
9892 }
9893 },
9894 {
9895 "docs": {
9896 "stability": "stable",
9897 "summary": "The issuer for OIDC Provider."
9898 },
9899 "immutable": true,
9900 "locationInModule": {
9901 "filename": "lib/oidc-provider.ts",
9902 "line": 127
9903 },
9904 "name": "openIdConnectProviderIssuer",
9905 "overrides": "@aws-cdk/aws-iam.IOpenIdConnectProvider",
9906 "type": {
9907 "primitive": "string"
9908 }
9909 }
9910 ],
9911 "symbolId": "lib/oidc-provider:OpenIdConnectProvider"
9912 },
9913 "@aws-cdk/aws-iam.OpenIdConnectProviderProps": {
9914 "assembly": "@aws-cdk/aws-iam",
9915 "datatype": true,
9916 "docs": {
9917 "custom": {
9918 "exampleMetadata": "infused"
9919 },
9920 "example": "const provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});",
9921 "stability": "stable",
9922 "summary": "Initialization properties for `OpenIdConnectProvider`."
9923 },
9924 "fqn": "@aws-cdk/aws-iam.OpenIdConnectProviderProps",
9925 "kind": "interface",
9926 "locationInModule": {
9927 "filename": "lib/oidc-provider.ts",
9928 "line": 34
9929 },
9930 "name": "OpenIdConnectProviderProps",
9931 "properties": [
9932 {
9933 "abstract": true,
9934 "docs": {
9935 "remarks": "The URL must begin with https:// and\nshould correspond to the iss claim in the provider's OpenID Connect ID\ntokens. Per the OIDC standard, path components are allowed but query\nparameters are not. Typically the URL consists of only a hostname, like\nhttps://server.example.org or https://example.com.\n\nYou cannot register the same provider multiple times in a single AWS\naccount. If you try to submit a URL that has already been used for an\nOpenID Connect provider in the AWS account, you will get an error.",
9936 "stability": "stable",
9937 "summary": "The URL of the identity provider."
9938 },
9939 "immutable": true,
9940 "locationInModule": {
9941 "filename": "lib/oidc-provider.ts",
9942 "line": 46
9943 },
9944 "name": "url",
9945 "type": {
9946 "primitive": "string"
9947 }
9948 },
9949 {
9950 "abstract": true,
9951 "docs": {
9952 "default": "- no clients are allowed",
9953 "remarks": "When a mobile or web app\nregisters with an OpenID Connect provider, they establish a value that\nidentifies the application. (This is the value that's sent as the client_id\nparameter on OAuth requests.)\n\nYou can register multiple client IDs with the same provider. For example,\nyou might have multiple applications that use the same OIDC provider. You\ncannot register more than 100 client IDs with a single IAM OIDC provider.\n\nClient IDs are up to 255 characters long.",
9954 "stability": "stable",
9955 "summary": "A list of client IDs (also known as audiences)."
9956 },
9957 "immutable": true,
9958 "locationInModule": {
9959 "filename": "lib/oidc-provider.ts",
9960 "line": 62
9961 },
9962 "name": "clientIds",
9963 "optional": true,
9964 "type": {
9965 "collection": {
9966 "elementtype": {
9967 "primitive": "string"
9968 },
9969 "kind": "array"
9970 }
9971 }
9972 },
9973 {
9974 "abstract": true,
9975 "docs": {
9976 "default": "- If no thumbprints are specified (an empty array or `undefined`),\nthe thumbprint of the root certificate authority will be obtained from the\nprovider's server as described in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html",
9977 "remarks": "Typically this list includes only one entry. However, IAM lets you have up\nto five thumbprints for an OIDC provider. This lets you maintain multiple\nthumbprints if the identity provider is rotating certificates.\n\nThe server certificate thumbprint is the hex-encoded SHA-1 hash value of\nthe X.509 certificate used by the domain where the OpenID Connect provider\nmakes its keys available. It is always a 40-character string.\n\nYou must provide at least one thumbprint when creating an IAM OIDC\nprovider. For example, assume that the OIDC provider is server.example.com\nand the provider stores its keys at\nhttps://keys.server.example.com/openid-connect. In that case, the\nthumbprint string would be the hex-encoded SHA-1 hash value of the\ncertificate used by https://keys.server.example.com.",
9978 "stability": "stable",
9979 "summary": "A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificates."
9980 },
9981 "immutable": true,
9982 "locationInModule": {
9983 "filename": "lib/oidc-provider.ts",
9984 "line": 87
9985 },
9986 "name": "thumbprints",
9987 "optional": true,
9988 "type": {
9989 "collection": {
9990 "elementtype": {
9991 "primitive": "string"
9992 },
9993 "kind": "array"
9994 }
9995 }
9996 }
9997 ],
9998 "symbolId": "lib/oidc-provider:OpenIdConnectProviderProps"
9999 },
10000 "@aws-cdk/aws-iam.OrganizationPrincipal": {
10001 "assembly": "@aws-cdk/aws-iam",
10002 "base": "@aws-cdk/aws-iam.PrincipalBase",
10003 "docs": {
10004 "stability": "stable",
10005 "summary": "A principal that represents an AWS Organization.",
10006 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst organizationPrincipal = new iam.OrganizationPrincipal('organizationId');",
10007 "custom": {
10008 "exampleMetadata": "fixture=_generated"
10009 }
10010 },
10011 "fqn": "@aws-cdk/aws-iam.OrganizationPrincipal",
10012 "initializer": {
10013 "docs": {
10014 "stability": "stable"
10015 },
10016 "locationInModule": {
10017 "filename": "lib/principals.ts",
10018 "line": 458
10019 },
10020 "parameters": [
10021 {
10022 "docs": {
10023 "summary": "The unique identifier (ID) of an organization (i.e. o-12345abcde)."
10024 },
10025 "name": "organizationId",
10026 "type": {
10027 "primitive": "string"
10028 }
10029 }
10030 ]
10031 },
10032 "kind": "class",
10033 "locationInModule": {
10034 "filename": "lib/principals.ts",
10035 "line": 453
10036 },
10037 "methods": [
10038 {
10039 "docs": {
10040 "stability": "stable",
10041 "summary": "Returns a string representation of an object."
10042 },
10043 "locationInModule": {
10044 "filename": "lib/principals.ts",
10045 "line": 469
10046 },
10047 "name": "toString",
10048 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
10049 "returns": {
10050 "type": {
10051 "primitive": "string"
10052 }
10053 }
10054 }
10055 ],
10056 "name": "OrganizationPrincipal",
10057 "properties": [
10058 {
10059 "docs": {
10060 "stability": "stable",
10061 "summary": "The unique identifier (ID) of an organization (i.e. o-12345abcde)."
10062 },
10063 "immutable": true,
10064 "locationInModule": {
10065 "filename": "lib/principals.ts",
10066 "line": 458
10067 },
10068 "name": "organizationId",
10069 "type": {
10070 "primitive": "string"
10071 }
10072 },
10073 {
10074 "docs": {
10075 "stability": "stable",
10076 "summary": "Return the policy fragment that identifies this principal in a Policy."
10077 },
10078 "immutable": true,
10079 "locationInModule": {
10080 "filename": "lib/principals.ts",
10081 "line": 462
10082 },
10083 "name": "policyFragment",
10084 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
10085 "type": {
10086 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
10087 }
10088 }
10089 ],
10090 "symbolId": "lib/principals:OrganizationPrincipal"
10091 },
10092 "@aws-cdk/aws-iam.PermissionsBoundary": {
10093 "assembly": "@aws-cdk/aws-iam",
10094 "docs": {
10095 "custom": {
10096 "exampleMetadata": "infused"
10097 },
10098 "example": "declare const project: codebuild.Project;\niam.PermissionsBoundary.of(project).apply(new codebuild.UntrustedCodeBoundaryPolicy(this, 'Boundary'));",
10099 "remarks": "```ts\nconst policy = iam.ManagedPolicy.fromAwsManagedPolicyName('ReadOnlyAccess');\niam.PermissionsBoundary.of(this).apply(policy);\n```",
10100 "stability": "stable",
10101 "summary": "Modify the Permissions Boundaries of Users and Roles in a construct tree."
10102 },
10103 "fqn": "@aws-cdk/aws-iam.PermissionsBoundary",
10104 "kind": "class",
10105 "locationInModule": {
10106 "filename": "lib/permissions-boundary.ts",
10107 "line": 14
10108 },
10109 "methods": [
10110 {
10111 "docs": {
10112 "stability": "stable",
10113 "summary": "Access the Permissions Boundaries of a construct tree."
10114 },
10115 "locationInModule": {
10116 "filename": "lib/permissions-boundary.ts",
10117 "line": 18
10118 },
10119 "name": "of",
10120 "parameters": [
10121 {
10122 "name": "scope",
10123 "type": {
10124 "fqn": "constructs.IConstruct"
10125 }
10126 }
10127 ],
10128 "returns": {
10129 "type": {
10130 "fqn": "@aws-cdk/aws-iam.PermissionsBoundary"
10131 }
10132 },
10133 "static": true
10134 },
10135 {
10136 "docs": {
10137 "remarks": "Will override any Permissions Boundaries configured previously; in case\na Permission Boundary is applied in multiple scopes, the Boundary applied\nclosest to the Role wins.",
10138 "stability": "stable",
10139 "summary": "Apply the given policy as Permissions Boundary to all Roles and Users in the scope."
10140 },
10141 "locationInModule": {
10142 "filename": "lib/permissions-boundary.ts",
10143 "line": 33
10144 },
10145 "name": "apply",
10146 "parameters": [
10147 {
10148 "name": "boundaryPolicy",
10149 "type": {
10150 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
10151 }
10152 }
10153 ]
10154 },
10155 {
10156 "docs": {
10157 "stability": "stable",
10158 "summary": "Remove previously applied Permissions Boundaries."
10159 },
10160 "locationInModule": {
10161 "filename": "lib/permissions-boundary.ts",
10162 "line": 49
10163 },
10164 "name": "clear"
10165 }
10166 ],
10167 "name": "PermissionsBoundary",
10168 "symbolId": "lib/permissions-boundary:PermissionsBoundary"
10169 },
10170 "@aws-cdk/aws-iam.Policy": {
10171 "assembly": "@aws-cdk/aws-iam",
10172 "base": "@aws-cdk/core.Resource",
10173 "docs": {
10174 "custom": {
10175 "exampleMetadata": "infused"
10176 },
10177 "example": "declare const postAuthFn: lambda.Function;\n\nconst userpool = new cognito.UserPool(this, 'myuserpool', {\n lambdaTriggers: {\n postAuthentication: postAuthFn,\n },\n});\n\n// provide permissions to describe the user pool scoped to the ARN the user pool\npostAuthFn.role?.attachInlinePolicy(new iam.Policy(this, 'userpool-policy', {\n statements: [new iam.PolicyStatement({\n actions: ['cognito-idp:DescribeUserPool'],\n resources: [userpool.userPoolArn],\n })],\n}));",
10178 "remarks": "For more information about IAM policies, see [Overview of IAM\nPolicies](http://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html)\nin the IAM User Guide guide.",
10179 "stability": "stable",
10180 "summary": "The AWS::IAM::Policy resource associates an IAM policy with IAM users, roles, or groups."
10181 },
10182 "fqn": "@aws-cdk/aws-iam.Policy",
10183 "initializer": {
10184 "docs": {
10185 "stability": "stable"
10186 },
10187 "locationInModule": {
10188 "filename": "lib/policy.ts",
10189 "line": 128
10190 },
10191 "parameters": [
10192 {
10193 "name": "scope",
10194 "type": {
10195 "fqn": "constructs.Construct"
10196 }
10197 },
10198 {
10199 "name": "id",
10200 "type": {
10201 "primitive": "string"
10202 }
10203 },
10204 {
10205 "name": "props",
10206 "optional": true,
10207 "type": {
10208 "fqn": "@aws-cdk/aws-iam.PolicyProps"
10209 }
10210 }
10211 ]
10212 },
10213 "interfaces": [
10214 "@aws-cdk/aws-iam.IPolicy"
10215 ],
10216 "kind": "class",
10217 "locationInModule": {
10218 "filename": "lib/policy.ts",
10219 "line": 103
10220 },
10221 "methods": [
10222 {
10223 "docs": {
10224 "stability": "stable",
10225 "summary": "Import a policy in this app based on its name."
10226 },
10227 "locationInModule": {
10228 "filename": "lib/policy.ts",
10229 "line": 108
10230 },
10231 "name": "fromPolicyName",
10232 "parameters": [
10233 {
10234 "name": "scope",
10235 "type": {
10236 "fqn": "constructs.Construct"
10237 }
10238 },
10239 {
10240 "name": "id",
10241 "type": {
10242 "primitive": "string"
10243 }
10244 },
10245 {
10246 "name": "policyName",
10247 "type": {
10248 "primitive": "string"
10249 }
10250 }
10251 ],
10252 "returns": {
10253 "type": {
10254 "fqn": "@aws-cdk/aws-iam.IPolicy"
10255 }
10256 },
10257 "static": true
10258 },
10259 {
10260 "docs": {
10261 "stability": "stable",
10262 "summary": "Adds a statement to the policy document."
10263 },
10264 "locationInModule": {
10265 "filename": "lib/policy.ts",
10266 "line": 185
10267 },
10268 "name": "addStatements",
10269 "parameters": [
10270 {
10271 "name": "statement",
10272 "type": {
10273 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
10274 },
10275 "variadic": true
10276 }
10277 ],
10278 "variadic": true
10279 },
10280 {
10281 "docs": {
10282 "stability": "stable",
10283 "summary": "Attaches this policy to a group."
10284 },
10285 "locationInModule": {
10286 "filename": "lib/policy.ts",
10287 "line": 210
10288 },
10289 "name": "attachToGroup",
10290 "parameters": [
10291 {
10292 "name": "group",
10293 "type": {
10294 "fqn": "@aws-cdk/aws-iam.IGroup"
10295 }
10296 }
10297 ]
10298 },
10299 {
10300 "docs": {
10301 "stability": "stable",
10302 "summary": "Attaches this policy to a role."
10303 },
10304 "locationInModule": {
10305 "filename": "lib/policy.ts",
10306 "line": 201
10307 },
10308 "name": "attachToRole",
10309 "parameters": [
10310 {
10311 "name": "role",
10312 "type": {
10313 "fqn": "@aws-cdk/aws-iam.IRole"
10314 }
10315 }
10316 ]
10317 },
10318 {
10319 "docs": {
10320 "stability": "stable",
10321 "summary": "Attaches this policy to a user."
10322 },
10323 "locationInModule": {
10324 "filename": "lib/policy.ts",
10325 "line": 192
10326 },
10327 "name": "attachToUser",
10328 "parameters": [
10329 {
10330 "name": "user",
10331 "type": {
10332 "fqn": "@aws-cdk/aws-iam.IUser"
10333 }
10334 }
10335 ]
10336 },
10337 {
10338 "docs": {
10339 "remarks": "This method can be implemented by derived constructs in order to perform\nvalidation logic. It is called on all constructs before synthesis.",
10340 "stability": "stable",
10341 "summary": "Validate the current construct."
10342 },
10343 "locationInModule": {
10344 "filename": "lib/policy.ts",
10345 "line": 226
10346 },
10347 "name": "validate",
10348 "overrides": "@aws-cdk/core.Construct",
10349 "protected": true,
10350 "returns": {
10351 "type": {
10352 "collection": {
10353 "elementtype": {
10354 "primitive": "string"
10355 },
10356 "kind": "array"
10357 }
10358 }
10359 }
10360 }
10361 ],
10362 "name": "Policy",
10363 "properties": [
10364 {
10365 "docs": {
10366 "stability": "stable",
10367 "summary": "The policy document."
10368 },
10369 "immutable": true,
10370 "locationInModule": {
10371 "filename": "lib/policy.ts",
10372 "line": 119
10373 },
10374 "name": "document",
10375 "type": {
10376 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
10377 }
10378 },
10379 {
10380 "docs": {
10381 "custom": {
10382 "attribute": "true"
10383 },
10384 "stability": "stable",
10385 "summary": "The name of this policy."
10386 },
10387 "immutable": true,
10388 "locationInModule": {
10389 "filename": "lib/policy.ts",
10390 "line": 221
10391 },
10392 "name": "policyName",
10393 "overrides": "@aws-cdk/aws-iam.IPolicy",
10394 "type": {
10395 "primitive": "string"
10396 }
10397 }
10398 ],
10399 "symbolId": "lib/policy:Policy"
10400 },
10401 "@aws-cdk/aws-iam.PolicyDocument": {
10402 "assembly": "@aws-cdk/aws-iam",
10403 "docs": {
10404 "custom": {
10405 "exampleMetadata": "infused"
10406 },
10407 "example": "const myTrustedAdminRole = iam.Role.fromRoleArn(this, 'TrustedRole', 'arn:aws:iam:....');\n// Creates a limited admin policy and assigns to the account root.\nconst myCustomPolicy = new iam.PolicyDocument({\n statements: [new iam.PolicyStatement({\n actions: [\n 'kms:Create*',\n 'kms:Describe*',\n 'kms:Enable*',\n 'kms:List*',\n 'kms:Put*',\n ],\n principals: [new iam.AccountRootPrincipal()],\n resources: ['*'],\n })],\n});\nconst key = new kms.Key(this, 'MyKey', {\n policy: myCustomPolicy,\n});",
10408 "stability": "stable",
10409 "summary": "A PolicyDocument is a collection of statements."
10410 },
10411 "fqn": "@aws-cdk/aws-iam.PolicyDocument",
10412 "initializer": {
10413 "docs": {
10414 "stability": "stable"
10415 },
10416 "locationInModule": {
10417 "filename": "lib/policy-document.ts",
10418 "line": 68
10419 },
10420 "parameters": [
10421 {
10422 "name": "props",
10423 "optional": true,
10424 "type": {
10425 "fqn": "@aws-cdk/aws-iam.PolicyDocumentProps"
10426 }
10427 }
10428 ]
10429 },
10430 "interfaces": [
10431 "@aws-cdk/core.IResolvable"
10432 ],
10433 "kind": "class",
10434 "locationInModule": {
10435 "filename": "lib/policy-document.ts",
10436 "line": 46
10437 },
10438 "methods": [
10439 {
10440 "docs": {
10441 "remarks": "This will accept an object created from the `.toJSON()` call",
10442 "stability": "stable",
10443 "summary": "Creates a new PolicyDocument based on the object provided."
10444 },
10445 "locationInModule": {
10446 "filename": "lib/policy-document.ts",
10447 "line": 53
10448 },
10449 "name": "fromJson",
10450 "parameters": [
10451 {
10452 "docs": {
10453 "summary": "the PolicyDocument in object form."
10454 },
10455 "name": "obj",
10456 "type": {
10457 "primitive": "any"
10458 }
10459 }
10460 ],
10461 "returns": {
10462 "type": {
10463 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
10464 }
10465 },
10466 "static": true
10467 },
10468 {
10469 "docs": {
10470 "stability": "stable",
10471 "summary": "Adds a statement to the policy document."
