UNPKG

@aws-cdk/aws-iam/lib/group.d.ts

Version:

4.84 kBTypeScriptView Raw

1import { Resource } from '@aws-cdk/core';
2import { Construct } from 'constructs';
3import { IIdentity } from './identity-base';
4import { IManagedPolicy } from './managed-policy';
5import { Policy } from './policy';
6import { PolicyStatement } from './policy-statement';
7import { AddToPrincipalPolicyResult, IPrincipal, PrincipalPolicyFragment } from './principals';
8import { IUser } from './user';
9/**
* Represents an IAM Group.
*
* @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
*/
14export interface IGroup extends IIdentity {
  /**
   * Returns the IAM Group Name
   *
   * @attribute
   */
  readonly groupName: string;
  /**
   * Returns the IAM Group ARN
   *
   * @attribute
   */
  readonly groupArn: string;
27}
28/**
* Properties for defining an IAM group
*/
31export interface GroupProps {
  /**
   * A name for the IAM group. For valid values, see the GroupName parameter
   * for the CreateGroup action in the IAM API Reference. If you don't specify
   * a name, AWS CloudFormation generates a unique physical ID and uses that
   * ID for the group name.
   *
   * If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to
   * acknowledge your template's capabilities. For more information, see
   * Acknowledging IAM Resources in AWS CloudFormation Templates.
   *
   * @default Generated by CloudFormation (recommended)
   */
  readonly groupName?: string;
  /**
   * A list of managed policies associated with this role.
   *
   * You can add managed policies later using
   * `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.
   *
   * @default - No managed policies.
   */
  readonly managedPolicies?: IManagedPolicy[];
  /**
   * The path to the group. For more information about paths, see [IAM
   * Identifiers](http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html)
   * in the IAM User Guide.
   *
   * @default /
   */
  readonly path?: string;
62}
63declare abstract class GroupBase extends Resource implements IGroup {
  abstract readonly groupName: string;
  abstract readonly groupArn: string;
  readonly grantPrincipal: IPrincipal;
  readonly principalAccount: string | undefined;
  readonly assumeRoleAction: string;
  private readonly attachedPolicies;
  private defaultPolicy?;
  get policyFragment(): PrincipalPolicyFragment;
  /**
   * Attaches a policy to this group.
   * @param policy The policy to attach.
   */
  attachInlinePolicy(policy: Policy): void;
  addManagedPolicy(_policy: IManagedPolicy): void;
  /**
   * Adds a user to this group.
   */
  addUser(user: IUser): void;
  /**
   * Adds an IAM statement to the default policy.
   */
  addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult;
  addToPolicy(statement: PolicyStatement): boolean;
87}
88/**
* An IAM Group (collection of IAM users) lets you specify permissions for
* multiple users, which can make it easier to manage permissions for those users.
*
* @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
*/
94export declare class Group extends GroupBase {
  /**
   * Import an external group by ARN.
   *
   * If the imported Group ARN is a Token (such as a
   * `CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced
   * group has a `path` (like `arn:...:group/AdminGroup/NetworkAdmin`), the
   * `groupName` property will not resolve to the correct value. Instead it
   * will resolve to the first path component. We unfortunately cannot express
   * the correct calculation of the full path name as a CloudFormation
   * expression. In this scenario the Group ARN should be supplied without the
   * `path` in order to resolve the correct group resource.
   *
   * @param scope construct scope
   * @param id construct id
   * @param groupArn the ARN of the group to import (e.g. `arn:aws:iam::account-id:group/group-name`)
   */
  static fromGroupArn(scope: Construct, id: string, groupArn: string): IGroup;
  /**
   * Import an existing group by given name (with path).
   * This method has same caveats of `fromGroupArn`
   *
   * @param scope construct scope
   * @param id construct id
   * @param groupName the groupName (path included) of the existing group to import
   */
  static fromGroupName(scope: Construct, id: string, groupName: string): IGroup;
  readonly groupName: string;
  readonly groupArn: string;
  private readonly managedPolicies;
  constructor(scope: Construct, id: string, props?: GroupProps);
  /**
   * Attaches a managed policy to this group.
   * @param policy The managed policy to attach.
   */
  addManagedPolicy(policy: IManagedPolicy): void;
130}
131export {};

