UNPKG

595 kBPlain TextView Raw
1{
2 "author": {
3 "name": "Amazon Web Services",
4 "organization": true,
5 "roles": [
6 "author"
7 ],
8 "url": "https://aws.amazon.com"
9 },
10 "dependencies": {
11 "@aws-cdk/core": "1.190.0",
12 "@aws-cdk/cx-api": "1.190.0",
13 "@aws-cdk/region-info": "1.190.0",
14 "constructs": "^3.3.69"
15 },
16 "dependencyClosure": {
17 "@aws-cdk/cloud-assembly-schema": {
18 "targets": {
19 "dotnet": {
20 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
21 "namespace": "Amazon.CDK.CloudAssembly.Schema",
22 "packageId": "Amazon.CDK.CloudAssembly.Schema"
23 },
24 "java": {
25 "maven": {
26 "artifactId": "cdk-cloud-assembly-schema",
27 "groupId": "software.amazon.awscdk"
28 },
29 "package": "software.amazon.awscdk.cloudassembly.schema"
30 },
31 "js": {
32 "npm": "@aws-cdk/cloud-assembly-schema"
33 },
34 "python": {
35 "classifiers": [
36 "Framework :: AWS CDK",
37 "Framework :: AWS CDK :: 1"
38 ],
39 "distName": "aws-cdk.cloud-assembly-schema",
40 "module": "aws_cdk.cloud_assembly_schema"
41 }
42 }
43 },
44 "@aws-cdk/core": {
45 "targets": {
46 "dotnet": {
47 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
48 "namespace": "Amazon.CDK",
49 "packageId": "Amazon.CDK"
50 },
51 "java": {
52 "maven": {
53 "artifactId": "core",
54 "groupId": "software.amazon.awscdk"
55 },
56 "package": "software.amazon.awscdk.core"
57 },
58 "js": {
59 "npm": "@aws-cdk/core"
60 },
61 "python": {
62 "classifiers": [
63 "Framework :: AWS CDK",
64 "Framework :: AWS CDK :: 1"
65 ],
66 "distName": "aws-cdk.core",
67 "module": "aws_cdk.core"
68 }
69 }
70 },
71 "@aws-cdk/cx-api": {
72 "targets": {
73 "dotnet": {
74 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
75 "namespace": "Amazon.CDK.CXAPI",
76 "packageId": "Amazon.CDK.CXAPI"
77 },
78 "java": {
79 "maven": {
80 "artifactId": "cdk-cx-api",
81 "groupId": "software.amazon.awscdk"
82 },
83 "package": "software.amazon.awscdk.cxapi"
84 },
85 "js": {
86 "npm": "@aws-cdk/cx-api"
87 },
88 "python": {
89 "classifiers": [
90 "Framework :: AWS CDK",
91 "Framework :: AWS CDK :: 1"
92 ],
93 "distName": "aws-cdk.cx-api",
94 "module": "aws_cdk.cx_api"
95 }
96 }
97 },
98 "@aws-cdk/region-info": {
99 "targets": {
100 "dotnet": {
101 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
102 "namespace": "Amazon.CDK.RegionInfo",
103 "packageId": "Amazon.CDK.RegionInfo"
104 },
105 "java": {
106 "maven": {
107 "artifactId": "cdk-region-info",
108 "groupId": "software.amazon.awscdk"
109 },
110 "package": "software.amazon.awscdk.regioninfo"
111 },
112 "js": {
113 "npm": "@aws-cdk/region-info"
114 },
115 "python": {
116 "classifiers": [
117 "Framework :: AWS CDK",
118 "Framework :: AWS CDK :: 1"
119 ],
120 "distName": "aws-cdk.region-info",
121 "module": "aws_cdk.region_info"
122 }
123 }
124 },
125 "constructs": {
126 "targets": {
127 "dotnet": {
128 "namespace": "Constructs",
129 "packageId": "Constructs"
130 },
131 "go": {
132 "moduleName": "github.com/aws/constructs-go"
133 },
134 "java": {
135 "maven": {
136 "artifactId": "constructs",
137 "groupId": "software.constructs"
138 },
139 "package": "software.constructs"
140 },
141 "js": {
142 "npm": "constructs"
143 },
144 "python": {
145 "distName": "constructs",
146 "module": "constructs"
147 }
148 }
149 }
150 },
151 "description": "CDK routines for easily assigning correct and minimal IAM permissions",
152 "docs": {
153 "stability": "stable"
154 },
155 "homepage": "https://github.com/aws/aws-cdk",
156 "jsiiVersion": "1.73.0 (build 6faeda3)",
157 "keywords": [
158 "aws",
159 "cdk",
160 "constructs",
161 "iam"
162 ],
163 "license": "Apache-2.0",
164 "metadata": {
165 "jsii": {
166 "compiledWithDeprecationWarnings": true,
167 "pacmak": {
168 "hasDefaultInterfaces": true
169 },
170 "rosetta": {
171 "strict": true
172 }
173 }
174 },
175 "name": "@aws-cdk/aws-iam",
176 "readme": {