10472 },
10473 "locationInModule": {
10474 "filename": "lib/policy-document.ts",
10475 "line": 104
10476 },
10477 "name": "addStatements",
10478 "parameters": [
10479 {
10480 "docs": {
10481 "summary": "the statement to add."
10482 },
10483 "name": "statement",
10484 "type": {
10485 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
10486 },
10487 "variadic": true
10488 }
10489 ],
10490 "variadic": true
10491 },
10492 {
10493 "docs": {
10494 "stability": "stable",
10495 "summary": "Produce the Token's value at resolution time."
10496 },
10497 "locationInModule": {
10498 "filename": "lib/policy-document.ts",
10499 "line": 76
10500 },
10501 "name": "resolve",
10502 "overrides": "@aws-cdk/core.IResolvable",
10503 "parameters": [
10504 {
10505 "name": "context",
10506 "type": {
10507 "fqn": "@aws-cdk/core.IResolveContext"
10508 }
10509 }
10510 ],
10511 "returns": {
10512 "type": {
10513 "primitive": "any"
10514 }
10515 }
10516 },
10517 {
10518 "docs": {
10519 "remarks": "Used when JSON.stringify() is called",
10520 "stability": "stable",
10521 "summary": "JSON-ify the document."
10522 },
10523 "locationInModule": {
10524 "filename": "lib/policy-document.ts",
10525 "line": 122
10526 },
10527 "name": "toJSON",
10528 "returns": {
10529 "type": {
10530 "primitive": "any"
10531 }
10532 }
10533 },
10534 {
10535 "docs": {
10536 "stability": "stable",
10537 "summary": "Encode the policy document as a string."
10538 },
10539 "locationInModule": {
10540 "filename": "lib/policy-document.ts",
10541 "line": 111
10542 },
10543 "name": "toString",
10544 "overrides": "@aws-cdk/core.IResolvable",
10545 "returns": {
10546 "type": {
10547 "primitive": "string"
10548 }
10549 }
10550 },
10551 {
10552 "docs": {
10553 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json",
10554 "stability": "stable",
10555 "summary": "Validate that all policy statements in the policy document satisfies the requirements for any policy."
10556 },
10557 "locationInModule": {
10558 "filename": "lib/policy-document.ts",
10559 "line": 132
10560 },
10561 "name": "validateForAnyPolicy",
10562 "returns": {
10563 "type": {
10564 "collection": {
10565 "elementtype": {
10566 "primitive": "string"
10567 },
10568 "kind": "array"
10569 }
10570 }
10571 }
10572 },
10573 {
10574 "docs": {
10575 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json",
10576 "stability": "stable",
10577 "summary": "Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy."
10578 },
10579 "locationInModule": {
10580 "filename": "lib/policy-document.ts",
10581 "line": 160
10582 },
10583 "name": "validateForIdentityPolicy",
10584 "returns": {
10585 "type": {
10586 "collection": {
10587 "elementtype": {
10588 "primitive": "string"
10589 },
10590 "kind": "array"
10591 }
10592 }
10593 }
10594 },
10595 {
10596 "docs": {
10597 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json",
10598 "stability": "stable",
10599 "summary": "Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy."
10600 },
10601 "locationInModule": {
10602 "filename": "lib/policy-document.ts",
10603 "line": 146
10604 },
10605 "name": "validateForResourcePolicy",
10606 "returns": {
10607 "type": {
10608 "collection": {
10609 "elementtype": {
10610 "primitive": "string"
10611 },
10612 "kind": "array"
10613 }
10614 }
10615 }
10616 }
10617 ],
10618 "name": "PolicyDocument",
10619 "properties": [
10620 {
10621 "docs": {
10622 "remarks": "This may return an array with a single informational element indicating how\nto get this property populated, if it was skipped for performance reasons.",
10623 "stability": "stable",
10624 "summary": "The creation stack of this resolvable which will be appended to errors thrown during resolution."
10625 },
10626 "immutable": true,
10627 "locationInModule": {
10628 "filename": "lib/policy-document.ts",
10629 "line": 63
10630 },
10631 "name": "creationStack",
10632 "overrides": "@aws-cdk/core.IResolvable",
10633 "type": {
10634 "collection": {
10635 "elementtype": {
10636 "primitive": "string"
10637 },
10638 "kind": "array"
10639 }
10640 }
10641 },
10642 {
10643 "docs": {
10644 "stability": "stable",
10645 "summary": "Whether the policy document contains any statements."
10646 },
10647 "immutable": true,
10648 "locationInModule": {
10649 "filename": "lib/policy-document.ts",
10650 "line": 87
10651 },
10652 "name": "isEmpty",
10653 "type": {
10654 "primitive": "boolean"
10655 }
10656 },
10657 {
10658 "docs": {
10659 "remarks": "Can be used, for example, to generate unique \"sid\"s within the policy.",
10660 "stability": "stable",
10661 "summary": "The number of statements already added to this policy."
10662 },
10663 "immutable": true,
10664 "locationInModule": {
10665 "filename": "lib/policy-document.ts",
10666 "line": 95
10667 },
10668 "name": "statementCount",
10669 "type": {
10670 "primitive": "number"
10671 }
10672 }
10673 ],
10674 "symbolId": "lib/policy-document:PolicyDocument"
10675 },
10676 "@aws-cdk/aws-iam.PolicyDocumentProps": {
10677 "assembly": "@aws-cdk/aws-iam",
10678 "datatype": true,
10679 "docs": {
10680 "custom": {
10681 "exampleMetadata": "infused"
10682 },
10683 "example": "const myTrustedAdminRole = iam.Role.fromRoleArn(this, 'TrustedRole', 'arn:aws:iam:....');\n// Creates a limited admin policy and assigns to the account root.\nconst myCustomPolicy = new iam.PolicyDocument({\n statements: [new iam.PolicyStatement({\n actions: [\n 'kms:Create*',\n 'kms:Describe*',\n 'kms:Enable*',\n 'kms:List*',\n 'kms:Put*',\n ],\n principals: [new iam.AccountRootPrincipal()],\n resources: ['*'],\n })],\n});\nconst key = new kms.Key(this, 'MyKey', {\n policy: myCustomPolicy,\n});",
10684 "stability": "stable",
10685 "summary": "Properties for a new PolicyDocument."
10686 },
10687 "fqn": "@aws-cdk/aws-iam.PolicyDocumentProps",
10688 "kind": "interface",
10689 "locationInModule": {
10690 "filename": "lib/policy-document.ts",
10691 "line": 9
10692 },
10693 "name": "PolicyDocumentProps",
10694 "properties": [
10695 {
10696 "abstract": true,
10697 "docs": {
10698 "default": "false",
10699 "stability": "stable",
10700 "summary": "Automatically assign Statement Ids to all statements."
10701 },
10702 "immutable": true,
10703 "locationInModule": {
10704 "filename": "lib/policy-document.ts",
10705 "line": 15
10706 },
10707 "name": "assignSids",
10708 "optional": true,
10709 "type": {
10710 "primitive": "boolean"
10711 }
10712 },
10713 {
10714 "abstract": true,
10715 "docs": {
10716 "default": "- false, unless the feature flag `@aws-cdk/aws-iam:minimizePolicies` is set",
10717 "remarks": "To avoid overrunning the maximum policy size, combine statements if they produce\nthe same result. Merging happens according to the following rules:\n\n- The Effect of both statements is the same\n- Neither of the statements have a 'Sid'\n- Combine Principals if the rest of the statement is exactly the same.\n- Combine Resources if the rest of the statement is exactly the same.\n- Combine Actions if the rest of the statement is exactly the same.\n- We will never combine NotPrincipals, NotResources or NotActions, because doing\n so would change the meaning of the policy document.",
10718 "stability": "stable",
10719 "summary": "Try to minimize the policy by merging statements."
10720 },
10721 "immutable": true,
10722 "locationInModule": {
10723 "filename": "lib/policy-document.ts",
10724 "line": 40
10725 },
10726 "name": "minimize",
10727 "optional": true,
10728 "type": {
10729 "primitive": "boolean"
10730 }
10731 },
10732 {
10733 "abstract": true,
10734 "docs": {
10735 "default": "- No statements",
10736 "stability": "stable",
10737 "summary": "Initial statements to add to the policy document."
10738 },
10739 "immutable": true,
10740 "locationInModule": {
10741 "filename": "lib/policy-document.ts",
10742 "line": 22
10743 },
10744 "name": "statements",
10745 "optional": true,
10746 "type": {
10747 "collection": {
10748 "elementtype": {
10749 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
10750 },
10751 "kind": "array"
10752 }
10753 }
10754 }
10755 ],
10756 "symbolId": "lib/policy-document:PolicyDocumentProps"
10757 },
10758 "@aws-cdk/aws-iam.PolicyProps": {
10759 "assembly": "@aws-cdk/aws-iam",
10760 "datatype": true,
10761 "docs": {
10762 "custom": {
10763 "exampleMetadata": "infused"
10764 },
10765 "example": "declare const postAuthFn: lambda.Function;\n\nconst userpool = new cognito.UserPool(this, 'myuserpool', {\n lambdaTriggers: {\n postAuthentication: postAuthFn,\n },\n});\n\n// provide permissions to describe the user pool scoped to the ARN the user pool\npostAuthFn.role?.attachInlinePolicy(new iam.Policy(this, 'userpool-policy', {\n statements: [new iam.PolicyStatement({\n actions: ['cognito-idp:DescribeUserPool'],\n resources: [userpool.userPoolArn],\n })],\n}));",
10766 "stability": "stable",
10767 "summary": "Properties for defining an IAM inline policy document."
10768 },
10769 "fqn": "@aws-cdk/aws-iam.PolicyProps",
10770 "kind": "interface",
10771 "locationInModule": {
10772 "filename": "lib/policy.ts",
10773 "line": 28
10774 },
10775 "name": "PolicyProps",
10776 "properties": [
10777 {
10778 "abstract": true,
10779 "docs": {
10780 "default": "- An empty policy.",
10781 "remarks": "If omited, any\n`PolicyStatement` provided in the `statements` property will be applied\nagainst the empty default `PolicyDocument`.",
10782 "stability": "stable",
10783 "summary": "Initial PolicyDocument to use for this Policy."
10784 },
10785 "immutable": true,
10786 "locationInModule": {
10787 "filename": "lib/policy.ts",
10788 "line": 94
10789 },
10790 "name": "document",
10791 "optional": true,
10792 "type": {
10793 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
10794 }
10795 },
10796 {
10797 "abstract": true,
10798 "docs": {
10799 "default": "false",
10800 "remarks": "Unless set to `true`, this `Policy` construct will not materialize to an\n`AWS::IAM::Policy` CloudFormation resource in case it would have no effect\n(for example, if it remains unattached to an IAM identity or if it has no\nstatements). This is generally desired behavior, since it prevents\ncreating invalid--and hence undeployable--CloudFormation templates.\n\nIn cases where you know the policy must be created and it is actually\nan error if no statements have been added to it, you can set this to `true`.",
10801 "stability": "stable",
10802 "summary": "Force creation of an `AWS::IAM::Policy`."
10803 },
10804 "immutable": true,
10805 "locationInModule": {
10806 "filename": "lib/policy.ts",
10807 "line": 85
10808 },
10809 "name": "force",
10810 "optional": true,
10811 "type": {
10812 "primitive": "boolean"
10813 }
10814 },
10815 {
10816 "abstract": true,
10817 "docs": {
10818 "default": "- No groups.",
10819 "remarks": "You can also use `attachToGroup(group)` to attach this policy to a group.",
10820 "stability": "stable",
10821 "summary": "Groups to attach this policy to."
10822 },
10823 "immutable": true,
10824 "locationInModule": {
10825 "filename": "lib/policy.ts",
10826 "line": 61
10827 },
10828 "name": "groups",
10829 "optional": true,
10830 "type": {
10831 "collection": {
10832 "elementtype": {
10833 "fqn": "@aws-cdk/aws-iam.IGroup"
10834 },
10835 "kind": "array"
10836 }
10837 }
10838 },
10839 {
10840 "abstract": true,
10841 "docs": {
10842 "default": "- Uses the logical ID of the policy resource, which is ensured\nto be unique within the stack.",
10843 "remarks": "If you specify multiple policies for an entity,\nspecify unique names. For example, if you specify a list of policies for\nan IAM role, each policy must have a unique name.",
10844 "stability": "stable",
10845 "summary": "The name of the policy."
10846 },
10847 "immutable": true,
10848 "locationInModule": {
10849 "filename": "lib/policy.ts",
10850 "line": 37
10851 },
10852 "name": "policyName",
10853 "optional": true,
10854 "type": {
10855 "primitive": "string"
10856 }
10857 },
10858 {
10859 "abstract": true,
10860 "docs": {
10861 "default": "- No roles.",
10862 "remarks": "You can also use `attachToRole(role)` to attach this policy to a role.",
10863 "stability": "stable",
10864 "summary": "Roles to attach this policy to."
10865 },
10866 "immutable": true,
10867 "locationInModule": {
10868 "filename": "lib/policy.ts",
10869 "line": 53
10870 },
10871 "name": "roles",
10872 "optional": true,
10873 "type": {
10874 "collection": {
10875 "elementtype": {
10876 "fqn": "@aws-cdk/aws-iam.IRole"
10877 },
10878 "kind": "array"
10879 }
10880 }
10881 },
10882 {
10883 "abstract": true,
10884 "docs": {
10885 "default": "- No statements.",
10886 "remarks": "You can also use `addStatements(...statement)` to add permissions later.",
10887 "stability": "stable",
10888 "summary": "Initial set of permissions to add to this policy document."
10889 },
10890 "immutable": true,
10891 "locationInModule": {
10892 "filename": "lib/policy.ts",
10893 "line": 69
10894 },
10895 "name": "statements",
10896 "optional": true,
10897 "type": {
10898 "collection": {
10899 "elementtype": {
10900 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
10901 },
10902 "kind": "array"
10903 }
10904 }
10905 },
10906 {
10907 "abstract": true,
10908 "docs": {
10909 "default": "- No users.",
10910 "remarks": "You can also use `attachToUser(user)` to attach this policy to a user.",
10911 "stability": "stable",
10912 "summary": "Users to attach this policy to."
10913 },
10914 "immutable": true,
10915 "locationInModule": {
10916 "filename": "lib/policy.ts",
10917 "line": 45
10918 },
10919 "name": "users",
10920 "optional": true,
10921 "type": {
10922 "collection": {
10923 "elementtype": {
10924 "fqn": "@aws-cdk/aws-iam.IUser"
10925 },
10926 "kind": "array"
10927 }
10928 }
10929 }
10930 ],
10931 "symbolId": "lib/policy:PolicyProps"
10932 },
10933 "@aws-cdk/aws-iam.PolicyStatement": {
10934 "assembly": "@aws-cdk/aws-iam",
10935 "docs": {
10936 "custom": {
10937 "exampleMetadata": "lit=test/integ.vpc-endpoint.lit.ts infused"
10938 },
10939 "example": " // Add gateway endpoints when creating the VPC\n const vpc = new ec2.Vpc(this, 'MyVpc', {\n gatewayEndpoints: {\n S3: {\n service: ec2.GatewayVpcEndpointAwsService.S3,\n },\n },\n });\n\n // Alternatively gateway endpoints can be added on the VPC\n const dynamoDbEndpoint = vpc.addGatewayEndpoint('DynamoDbEndpoint', {\n service: ec2.GatewayVpcEndpointAwsService.DYNAMODB,\n });\n\n // This allows to customize the endpoint policy\n dynamoDbEndpoint.addToPolicy(\n new iam.PolicyStatement({ // Restrict to listing and describing tables\n principals: [new iam.AnyPrincipal()],\n actions: ['dynamodb:DescribeTable', 'dynamodb:ListTables'],\n resources: ['*'],\n }));\n\n // Add an interface endpoint\n vpc.addInterfaceEndpoint('EcrDockerEndpoint', {\n service: ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER,\n\n // Uncomment the following to allow more fine-grained control over\n // who can access the endpoint via the '.connections' object.\n // open: false\n });",
10940 "stability": "stable",
10941 "summary": "Represents a statement in an IAM policy document."
10942 },
10943 "fqn": "@aws-cdk/aws-iam.PolicyStatement",
10944 "initializer": {
10945 "docs": {
10946 "stability": "stable"
10947 },
10948 "locationInModule": {
10949 "filename": "lib/policy-statement.ts",
10950 "line": 76
10951 },
10952 "parameters": [
10953 {
10954 "name": "props",
10955 "optional": true,
10956 "type": {
10957 "fqn": "@aws-cdk/aws-iam.PolicyStatementProps"
10958 }
10959 }
10960 ]
10961 },
10962 "kind": "class",
10963 "locationInModule": {
10964 "filename": "lib/policy-statement.ts",
10965 "line": 26
10966 },
10967 "methods": [
10968 {
10969 "docs": {
10970 "remarks": "This will accept an object created from the `.toJSON()` call",
10971 "stability": "stable",
10972 "summary": "Creates a new PolicyStatement based on the object provided."
10973 },
10974 "locationInModule": {
10975 "filename": "lib/policy-statement.ts",
10976 "line": 33
10977 },
10978 "name": "fromJson",
10979 "parameters": [
10980 {
10981 "docs": {
10982 "summary": "the PolicyStatement in object form."
10983 },
10984 "name": "obj",
10985 "type": {
10986 "primitive": "any"
10987 }
10988 }
10989 ],
10990 "returns": {
10991 "type": {
10992 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
10993 }
10994 },
10995 "static": true
10996 },
10997 {
10998 "docs": {
10999 "remarks": "This method can only be called once: subsequent calls will overwrite earlier calls.",
11000 "stability": "stable",
11001 "summary": "Add a condition that limits to a given account."
11002 },
11003 "locationInModule": {
11004 "filename": "lib/policy-statement.ts",
11005 "line": 356
11006 },
11007 "name": "addAccountCondition",
11008 "parameters": [
11009 {
11010 "name": "accountId",
11011 "type": {
11012 "primitive": "string"
11013 }
11014 }
11015 ]
11016 },
11017 {
11018 "docs": {
11019 "stability": "stable",
11020 "summary": "Adds an AWS account root user principal to this policy statement."
11021 },
11022 "locationInModule": {
11023 "filename": "lib/policy-statement.ts",
11024 "line": 239
11025 },
11026 "name": "addAccountRootPrincipal"
11027 },
11028 {
11029 "docs": {
11030 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html",
11031 "stability": "stable",
11032 "summary": "Specify allowed actions into the \"Action\" section of the policy statement."
11033 },
11034 "locationInModule": {
11035 "filename": "lib/policy-statement.ts",
11036 "line": 110
11037 },
11038 "name": "addActions",
11039 "parameters": [
11040 {
11041 "docs": {
11042 "summary": "actions that will be allowed."