1	`import { Resource } from '@aws-cdk/core';`
2	`import { Construct } from 'constructs';`
3	`import { IIdentity } from './identity-base';`
4	`import { IManagedPolicy } from './managed-policy';`
5	`import { Policy } from './policy';`
6	`import { PolicyStatement } from './policy-statement';`
7	`import { AddToPrincipalPolicyResult, IPrincipal, PrincipalPolicyFragment } from './principals';`
8	`import { IUser } from './user';`
9	`/**`
10	`* Represents an IAM Group.`
11	`*`
12	`* @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html`
13	`*/`
14	`export interface IGroup extends IIdentity {`
15	`/**`
16	`* Returns the IAM Group Name`
17	`*`
18	`* @attribute`
19	`*/`
20	`readonly groupName: string;`
21	`/**`
22	`* Returns the IAM Group ARN`
23	`*`
24	`* @attribute`
25	`*/`
26	`readonly groupArn: string;`
27	`}`
28	`/**`
29	`* Properties for defining an IAM group`
30	`*/`
31	`export interface GroupProps {`
32	`/**`
33	`* A name for the IAM group. For valid values, see the GroupName parameter`
34	`* for the CreateGroup action in the IAM API Reference. If you don't specify`
35	`* a name, AWS CloudFormation generates a unique physical ID and uses that`
36	`* ID for the group name.`
37	`*`
38	`* If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to`
39	`* acknowledge your template's capabilities. For more information, see`
40	`* Acknowledging IAM Resources in AWS CloudFormation Templates.`
41	`*`
42	`* @default Generated by CloudFormation (recommended)`
43	`*/`
44	`readonly groupName?: string;`
45	`/**`
46	`* A list of managed policies associated with this role.`
47	`*`
48	`* You can add managed policies later using`
49	* `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.
50	`*`
51	`* @default - No managed policies.`
52	`*/`
53	`readonly managedPolicies?: IManagedPolicy[];`
54	`/**`
55	`* The path to the group. For more information about paths, see [IAM`
56	`* Identifiers](http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html)`
57	`* in the IAM User Guide.`
58	`*`
59	`* @default /`
60	`*/`
61	`readonly path?: string;`
62	`}`
63	`declare abstract class GroupBase extends Resource implements IGroup {`
64	`abstract readonly groupName: string;`
65	`abstract readonly groupArn: string;`
66	`readonly grantPrincipal: IPrincipal;`
67	`readonly principalAccount: string \| undefined;`
68	`readonly assumeRoleAction: string;`
69	`private readonly attachedPolicies;`
70	`private defaultPolicy?;`
71	`get policyFragment(): PrincipalPolicyFragment;`
72	`/**`
73	`* Attaches a policy to this group.`
74	`* @param policy The policy to attach.`
75	`*/`
76	`attachInlinePolicy(policy: Policy): void;`
77	`addManagedPolicy(_policy: IManagedPolicy): void;`
78	`/**`
79	`* Adds a user to this group.`
80	`*/`
81	`addUser(user: IUser): void;`
82	`/**`
83	`* Adds an IAM statement to the default policy.`
84	`*/`
85	`addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult;`
86	`addToPolicy(statement: PolicyStatement): boolean;`
87	`}`
88	`/**`
89	`* An IAM Group (collection of IAM users) lets you specify permissions for`
90	`* multiple users, which can make it easier to manage permissions for those users.`
91	`*`
92	`* @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html`
93	`*/`
94	`export declare class Group extends GroupBase {`
95	`/**`
96	`* Import an external group by ARN.`
97	`*`
98	`* If the imported Group ARN is a Token (such as a`
99	* `CfnParameter.valueAsString` or a `Fn.importValue()`) and the referenced
100	* group has a `path` (like `arn:...:group/AdminGroup/NetworkAdmin`), the
101	* `groupName` property will not resolve to the correct value. Instead it
102	`* will resolve to the first path component. We unfortunately cannot express`
103	`* the correct calculation of the full path name as a CloudFormation`
104	`* expression. In this scenario the Group ARN should be supplied without the`
105	* `path` in order to resolve the correct group resource.
106	`*`
107	`* @param scope construct scope`
108	`* @param id construct id`
109	* @param groupArn the ARN of the group to import (e.g. `arn:aws:iam::account-id:group/group-name`)
110	`*/`
111	`static fromGroupArn(scope: Construct, id: string, groupArn: string): IGroup;`
112	`/**`
113	`* Import an existing group by given name (with path).`
114	* This method has same caveats of `fromGroupArn`
115	`*`
116	`* @param scope construct scope`
117	`* @param id construct id`
118	`* @param groupName the groupName (path included) of the existing group to import`
119	`*/`
120	`static fromGroupName(scope: Construct, id: string, groupName: string): IGroup;`
121	`readonly groupName: string;`
122	`readonly groupArn: string;`
123	`private readonly managedPolicies;`
124	`constructor(scope: Construct, id: string, props?: GroupProps);`
125	`/**`
126	`* Attaches a managed policy to this group.`
127	`* @param policy The managed policy to attach.`
128	`*/`
129	`addManagedPolicy(policy: IManagedPolicy): void;`
130	`}`
131	`export {};`