177 "markdown": "# AWS Identity and Access Management Construct Library\n<!--BEGIN STABILITY BANNER-->\n\n---\n\n![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)\n\n![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge)\n\n---\n\n<!--END STABILITY BANNER-->\n\nDefine a role and add permissions to it. This will automatically create and\nattach an IAM policy to the role:\n\n```ts lit=test/example.role.lit.ts\n const role = new Role(this, 'MyRole', {\n assumedBy: new ServicePrincipal('sns.amazonaws.com'),\n });\n\n role.addToPolicy(new PolicyStatement({\n resources: ['*'],\n actions: ['lambda:InvokeFunction'],\n }));\n```\n\nDefine a policy and attach it to groups, users and roles. Note that it is possible to attach\nthe policy either by calling `xxx.attachInlinePolicy(policy)` or `policy.attachToXxx(xxx)`.\n\n```ts lit=test/example.attaching.lit.ts\n const user = new User(this, 'MyUser', { password: cdk.SecretValue.unsafePlainText('1234') });\n const group = new Group(this, 'MyGroup');\n\n const policy = new Policy(this, 'MyPolicy');\n policy.attachToUser(user);\n group.attachInlinePolicy(policy);\n```\n\nManaged policies can be attached using `xxx.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`:\n\n```ts lit=test/example.managedpolicy.lit.ts\nconst group = new Group(this, 'MyGroup');\ngroup.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'));\n```\n\n## Granting permissions to resources\n\nMany of the AWS CDK resources have `grant*` methods that allow you to grant other resources access to that resource. As an example, the following code gives a Lambda function write permissions (Put, Update, Delete) to a DynamoDB table.\n\n```ts\ndeclare const fn: lambda.Function;\ndeclare const table: dynamodb.Table;\n\ntable.grantWriteData(fn);\n```\n\nThe more generic `grant` method allows you to give specific permissions to a resource:\n\n```ts\ndeclare const fn: lambda.Function;\ndeclare const table: dynamodb.Table;\n\ntable.grant(fn, 'dynamodb:PutItem');\n```\n\nThe `grant*` methods accept an `IGrantable` object. This interface is implemented by IAM principlal resources (groups, users and roles) and resources that assume a role such as a Lambda function, EC2 instance or a Codebuild project.\n\nYou can find which `grant*` methods exist for a resource in the [AWS CDK API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-construct-library.html).\n\n## Roles\n\nMany AWS resources require *Roles* to operate. These Roles define the AWS API\ncalls an instance or other AWS service is allowed to make.\n\nCreating Roles and populating them with the right permissions *Statements* is\na necessary but tedious part of setting up AWS infrastructure. In order to\nhelp you focus on your business logic, CDK will take care of creating\nroles and populating them with least-privilege permissions automatically.\n\nAll constructs that require Roles will create one for you if don't specify\none at construction time. Permissions will be added to that role\nautomatically if you associate the construct with other constructs from the\nAWS Construct Library (for example, if you tell an *AWS CodePipeline* to trigger\nan *AWS Lambda Function*, the Pipeline's Role will automatically get\n`lambda:InvokeFunction` permissions on that particular Lambda Function),\nor if you explicitly grant permissions using `grant` functions (see the\nprevious section).\n\n### Opting out of automatic permissions management\n\nYou may prefer to manage a Role's permissions yourself instead of having the\nCDK automatically manage them for you. This may happen in one of the\nfollowing cases:\n\n* You don't like the permissions that CDK automatically generates and\n want to substitute your own set.\n* The least-permissions policy that the CDK generates is becoming too\n big for IAM to store, and you need to add some wildcards to keep the\n policy size down.