11043 },
11044 "name": "actions",
11045 "type": {
11046 "primitive": "string"
11047 },
11048 "variadic": true
11049 }
11050 ],
11051 "variadic": true
11052 },
11053 {
11054 "docs": {
11055 "stability": "stable",
11056 "summary": "Adds a ``\"*\"`` resource to this statement."
11057 },
11058 "locationInModule": {
11059 "filename": "lib/policy-statement.ts",
11060 "line": 296
11061 },
11062 "name": "addAllResources"
11063 },
11064 {
11065 "docs": {
11066 "stability": "stable",
11067 "summary": "Adds all identities in all accounts (\"*\") to this policy statement."
11068 },
11069 "locationInModule": {
11070 "filename": "lib/policy-statement.ts",
11071 "line": 255
11072 },
11073 "name": "addAnyPrincipal"
11074 },
11075 {
11076 "docs": {
11077 "remarks": "You cannot specify IAM groups and instance profiles as principals.",
11078 "stability": "stable",
11079 "summary": "Specify a principal using the ARN identifier of the principal."
11080 },
11081 "locationInModule": {
11082 "filename": "lib/policy-statement.ts",
11083 "line": 211
11084 },
11085 "name": "addArnPrincipal",
11086 "parameters": [
11087 {
11088 "docs": {
11089 "summary": "ARN identifier of AWS account, IAM user, or IAM role (i.e. arn:aws:iam::123456789012:user/user-name)."
11090 },
11091 "name": "arn",
11092 "type": {
11093 "primitive": "string"
11094 }
11095 }
11096 ]
11097 },
11098 {
11099 "docs": {
11100 "stability": "stable",
11101 "summary": "Specify AWS account ID as the principal entity to the \"Principal\" section of a policy statement."
11102 },
11103 "locationInModule": {
11104 "filename": "lib/policy-statement.ts",
11105 "line": 201
11106 },
11107 "name": "addAwsAccountPrincipal",
11108 "parameters": [
11109 {
11110 "name": "accountId",
11111 "type": {
11112 "primitive": "string"
11113 }
11114 }
11115 ]
11116 },
11117 {
11118 "docs": {
11119 "stability": "stable",
11120 "summary": "Adds a canonical user ID principal to this policy document."
11121 },
11122 "locationInModule": {
11123 "filename": "lib/policy-statement.ts",
11124 "line": 248
11125 },
11126 "name": "addCanonicalUserPrincipal",
11127 "parameters": [
11128 {
11129 "docs": {
11130 "summary": "unique identifier assigned by AWS for every account."
11131 },
11132 "name": "canonicalUserId",
11133 "type": {
11134 "primitive": "string"
11135 }
11136 }
11137 ]
11138 },
11139 {
11140 "docs": {
11141 "remarks": "If multiple calls are made to add a condition with the same operator and field, only\nthe last one wins. For example:\n\n```ts\ndeclare const stmt: iam.PolicyStatement;\n\nstmt.addCondition('StringEquals', { 'aws:SomeField': '1' });\nstmt.addCondition('StringEquals', { 'aws:SomeField': '2' });\n```\n\nWill end up with the single condition `StringEquals: { 'aws:SomeField': '2' }`.\n\nIf you meant to add a condition to say that the field can be *either* `1` or `2`, write\nthis:\n\n```ts\ndeclare const stmt: iam.PolicyStatement;\n\nstmt.addCondition('StringEquals', { 'aws:SomeField': ['1', '2'] });\n```",
11142 "stability": "stable",
11143 "summary": "Add a condition to the Policy."
11144 },
11145 "locationInModule": {
11146 "filename": "lib/policy-statement.ts",
11147 "line": 335
11148 },
11149 "name": "addCondition",
11150 "parameters": [
11151 {
11152 "name": "key",
11153 "type": {
11154 "primitive": "string"
11155 }
11156 },
11157 {
11158 "name": "value",
11159 "type": {
11160 "primitive": "any"
11161 }
11162 }
11163 ]
11164 },
11165 {
11166 "docs": {
11167 "remarks": "See the `addCondition` function for a caveat on calling this method multiple times.",
11168 "stability": "stable",
11169 "summary": "Add multiple conditions to the Policy."
11170 },
11171 "locationInModule": {
11172 "filename": "lib/policy-statement.ts",
11173 "line": 345
11174 },
11175 "name": "addConditions",
11176 "parameters": [
11177 {
11178 "name": "conditions",
11179 "type": {
11180 "collection": {
11181 "elementtype": {
11182 "primitive": "any"
11183 },
11184 "kind": "map"
11185 }
11186 }
11187 }
11188 ]
11189 },
11190 {
11191 "docs": {
11192 "stability": "stable",
11193 "summary": "Adds a federated identity provider such as Amazon Cognito to this policy statement."
11194 },
11195 "locationInModule": {
11196 "filename": "lib/policy-statement.ts",
11197 "line": 232
11198 },
11199 "name": "addFederatedPrincipal",
11200 "parameters": [
11201 {
11202 "docs": {
11203 "summary": "federated identity provider (i.e. 'cognito-identity.amazonaws.com')."
11204 },
11205 "name": "federated",
11206 "type": {
11207 "primitive": "any"
11208 }
11209 },
11210 {
11211 "docs": {
11212 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
11213 "summary": "The conditions under which the policy is in effect."
11214 },
11215 "name": "conditions",
11216 "type": {
11217 "collection": {
11218 "elementtype": {
11219 "primitive": "any"
11220 },
11221 "kind": "map"
11222 }
11223 }
11224 }
11225 ]
11226 },
11227 {
11228 "docs": {
11229 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html",
11230 "stability": "stable",
11231 "summary": "Explicitly allow all actions except the specified list of actions into the \"NotAction\" section of the policy document."
11232 },
11233 "locationInModule": {
11234 "filename": "lib/policy-statement.ts",
11235 "line": 125
11236 },
11237 "name": "addNotActions",
11238 "parameters": [
11239 {
11240 "docs": {
11241 "remarks": "All other actions will be permitted.",
11242 "summary": "actions that will be denied."
11243 },
11244 "name": "notActions",
11245 "type": {
11246 "primitive": "string"
11247 },
11248 "variadic": true
11249 }
11250 ],
11251 "variadic": true
11252 },
11253 {
11254 "docs": {
11255 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html",
11256 "stability": "stable",
11257 "summary": "Specify principals that is not allowed or denied access to the \"NotPrincipal\" section of a policy statement."
11258 },
11259 "locationInModule": {
11260 "filename": "lib/policy-statement.ts",
11261 "line": 180
11262 },
11263 "name": "addNotPrincipals",
11264 "parameters": [
11265 {
11266 "docs": {
11267 "summary": "IAM principals that will be denied access."
11268 },
11269 "name": "notPrincipals",
11270 "type": {
11271 "fqn": "@aws-cdk/aws-iam.IPrincipal"
11272 },
11273 "variadic": true
11274 }
11275 ],
11276 "variadic": true
11277 },
11278 {
11279 "docs": {
11280 "remarks": "All resources except the specified list will be matched.",
11281 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html",
11282 "stability": "stable",
11283 "summary": "Specify resources that this policy statement will not apply to in the \"NotResource\" section of this policy statement."
11284 },
11285 "locationInModule": {
11286 "filename": "lib/policy-statement.ts",
11287 "line": 286
11288 },
11289 "name": "addNotResources",
11290 "parameters": [
11291 {
11292 "docs": {
11293 "summary": "Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to."
11294 },
11295 "name": "arns",
11296 "type": {
11297 "primitive": "string"
11298 },
11299 "variadic": true
11300 }
11301 ],
11302 "variadic": true
11303 },
11304 {
11305 "docs": {
11306 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html",
11307 "stability": "stable",
11308 "summary": "Adds principals to the \"Principal\" section of a policy statement."
11309 },
11310 "locationInModule": {
11311 "filename": "lib/policy-statement.ts",
11312 "line": 150
11313 },
11314 "name": "addPrincipals",
11315 "parameters": [
11316 {
11317 "docs": {
11318 "summary": "IAM principals that will be added."
11319 },
11320 "name": "principals",
11321 "type": {
11322 "fqn": "@aws-cdk/aws-iam.IPrincipal"
11323 },
11324 "variadic": true
11325 }
11326 ],
11327 "variadic": true
11328 },
11329 {
11330 "docs": {
11331 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html",
11332 "stability": "stable",
11333 "summary": "Specify resources that this policy statement applies into the \"Resource\" section of this policy statement."
11334 },
11335 "locationInModule": {
11336 "filename": "lib/policy-statement.ts",
11337 "line": 271
11338 },
11339 "name": "addResources",
11340 "parameters": [
11341 {
11342 "docs": {
11343 "summary": "Amazon Resource Names (ARNs) of the resources that this policy statement applies to."
11344 },
11345 "name": "arns",
11346 "type": {
11347 "primitive": "string"
11348 },
11349 "variadic": true
11350 }
11351 ],
11352 "variadic": true
11353 },
11354 {
11355 "docs": {
11356 "stability": "stable",
11357 "summary": "Adds a service principal to this policy statement."
11358 },
11359 "locationInModule": {
11360 "filename": "lib/policy-statement.ts",
11361 "line": 221
11362 },
11363 "name": "addServicePrincipal",
11364 "parameters": [
11365 {
11366 "docs": {
11367 "summary": "the service name for which a service principal is requested (e.g: `s3.amazonaws.com`)."
11368 },
11369 "name": "service",
11370 "type": {
11371 "primitive": "string"
11372 }
11373 },
11374 {
11375 "docs": {
11376 "summary": "options for adding the service principal (such as specifying a principal in a different region)."
11377 },
11378 "name": "opts",
11379 "optional": true,
11380 "type": {
11381 "fqn": "@aws-cdk/aws-iam.ServicePrincipalOpts"
11382 }
11383 }
11384 ]
11385 },
11386 {
11387 "docs": {
11388 "stability": "stable",
11389 "summary": "Create a new `PolicyStatement` with the same exact properties as this one, except for the overrides."
11390 },
11391 "locationInModule": {
11392 "filename": "lib/policy-statement.ts",
11393 "line": 364
11394 },
11395 "name": "copy",
11396 "parameters": [
11397 {
11398 "name": "overrides",
11399 "optional": true,
11400 "type": {
11401 "fqn": "@aws-cdk/aws-iam.PolicyStatementProps"
11402 }
11403 }
11404 ],
11405 "returns": {
11406 "type": {
11407 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
11408 }
11409 }
11410 },
11411 {
11412 "docs": {
11413 "remarks": "Used when JSON.stringify() is called",
11414 "stability": "stable",
11415 "summary": "JSON-ify the statement."
11416 },
11417 "locationInModule": {
11418 "filename": "lib/policy-statement.ts",
11419 "line": 412
11420 },
11421 "name": "toJSON",
11422 "returns": {
11423 "type": {
11424 "primitive": "any"
11425 }
11426 }
11427 },
11428 {
11429 "docs": {
11430 "remarks": "Used when JSON.stringify() is called",
11431 "stability": "stable",
11432 "summary": "JSON-ify the policy statement."
11433 },
11434 "locationInModule": {
11435 "filename": "lib/policy-statement.ts",
11436 "line": 384
11437 },
11438 "name": "toStatementJson",
11439 "returns": {
11440 "type": {
11441 "primitive": "any"
11442 }
11443 }
11444 },
11445 {
11446 "docs": {
11447 "stability": "stable",
11448 "summary": "String representation of this policy statement."
11449 },
11450 "locationInModule": {
11451 "filename": "lib/policy-statement.ts",
11452 "line": 401
11453 },
11454 "name": "toString",
11455 "returns": {
11456 "type": {
11457 "primitive": "string"
11458 }
11459 }
11460 },
11461 {
11462 "docs": {
11463 "stability": "stable",
11464 "summary": "Validate that the policy statement satisfies base requirements for a policy."
11465 },
11466 "locationInModule": {
11467 "filename": "lib/policy-statement.ts",
11468 "line": 446
11469 },
11470 "name": "validateForAnyPolicy",
11471 "returns": {
11472 "type": {
11473 "collection": {
11474 "elementtype": {
11475 "primitive": "string"
11476 },
11477 "kind": "array"
11478 }
11479 }
11480 }
11481 },
11482 {
11483 "docs": {
11484 "stability": "stable",
11485 "summary": "Validate that the policy statement satisfies all requirements for an identity-based policy."
11486 },
11487 "locationInModule": {
11488 "filename": "lib/policy-statement.ts",
11489 "line": 468
11490 },
11491 "name": "validateForIdentityPolicy",
11492 "returns": {
11493 "type": {
11494 "collection": {
11495 "elementtype": {
11496 "primitive": "string"
11497 },
11498 "kind": "array"
11499 }
11500 }
11501 }
11502 },
11503 {
11504 "docs": {
11505 "stability": "stable",
11506 "summary": "Validate that the policy statement satisfies all requirements for a resource-based policy."
11507 },
11508 "locationInModule": {
11509 "filename": "lib/policy-statement.ts",
11510 "line": 457
11511 },
11512 "name": "validateForResourcePolicy",
11513 "returns": {
11514 "type": {
11515 "collection": {
11516 "elementtype": {
11517 "primitive": "string"
11518 },
11519 "kind": "array"
11520 }
11521 }
11522 }
11523 }
11524 ],
11525 "name": "PolicyStatement",
11526 "properties": [
11527 {
11528 "docs": {
11529 "stability": "stable",
11530 "summary": "Indicates if this permission has a \"Principal\" section."
11531 },
11532 "immutable": true,
11533 "locationInModule": {
11534 "filename": "lib/policy-statement.ts",
11535 "line": 139
11536 },
11537 "name": "hasPrincipal",
11538 "type": {
11539 "primitive": "boolean"
11540 }
11541 },
11542 {
11543 "docs": {
11544 "stability": "stable",
11545 "summary": "Indicates if this permission has at least one resource associated with it."
11546 },
11547 "immutable": true,
11548 "locationInModule": {
11549 "filename": "lib/policy-statement.ts",
11550 "line": 303
11551 },
11552 "name": "hasResource",
11553 "type": {
11554 "primitive": "boolean"
11555 }
11556 },
11557 {
11558 "docs": {
11559 "stability": "stable",
11560 "summary": "Expose principals to allow their ARNs to be replaced by account ID strings in policy statements for resources policies that don't allow full account ARNs, such as AWS::Logs::ResourcePolicy."
11561 },
11562 "immutable": true,
11563 "locationInModule": {
11564 "filename": "lib/policy-statement.ts",
11565 "line": 168
11566 },
11567 "name": "principals",
11568 "type": {
11569 "collection": {
11570 "elementtype": {
11571 "fqn": "@aws-cdk/aws-iam.IPrincipal"
11572 },
11573 "kind": "array"
11574 }
11575 }
11576 },
11577 {
11578 "docs": {
11579 "stability": "stable",
11580 "summary": "Whether to allow or deny the actions in this statement."
11581 },
11582 "locationInModule": {
11583 "filename": "lib/policy-statement.ts",
11584 "line": 62
11585 },
11586 "name": "effect",
11587 "type": {
11588 "fqn": "@aws-cdk/aws-iam.Effect"
11589 }
11590 },
11591 {
11592 "docs": {
11593 "stability": "stable",
11594 "summary": "Statement ID for this statement."
11595 },
11596 "locationInModule": {
11597 "filename": "lib/policy-statement.ts",
11598 "line": 58
11599 },
11600 "name": "sid",
11601 "optional": true,
11602 "type": {
11603 "primitive": "string"
11604 }
11605 }
11606 ],
11607 "symbolId": "lib/policy-statement:PolicyStatement"
11608 },
11609 "@aws-cdk/aws-iam.PolicyStatementProps": {
11610 "assembly": "@aws-cdk/aws-iam",
11611 "datatype": true,
11612 "docs": {
11613 "custom": {
11614 "exampleMetadata": "lit=test/integ.vpc-endpoint.lit.ts infused"
11615 },
11616 "example": " // Add gateway endpoints when creating the VPC\n const vpc = new ec2.Vpc(this, 'MyVpc', {\n gatewayEndpoints: {\n S3: {\n service: ec2.GatewayVpcEndpointAwsService.S3,\n },\n },\n });\n\n // Alternatively gateway endpoints can be added on the VPC\n const dynamoDbEndpoint = vpc.addGatewayEndpoint('DynamoDbEndpoint', {\n service: ec2.GatewayVpcEndpointAwsService.DYNAMODB,\n });\n\n // This allows to customize the endpoint policy\n dynamoDbEndpoint.addToPolicy(\n new iam.PolicyStatement({ // Restrict to listing and describing tables\n principals: [new iam.AnyPrincipal()],\n actions: ['dynamodb:DescribeTable', 'dynamodb:ListTables'],\n resources: ['*'],\n }));\n\n // Add an interface endpoint\n vpc.addInterfaceEndpoint('EcrDockerEndpoint', {\n service: ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER,\n\n // Uncomment the following to allow more fine-grained control over\n // who can access the endpoint via the '.connections' object.\n // open: false\n });",
11617 "stability": "stable",
11618 "summary": "Interface for creating a policy statement."
11619 },
11620 "fqn": "@aws-cdk/aws-iam.PolicyStatementProps",
11621 "kind": "interface",
11622 "locationInModule": {
11623 "filename": "lib/policy-statement.ts",
11624 "line": 532
11625 },
11626 "name": "PolicyStatementProps",
11627 "properties": [
11628 {
11629 "abstract": true,
11630 "docs": {
11631 "default": "- no actions",
11632 "stability": "stable",
11633 "summary": "List of actions to add to the statement."
11634 },
11635 "immutable": true,
11636 "locationInModule": {
11637 "filename": "lib/policy-statement.ts",
11638 "line": 549
11639 },
11640 "name": "actions",
11641 "optional": true,
11642 "type": {
11643 "collection": {
11644 "elementtype": {
11645 "primitive": "string"
11646 },
11647 "kind": "array"
11648 }
11649 }
11650 },
11651 {
11652 "abstract": true,
11653 "docs": {
11654 "default": "- no condition",
11655 "stability": "stable",
11656 "summary": "Conditions to add to the statement."
11657 },
11658 "immutable": true,
11659 "locationInModule": {
11660 "filename": "lib/policy-statement.ts",
11661 "line": 591
11662 },
11663 "name": "conditions",
11664 "optional": true,
11665 "type": {
11666 "collection": {
11667 "elementtype": {
11668 "primitive": "any"
11669 },
11670 "kind": "map"
11671 }
11672 }
11673 },
11674 {
11675 "abstract": true,
11676 "docs": {
11677 "default": "Effect.ALLOW",
11678 "stability": "stable",
11679 "summary": "Whether to allow or deny the actions in this statement."
11680 },
11681 "immutable": true,
11682 "locationInModule": {
11683 "filename": "lib/policy-statement.ts",
11684 "line": 598
11685 },
11686 "name": "effect",
11687 "optional": true,
11688 "type": {
11689 "fqn": "@aws-cdk/aws-iam.Effect"
11690 }
11691 },
11692 {
11693 "abstract": true,
11694 "docs": {
11695 "default": "- no not-actions",
11696 "stability": "stable",
11697 "summary": "List of not actions to add to the statement."
11698 },
11699 "immutable": true,
11700 "locationInModule": {
11701 "filename": "lib/policy-statement.ts",
11702 "line": 556
11703 },
11704 "name": "notActions",
11705 "optional": true,
11706 "type": {
11707 "collection": {
11708 "elementtype": {
11709 "primitive": "string"
11710 },
11711 "kind": "array"
11712 }
11713 }
11714 },
11715 {
11716 "abstract": true,
11717 "docs": {
11718 "default": "- no not principals",
11719 "stability": "stable",
11720 "summary": "List of not principals to add to the statement."
11721 },
11722 "immutable": true,
11723 "locationInModule": {
11724 "filename": "lib/policy-statement.ts",
11725 "line": 570
11726 },
11727 "name": "notPrincipals",
11728 "optional": true,
11729 "type": {
11730 "collection": {
11731 "elementtype": {
11732 "fqn": "@aws-cdk/aws-iam.IPrincipal"
11733 },
11734 "kind": "array"
11735 }
11736 }
11737 },
11738 {
11739 "abstract": true,
11740 "docs": {
11741 "default": "- no not-resources",
11742 "stability": "stable",
11743 "summary": "NotResource ARNs to add to the statement."
11744 },
11745 "immutable": true,
11746 "locationInModule": {
11747 "filename": "lib/policy-statement.ts",
11748 "line": 584
11749 },
11750 "name": "notResources",
11751 "optional": true,
11752 "type": {
11753 "collection": {
11754 "elementtype": {
11755 "primitive": "string"
11756 },
11757 "kind": "array"
11758 }
11759 }
11760 },
11761 {
11762 "abstract": true,
11763 "docs": {
11764 "default": "- no principals",
11765 "stability": "stable",
11766 "summary": "List of principals to add to the statement."
11767 },
11768 "immutable": true,
11769 "locationInModule": {
11770 "filename": "lib/policy-statement.ts",
11771 "line": 563
11772 },
11773 "name": "principals",
11774 "optional": true,
11775 "type": {
11776 "collection": {
11777 "elementtype": {
11778 "fqn": "@aws-cdk/aws-iam.IPrincipal"
11779 },
11780 "kind": "array"
11781 }
11782 }
11783 },
11784 {
11785 "abstract": true,
11786 "docs": {
11787 "default": "- no resources",
11788 "stability": "stable",
11789 "summary": "Resource ARNs to add to the statement."
11790 },
11791 "immutable": true,
11792 "locationInModule": {
11793 "filename": "lib/policy-statement.ts",
11794 "line": 577
11795 },
11796 "name": "resources",
11797 "optional": true,
11798 "type": {
11799 "collection": {
11800 "elementtype": {
11801 "primitive": "string"
11802 },
11803 "kind": "array"
11804 }
11805 }
11806 },
11807 {
11808 "abstract": true,
11809 "docs": {
11810 "default": "- no sid",
11811 "remarks": "You can assign a Sid value to each statement in a\nstatement array. In services that let you specify an ID element, such as\nSQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In\nIAM, the Sid value must be unique within a JSON policy.",
11812 "stability": "stable",
11813 "summary": "The Sid (statement ID) is an optional identifier that you provide for the policy statement."
11814 },
11815 "immutable": true,
11816 "locationInModule": {
11817 "filename": "lib/policy-statement.ts",
11818 "line": 542
11819 },
11820 "name": "sid",
11821 "optional": true,
11822 "type": {
11823 "primitive": "string"
11824 }
11825 }
11826 ],
11827 "symbolId": "lib/policy-statement:PolicyStatementProps"
11828 },
11829 "@aws-cdk/aws-iam.PrincipalBase": {
11830 "abstract": true,
11831 "assembly": "@aws-cdk/aws-iam",
11832 "docs": {
11833 "custom": {
11834 "exampleMetadata": "infused"
11835 },
11836 "example": "const tagParam = new CfnParameter(this, 'TagName');\n\nconst stringEquals = new CfnJson(this, 'ConditionJson', {\n value: {\n [`aws:PrincipalTag/${tagParam.valueAsString}`]: true,\n },\n});\n\nconst principal = new iam.AccountRootPrincipal().withConditions({\n StringEquals: stringEquals,\n});\n\nnew iam.Role(this, 'MyRole', { assumedBy: principal });",
11837 "stability": "stable",
11838 "summary": "Base class for policy principals."
11839 },
11840 "fqn": "@aws-cdk/aws-iam.PrincipalBase",
11841 "initializer": {
11842 "docs": {
11843 "stability": "stable"
11844 }
11845 },
11846 "interfaces": [
11847 "@aws-cdk/aws-iam.IAssumeRolePrincipal"
11848 ],
11849 "kind": "class",
11850 "locationInModule": {
11851 "filename": "lib/principals.ts",
11852 "line": 113
11853 },
11854 "methods": [
11855 {
11856 "docs": {
11857 "remarks": "Add the statements to the AssumeRolePolicyDocument necessary to give this principal\npermissions to assume the given role.",
11858 "stability": "stable",
11859 "summary": "Add the princpial to the AssumeRolePolicyDocument."
11860 },
11861 "locationInModule": {
11862 "filename": "lib/principals.ts",
11863 "line": 137
11864 },
11865 "name": "addToAssumeRolePolicy",
11866 "overrides": "@aws-cdk/aws-iam.IAssumeRolePrincipal",
11867 "parameters": [
11868 {
11869 "name": "document",
11870 "type": {
11871 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
11872 }
11873 }
11874 ]
11875 },
11876 {
11877 "docs": {
11878 "stability": "stable",
11879 "summary": "Add to the policy of this principal."
11880 },
11881 "locationInModule": {
11882 "filename": "lib/principals.ts",
11883 "line": 127
11884 },
11885 "name": "addToPolicy",
11886 "overrides": "@aws-cdk/aws-iam.IPrincipal",
11887 "parameters": [
11888 {
11889 "name": "statement",
11890 "type": {
11891 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
11892 }
11893 }
11894 ],
11895 "returns": {
11896 "type": {
11897 "primitive": "boolean"
11898 }
11899 }
11900 },
11901 {
11902 "docs": {
11903 "stability": "stable",
11904 "summary": "Add to the policy of this principal."
11905 },
11906 "locationInModule": {
11907 "filename": "lib/principals.ts",
11908 "line": 131
11909 },
11910 "name": "addToPrincipalPolicy",
11911 "overrides": "@aws-cdk/aws-iam.IPrincipal",
11912 "parameters": [
11913 {
11914 "name": "_statement",
11915 "type": {
11916 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
11917 }
11918 }
11919 ],
11920 "returns": {
11921 "type": {
11922 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
11923 }
11924 }
11925 },
11926 {
11927 "docs": {
11928 "remarks": "Used when JSON.stringify() is called",
11929 "stability": "stable",
11930 "summary": "JSON-ify the principal."
11931 },
11932 "locationInModule": {
11933 "filename": "lib/principals.ts",
11934 "line": 156
11935 },
11936 "name": "toJSON",
11937 "returns": {
11938 "type": {
11939 "collection": {
11940 "elementtype": {
11941 "collection": {
11942 "elementtype": {
11943 "primitive": "string"
11944 },
11945 "kind": "array"
11946 }
11947 },
11948 "kind": "map"
11949 }
11950 }
11951 }
11952 },
11953 {
11954 "docs": {
11955 "stability": "stable",
11956 "summary": "Returns a string representation of an object."
11957 },
11958 "locationInModule": {
11959 "filename": "lib/principals.ts",
11960 "line": 145
11961 },
11962 "name": "toString",
11963 "returns": {
11964 "type": {
11965 "primitive": "string"
11966 }
11967 }
11968 },
11969 {
11970 "docs": {
11971 "remarks": "When there is a value for the same operator and key in both the principal and the\nconditions parameter, the value from the conditions parameter will be used.",
11972 "returns": "a new PrincipalWithConditions object.",
11973 "stability": "stable",
11974 "summary": "Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added."
11975 },
11976 "locationInModule": {
11977 "filename": "lib/principals.ts",
11978 "line": 170
11979 },
11980 "name": "withConditions",
11981 "parameters": [
11982 {
11983 "name": "conditions",
11984 "type": {
11985 "collection": {
11986 "elementtype": {
11987 "primitive": "any"
11988 },
11989 "kind": "map"
11990 }
11991 }
11992 }
11993 ],
11994 "returns": {
11995 "type": {
11996 "fqn": "@aws-cdk/aws-iam.PrincipalBase"
11997 }
11998 }
11999 },
12000 {
12001 "docs": {
12002 "returns": "a new SessionTagsPrincipal object.",
12003 "stability": "stable",
12004 "summary": "Returns a new principal using this principal as the base, with session tags enabled."
12005 },
12006 "locationInModule": {
12007 "filename": "lib/principals.ts",
12008 "line": 179
12009 },
12010 "name": "withSessionTags",
12011 "returns": {
12012 "type": {
12013 "fqn": "@aws-cdk/aws-iam.PrincipalBase"
12014 }
12015 }
12016 }
12017 ],
12018 "name": "PrincipalBase",
12019 "properties": [
12020 {
12021 "docs": {
12022 "stability": "stable",
12023 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
12024 },
12025 "immutable": true,
12026 "locationInModule": {
12027 "filename": "lib/principals.ts",
12028 "line": 125
12029 },
12030 "name": "assumeRoleAction",
12031 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12032 "type": {
12033 "primitive": "string"
12034 }
12035 },
12036 {
12037 "docs": {
12038 "stability": "stable",
12039 "summary": "The principal to grant permissions to."
12040 },
12041 "immutable": true,
12042 "locationInModule": {
12043 "filename": "lib/principals.ts",
12044 "line": 114
12045 },
12046 "name": "grantPrincipal",
12047 "overrides": "@aws-cdk/aws-iam.IGrantable",
12048 "type": {
12049 "fqn": "@aws-cdk/aws-iam.IPrincipal"
12050 }
12051 },
12052 {
12053 "abstract": true,
12054 "docs": {
12055 "stability": "stable",
12056 "summary": "Return the policy fragment that identifies this principal in a Policy."
12057 },
12058 "immutable": true,
12059 "locationInModule": {
12060 "filename": "lib/principals.ts",
12061 "line": 120
12062 },
12063 "name": "policyFragment",
12064 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12065 "type": {
12066 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
12067 }
12068 },
12069 {
12070 "docs": {
12071 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
12072 "stability": "stable",
12073 "summary": "The AWS account ID of this principal."
12074 },
12075 "immutable": true,
12076 "locationInModule": {
12077 "filename": "lib/principals.ts",
12078 "line": 115
12079 },
12080 "name": "principalAccount",
12081 "optional": true,
12082 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12083 "type": {
12084 "primitive": "string"
12085 }
12086 }
12087 ],
12088 "symbolId": "lib/principals:PrincipalBase"
12089 },
12090 "@aws-cdk/aws-iam.PrincipalPolicyFragment": {
12091 "assembly": "@aws-cdk/aws-iam",
12092 "docs": {
12093 "remarks": "This consists of the JSON used in the \"Principal\" field, and optionally a\nset of \"Condition\"s that need to be applied to the policy.\n\nGenerally, a principal looks like:\n\n { '<TYPE>': ['ID', 'ID', ...] }\n\nAnd this is also the type of the field `principalJson`. However, there is a\nspecial type of principal that is just the string '*', which is treated\ndifferently by some services. To represent that principal, `principalJson`\nshould contain `{ 'LiteralString': ['*'] }`.",
12094 "stability": "stable",
12095 "summary": "A collection of the fields in a PolicyStatement that can be used to identify a principal.",
12096 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const conditions: any;\nconst principalPolicyFragment = new iam.PrincipalPolicyFragment({\n principalJsonKey: ['principalJson'],\n}, /* all optional props */ {\n conditionsKey: conditions,\n});",
12097 "custom": {
12098 "exampleMetadata": "fixture=_generated"
12099 }
12100 },
12101 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment",
12102 "initializer": {
12103 "docs": {
12104 "stability": "stable"
12105 },
12106 "locationInModule": {
12107 "filename": "lib/principals.ts",
12108 "line": 338
12109 },
12110 "parameters": [
12111 {
12112 "docs": {
12113 "summary": "JSON of the \"Principal\" section in a policy statement."
12114 },
12115 "name": "principalJson",
12116 "type": {
12117 "collection": {
12118 "elementtype": {
12119 "collection": {
12120 "elementtype": {
12121 "primitive": "string"
12122 },
12123 "kind": "array"
12124 }
12125 },
12126 "kind": "map"
12127 }
12128 }
12129 },
12130 {
12131 "docs": {
12132 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).\nconditions that need to be applied to this policy",
12133 "summary": "The conditions under which the policy is in effect."
12134 },
12135 "name": "conditions",
12136 "optional": true,
12137 "type": {
12138 "collection": {
12139 "elementtype": {
12140 "primitive": "any"
12141 },
12142 "kind": "map"
12143 }
12144 }
12145 }
12146 ]
12147 },
12148 "kind": "class",
12149 "locationInModule": {
12150 "filename": "lib/principals.ts",
12151 "line": 332
12152 },
12153 "name": "PrincipalPolicyFragment",
12154 "properties": [
12155 {
12156 "docs": {
12157 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).\nconditions that need to be applied to this policy",
12158 "stability": "stable",
12159 "summary": "The conditions under which the policy is in effect."
12160 },
12161 "immutable": true,
12162 "locationInModule": {
12163 "filename": "lib/principals.ts",
12164 "line": 344
12165 },
12166 "name": "conditions",
12167 "type": {
12168 "collection": {
12169 "elementtype": {
12170 "primitive": "any"
12171 },
12172 "kind": "map"
12173 }
12174 }
12175 },
12176 {
12177 "docs": {
12178 "stability": "stable",
12179 "summary": "JSON of the \"Principal\" section in a policy statement."
12180 },
12181 "immutable": true,
12182 "locationInModule": {
12183 "filename": "lib/principals.ts",
12184 "line": 339
12185 },
12186 "name": "principalJson",
12187 "type": {
12188 "collection": {
12189 "elementtype": {
12190 "collection": {
12191 "elementtype": {
12192 "primitive": "string"
12193 },
12194 "kind": "array"
12195 }
12196 },
12197 "kind": "map"
12198 }
12199 }
12200 }
12201 ],
12202 "symbolId": "lib/principals:PrincipalPolicyFragment"
12203 },
12204 "@aws-cdk/aws-iam.PrincipalWithConditions": {
12205 "assembly": "@aws-cdk/aws-iam",
12206 "base": "@aws-cdk/aws-iam.PrincipalBase",
12207 "docs": {
12208 "remarks": "For more information about conditions, see:\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html",
12209 "stability": "stable",
12210 "summary": "An IAM principal with additional conditions specifying when the policy is in effect.",
12211 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const conditions: any;\ndeclare const principal: iam.IPrincipal;\nconst principalWithConditions = new iam.PrincipalWithConditions(principal, {\n conditionsKey: conditions,\n});",
12212 "custom": {
12213 "exampleMetadata": "fixture=_generated"
12214 }
12215 },
12216 "fqn": "@aws-cdk/aws-iam.PrincipalWithConditions",
12217 "initializer": {
12218 "docs": {
12219 "stability": "stable"
12220 },
12221 "locationInModule": {
12222 "filename": "lib/principals.ts",
12223 "line": 214
12224 },
12225 "parameters": [
12226 {
12227 "name": "principal",
12228 "type": {
12229 "fqn": "@aws-cdk/aws-iam.IPrincipal"
12230 }
12231 },
12232 {
12233 "name": "conditions",
12234 "type": {
12235 "collection": {
12236 "elementtype": {
12237 "primitive": "any"
12238 },
12239 "kind": "map"
12240 }
12241 }
12242 }
12243 ]
12244 },
12245 "kind": "class",
12246 "locationInModule": {
12247 "filename": "lib/principals.ts",
12248 "line": 211
12249 },
12250 "methods": [
12251 {
12252 "docs": {
12253 "stability": "stable",
12254 "summary": "Add a condition to the principal."
12255 },
12256 "locationInModule": {
12257 "filename": "lib/principals.ts",
12258 "line": 222
12259 },
12260 "name": "addCondition",
12261 "parameters": [
12262 {
12263 "name": "key",
12264 "type": {
12265 "primitive": "string"
12266 }
12267 },
12268 {
12269 "name": "value",
12270 "type": {
12271 "primitive": "any"
12272 }
12273 }
12274 ]
12275 },
12276 {
12277 "docs": {
12278 "remarks": "Values from the conditions parameter will overwrite existing values with the same operator\nand key.",
12279 "stability": "stable",
12280 "summary": "Adds multiple conditions to the principal."
12281 },
12282 "locationInModule": {
12283 "filename": "lib/principals.ts",
12284 "line": 233
12285 },
12286 "name": "addConditions",
12287 "parameters": [
12288 {
12289 "name": "conditions",
12290 "type": {
12291 "collection": {
12292 "elementtype": {
12293 "primitive": "any"
12294 },
12295 "kind": "map"
12296 }
12297 }
12298 }
12299 ]
12300 },
12301 {
12302 "docs": {
12303 "stability": "stable",
12304 "summary": "Add to the policy of this principal."
12305 },
12306 "locationInModule": {
12307 "filename": "lib/principals.ts",
12308 "line": 197
12309 },
12310 "name": "addToPolicy",
12311 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12312 "parameters": [
12313 {
12314 "name": "statement",
12315 "type": {
12316 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
12317 }
12318 }
12319 ],
12320 "returns": {
12321 "type": {
12322 "primitive": "boolean"
12323 }
12324 }
12325 },
12326 {
12327 "docs": {
12328 "stability": "stable",
12329 "summary": "Add to the policy of this principal."
12330 },
12331 "locationInModule": {
12332 "filename": "lib/principals.ts",
12333 "line": 200
12334 },
12335 "name": "addToPrincipalPolicy",
12336 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12337 "parameters": [
12338 {
12339 "name": "statement",
12340 "type": {
12341 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
12342 }
12343 }
12344 ],
12345 "returns": {
12346 "type": {
12347 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
12348 }
12349 }
12350 },
12351 {
12352 "docs": {
12353 "remarks": "Used when JSON.stringify() is called",
12354 "stability": "stable",
12355 "summary": "JSON-ify the principal."
12356 },
12357 "locationInModule": {
12358 "filename": "lib/principals.ts",
12359 "line": 260
12360 },
12361 "name": "toJSON",
12362 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12363 "returns": {
12364 "type": {
12365 "collection": {
12366 "elementtype": {
12367 "collection": {
12368 "elementtype": {
12369 "primitive": "string"
12370 },
12371 "kind": "array"
12372 }
12373 },
12374 "kind": "map"
12375 }
12376 }
12377 }
12378 },
12379 {
12380 "docs": {
12381 "stability": "stable",
12382 "summary": "Returns a string representation of an object."