\n\nTo prevent constructs from updating your Role's policy, pass the object\nreturned by `myRole.withoutPolicyUpdates()` instead of `myRole` itself.\n\nFor example, to have an AWS CodePipeline *not* automatically add the required\npermissions to trigger the expected targets, do the following:\n\n```ts\nconst role = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('codepipeline.amazonaws.com'),\n // custom description if desired\n description: 'This is a custom role...',\n});\n\nnew codepipeline.Pipeline(this, 'Pipeline', {\n // Give the Pipeline an immutable view of the Role\n role: role.withoutPolicyUpdates(),\n});\n\n// You now have to manage the Role policies yourself\nrole.addToPolicy(new iam.PolicyStatement({\n actions: [/* whatever actions you want */],\n resources: [/* whatever resources you intend to touch */],\n}));\n```\n\n### Using existing roles\n\nIf there are Roles in your account that have already been created which you\nwould like to use in your CDK application, you can use `Role.fromRoleArn` to\nimport them, as follows:\n\n```ts\nconst role = iam.Role.fromRoleArn(this, 'Role', 'arn:aws:iam::123456789012:role/MyExistingRole', {\n // Set 'mutable' to 'false' to use the role as-is and prevent adding new\n // policies to it. The default is 'true', which means the role may be\n // modified as part of the deployment.\n mutable: false,\n});\n```\n\n## Configuring an ExternalId\n\nIf you need to create Roles that will be assumed by third parties, it is generally a good idea to [require an `ExternalId`\nto assume them](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html). Configuring\nan `ExternalId` works like this:\n\n```ts lit=test/example.external-id.lit.ts\nconst role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.AccountPrincipal('123456789012'),\n externalIds: ['SUPPLY-ME'],\n});\n```\n\n## Principals vs Identities\n\nWhen we say *Principal*, we mean an entity you grant permissions to. This\nentity can be an AWS Service, a Role, or something more abstract such as \"all\nusers in this account\" or even \"all users in this organization\". An\n*Identity* is an IAM representing a single IAM entity that can have\na policy attached, one of `Role`, `User`, or `Group`.\n\n## IAM Principals\n\nWhen defining policy statements as part of an AssumeRole policy or as part of a\nresource policy, statements would usually refer to a specific IAM principal\nunder `Principal`.\n\nIAM principals are modeled as classes that derive from the `iam.PolicyPrincipal`\nabstract class. Principal objects include principal type (string) and value\n(array of string), optional set of conditions and the action that this principal\nrequires when it is used in an assume role policy document.\n\nTo add a principal to a policy statement you can either use the abstract\n`statement.addPrincipal`, one of the concrete `addXxxPrincipal` methods:\n\n* `addAwsPrincipal`, `addArnPrincipal` or `new ArnPrincipal(arn)` for `{ \"AWS\": arn }`\n* `addAwsAccountPrincipal` or `new AccountPrincipal(accountId)` for `{ \"AWS\": account-arn }`\n* `addServicePrincipal` or `new ServicePrincipal(service)` for `{ \"Service\": service }`\n* `addAccountRootPrincipal` or `new AccountRootPrincipal()` for `{ \"AWS\": { \"Ref: \"AWS::AccountId\" } }`\n* `addCanonicalUserPrincipal` or `new CanonicalUserPrincipal(id)` for `{ \"CanonicalUser\": id }`\n* `addFederatedPrincipal` or `new FederatedPrincipal(federated, conditions, assumeAction)` for\n `{ \"Federated\": arn }` and a set of optional conditions and the assume role action to use.