12383 },
12384 "locationInModule": {
12385 "filename": "lib/principals.ts",
12386 "line": 251
12387 },
12388 "name": "toString",
12389 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12390 "returns": {
12391 "type": {
12392 "primitive": "string"
12393 }
12394 }
12395 }
12396 ],
12397 "name": "PrincipalWithConditions",
12398 "properties": [
12399 {
12400 "docs": {
12401 "stability": "stable",
12402 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
12403 },
12404 "immutable": true,
12405 "locationInModule": {
12406 "filename": "lib/principals.ts",
12407 "line": 188
12408 },
12409 "name": "assumeRoleAction",
12410 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12411 "type": {
12412 "primitive": "string"
12413 }
12414 },
12415 {
12416 "docs": {
12417 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
12418 "stability": "stable",
12419 "summary": "The conditions under which the policy is in effect."
12420 },
12421 "immutable": true,
12422 "locationInModule": {
12423 "filename": "lib/principals.ts",
12424 "line": 243
12425 },
12426 "name": "conditions",
12427 "type": {
12428 "collection": {
12429 "elementtype": {
12430 "primitive": "any"
12431 },
12432 "kind": "map"
12433 }
12434 }
12435 },
12436 {
12437 "docs": {
12438 "stability": "stable",
12439 "summary": "Return the policy fragment that identifies this principal in a Policy."
12440 },
12441 "immutable": true,
12442 "locationInModule": {
12443 "filename": "lib/principals.ts",
12444 "line": 247
12445 },
12446 "name": "policyFragment",
12447 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12448 "type": {
12449 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
12450 }
12451 },
12452 {
12453 "docs": {
12454 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
12455 "stability": "stable",
12456 "summary": "The AWS account ID of this principal."
12457 },
12458 "immutable": true,
12459 "locationInModule": {
12460 "filename": "lib/principals.ts",
12461 "line": 189
12462 },
12463 "name": "principalAccount",
12464 "optional": true,
12465 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12466 "type": {
12467 "primitive": "string"
12468 }
12469 }
12470 ],
12471 "symbolId": "lib/principals:PrincipalWithConditions"
12472 },
12473 "@aws-cdk/aws-iam.Role": {
12474 "assembly": "@aws-cdk/aws-iam",
12475 "base": "@aws-cdk/core.Resource",
12476 "docs": {
12477 "custom": {
12478 "exampleMetadata": "infused"
12479 },
12480 "example": "const lambdaRole = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),\n description: 'Example role...',\n});\n\nconst stream = new kinesis.Stream(this, 'MyEncryptedStream', {\n encryption: kinesis.StreamEncryption.KMS,\n});\n\n// give lambda permissions to read stream\nstream.grantRead(lambdaRole);",
12481 "remarks": "Defines an IAM role. The role is created with an assume policy document associated with\nthe specified AWS service principal defined in `serviceAssumeRole`.",
12482 "stability": "stable",
12483 "summary": "IAM Role."
12484 },
12485 "fqn": "@aws-cdk/aws-iam.Role",
12486 "initializer": {
12487 "docs": {
12488 "stability": "stable"
12489 },
12490 "locationInModule": {
12491 "filename": "lib/role.ts",
12492 "line": 336
12493 },
12494 "parameters": [
12495 {
12496 "name": "scope",
12497 "type": {
12498 "fqn": "constructs.Construct"
12499 }
12500 },
12501 {
12502 "name": "id",
12503 "type": {
12504 "primitive": "string"
12505 }
12506 },
12507 {
12508 "name": "props",
12509 "type": {
12510 "fqn": "@aws-cdk/aws-iam.RoleProps"
12511 }
12512 }
12513 ]
12514 },
12515 "interfaces": [
12516 "@aws-cdk/aws-iam.IRole"
12517 ],
12518 "kind": "class",
12519 "locationInModule": {
12520 "filename": "lib/role.ts",
12521 "line": 170
12522 },
12523 "methods": [
12524 {
12525 "docs": {
12526 "remarks": "If the imported Role ARN is a Token (such as a\n`CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced\nrole has a `path` (like `arn:...:role/AdminRoles/Alice`), the\n`roleName` property will not resolve to the correct value. Instead it\nwill resolve to the first path component. We unfortunately cannot express\nthe correct calculation of the full path name as a CloudFormation\nexpression. In this scenario the Role ARN should be supplied without the\n`path` in order to resolve the correct role resource.",
12527 "stability": "stable",
12528 "summary": "Import an external role by ARN."
12529 },
12530 "locationInModule": {
12531 "filename": "lib/role.ts",
12532 "line": 188
12533 },
12534 "name": "fromRoleArn",
12535 "parameters": [
12536 {
12537 "docs": {
12538 "summary": "construct scope."
12539 },
12540 "name": "scope",
12541 "type": {
12542 "fqn": "constructs.Construct"
12543 }
12544 },
12545 {
12546 "docs": {
12547 "summary": "construct id."
12548 },
12549 "name": "id",
12550 "type": {
12551 "primitive": "string"
12552 }
12553 },
12554 {
12555 "docs": {
12556 "summary": "the ARN of the role to import."
12557 },
12558 "name": "roleArn",
12559 "type": {
12560 "primitive": "string"
12561 }
12562 },
12563 {
12564 "docs": {
12565 "summary": "allow customizing the behavior of the returned role."
12566 },
12567 "name": "options",
12568 "optional": true,
12569 "type": {
12570 "fqn": "@aws-cdk/aws-iam.FromRoleArnOptions"
12571 }
12572 }
12573 ],
12574 "returns": {
12575 "type": {
12576 "fqn": "@aws-cdk/aws-iam.IRole"
12577 }
12578 },
12579 "static": true
12580 },
12581 {
12582 "docs": {
12583 "remarks": "The imported role is assumed to exist in the same account as the account\nthe scope's containing Stack is being deployed to.",
12584 "stability": "stable",
12585 "summary": "Import an external role by name."
12586 },
12587 "locationInModule": {
12588 "filename": "lib/role.ts",
12589 "line": 283
12590 },
12591 "name": "fromRoleName",
12592 "parameters": [
12593 {
12594 "name": "scope",
12595 "type": {
12596 "fqn": "constructs.Construct"
12597 }
12598 },
12599 {
12600 "name": "id",
12601 "type": {
12602 "primitive": "string"
12603 }
12604 },
12605 {
12606 "name": "roleName",
12607 "type": {
12608 "primitive": "string"
12609 }
12610 }
12611 ],
12612 "returns": {
12613 "type": {
12614 "fqn": "@aws-cdk/aws-iam.IRole"
12615 }
12616 },
12617 "static": true
12618 },
12619 {
12620 "docs": {
12621 "stability": "stable",
12622 "summary": "Attaches a managed policy to this role."
12623 },
12624 "locationInModule": {
12625 "filename": "lib/role.ts",
12626 "line": 415
12627 },
12628 "name": "addManagedPolicy",
12629 "overrides": "@aws-cdk/aws-iam.IIdentity",
12630 "parameters": [
12631 {
12632 "docs": {
12633 "summary": "The the managed policy to attach."
12634 },
12635 "name": "policy",
12636 "type": {
12637 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
12638 }
12639 }
12640 ]
12641 },
12642 {
12643 "docs": {
12644 "stability": "stable",
12645 "summary": "Add to the policy of this principal."
12646 },
12647 "locationInModule": {
12648 "filename": "lib/role.ts",
12649 "line": 407
12650 },
12651 "name": "addToPolicy",
12652 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12653 "parameters": [
12654 {
12655 "name": "statement",
12656 "type": {
12657 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
12658 }
12659 }
12660 ],
12661 "returns": {
12662 "type": {
12663 "primitive": "boolean"
12664 }
12665 }
12666 },
12667 {
12668 "docs": {
12669 "remarks": "If there is no default policy attached to this role, it will be created.",
12670 "stability": "stable",
12671 "summary": "Adds a permission to the role's default policy document."
12672 },
12673 "locationInModule": {
12674 "filename": "lib/role.ts",
12675 "line": 398
12676 },
12677 "name": "addToPrincipalPolicy",
12678 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12679 "parameters": [
12680 {
12681 "docs": {
12682 "summary": "The permission statement to add to the policy document."
12683 },
12684 "name": "statement",
12685 "type": {
12686 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
12687 }
12688 }
12689 ],
12690 "returns": {
12691 "type": {
12692 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
12693 }
12694 }
12695 },
12696 {
12697 "docs": {
12698 "stability": "stable",
12699 "summary": "Attaches a policy to this role."
12700 },
12701 "locationInModule": {
12702 "filename": "lib/role.ts",
12703 "line": 424
12704 },
12705 "name": "attachInlinePolicy",
12706 "overrides": "@aws-cdk/aws-iam.IIdentity",
12707 "parameters": [
12708 {
12709 "docs": {
12710 "summary": "The policy to attach."
12711 },
12712 "name": "policy",
12713 "type": {
12714 "fqn": "@aws-cdk/aws-iam.Policy"
12715 }
12716 }
12717 ]
12718 },
12719 {
12720 "docs": {
12721 "stability": "stable",
12722 "summary": "Grant the actions defined in actions to the identity Principal on this resource."
12723 },
12724 "locationInModule": {
12725 "filename": "lib/role.ts",
12726 "line": 432
12727 },
12728 "name": "grant",
12729 "overrides": "@aws-cdk/aws-iam.IRole",
12730 "parameters": [
12731 {
12732 "name": "grantee",
12733 "type": {
12734 "fqn": "@aws-cdk/aws-iam.IPrincipal"
12735 }
12736 },
12737 {
12738 "name": "actions",
12739 "type": {
12740 "primitive": "string"
12741 },
12742 "variadic": true
12743 }
12744 ],
12745 "returns": {
12746 "type": {
12747 "fqn": "@aws-cdk/aws-iam.Grant"
12748 }
12749 },
12750 "variadic": true
12751 },
12752 {
12753 "docs": {
12754 "stability": "stable",
12755 "summary": "Grant permissions to the given principal to pass this role."
12756 },
12757 "locationInModule": {
12758 "filename": "lib/role.ts",
12759 "line": 444
12760 },
12761 "name": "grantPassRole",
12762 "overrides": "@aws-cdk/aws-iam.IRole",
12763 "parameters": [
12764 {
12765 "name": "identity",
12766 "type": {
12767 "fqn": "@aws-cdk/aws-iam.IPrincipal"
12768 }
12769 }
12770 ],
12771 "returns": {
12772 "type": {
12773 "fqn": "@aws-cdk/aws-iam.Grant"
12774 }
12775 }
12776 },
12777 {
12778 "docs": {
12779 "remarks": "This method can be implemented by derived constructs in order to perform\nvalidation logic. It is called on all constructs before synthesis.",
12780 "stability": "stable",
12781 "summary": "Validate the current construct."
12782 },
12783 "locationInModule": {
12784 "filename": "lib/role.ts",
12785 "line": 465
12786 },
12787 "name": "validate",
12788 "overrides": "@aws-cdk/core.Construct",
12789 "protected": true,
12790 "returns": {
12791 "type": {
12792 "collection": {
12793 "elementtype": {
12794 "primitive": "string"
12795 },
12796 "kind": "array"
12797 }
12798 }
12799 }
12800 },
12801 {
12802 "docs": {
12803 "remarks": "Use the object returned by this method if you want this Role to be used by\na construct without it automatically updating the Role's Policies.\n\nIf you do, you are responsible for adding the correct statements to the\nRole's policies yourself.",
12804 "stability": "stable",
12805 "summary": "Return a copy of this Role object whose Policies will not be updated."
12806 },
12807 "locationInModule": {
12808 "filename": "lib/role.ts",
12809 "line": 457
12810 },
12811 "name": "withoutPolicyUpdates",
12812 "parameters": [
12813 {
12814 "name": "options",
12815 "optional": true,
12816 "type": {
12817 "fqn": "@aws-cdk/aws-iam.WithoutPolicyUpdatesOptions"
12818 }
12819 }
12820 ],
12821 "returns": {
12822 "type": {
12823 "fqn": "@aws-cdk/aws-iam.IRole"
12824 }
12825 }
12826 }
12827 ],
12828 "name": "Role",
12829 "properties": [
12830 {
12831 "docs": {
12832 "stability": "stable",
12833 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
12834 },
12835 "immutable": true,
12836 "locationInModule": {
12837 "filename": "lib/role.ts",
12838 "line": 295
12839 },
12840 "name": "assumeRoleAction",
12841 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12842 "type": {
12843 "primitive": "string"
12844 }
12845 },
12846 {
12847 "docs": {
12848 "stability": "stable",
12849 "summary": "The principal to grant permissions to."
12850 },
12851 "immutable": true,
12852 "locationInModule": {
12853 "filename": "lib/role.ts",
12854 "line": 292
12855 },
12856 "name": "grantPrincipal",
12857 "overrides": "@aws-cdk/aws-iam.IGrantable",
12858 "type": {
12859 "fqn": "@aws-cdk/aws-iam.IPrincipal"
12860 }
12861 },
12862 {
12863 "docs": {
12864 "stability": "stable",
12865 "summary": "Returns the role."
12866 },
12867 "immutable": true,
12868 "locationInModule": {
12869 "filename": "lib/role.ts",
12870 "line": 323
12871 },
12872 "name": "policyFragment",
12873 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12874 "type": {
12875 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
12876 }
12877 },
12878 {
12879 "docs": {
12880 "stability": "stable",
12881 "summary": "Returns the ARN of this role."
12882 },
12883 "immutable": true,
12884 "locationInModule": {
12885 "filename": "lib/role.ts",
12886 "line": 305
12887 },
12888 "name": "roleArn",
12889 "overrides": "@aws-cdk/aws-iam.IRole",
12890 "type": {
12891 "primitive": "string"
12892 }
12893 },
12894 {
12895 "docs": {
12896 "custom": {
12897 "attribute": "true"
12898 },
12899 "remarks": "For example,\nAIDAJQABLZS4A3QDU576Q.",
12900 "stability": "stable",
12901 "summary": "Returns the stable and unique string identifying the role."
12902 },
12903 "immutable": true,
12904 "locationInModule": {
12905 "filename": "lib/role.ts",
12906 "line": 313
12907 },
12908 "name": "roleId",
12909 "type": {
12910 "primitive": "string"
12911 }
12912 },
12913 {
12914 "docs": {
12915 "stability": "stable",
12916 "summary": "Returns the name of the role."
12917 },
12918 "immutable": true,
12919 "locationInModule": {
12920 "filename": "lib/role.ts",
12921 "line": 318
12922 },
12923 "name": "roleName",
12924 "overrides": "@aws-cdk/aws-iam.IRole",
12925 "type": {
12926 "primitive": "string"
12927 }
12928 },
12929 {
12930 "docs": {
12931 "stability": "stable",
12932 "summary": "The assume role policy document associated with this role."
12933 },
12934 "immutable": true,
12935 "locationInModule": {
12936 "filename": "lib/role.ts",
12937 "line": 300
12938 },
12939 "name": "assumeRolePolicy",
12940 "optional": true,
12941 "type": {
12942 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
12943 }
12944 },
12945 {
12946 "docs": {
12947 "stability": "stable",
12948 "summary": "Returns the permissions boundary attached to this role."
12949 },
12950 "immutable": true,
12951 "locationInModule": {
12952 "filename": "lib/role.ts",
12953 "line": 328
12954 },
12955 "name": "permissionsBoundary",
12956 "optional": true,
12957 "type": {
12958 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
12959 }
12960 },
12961 {
12962 "docs": {
12963 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
12964 "stability": "stable",
12965 "summary": "The AWS account ID of this principal."
12966 },
12967 "immutable": true,
12968 "locationInModule": {
12969 "filename": "lib/role.ts",
12970 "line": 293
12971 },
12972 "name": "principalAccount",
12973 "optional": true,
12974 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12975 "type": {
12976 "primitive": "string"
12977 }
12978 }
12979 ],
12980 "symbolId": "lib/role:Role"
12981 },
12982 "@aws-cdk/aws-iam.RoleProps": {
12983 "assembly": "@aws-cdk/aws-iam",
12984 "datatype": true,
12985 "docs": {
12986 "custom": {
12987 "exampleMetadata": "infused"
12988 },
12989 "example": "const lambdaRole = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),\n description: 'Example role...',\n});\n\nconst stream = new kinesis.Stream(this, 'MyEncryptedStream', {\n encryption: kinesis.StreamEncryption.KMS,\n});\n\n// give lambda permissions to read stream\nstream.grantRead(lambdaRole);",
12990 "stability": "stable",
12991 "summary": "Properties for defining an IAM Role."
12992 },
12993 "fqn": "@aws-cdk/aws-iam.RoleProps",
12994 "kind": "interface",
12995 "locationInModule": {
12996 "filename": "lib/role.ts",
12997 "line": 19
12998 },
12999 "name": "RoleProps",
13000 "properties": [
13001 {
13002 "abstract": true,
13003 "docs": {
13004 "remarks": "You can later modify the assume role policy document by accessing it via\nthe `assumeRolePolicy` property.",
13005 "stability": "stable",
13006 "summary": "The IAM principal (i.e. `new ServicePrincipal('sns.amazonaws.com')`) which can assume this role."
13007 },
13008 "immutable": true,
13009 "locationInModule": {
13010 "filename": "lib/role.ts",
13011 "line": 27
13012 },
13013 "name": "assumedBy",
13014 "type": {
13015 "fqn": "@aws-cdk/aws-iam.IPrincipal"
13016 }
13017 },
13018 {
13019 "abstract": true,
13020 "docs": {
13021 "default": "- No description.",
13022 "remarks": "It can be up to 1000 characters long.",
13023 "stability": "stable",
13024 "summary": "A description of the role."
13025 },
13026 "immutable": true,
13027 "locationInModule": {
13028 "filename": "lib/role.ts",
13029 "line": 137
13030 },
13031 "name": "description",
13032 "optional": true,
13033 "type": {
13034 "primitive": "string"
13035 }
13036 },
13037 {
13038 "abstract": true,
13039 "docs": {
13040 "default": "No external ID required",
13041 "deprecated": "see {@link externalIds}",
13042 "remarks": "If the configured and provided external IDs do not match, the\nAssumeRole operation will fail.",
13043 "stability": "deprecated",
13044 "summary": "ID that the role assumer needs to provide when assuming this role."
13045 },
13046 "immutable": true,
13047 "locationInModule": {
13048 "filename": "lib/role.ts",
13049 "line": 39
13050 },
13051 "name": "externalId",
13052 "optional": true,
13053 "type": {
13054 "primitive": "string"
13055 }
13056 },
13057 {
13058 "abstract": true,
13059 "docs": {
13060 "default": "No external ID required",
13061 "remarks": "If the configured and provided external IDs do not match, the\nAssumeRole operation will fail.",
13062 "stability": "stable",
13063 "summary": "List of IDs that the role assumer needs to provide one of when assuming this role."
13064 },
13065 "immutable": true,
13066 "locationInModule": {
13067 "filename": "lib/role.ts",
13068 "line": 49
13069 },
13070 "name": "externalIds",
13071 "optional": true,
13072 "type": {
13073 "collection": {
13074 "elementtype": {
13075 "primitive": "string"
13076 },
13077 "kind": "array"
13078 }
13079 }
13080 },
13081 {
13082 "abstract": true,
13083 "docs": {
13084 "default": "- No policy is inlined in the Role resource.",
13085 "remarks": "These policies will be\ncreated with the role, whereas those added by ``addToPolicy`` are added\nusing a separate CloudFormation resource (allowing a way around circular\ndependencies that could otherwise be introduced).",
13086 "stability": "stable",
13087 "summary": "A list of named policies to inline into this role."
13088 },
13089 "immutable": true,
13090 "locationInModule": {
13091 "filename": "lib/role.ts",
13092 "line": 69
13093 },
13094 "name": "inlinePolicies",
13095 "optional": true,
13096 "type": {
13097 "collection": {
13098 "elementtype": {
13099 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
13100 },
13101 "kind": "map"
13102 }
13103 }
13104 },
13105 {
13106 "abstract": true,
13107 "docs": {
13108 "default": "- No managed policies.",
13109 "remarks": "You can add managed policies later using\n`addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.",
13110 "stability": "stable",
13111 "summary": "A list of managed policies associated with this role."
13112 },
13113 "immutable": true,
13114 "locationInModule": {
13115 "filename": "lib/role.ts",
13116 "line": 59
13117 },
13118 "name": "managedPolicies",
13119 "optional": true,
13120 "type": {
13121 "collection": {
13122 "elementtype": {
13123 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
13124 },
13125 "kind": "array"
13126 }
13127 }
13128 },
13129 {
13130 "abstract": true,
13131 "docs": {
13132 "custom": {
13133 "link": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html"
13134 },
13135 "default": "Duration.hours(1)",
13136 "remarks": "This setting can have a value from 1 hour (3600sec) to 12 (43200sec) hours.\n\nAnyone who assumes the role from the AWS CLI or API can use the\nDurationSeconds API parameter or the duration-seconds CLI parameter to\nrequest a longer session. The MaxSessionDuration setting determines the\nmaximum duration that can be requested using the DurationSeconds\nparameter.\n\nIf users don't specify a value for the DurationSeconds parameter, their\nsecurity credentials are valid for one hour by default. This applies when\nyou use the AssumeRole* API operations or the assume-role* CLI operations\nbut does not apply when you use those operations to create a console URL.",
13137 "stability": "stable",
13138 "summary": "The maximum session duration that you want to set for the specified role."
13139 },
13140 "immutable": true,
13141 "locationInModule": {
13142 "filename": "lib/role.ts",
13143 "line": 130
13144 },
13145 "name": "maxSessionDuration",
13146 "optional": true,
13147 "type": {
13148 "fqn": "@aws-cdk/core.Duration"
13149 }
13150 },
13151 {
13152 "abstract": true,
13153 "docs": {
13154 "default": "/",
13155 "remarks": "For information about IAM paths, see\nFriendly Names and Paths in IAM User Guide.",
13156 "stability": "stable",
13157 "summary": "The path associated with this role."
13158 },
13159 "immutable": true,
13160 "locationInModule": {
13161 "filename": "lib/role.ts",
13162 "line": 77
13163 },
13164 "name": "path",
13165 "optional": true,
13166 "type": {
13167 "primitive": "string"
13168 }
13169 },
13170 {
13171 "abstract": true,
13172 "docs": {
13173 "custom": {
13174 "link": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html"
13175 },
13176 "default": "- No permissions boundary.",
13177 "remarks": "A permissions boundary is an advanced feature for using a managed policy\nto set the maximum permissions that an identity-based policy can grant to\nan IAM entity. An entity's permissions boundary allows it to perform only\nthe actions that are allowed by both its identity-based policies and its\npermissions boundaries.",
13178 "stability": "stable",
13179 "summary": "AWS supports permissions boundaries for IAM entities (users or roles)."
13180 },
13181 "immutable": true,
13182 "locationInModule": {
13183 "filename": "lib/role.ts",
13184 "line": 92
13185 },
13186 "name": "permissionsBoundary",
13187 "optional": true,
13188 "type": {
13189 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
13190 }
13191 },
13192 {
13193 "abstract": true,
13194 "docs": {
13195 "default": "- AWS CloudFormation generates a unique physical ID and uses that ID\nfor the role name.",
13196 "remarks": "For valid values, see the RoleName parameter for\nthe CreateRole action in the IAM API Reference.\n\nIMPORTANT: If you specify a name, you cannot perform updates that require\nreplacement of this resource. You can perform updates that require no or\nsome interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the CAPABILITY_NAMED_IAM value to\nacknowledge your template's capabilities. For more information, see\nAcknowledging IAM Resources in AWS CloudFormation Templates.",
13197 "stability": "stable",
13198 "summary": "A name for the IAM role."
13199 },
13200 "immutable": true,
13201 "locationInModule": {
13202 "filename": "lib/role.ts",
13203 "line": 109
13204 },
13205 "name": "roleName",
13206 "optional": true,
13207 "type": {
13208 "primitive": "string"
13209 }
13210 }
13211 ],
13212 "symbolId": "lib/role:RoleProps"
13213 },
13214 "@aws-cdk/aws-iam.SamlConsolePrincipal": {
13215 "assembly": "@aws-cdk/aws-iam",
13216 "base": "@aws-cdk/aws-iam.SamlPrincipal",
13217 "docs": {
13218 "custom": {
13219 "exampleMetadata": "infused"
13220 },
13221 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.SamlConsolePrincipal(provider),\n});",
13222 "stability": "stable",
13223 "summary": "Principal entity that represents a SAML federated identity provider for programmatic and AWS Management Console access."
13224 },
13225 "fqn": "@aws-cdk/aws-iam.SamlConsolePrincipal",
13226 "initializer": {
13227 "docs": {
13228 "stability": "stable"
13229 },
13230 "locationInModule": {
13231 "filename": "lib/principals.ts",
13232 "line": 611
13233 },
13234 "parameters": [
13235 {
13236 "name": "samlProvider",
13237 "type": {
13238 "fqn": "@aws-cdk/aws-iam.ISamlProvider"
13239 }
13240 },
13241 {
13242 "name": "conditions",
13243 "optional": true,
13244 "type": {
13245 "collection": {
13246 "elementtype": {
13247 "primitive": "any"
13248 },
13249 "kind": "map"
13250 }
13251 }
13252 }
13253 ]
13254 },
13255 "kind": "class",
13256 "locationInModule": {
13257 "filename": "lib/principals.ts",
13258 "line": 610
13259 },
13260 "methods": [
13261 {
13262 "docs": {
13263 "stability": "stable",
13264 "summary": "Returns a string representation of an object."
13265 },
13266 "locationInModule": {
13267 "filename": "lib/principals.ts",
13268 "line": 620
13269 },
13270 "name": "toString",
13271 "overrides": "@aws-cdk/aws-iam.SamlPrincipal",
13272 "returns": {
13273 "type": {
13274 "primitive": "string"
13275 }
13276 }
13277 }
13278 ],
13279 "name": "SamlConsolePrincipal",
13280 "symbolId": "lib/principals:SamlConsolePrincipal"
13281 },
13282 "@aws-cdk/aws-iam.SamlMetadataDocument": {
13283 "abstract": true,
13284 "assembly": "@aws-cdk/aws-iam",
13285 "docs": {
13286 "custom": {
13287 "exampleMetadata": "infused"
13288 },
13289 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nconst principal = new iam.SamlPrincipal(provider, {\n StringEquals: {\n 'SAML:iss': 'issuer',\n },\n});",
13290 "stability": "stable",
13291 "summary": "A SAML metadata document."
13292 },
13293 "fqn": "@aws-cdk/aws-iam.SamlMetadataDocument",
13294 "initializer": {
13295 "docs": {
13296 "stability": "stable"
13297 }
13298 },
13299 "kind": "class",
13300 "locationInModule": {
13301 "filename": "lib/saml-provider.ts",
13302 "line": 49
13303 },
13304 "methods": [
13305 {
13306 "docs": {
13307 "stability": "stable",
13308 "summary": "Create a SAML metadata document from a XML file."
13309 },
13310 "locationInModule": {
13311 "filename": "lib/saml-provider.ts",
13312 "line": 60
13313 },
13314 "name": "fromFile",
13315 "parameters": [
13316 {
13317 "name": "path",
13318 "type": {
13319 "primitive": "string"
13320 }
13321 }
13322 ],
13323 "returns": {
13324 "type": {
13325 "fqn": "@aws-cdk/aws-iam.SamlMetadataDocument"
13326 }
13327 },
13328 "static": true
13329 },
13330 {
13331 "docs": {
13332 "stability": "stable",
13333 "summary": "Create a SAML metadata document from a XML string."
13334 },
13335 "locationInModule": {
13336 "filename": "lib/saml-provider.ts",
13337 "line": 53
13338 },
13339 "name": "fromXml",
13340 "parameters": [
13341 {
13342 "name": "xml",
13343 "type": {
13344 "primitive": "string"
13345 }
13346 }
13347 ],
13348 "returns": {
13349 "type": {
13350 "fqn": "@aws-cdk/aws-iam.SamlMetadataDocument"
13351 }
13352 },
13353 "static": true
13354 }
13355 ],
13356 "name": "SamlMetadataDocument",
13357 "properties": [
13358 {
13359 "abstract": true,
13360 "docs": {
13361 "stability": "stable",
13362 "summary": "The XML content of the metadata document."
13363 },
13364 "immutable": true,
13365 "locationInModule": {
13366 "filename": "lib/saml-provider.ts",
13367 "line": 67
13368 },
13369 "name": "xml",
13370 "type": {
13371 "primitive": "string"
13372 }
13373 }
13374 ],
13375 "symbolId": "lib/saml-provider:SamlMetadataDocument"
13376 },
13377 "@aws-cdk/aws-iam.SamlPrincipal": {
13378 "assembly": "@aws-cdk/aws-iam",
13379 "base": "@aws-cdk/aws-iam.FederatedPrincipal",
13380 "docs": {
13381 "custom": {
13382 "exampleMetadata": "infused"
13383 },
13384 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nconst principal = new iam.SamlPrincipal(provider, {\n StringEquals: {\n 'SAML:iss': 'issuer',\n },\n});",
13385 "stability": "stable",
13386 "summary": "Principal entity that represents a SAML federated identity provider."
13387 },
13388 "fqn": "@aws-cdk/aws-iam.SamlPrincipal",
13389 "initializer": {
13390 "docs": {
13391 "stability": "stable"
13392 },
13393 "locationInModule": {
13394 "filename": "lib/principals.ts",
13395 "line": 597
13396 },
13397 "parameters": [
13398 {
13399 "name": "samlProvider",
13400 "type": {
13401 "fqn": "@aws-cdk/aws-iam.ISamlProvider"
13402 }
13403 },
13404 {
13405 "name": "conditions",
13406 "type": {
13407 "collection": {
13408 "elementtype": {
13409 "primitive": "any"
13410 },
13411 "kind": "map"
13412 }
13413 }
13414 }
13415 ]
13416 },
13417 "kind": "class",
13418 "locationInModule": {
13419 "filename": "lib/principals.ts",
13420 "line": 596
13421 },
13422 "methods": [
13423 {
13424 "docs": {
13425 "stability": "stable",
13426 "summary": "Returns a string representation of an object."
13427 },
13428 "locationInModule": {
13429 "filename": "lib/principals.ts",
13430 "line": 601
13431 },
13432 "name": "toString",
13433 "overrides": "@aws-cdk/aws-iam.FederatedPrincipal",
13434 "returns": {
13435 "type": {
13436 "primitive": "string"
13437 }
13438 }
13439 }
13440 ],
13441 "name": "SamlPrincipal",
13442 "symbolId": "lib/principals:SamlPrincipal"
13443 },
13444 "@aws-cdk/aws-iam.SamlProvider": {
13445 "assembly": "@aws-cdk/aws-iam",
13446 "base": "@aws-cdk/core.Resource",
13447 "docs": {
13448 "custom": {
13449 "exampleMetadata": "infused"
13450 },
13451 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.SamlConsolePrincipal(provider),\n});",
13452 "stability": "stable",
13453 "summary": "A SAML provider."
13454 },
13455 "fqn": "@aws-cdk/aws-iam.SamlProvider",
13456 "initializer": {
13457 "docs": {
13458 "stability": "stable"
13459 },
13460 "locationInModule": {
13461 "filename": "lib/saml-provider.ts",
13462 "line": 86
13463 },
13464 "parameters": [
13465 {
13466 "name": "scope",
13467 "type": {
13468 "fqn": "constructs.Construct"
13469 }
13470 },
13471 {
13472 "name": "id",
13473 "type": {
13474 "primitive": "string"
13475 }
13476 },
13477 {
13478 "name": "props",
13479 "type": {
13480 "fqn": "@aws-cdk/aws-iam.SamlProviderProps"
13481 }
13482 }
13483 ]
13484 },
13485 "interfaces": [
13486 "@aws-cdk/aws-iam.ISamlProvider"
13487 ],
13488 "kind": "class",
13489 "locationInModule": {
13490 "filename": "lib/saml-provider.ts",
13491 "line": 73
13492 },
13493 "methods": [
13494 {
13495 "docs": {
13496 "stability": "stable",
13497 "summary": "Import an existing provider."
13498 },
13499 "locationInModule": {
13500 "filename": "lib/saml-provider.ts",
13501 "line": 77
13502 },
13503 "name": "fromSamlProviderArn",
13504 "parameters": [
13505 {
13506 "name": "scope",
13507 "type": {
13508 "fqn": "constructs.Construct"
13509 }
13510 },
13511 {
13512 "name": "id",
13513 "type": {
13514 "primitive": "string"
13515 }
13516 },
13517 {
13518 "name": "samlProviderArn",
13519 "type": {
13520 "primitive": "string"
13521 }
13522 }
13523 ],
13524 "returns": {
13525 "type": {
13526 "fqn": "@aws-cdk/aws-iam.ISamlProvider"
13527 }
13528 },
13529 "static": true
13530 }
13531 ],
13532 "name": "SamlProvider",
13533 "properties": [
13534 {
13535 "docs": {
13536 "stability": "stable",
13537 "summary": "The Amazon Resource Name (ARN) of the provider."
13538 },
13539 "immutable": true,
13540 "locationInModule": {
13541 "filename": "lib/saml-provider.ts",
13542 "line": 84
13543 },
13544 "name": "samlProviderArn",
13545 "overrides": "@aws-cdk/aws-iam.ISamlProvider",
13546 "type": {
13547 "primitive": "string"
13548 }
13549 }
13550 ],
13551 "symbolId": "lib/saml-provider:SamlProvider"
13552 },
13553 "@aws-cdk/aws-iam.SamlProviderProps": {
13554 "assembly": "@aws-cdk/aws-iam",
13555 "datatype": true,
13556 "docs": {
13557 "custom": {
13558 "exampleMetadata": "infused"
13559 },
13560 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.SamlConsolePrincipal(provider),\n});",
13561 "stability": "stable",
13562 "summary": "Properties for a SAML provider."
13563 },
13564 "fqn": "@aws-cdk/aws-iam.SamlProviderProps",
13565 "kind": "interface",
13566 "locationInModule": {
13567 "filename": "lib/saml-provider.ts",
13568 "line": 21
13569 },
13570 "name": "SamlProviderProps",
13571 "properties": [
13572 {
13573 "abstract": true,
13574 "docs": {
13575 "stability": "stable",
13576 "summary": "An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP."
13577 },
13578 "immutable": true,
13579 "locationInModule": {
13580 "filename": "lib/saml-provider.ts",
13581 "line": 43
13582 },
13583 "name": "metadataDocument",
13584 "type": {
13585 "fqn": "@aws-cdk/aws-iam.SamlMetadataDocument"
13586 }
13587 },
13588 {
13589 "abstract": true,
13590 "docs": {
13591 "default": "- a CloudFormation generated name",
13592 "remarks": "This parameter allows a string of characters consisting of upper and\nlowercase alphanumeric characters with no spaces. You can also include\nany of the following characters: _+=,.@-\n\nLength must be between 1 and 128 characters.",
13593 "stability": "stable",
13594 "summary": "The name of the provider to create."
13595 },
13596 "immutable": true,
13597 "locationInModule": {
13598 "filename": "lib/saml-provider.ts",
13599 "line": 33
13600 },
13601 "name": "name",
13602 "optional": true,
13603 "type": {
13604 "primitive": "string"
13605 }
13606 }
13607 ],
13608 "symbolId": "lib/saml-provider:SamlProviderProps"
13609 },
13610 "@aws-cdk/aws-iam.ServicePrincipal": {
13611 "assembly": "@aws-cdk/aws-iam",
13612 "base": "@aws-cdk/aws-iam.PrincipalBase",
13613 "docs": {
13614 "custom": {
13615 "exampleMetadata": "infused"
13616 },
13617 "example": "const lambdaRole = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),\n description: 'Example role...',\n});\n\nconst stream = new kinesis.Stream(this, 'MyEncryptedStream', {\n encryption: kinesis.StreamEncryption.KMS,\n});\n\n// give lambda permissions to read stream\nstream.grantRead(lambdaRole);",
13618 "stability": "stable",
13619 "summary": "An IAM principal that represents an AWS service (i.e. sqs.amazonaws.com)."
13620 },
13621 "fqn": "@aws-cdk/aws-iam.ServicePrincipal",
13622 "initializer": {
13623 "docs": {
13624 "stability": "stable"
13625 },
13626 "locationInModule": {
13627 "filename": "lib/principals.ts",
13628 "line": 433
13629 },
13630 "parameters": [
13631 {
13632 "docs": {
13633 "summary": "AWS service (i.e. sqs.amazonaws.com)."
13634 },
13635 "name": "service",
13636 "type": {
13637 "primitive": "string"
13638 }
13639 },
13640 {
13641 "name": "opts",
13642 "optional": true,
13643 "type": {
13644 "fqn": "@aws-cdk/aws-iam.ServicePrincipalOpts"
13645 }
13646 }
13647 ]
13648 },
13649 "kind": "class",
13650 "locationInModule": {
13651 "filename": "lib/principals.ts",
13652 "line": 428
13653 },
13654 "methods": [
13655 {
13656 "docs": {
13657 "stability": "stable",
13658 "summary": "Returns a string representation of an object."