\n* `addAnyPrincipal` or `new AnyPrincipal` for `{ \"AWS\": \"*\" }`\n\nIf multiple principals are added to the policy statement, they will be merged together:\n\n```ts\nconst statement = new iam.PolicyStatement();\nstatement.addServicePrincipal('cloudwatch.amazonaws.com');\nstatement.addServicePrincipal('ec2.amazonaws.com');\nstatement.addArnPrincipal('arn:aws:boom:boom');\n```\n\nWill result in:\n\n```json\n{\n \"Principal\": {\n \"Service\": [ \"cloudwatch.amazonaws.com\", \"ec2.amazonaws.com\" ],\n \"AWS\": \"arn:aws:boom:boom\"\n }\n}\n```\n\nThe `CompositePrincipal` class can also be used to define complex principals, for example:\n\n```ts\nconst role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.CompositePrincipal(\n new iam.ServicePrincipal('ec2.amazonaws.com'),\n new iam.AccountPrincipal('1818188181818187272')\n ),\n});\n```\n\nThe `PrincipalWithConditions` class can be used to add conditions to a\nprincipal, especially those that don't take a `conditions` parameter in their\nconstructor. The `principal.withConditions()` method can be used to create a\n`PrincipalWithConditions` from an existing principal, for example:\n\n```ts\nconst principal = new iam.AccountPrincipal('123456789000')\n .withConditions({ StringEquals: { foo: \"baz\" } });\n```\n\n> NOTE: If you need to define an IAM condition that uses a token (such as a\n> deploy-time attribute of another resource) in a JSON map key, use `CfnJson` to\n> render this condition. See [this test](./test/integ.condition-with-ref.ts) for\n> an example.\n\nThe `WebIdentityPrincipal` class can be used as a principal for web identities like\nCognito, Amazon, Google or Facebook, for example:\n\n```ts\nconst principal = new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com', {\n 'StringEquals': { 'cognito-identity.amazonaws.com:aud': 'us-east-2:12345678-abcd-abcd-abcd-123456' },\n 'ForAnyValue:StringLike': {'cognito-identity.amazonaws.com:amr': 'unauthenticated' },\n});\n```\n\nIf your identity provider is configured to assume a Role with [session\ntags](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html), you\nneed to call `.withSessionTags()` to add the required permissions to the Role's\npolicy document:\n\n```ts\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com', {\n 'StringEquals': {\n 'cognito-identity.amazonaws.com:aud': 'us-east-2:12345678-abcd-abcd-abcd-123456',\n },\n 'ForAnyValue:StringLike': {\n 'cognito-identity.amazonaws.com:amr': 'unauthenticated',\n },\n }).withSessionTags(),\n});\n```\n\n\n## Parsing JSON Policy Documents\n\nThe `PolicyDocument.fromJson` and `PolicyStatement.fromJson` static methods can be used to parse JSON objects. For example:\n\n```ts\nconst policyDocument = {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"FirstStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\"iam:ChangePassword\"],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"SecondStatement\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListAllMyBuckets\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"ThirdStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:List*\",\n \"s3:Get*\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::confidential-data\",\n \"arn:aws:s3:::confidential-data/*\"\n ],\n \"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": \"true\"}}\n }\n ]\n};\n\nconst customPolicyDocument = iam.PolicyDocument.fromJson(policyDocument);\n\n// You can pass this document as an initial document to a ManagedPolicy\n// or inline Policy.\nconst newManagedPolicy = new iam.ManagedPolicy(this, 'MyNewManagedPolicy', {\n document: customPolicyDocument,\n});\nconst newPolicy = new iam.Policy(this, 'MyNewPolicy', {\n document: customPolicyDocument,\n});\n```\n\n## Permissions Boundaries\n\n[Permissions\nBoundaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)\ncan be used as a mechanism to prevent privilege esclation by creating new\n`Role`s. Permissions Boundaries are a Managed Policy, attached to Roles or\nUsers, that represent the *maximum* set of permissions they can have. The\neffective set of permissions of a Role (or User) will be the intersection of\nthe Identity Policy and the Permissions Boundary attached to the Role (or\nUser). Permissions Boundaries are typically created by account\nAdministrators, and their use on newly created `Role`s will be enforced by\nIAM policies.