13659 },
13660 "locationInModule": {
13661 "filename": "lib/principals.ts",
13662 "line": 445
13663 },
13664 "name": "toString",
13665 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
13666 "returns": {
13667 "type": {
13668 "primitive": "string"
13669 }
13670 }
13671 }
13672 ],
13673 "name": "ServicePrincipal",
13674 "properties": [
13675 {
13676 "docs": {
13677 "stability": "stable",
13678 "summary": "Return the policy fragment that identifies this principal in a Policy."
13679 },
13680 "immutable": true,
13681 "locationInModule": {
13682 "filename": "lib/principals.ts",
13683 "line": 437
13684 },
13685 "name": "policyFragment",
13686 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
13687 "type": {
13688 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
13689 }
13690 },
13691 {
13692 "docs": {
13693 "stability": "stable",
13694 "summary": "AWS service (i.e. sqs.amazonaws.com)."
13695 },
13696 "immutable": true,
13697 "locationInModule": {
13698 "filename": "lib/principals.ts",
13699 "line": 433
13700 },
13701 "name": "service",
13702 "type": {
13703 "primitive": "string"
13704 }
13705 }
13706 ],
13707 "symbolId": "lib/principals:ServicePrincipal"
13708 },
13709 "@aws-cdk/aws-iam.ServicePrincipalOpts": {
13710 "assembly": "@aws-cdk/aws-iam",
13711 "datatype": true,
13712 "docs": {
13713 "stability": "stable",
13714 "summary": "Options for a service principal.",
13715 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const conditions: any;\nconst servicePrincipalOpts: iam.ServicePrincipalOpts = {\n conditions: {\n conditionsKey: conditions,\n },\n region: 'region',\n};",
13716 "custom": {
13717 "exampleMetadata": "fixture=_generated"
13718 }
13719 },
13720 "fqn": "@aws-cdk/aws-iam.ServicePrincipalOpts",
13721 "kind": "interface",
13722 "locationInModule": {
13723 "filename": "lib/principals.ts",
13724 "line": 408
13725 },
13726 "name": "ServicePrincipalOpts",
13727 "properties": [
13728 {
13729 "abstract": true,
13730 "docs": {
13731 "default": "- No conditions",
13732 "stability": "stable",
13733 "summary": "Additional conditions to add to the Service Principal."
13734 },
13735 "immutable": true,
13736 "locationInModule": {
13737 "filename": "lib/principals.ts",
13738 "line": 422
13739 },
13740 "name": "conditions",
13741 "optional": true,
13742 "type": {
13743 "collection": {
13744 "elementtype": {
13745 "primitive": "any"
13746 },
13747 "kind": "map"
13748 }
13749 }
13750 },
13751 {
13752 "abstract": true,
13753 "docs": {
13754 "default": "- the current Stack's region.",
13755 "deprecated": "You should not need to set this. The stack's region is always correct.",
13756 "stability": "deprecated",
13757 "summary": "The region in which the service is operating."
13758 },
13759 "immutable": true,
13760 "locationInModule": {
13761 "filename": "lib/principals.ts",
13762 "line": 415
13763 },
13764 "name": "region",
13765 "optional": true,
13766 "type": {
13767 "primitive": "string"
13768 }
13769 }
13770 ],
13771 "symbolId": "lib/principals:ServicePrincipalOpts"
13772 },
13773 "@aws-cdk/aws-iam.SessionTagsPrincipal": {
13774 "assembly": "@aws-cdk/aws-iam",
13775 "base": "@aws-cdk/aws-iam.PrincipalBase",
13776 "docs": {
13777 "remarks": "For more information on session tags, see:\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html",
13778 "stability": "stable",
13779 "summary": "Enables session tags on role assumptions from a principal.",
13780 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const principal: iam.IPrincipal;\nconst sessionTagsPrincipal = new iam.SessionTagsPrincipal(principal);",
13781 "custom": {
13782 "exampleMetadata": "fixture=_generated"
13783 }
13784 },
13785 "fqn": "@aws-cdk/aws-iam.SessionTagsPrincipal",
13786 "initializer": {
13787 "docs": {
13788 "stability": "stable"
13789 },
13790 "locationInModule": {
13791 "filename": "lib/principals.ts",
13792 "line": 300
13793 },
13794 "parameters": [
13795 {
13796 "name": "principal",
13797 "type": {
13798 "fqn": "@aws-cdk/aws-iam.IPrincipal"
13799 }
13800 }
13801 ]
13802 },
13803 "kind": "class",
13804 "locationInModule": {
13805 "filename": "lib/principals.ts",
13806 "line": 299
13807 },
13808 "methods": [
13809 {
13810 "docs": {
13811 "remarks": "Add the statements to the AssumeRolePolicyDocument necessary to give this principal\npermissions to assume the given role.",
13812 "stability": "stable",
13813 "summary": "Add the princpial to the AssumeRolePolicyDocument."
13814 },
13815 "locationInModule": {
13816 "filename": "lib/principals.ts",
13817 "line": 304
13818 },
13819 "name": "addToAssumeRolePolicy",
13820 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
13821 "parameters": [
13822 {
13823 "name": "doc",
13824 "type": {
13825 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
13826 }
13827 }
13828 ]
13829 },
13830 {
13831 "docs": {
13832 "stability": "stable",
13833 "summary": "Add to the policy of this principal."
13834 },
13835 "locationInModule": {
13836 "filename": "lib/principals.ts",
13837 "line": 197
13838 },
13839 "name": "addToPolicy",
13840 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
13841 "parameters": [
13842 {
13843 "name": "statement",
13844 "type": {
13845 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
13846 }
13847 }
13848 ],
13849 "returns": {
13850 "type": {
13851 "primitive": "boolean"
13852 }
13853 }
13854 },
13855 {
13856 "docs": {
13857 "stability": "stable",
13858 "summary": "Add to the policy of this principal."
13859 },
13860 "locationInModule": {
13861 "filename": "lib/principals.ts",
13862 "line": 200
13863 },
13864 "name": "addToPrincipalPolicy",
13865 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
13866 "parameters": [
13867 {
13868 "name": "statement",
13869 "type": {
13870 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
13871 }
13872 }
13873 ],
13874 "returns": {
13875 "type": {
13876 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
13877 }
13878 }
13879 }
13880 ],
13881 "name": "SessionTagsPrincipal",
13882 "properties": [
13883 {
13884 "docs": {
13885 "stability": "stable",
13886 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
13887 },
13888 "immutable": true,
13889 "locationInModule": {
13890 "filename": "lib/principals.ts",
13891 "line": 188
13892 },
13893 "name": "assumeRoleAction",
13894 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
13895 "type": {
13896 "primitive": "string"
13897 }
13898 },
13899 {
13900 "docs": {
13901 "stability": "stable",
13902 "summary": "Return the policy fragment that identifies this principal in a Policy."
13903 },
13904 "immutable": true,
13905 "locationInModule": {
13906 "filename": "lib/principals.ts",
13907 "line": 195
13908 },
13909 "name": "policyFragment",
13910 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
13911 "type": {
13912 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
13913 }
13914 },
13915 {
13916 "docs": {
13917 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
13918 "stability": "stable",
13919 "summary": "The AWS account ID of this principal."
13920 },
13921 "immutable": true,
13922 "locationInModule": {
13923 "filename": "lib/principals.ts",
13924 "line": 189
13925 },
13926 "name": "principalAccount",
13927 "optional": true,
13928 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
13929 "type": {
13930 "primitive": "string"
13931 }
13932 }
13933 ],
13934 "symbolId": "lib/principals:SessionTagsPrincipal"
13935 },
13936 "@aws-cdk/aws-iam.StarPrincipal": {
13937 "assembly": "@aws-cdk/aws-iam",
13938 "base": "@aws-cdk/aws-iam.PrincipalBase",
13939 "docs": {
13940 "remarks": "Some services behave differently when you specify `Principal: \"*\"`\nor `Principal: { AWS: \"*\" }` in their resource policy.\n\n`StarPrincipal` renders to `Principal: *`. Most of the time, you\nshould use `AnyPrincipal` instead.",
13941 "stability": "stable",
13942 "summary": "A principal that uses a literal '*' in the IAM JSON language.",
13943 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst starPrincipal = new iam.StarPrincipal();",
13944 "custom": {
13945 "exampleMetadata": "fixture=_generated"
13946 }
13947 },
13948 "fqn": "@aws-cdk/aws-iam.StarPrincipal",
13949 "initializer": {
13950 "docs": {
13951 "stability": "stable"
13952 }
13953 },
13954 "kind": "class",
13955 "locationInModule": {
13956 "filename": "lib/principals.ts",
13957 "line": 673
13958 },
13959 "methods": [
13960 {
13961 "docs": {
13962 "stability": "stable",
13963 "summary": "Returns a string representation of an object."
13964 },
13965 "locationInModule": {
13966 "filename": "lib/principals.ts",
13967 "line": 679
13968 },
13969 "name": "toString",
13970 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
13971 "returns": {
13972 "type": {
13973 "primitive": "string"
13974 }
13975 }
13976 }
13977 ],
13978 "name": "StarPrincipal",
13979 "properties": [
13980 {
13981 "docs": {
13982 "stability": "stable",
13983 "summary": "Return the policy fragment that identifies this principal in a Policy."
13984 },
13985 "immutable": true,
13986 "locationInModule": {
13987 "filename": "lib/principals.ts",
13988 "line": 674
13989 },
13990 "name": "policyFragment",
13991 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
13992 "type": {
13993 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
13994 }
13995 }
13996 ],
13997 "symbolId": "lib/principals:StarPrincipal"
13998 },
13999 "@aws-cdk/aws-iam.UnknownPrincipal": {
14000 "assembly": "@aws-cdk/aws-iam",
14001 "docs": {
14002 "remarks": "Some resources have roles associated with them which they assume, such as\nLambda Functions, CodeBuild projects, StepFunctions machines, etc.\n\nWhen those resources are imported, their actual roles are not always\nimported with them. When that happens, we use an instance of this class\ninstead, which will add user warnings when statements are attempted to be\nadded to it.",
14003 "stability": "stable",
14004 "summary": "A principal for use in resources that need to have a role but it's unknown.",
14005 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as constructs from 'constructs';\n\ndeclare const construct: constructs.Construct;\nconst unknownPrincipal = new iam.UnknownPrincipal({\n resource: construct,\n});",
14006 "custom": {
14007 "exampleMetadata": "fixture=_generated"
14008 }
14009 },
14010 "fqn": "@aws-cdk/aws-iam.UnknownPrincipal",
14011 "initializer": {
14012 "docs": {
14013 "stability": "stable"
14014 },
14015 "locationInModule": {
14016 "filename": "lib/unknown-principal.ts",
14017 "line": 32
14018 },
14019 "parameters": [
14020 {
14021 "name": "props",
14022 "type": {
14023 "fqn": "@aws-cdk/aws-iam.UnknownPrincipalProps"
14024 }
14025 }
14026 ]
14027 },
14028 "interfaces": [
14029 "@aws-cdk/aws-iam.IPrincipal"
14030 ],
14031 "kind": "class",
14032 "locationInModule": {
14033 "filename": "lib/unknown-principal.ts",
14034 "line": 27
14035 },
14036 "methods": [
14037 {
14038 "docs": {
14039 "stability": "stable",
14040 "summary": "Add to the policy of this principal."
14041 },
14042 "locationInModule": {
14043 "filename": "lib/unknown-principal.ts",
14044 "line": 49
14045 },
14046 "name": "addToPolicy",
14047 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14048 "parameters": [
14049 {
14050 "name": "statement",
14051 "type": {
14052 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
14053 }
14054 }
14055 ],
14056 "returns": {
14057 "type": {
14058 "primitive": "boolean"
14059 }
14060 }
14061 },
14062 {
14063 "docs": {
14064 "stability": "stable",
14065 "summary": "Add to the policy of this principal."
14066 },
14067 "locationInModule": {
14068 "filename": "lib/unknown-principal.ts",
14069 "line": 41
14070 },
14071 "name": "addToPrincipalPolicy",
14072 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14073 "parameters": [
14074 {
14075 "name": "statement",
14076 "type": {
14077 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
14078 }
14079 }
14080 ],
14081 "returns": {
14082 "type": {
14083 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
14084 }
14085 }
14086 }
14087 ],
14088 "name": "UnknownPrincipal",
14089 "properties": [
14090 {
14091 "docs": {
14092 "stability": "stable",
14093 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
14094 },
14095 "immutable": true,
14096 "locationInModule": {
14097 "filename": "lib/unknown-principal.ts",
14098 "line": 28
14099 },
14100 "name": "assumeRoleAction",
14101 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14102 "type": {
14103 "primitive": "string"
14104 }
14105 },
14106 {
14107 "docs": {
14108 "stability": "stable",
14109 "summary": "The principal to grant permissions to."
14110 },
14111 "immutable": true,
14112 "locationInModule": {
14113 "filename": "lib/unknown-principal.ts",
14114 "line": 29
14115 },
14116 "name": "grantPrincipal",
14117 "overrides": "@aws-cdk/aws-iam.IGrantable",
14118 "type": {
14119 "fqn": "@aws-cdk/aws-iam.IPrincipal"
14120 }
14121 },
14122 {
14123 "docs": {
14124 "stability": "stable",
14125 "summary": "Return the policy fragment that identifies this principal in a Policy."
14126 },
14127 "immutable": true,
14128 "locationInModule": {
14129 "filename": "lib/unknown-principal.ts",
14130 "line": 37
14131 },
14132 "name": "policyFragment",
14133 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14134 "type": {
14135 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
14136 }
14137 }
14138 ],
14139 "symbolId": "lib/unknown-principal:UnknownPrincipal"
14140 },
14141 "@aws-cdk/aws-iam.UnknownPrincipalProps": {
14142 "assembly": "@aws-cdk/aws-iam",
14143 "datatype": true,
14144 "docs": {
14145 "stability": "stable",
14146 "summary": "Properties for an UnknownPrincipal.",
14147 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as constructs from 'constructs';\n\ndeclare const construct: constructs.Construct;\nconst unknownPrincipalProps: iam.UnknownPrincipalProps = {\n resource: construct,\n};",
14148 "custom": {
14149 "exampleMetadata": "fixture=_generated"
14150 }
14151 },
14152 "fqn": "@aws-cdk/aws-iam.UnknownPrincipalProps",
14153 "kind": "interface",
14154 "locationInModule": {
14155 "filename": "lib/unknown-principal.ts",
14156 "line": 9
14157 },
14158 "name": "UnknownPrincipalProps",
14159 "properties": [
14160 {
14161 "abstract": true,
14162 "docs": {
14163 "stability": "stable",
14164 "summary": "The resource the role proxy is for."
14165 },
14166 "immutable": true,
14167 "locationInModule": {
14168 "filename": "lib/unknown-principal.ts",
14169 "line": 13
14170 },
14171 "name": "resource",
14172 "type": {
14173 "fqn": "constructs.IConstruct"
14174 }
14175 }
14176 ],
14177 "symbolId": "lib/unknown-principal:UnknownPrincipalProps"
14178 },
14179 "@aws-cdk/aws-iam.User": {
14180 "assembly": "@aws-cdk/aws-iam",
14181 "base": "@aws-cdk/core.Resource",
14182 "docs": {
14183 "custom": {
14184 "exampleMetadata": "infused"
14185 },
14186 "example": "const user = new iam.User(this, 'MyUser'); // or User.fromUserName(stack, 'User', 'johnsmith');\nconst group = new iam.Group(this, 'MyGroup'); // or Group.fromGroupArn(stack, 'Group', 'arn:aws:iam::account-id:group/group-name');\n\nuser.addToGroup(group);\n// or\ngroup.addUser(user);",
14187 "stability": "stable",
14188 "summary": "Define a new IAM user."
14189 },
14190 "fqn": "@aws-cdk/aws-iam.User",
14191 "initializer": {
14192 "docs": {
14193 "stability": "stable"
14194 },
14195 "locationInModule": {
14196 "filename": "lib/user.ts",
14197 "line": 257
14198 },
14199 "parameters": [
14200 {
14201 "name": "scope",
14202 "type": {
14203 "fqn": "constructs.Construct"
14204 }
14205 },
14206 {
14207 "name": "id",
14208 "type": {
14209 "primitive": "string"
14210 }
14211 },
14212 {
14213 "name": "props",
14214 "optional": true,
14215 "type": {
14216 "fqn": "@aws-cdk/aws-iam.UserProps"
14217 }
14218 }
14219 ]
14220 },
14221 "interfaces": [
14222 "@aws-cdk/aws-iam.IIdentity",
14223 "@aws-cdk/aws-iam.IUser"
14224 ],
14225 "kind": "class",
14226 "locationInModule": {
14227 "filename": "lib/user.ts",
14228 "line": 137
14229 },
14230 "methods": [
14231 {
14232 "docs": {
14233 "remarks": "If the ARN comes from a Token, the User cannot have a path; if so, any attempt\nto reference its username will fail.",
14234 "stability": "stable",
14235 "summary": "Import an existing user given a user ARN."
14236 },
14237 "locationInModule": {
14238 "filename": "lib/user.ts",
14239 "line": 166
14240 },
14241 "name": "fromUserArn",
14242 "parameters": [
14243 {
14244 "docs": {
14245 "summary": "construct scope."
14246 },
14247 "name": "scope",
14248 "type": {
14249 "fqn": "constructs.Construct"
14250 }
14251 },
14252 {
14253 "docs": {
14254 "summary": "construct id."
14255 },
14256 "name": "id",
14257 "type": {
14258 "primitive": "string"
14259 }
14260 },
14261 {
14262 "docs": {
14263 "summary": "the ARN of an existing user to import."
14264 },
14265 "name": "userArn",
14266 "type": {
14267 "primitive": "string"
14268 }
14269 }
14270 ],
14271 "returns": {
14272 "type": {
14273 "fqn": "@aws-cdk/aws-iam.IUser"
14274 }
14275 },
14276 "static": true
14277 },
14278 {
14279 "docs": {
14280 "remarks": "If the ARN comes from a Token, the User cannot have a path; if so, any attempt\nto reference its username will fail.",
14281 "stability": "stable",
14282 "summary": "Import an existing user given user attributes."
14283 },
14284 "locationInModule": {
14285 "filename": "lib/user.ts",
14286 "line": 180
14287 },
14288 "name": "fromUserAttributes",
14289 "parameters": [
14290 {
14291 "docs": {
14292 "summary": "construct scope."
14293 },
14294 "name": "scope",
14295 "type": {
14296 "fqn": "constructs.Construct"
14297 }
14298 },
14299 {
14300 "docs": {
14301 "summary": "construct id."
14302 },
14303 "name": "id",
14304 "type": {
14305 "primitive": "string"
14306 }
14307 },
14308 {
14309 "docs": {
14310 "summary": "the attributes of the user to import."