\n\nIt is possible to attach Permissions Boundaries to all Roles created in a construct\ntree all at once:\n\n```ts\n// This imports an existing policy.\nconst boundary = iam.ManagedPolicy.fromManagedPolicyArn(this, 'Boundary', 'arn:aws:iam::123456789012:policy/boundary');\n\n// This creates a new boundary\nconst boundary2 = new iam.ManagedPolicy(this, 'Boundary2', {\n statements: [\n new iam.PolicyStatement({\n effect: iam.Effect.DENY,\n actions: ['iam:*'],\n resources: ['*'],\n }),\n ],\n});\n\n// Directly apply the boundary to a Role you create\ndeclare const role: iam.Role;\niam.PermissionsBoundary.of(role).apply(boundary);\n\n// Apply the boundary to an Role that was implicitly created for you\ndeclare const fn: lambda.Function;\niam.PermissionsBoundary.of(fn).apply(boundary);\n\n// Apply the boundary to all Roles in a stack\niam.PermissionsBoundary.of(this).apply(boundary);\n\n// Remove a Permissions Boundary that is inherited, for example from the Stack level\ndeclare const customResource: CustomResource;\niam.PermissionsBoundary.of(customResource).clear();\n```\n\n## OpenID Connect Providers\n\nOIDC identity providers are entities in IAM that describe an external identity\nprovider (IdP) service that supports the [OpenID Connect] (OIDC) standard, such\nas Google or Salesforce. You use an IAM OIDC identity provider when you want to\nestablish trust between an OIDC-compatible IdP and your AWS account. This is\nuseful when creating a mobile app or web application that requires access to AWS\nresources, but you don't want to create custom sign-in code or manage your own\nuser identities. For more information about this scenario, see [About Web\nIdentity Federation] and the relevant documentation in the [Amazon Cognito\nIdentity Pools Developer Guide].\n\n[OpenID Connect]: http://openid.net/connect\n[About Web Identity Federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html\n[Amazon Cognito Identity Pools Developer Guide]: https://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html\n\nThe following examples defines an OpenID Connect provider. Two client IDs\n(audiences) are will be able to send authentication requests to\n<https://openid/connect>.\n\n```ts\nconst provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});\n```\n\nYou can specify an optional list of `thumbprints`. If not specified, the\nthumbprint of the root certificate authority (CA) will automatically be obtained\nfrom the host as described\n[here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html).\n\nOnce you define an OpenID connect provider, you can use it with AWS services\nthat expect an IAM OIDC provider. For example, when you define an [Amazon\nCognito identity\npool](https://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html)\nyou can reference the provider's ARN as follows:\n\n```ts\nimport * as cognito from '@aws-cdk/aws-cognito';\n\ndeclare const myProvider: iam.OpenIdConnectProvider;\nnew cognito.CfnIdentityPool(this, 'IdentityPool', {\n openIdConnectProviderArns: [myProvider.openIdConnectProviderArn],\n // And the other properties for your identity pool\n allowUnauthenticatedIdentities: false,\n});\n```\n\nThe `OpenIdConnectPrincipal` class can be used as a principal used with a `OpenIdConnectProvider`, for example:\n\n```ts\nconst provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});\nconst principal = new iam.OpenIdConnectPrincipal(provider);\n```\n\n## SAML provider\n\nAn IAM SAML 2.0 identity provider is an entity in IAM that describes an external\nidentity provider (IdP) service that supports the SAML 2.0 (Security Assertion\nMarkup Language 2.0) standard. You use an IAM identity provider when you want\nto establish trust between a SAML-compatible IdP such as Shibboleth or Active\nDirectory Federation Services and AWS, so that users in your organization can\naccess AWS resources. IAM SAML identity providers are used as principals in an\nIAM trust policy.