14311 },
14312 "name": "attrs",
14313 "type": {
14314 "fqn": "@aws-cdk/aws-iam.UserAttributes"
14315 }
14316 }
14317 ],
14318 "returns": {
14319 "type": {
14320 "fqn": "@aws-cdk/aws-iam.IUser"
14321 }
14322 },
14323 "static": true
14324 },
14325 {
14326 "docs": {
14327 "stability": "stable",
14328 "summary": "Import an existing user given a username."
14329 },
14330 "locationInModule": {
14331 "filename": "lib/user.ts",
14332 "line": 145
14333 },
14334 "name": "fromUserName",
14335 "parameters": [
14336 {
14337 "docs": {
14338 "summary": "construct scope."
14339 },
14340 "name": "scope",
14341 "type": {
14342 "fqn": "constructs.Construct"
14343 }
14344 },
14345 {
14346 "docs": {
14347 "summary": "construct id."
14348 },
14349 "name": "id",
14350 "type": {
14351 "primitive": "string"
14352 }
14353 },
14354 {
14355 "docs": {
14356 "summary": "the username of the existing user to import."
14357 },
14358 "name": "userName",
14359 "type": {
14360 "primitive": "string"
14361 }
14362 }
14363 ],
14364 "returns": {
14365 "type": {
14366 "fqn": "@aws-cdk/aws-iam.IUser"
14367 }
14368 },
14369 "static": true
14370 },
14371 {
14372 "docs": {
14373 "stability": "stable",
14374 "summary": "Attaches a managed policy to the user."
14375 },
14376 "locationInModule": {
14377 "filename": "lib/user.ts",
14378 "line": 301
14379 },
14380 "name": "addManagedPolicy",
14381 "overrides": "@aws-cdk/aws-iam.IIdentity",
14382 "parameters": [
14383 {
14384 "docs": {
14385 "summary": "The managed policy to attach."
14386 },
14387 "name": "policy",
14388 "type": {
14389 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
14390 }
14391 }
14392 ]
14393 },
14394 {
14395 "docs": {
14396 "stability": "stable",
14397 "summary": "Adds this user to a group."
14398 },
14399 "locationInModule": {
14400 "filename": "lib/user.ts",
14401 "line": 293
14402 },
14403 "name": "addToGroup",
14404 "overrides": "@aws-cdk/aws-iam.IUser",
14405 "parameters": [
14406 {
14407 "name": "group",
14408 "type": {
14409 "fqn": "@aws-cdk/aws-iam.IGroup"
14410 }
14411 }
14412 ]
14413 },
14414 {
14415 "docs": {
14416 "stability": "stable",
14417 "summary": "Add to the policy of this principal."
14418 },
14419 "locationInModule": {
14420 "filename": "lib/user.ts",
14421 "line": 329
14422 },
14423 "name": "addToPolicy",
14424 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14425 "parameters": [
14426 {
14427 "name": "statement",
14428 "type": {
14429 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
14430 }
14431 }
14432 ],
14433 "returns": {
14434 "type": {
14435 "primitive": "boolean"
14436 }
14437 }
14438 },
14439 {
14440 "docs": {
14441 "returns": "true",
14442 "stability": "stable",
14443 "summary": "Adds an IAM statement to the default policy."
14444 },
14445 "locationInModule": {
14446 "filename": "lib/user.ts",
14447 "line": 319
14448 },
14449 "name": "addToPrincipalPolicy",
14450 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14451 "parameters": [
14452 {
14453 "name": "statement",
14454 "type": {
14455 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
14456 }
14457 }
14458 ],
14459 "returns": {
14460 "type": {
14461 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
14462 }
14463 }
14464 },
14465 {
14466 "docs": {
14467 "stability": "stable",
14468 "summary": "Attaches a policy to this user."
14469 },
14470 "locationInModule": {
14471 "filename": "lib/user.ts",
14472 "line": 309
14473 },
14474 "name": "attachInlinePolicy",
14475 "overrides": "@aws-cdk/aws-iam.IIdentity",
14476 "parameters": [
14477 {
14478 "name": "policy",
14479 "type": {
14480 "fqn": "@aws-cdk/aws-iam.Policy"
14481 }
14482 }
14483 ]
14484 }
14485 ],
14486 "name": "User",
14487 "properties": [
14488 {
14489 "docs": {
14490 "stability": "stable",
14491 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
14492 },
14493 "immutable": true,
14494 "locationInModule": {
14495 "filename": "lib/user.ts",
14496 "line": 231
14497 },
14498 "name": "assumeRoleAction",
14499 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14500 "type": {
14501 "primitive": "string"
14502 }
14503 },
14504 {
14505 "docs": {
14506 "stability": "stable",
14507 "summary": "The principal to grant permissions to."
14508 },
14509 "immutable": true,
14510 "locationInModule": {
14511 "filename": "lib/user.ts",
14512 "line": 229
14513 },
14514 "name": "grantPrincipal",
14515 "overrides": "@aws-cdk/aws-iam.IGrantable",
14516 "type": {
14517 "fqn": "@aws-cdk/aws-iam.IPrincipal"
14518 }
14519 },
14520 {
14521 "docs": {
14522 "stability": "stable",
14523 "summary": "Return the policy fragment that identifies this principal in a Policy."
14524 },
14525 "immutable": true,
14526 "locationInModule": {
14527 "filename": "lib/user.ts",
14528 "line": 250
14529 },
14530 "name": "policyFragment",
14531 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14532 "type": {
14533 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
14534 }
14535 },
14536 {
14537 "docs": {
14538 "custom": {
14539 "attribute": "true"
14540 },
14541 "stability": "stable",
14542 "summary": "An attribute that represents the user's ARN."
14543 },
14544 "immutable": true,
14545 "locationInModule": {
14546 "filename": "lib/user.ts",
14547 "line": 243
14548 },
14549 "name": "userArn",
14550 "overrides": "@aws-cdk/aws-iam.IUser",
14551 "type": {
14552 "primitive": "string"
14553 }
14554 },
14555 {
14556 "docs": {
14557 "custom": {
14558 "attribute": "true"
14559 },
14560 "stability": "stable",
14561 "summary": "An attribute that represents the user name."
14562 },
14563 "immutable": true,
14564 "locationInModule": {
14565 "filename": "lib/user.ts",
14566 "line": 237
14567 },
14568 "name": "userName",
14569 "overrides": "@aws-cdk/aws-iam.IUser",
14570 "type": {
14571 "primitive": "string"
14572 }
14573 },
14574 {
14575 "docs": {
14576 "stability": "stable",
14577 "summary": "Returns the permissions boundary attached to this user."
14578 },
14579 "immutable": true,
14580 "locationInModule": {
14581 "filename": "lib/user.ts",
14582 "line": 248
14583 },
14584 "name": "permissionsBoundary",
14585 "optional": true,
14586 "type": {
14587 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
14588 }
14589 },
14590 {
14591 "docs": {
14592 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
14593 "stability": "stable",
14594 "summary": "The AWS account ID of this principal."
14595 },
14596 "immutable": true,
14597 "locationInModule": {
14598 "filename": "lib/user.ts",
14599 "line": 230
14600 },
14601 "name": "principalAccount",
14602 "optional": true,
14603 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14604 "type": {
14605 "primitive": "string"
14606 }
14607 }
14608 ],
14609 "symbolId": "lib/user:User"
14610 },
14611 "@aws-cdk/aws-iam.UserAttributes": {
14612 "assembly": "@aws-cdk/aws-iam",
14613 "datatype": true,
14614 "docs": {
14615 "custom": {
14616 "exampleMetadata": "infused"
14617 },
14618 "example": "const user = iam.User.fromUserAttributes(this, 'MyImportedUserByAttributes', {\n userArn: 'arn:aws:iam::123456789012:user/johnsmith',\n});",
14619 "stability": "stable",
14620 "summary": "Represents a user defined outside of this stack."
14621 },
14622 "fqn": "@aws-cdk/aws-iam.UserAttributes",
14623 "kind": "interface",
14624 "locationInModule": {
14625 "filename": "lib/user.ts",
14626 "line": 125
14627 },
14628 "name": "UserAttributes",
14629 "properties": [
14630 {
14631 "abstract": true,
14632 "docs": {
14633 "remarks": "Format: arn:<partition>:iam::<account-id>:user/<user-name-with-path>",
14634 "stability": "stable",
14635 "summary": "The ARN of the user."
14636 },
14637 "immutable": true,
14638 "locationInModule": {
14639 "filename": "lib/user.ts",
14640 "line": 131
14641 },
14642 "name": "userArn",
14643 "type": {
14644 "primitive": "string"
14645 }
14646 }
14647 ],
14648 "symbolId": "lib/user:UserAttributes"
14649 },
14650 "@aws-cdk/aws-iam.UserProps": {
14651 "assembly": "@aws-cdk/aws-iam",
14652 "datatype": true,
14653 "docs": {
14654 "custom": {
14655 "exampleMetadata": "lit=test/example.attaching.lit.ts infused"
14656 },
14657 "example": " const user = new User(this, 'MyUser', { password: cdk.SecretValue.unsafePlainText('1234') });\n const group = new Group(this, 'MyGroup');\n\n const policy = new Policy(this, 'MyPolicy');\n policy.attachToUser(user);\n group.attachInlinePolicy(policy);",
14658 "stability": "stable",
14659 "summary": "Properties for defining an IAM user."
14660 },
14661 "fqn": "@aws-cdk/aws-iam.UserProps",
14662 "kind": "interface",
14663 "locationInModule": {
14664 "filename": "lib/user.ts",
14665 "line": 39
14666 },
14667 "name": "UserProps",
14668 "properties": [
14669 {
14670 "abstract": true,
14671 "docs": {
14672 "default": "- No groups.",
14673 "remarks": "You can also use `addToGroup` to add this\nuser to a group.",
14674 "stability": "stable",
14675 "summary": "Groups to add this user to."
14676 },
14677 "immutable": true,
14678 "locationInModule": {
14679 "filename": "lib/user.ts",
14680 "line": 46
14681 },
14682 "name": "groups",
14683 "optional": true,
14684 "type": {
14685 "collection": {
14686 "elementtype": {
14687 "fqn": "@aws-cdk/aws-iam.IGroup"
14688 },
14689 "kind": "array"
14690 }
14691 }
14692 },
14693 {
14694 "abstract": true,
14695 "docs": {
14696 "default": "- No managed policies.",
14697 "remarks": "You can add managed policies later using\n`addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.",
14698 "stability": "stable",
14699 "summary": "A list of managed policies associated with this role."
14700 },
14701 "immutable": true,
14702 "locationInModule": {
14703 "filename": "lib/user.ts",
14704 "line": 56
14705 },
14706 "name": "managedPolicies",
14707 "optional": true,
14708 "type": {
14709 "collection": {
14710 "elementtype": {
14711 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
14712 },
14713 "kind": "array"
14714 }
14715 }
14716 },
14717 {
14718 "abstract": true,
14719 "docs": {
14720 "default": "- User won't be able to access the management console without a password.",
14721 "remarks": "You can use `SecretValue.unsafePlainText` to specify a password in plain text or\nuse `secretsmanager.Secret.fromSecretAttributes` to reference a secret in\nSecrets Manager.",
14722 "stability": "stable",
14723 "summary": "The password for the user. This is required so the user can access the AWS Management Console."
14724 },
14725 "immutable": true,
14726 "locationInModule": {
14727 "filename": "lib/user.ts",
14728 "line": 109
14729 },
14730 "name": "password",
14731 "optional": true,
14732 "type": {
14733 "fqn": "@aws-cdk/core.SecretValue"
14734 }
14735 },
14736 {
14737 "abstract": true,
14738 "docs": {
14739 "default": "false",
14740 "remarks": "If this is set to 'true', you must also specify \"initialPassword\".",
14741 "stability": "stable",
14742 "summary": "Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console."
14743 },
14744 "immutable": true,
14745 "locationInModule": {
14746 "filename": "lib/user.ts",
14747 "line": 119
14748 },
14749 "name": "passwordResetRequired",
14750 "optional": true,
14751 "type": {
14752 "primitive": "boolean"
14753 }
14754 },
14755 {
14756 "abstract": true,
14757 "docs": {
14758 "default": "/",
14759 "remarks": "For more information about paths, see IAM\nIdentifiers in the IAM User Guide.",
14760 "stability": "stable",
14761 "summary": "The path for the user name."
14762 },
14763 "immutable": true,
14764 "locationInModule": {
14765 "filename": "lib/user.ts",
14766 "line": 64
14767 },
14768 "name": "path",
14769 "optional": true,
14770 "type": {
14771 "primitive": "string"
14772 }
14773 },
14774 {
14775 "abstract": true,
14776 "docs": {
14777 "custom": {
14778 "link": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html"
14779 },
14780 "default": "- No permissions boundary.",
14781 "remarks": "A permissions boundary is an advanced feature for using a managed policy\nto set the maximum permissions that an identity-based policy can grant to\nan IAM entity. An entity's permissions boundary allows it to perform only\nthe actions that are allowed by both its identity-based policies and its\npermissions boundaries.",
14782 "stability": "stable",
14783 "summary": "AWS supports permissions boundaries for IAM entities (users or roles)."
14784 },
14785 "immutable": true,
14786 "locationInModule": {
14787 "filename": "lib/user.ts",
14788 "line": 79
14789 },
14790 "name": "permissionsBoundary",
14791 "optional": true,
14792 "type": {
14793 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
14794 }
14795 },
14796 {
14797 "abstract": true,
14798 "docs": {
14799 "default": "- Generated by CloudFormation (recommended)",
14800 "remarks": "For valid values, see the UserName parameter for\nthe CreateUser action in the IAM API Reference. If you don't specify a\nname, AWS CloudFormation generates a unique physical ID and uses that ID\nfor the user name.\n\nIf you specify a name, you cannot perform updates that require\nreplacement of this resource. You can perform updates that require no or\nsome interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the CAPABILITY_NAMED_IAM value to\nacknowledge your template's capabilities. For more information, see\nAcknowledging IAM Resources in AWS CloudFormation Templates.",
14801 "stability": "stable",
14802 "summary": "A name for the IAM user."
14803 },
14804 "immutable": true,
14805 "locationInModule": {
14806 "filename": "lib/user.ts",
14807 "line": 97
14808 },
14809 "name": "userName",
14810 "optional": true,
14811 "type": {
14812 "primitive": "string"
14813 }
14814 }
14815 ],
14816 "symbolId": "lib/user:UserProps"
14817 },
14818 "@aws-cdk/aws-iam.WebIdentityPrincipal": {
14819 "assembly": "@aws-cdk/aws-iam",
14820 "base": "@aws-cdk/aws-iam.FederatedPrincipal",
14821 "docs": {
14822 "custom": {
14823 "exampleMetadata": "infused"
14824 },
14825 "example": "const principal = new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com', {\n 'StringEquals': { 'cognito-identity.amazonaws.com:aud': 'us-east-2:12345678-abcd-abcd-abcd-123456' },\n 'ForAnyValue:StringLike': {'cognito-identity.amazonaws.com:amr': 'unauthenticated' },\n});",
14826 "stability": "stable",
14827 "summary": "A principal that represents a federated identity provider as Web Identity such as Cognito, Amazon, Facebook, Google, etc."
14828 },
14829 "fqn": "@aws-cdk/aws-iam.WebIdentityPrincipal",
14830 "initializer": {
14831 "docs": {
14832 "stability": "stable"
14833 },
14834 "locationInModule": {
14835 "filename": "lib/principals.ts",
14836 "line": 556
14837 },
14838 "parameters": [
14839 {
14840 "docs": {
14841 "summary": "identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito)."
14842 },
14843 "name": "identityProvider",
14844 "type": {
14845 "primitive": "string"
14846 }
14847 },
14848 {
14849 "docs": {
14850 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
14851 "summary": "The conditions under which the policy is in effect."
14852 },
14853 "name": "conditions",
14854 "optional": true,
14855 "type": {
14856 "collection": {
14857 "elementtype": {
14858 "primitive": "any"
14859 },
14860 "kind": "map"
14861 }
14862 }
14863 }
14864 ]
14865 },
14866 "kind": "class",
14867 "locationInModule": {
14868 "filename": "lib/principals.ts",
14869 "line": 547
14870 },
14871 "methods": [
14872 {
14873 "docs": {
14874 "stability": "stable",
14875 "summary": "Returns a string representation of an object."
14876 },
14877 "locationInModule": {
14878 "filename": "lib/principals.ts",
14879 "line": 564
14880 },
14881 "name": "toString",
14882 "overrides": "@aws-cdk/aws-iam.FederatedPrincipal",
14883 "returns": {
14884 "type": {
14885 "primitive": "string"
14886 }
14887 }
14888 }
14889 ],
14890 "name": "WebIdentityPrincipal",
14891 "properties": [
14892 {
14893 "docs": {
14894 "stability": "stable",
14895 "summary": "Return the policy fragment that identifies this principal in a Policy."
14896 },
14897 "immutable": true,
14898 "locationInModule": {
14899 "filename": "lib/principals.ts",
14900 "line": 560
14901 },
14902 "name": "policyFragment",
14903 "overrides": "@aws-cdk/aws-iam.FederatedPrincipal",
14904 "type": {
14905 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
14906 }
14907 }
14908 ],
14909 "symbolId": "lib/principals:WebIdentityPrincipal"
14910 },
14911 "@aws-cdk/aws-iam.WithoutPolicyUpdatesOptions": {
14912 "assembly": "@aws-cdk/aws-iam",
14913 "datatype": true,
14914 "docs": {
14915 "stability": "stable",
14916 "summary": "Options for the `withoutPolicyUpdates()` modifier of a Role.",
14917 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst withoutPolicyUpdatesOptions: iam.WithoutPolicyUpdatesOptions = {\n addGrantsToResources: false,\n};",
14918 "custom": {
14919 "exampleMetadata": "fixture=_generated"
14920 }
14921 },
14922 "fqn": "@aws-cdk/aws-iam.WithoutPolicyUpdatesOptions",
14923 "kind": "interface",
14924 "locationInModule": {
14925 "filename": "lib/role.ts",
14926 "line": 535
14927 },
14928 "name": "WithoutPolicyUpdatesOptions",
14929 "properties": [
14930 {
14931 "abstract": true,
14932 "docs": {
14933 "default": "false",
14934 "remarks": "If this is `false` or not specified, grant permissions added to this role are ignored.\nIt is your own responsibility to make sure the role has the required permissions.\n\nIf this is `true`, any grant permissions will be added to the resource instead.",
14935 "stability": "stable",
14936 "summary": "Add grants to resources instead of dropping them."
14937 },
14938 "immutable": true,
14939 "locationInModule": {
14940 "filename": "lib/role.ts",
14941 "line": 546
14942 },
14943 "name": "addGrantsToResources",
14944 "optional": true,
14945 "type": {
14946 "primitive": "boolean"
14947 }
14948 }
14949 ],
14950 "symbolId": "lib/role:WithoutPolicyUpdatesOptions"
14951 }
14952 },
14953 "version": "1.156.1",
14954 "fingerprint": "**********"
14955}