\n\n```ts\nnew iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\n```\n\nThe `SamlPrincipal` class can be used as a principal with a `SamlProvider`:\n\n```ts\nconst provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nconst principal = new iam.SamlPrincipal(provider, {\n StringEquals: {\n 'SAML:iss': 'issuer',\n },\n});\n```\n\nWhen creating a role for programmatic and AWS Management Console access, use the `SamlConsolePrincipal`\nclass:\n\n```ts\nconst provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.SamlConsolePrincipal(provider),\n});\n```\n\n## Users\n\nIAM manages users for your AWS account. To create a new user:\n\n```ts\nconst user = new iam.User(this, 'MyUser');\n```\n\nTo import an existing user by name [with path](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names):\n\n```ts\nconst user = iam.User.fromUserName(this, 'MyImportedUserByName', 'johnsmith');\n```\n\nTo import an existing user by ARN:\n\n```ts\nconst user = iam.User.fromUserArn(this, 'MyImportedUserByArn', 'arn:aws:iam::123456789012:user/johnsmith');\n```\n\nTo import an existing user by attributes:\n\n```ts\nconst user = iam.User.fromUserAttributes(this, 'MyImportedUserByAttributes', {\n userArn: 'arn:aws:iam::123456789012:user/johnsmith',\n});\n```\n\n### Access Keys\n\nThe ability for a user to make API calls via the CLI or an SDK is enabled by the user having an\naccess key pair. To create an access key:\n\n```ts\nconst user = new iam.User(this, 'MyUser');\nconst accessKey = new iam.AccessKey(this, 'MyAccessKey', { user: user });\n```\n\nYou can force CloudFormation to rotate the access key by providing a monotonically increasing `serial`\nproperty. Simply provide a higher serial value than any number used previously:\n\n```ts\nconst user = new iam.User(this, 'MyUser');\nconst accessKey = new iam.AccessKey(this, 'MyAccessKey', { user: user, serial: 1 });\n```\n\nAn access key may only be associated with a single user and cannot be \"moved\" between users. Changing\nthe user associated with an access key replaces the access key (and its ID and secret value).\n\n## Groups\n\nAn IAM user group is a collection of IAM users. User groups let you specify permissions for multiple users.\n\n```ts\nconst group = new iam.Group(this, 'MyGroup');\n```\n\nTo import an existing group by ARN:\n\n```ts\nconst group = iam.Group.fromGroupArn(this, 'MyImportedGroupByArn', 'arn:aws:iam::account-id:group/group-name');\n```\n\nTo import an existing group by name [with path](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names):\n\n```ts\nconst group = iam.Group.fromGroupName(this, 'MyImportedGroupByName', 'group-name');\n```\n\nTo add a user to a group (both for a new and imported user/group):\n\n```ts\nconst user = new iam.User(this, 'MyUser'); // or User.fromUserName(stack, 'User', 'johnsmith');\nconst group = new iam.Group(this, 'MyGroup'); // or Group.fromGroupArn(stack, 'Group', 'arn:aws:iam::account-id:group/group-name');\n\nuser.addToGroup(group);\n// or\ngroup.addUser(user);\n```\n\n## Features\n\n* Policy name uniqueness is enforced. If two policies by the same name are attached to the same\n principal, the attachment will fail.\n* Policy names are not required - the CDK logical ID will be used and ensured to be unique.\n* Policies are validated during synthesis to ensure that they have actions, and that policies\n attached to IAM principals specify relevant resources, while policies attached to resources\n specify which IAM principals they apply to.\n"
178 },
179 "repository": {
180 "directory": "packages/@aws-cdk/aws-iam",
181 "type": "git",
182 "url": "https://github.com/aws/aws-cdk.git"
183 },
184 "schema": "jsii/0.10.0",
185 "targets": {
186 "dotnet": {
187 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
188 "namespace": "Amazon.CDK.AWS.IAM",
189 "packageId": "Amazon.CDK.AWS.IAM"
190 },
191 "java": {
192 "maven": {
193 "artifactId": "iam",
194 "groupId": "software.amazon.awscdk"
195 },
196 "package": "software.amazon.awscdk.services.iam"
197 },
198 "js": {
199 "npm": "@aws-cdk/aws-iam"
200 },
201 "python": {
202 "classifiers": [
203 "Framework :: AWS CDK",
204 "Framework :: AWS CDK :: 1"
205 ],
206 "distName": "aws-cdk.aws-iam",
207 "module": "aws_cdk.aws_iam"
208 }
209 },
210 "types": {
211 "@aws-cdk/aws-iam.AccessKey": {
212 "assembly": "@aws-cdk/aws-iam",
213 "base": "@aws-cdk/core.Resource",
214 "docs": {
215 "stability": "stable",
216 "summary": "Define a new IAM Access Key.",
217 "example": "// Creates a new IAM user, access and secret keys, and stores the secret access key in a Secret.\nconst user = new iam.User(this, 'User');\nconst accessKey = new iam.AccessKey(this, 'AccessKey', { user });\nconst secretValue = secretsmanager.SecretStringValueBeta1.fromToken(accessKey.secretAccessKey.toString());\nnew secretsmanager.Secret(this, 'Secret', {\n secretStringBeta1: secretValue,\n});",
218 "custom": {
219 "exampleMetadata": "infused"
220 }
221 },
222 "fqn": "@aws-cdk/aws-iam.AccessKey",
223 "initializer": {
224 "docs": {
225 "stability": "stable"
226 },
227 "locationInModule": {
228 "filename": "lib/access-key.ts",
229 "line": 80
230 },
231 "parameters": [
232 {
233 "name": "scope",
234 "type": {
235 "fqn": "constructs.Construct"
236 }
237 },
238 {
239 "name": "id",
240 "type": {
241 "primitive": "string"
242 }
243 },
244 {
245 "name": "props",
246 "type": {
247 "fqn": "@aws-cdk/aws-iam.AccessKeyProps"
248 }
249 }
250 ]
251 },
252 "interfaces": [
253 "@aws-cdk/aws-iam.IAccessKey"
254 ],
255 "kind": "class",
256 "locationInModule": {
257 "filename": "lib/access-key.ts",
258 "line": 76
259 },
260 "name": "AccessKey",
261 "properties": [
262 {
263 "docs": {
264 "stability": "stable",
265 "summary": "The Access Key ID."
266 },
267 "immutable": true,
268 "locationInModule": {
269 "filename": "lib/access-key.ts",
270 "line": 77
271 },
272 "name": "accessKeyId",
273 "overrides": "@aws-cdk/aws-iam.IAccessKey",
274 "type": {
275 "primitive": "string"
276 }
277 },
278 {
279 "docs": {
280 "stability": "stable",
281 "summary": "The Secret Access Key."
282 },
283 "immutable": true,
284 "locationInModule": {
285 "filename": "lib/access-key.ts",
286 "line": 78
287 },
288 "name": "secretAccessKey",
289 "overrides": "@aws-cdk/aws-iam.IAccessKey",
290 "type": {
291 "fqn": "@aws-cdk/core.SecretValue"
292 }
293 }
294 ],
295 "symbolId": "lib/access-key:AccessKey"
296 },
297 "@aws-cdk/aws-iam.AccessKeyProps": {
298 "assembly": "@aws-cdk/aws-iam",
299 "datatype": true,
300 "docs": {
301 "stability": "stable",
302 "summary": "Properties for defining an IAM access key.",
303 "example": "// Creates a new IAM user, access and secret keys, and stores the secret access key in a Secret.\nconst user = new iam.User(this, 'User');\nconst accessKey = new iam.AccessKey(this, 'AccessKey', { user });\nconst secretValue = secretsmanager.SecretStringValueBeta1.fromToken(accessKey.secretAccessKey.toString());\nnew secretsmanager.Secret(this, 'Secret', {\n secretStringBeta1: secretValue,\n});",
304 "custom": {
305 "exampleMetadata": "infused"
306 }
307 },
308 "fqn": "@aws-cdk/aws-iam.AccessKeyProps",
309 "kind": "interface",
310 "locationInModule": {
311 "filename": "lib/access-key.ts",
312 "line": 45
313 },
314 "name": "AccessKeyProps",
315 "properties": [
316 {
317 "abstract": true,
318 "docs": {
319 "remarks": "Changing this value will result in the access key being deleted and a new\naccess key (with a different ID and secret value) being assigned to the new\nuser.",
320 "stability": "stable",
321 "summary": "The IAM user this key will belong to."
322 },
323 "immutable": true,
324 "locationInModule": {
325 "filename": "lib/access-key.ts",
326 "line": 70
327 },
328 "name": "user",
329 "type": {
330 "fqn": "@aws-cdk/aws-iam.IUser"
331 }
332 },
333 {
334 "abstract": true,
335 "docs": {
336 "default": "- No serial value",
337 "remarks": "This value can only be incremented. Incrementing this\nvalue will cause CloudFormation to replace the Access Key resource.",
338 "stability": "stable",
339 "summary": "A CloudFormation-specific value that signifies the access key should be replaced/rotated."
340 },
341 "immutable": true,
342 "locationInModule": {
343 "filename": "lib/access-key.ts",
344 "line": 53
345 },
346 "name": "serial",
347 "optional": true,
348 "type": {
349 "primitive": "number"
350 }
351 },
352 {
353 "abstract": true,
354 "docs": {
355 "default": "- The access key is active",
356 "remarks": "An Active access key is allowed to be used\nto make API calls; An Inactive key cannot.",
357 "stability": "stable",
358 "summary": "The status of the access key."
359 },
360 "immutable": true,
361 "locationInModule": {
362 "filename": "lib/access-key.ts",
363 "line": 61
364 },
365 "name": "status",
366 "optional": true,
367 "type": {
368 "fqn": "@aws-cdk/aws-iam.AccessKeyStatus"
369 }
370 }
371 ],
372 "symbolId": "lib/access-key:AccessKeyProps"
373 },
374 "@aws-cdk/aws-iam.AccessKeyStatus": {
375 "assembly": "@aws-cdk/aws-iam",
376 "docs": {
377 "stability": "stable",
378 "summary": "Valid statuses for an IAM Access Key."
379 },
380 "fqn": "@aws-cdk/aws-iam.AccessKeyStatus",
381 "kind": "enum",
382 "locationInModule": {
383 "filename": "lib/access-key.ts",
384 "line": 9
385 },
386 "members": [
387 {
388 "docs": {
389 "remarks": "An active key can be used to make API calls.",
390 "stability": "stable",
391 "summary": "An active access key."
392 },
393 "name": "ACTIVE"
394 },
395 {
396 "docs": {
397 "remarks": "An inactive key cannot be used to make API calls.",
398 "stability": "stable",
399 "summary": "An inactive access key."
400 },
401 "name": "INACTIVE"
402 }
403 ],
404 "name": "AccessKeyStatus",
405 "symbolId": "lib/access-key:AccessKeyStatus"
406 },
407 "@aws-cdk/aws-iam.AccountPrincipal": {
408 "assembly": "@aws-cdk/aws-iam",
409 "base": "@aws-cdk/aws-iam.ArnPrincipal",
410 "docs": {
411 "stability": "stable",
412 "summary": "Specify AWS account ID as the principal entity in a policy to delegate authority to the account.",
413 "example": "const cluster = new neptune.DatabaseCluster(this, 'Cluster', {\n vpc,\n instanceType: neptune.InstanceType.R5_LARGE,\n iamAuthentication: true, // Optional - will be automatically set if you call grantConnect().\n});\nconst role = new iam.Role(this, 'DBRole', { assumedBy: new iam.AccountPrincipal(this.account) });\ncluster.grantConnect(role); // Grant the role connection access to the DB.",
414 "custom": {
415 "exampleMetadata": "infused"
416 }
417 },
418 "fqn": "@aws-cdk/aws-iam.AccountPrincipal",
419 "initializer": {
420 "docs": {
421 "stability": "stable"
422 },
423 "locationInModule": {
424 "filename": "lib/principals.ts",
425 "line": 453
426 },
427 "parameters": [
428 {
429 "docs": {
430 "summary": "AWS account ID (i.e. 123456789012)."
431 },
432 "name": "accountId",
433 "type": {
434 "primitive": "any"
435 }
436 }
437 ]
438 },
439 "kind": "class",
440 "locationInModule": {
441 "filename": "lib/principals.ts",
442 "line": 446
443 },
444 "methods": [
445 {
446 "docs": {
447 "stability": "stable",
448 "summary": "Returns a string representation of an object."
449 },
450 "locationInModule": {
451 "filename": "lib/principals.ts",
452 "line": 461
453 },
454 "name": "toString",
455 "overrides": "@aws-cdk/aws-iam.ArnPrincipal",
456 "returns": {
457 "type": {
458 "primitive": "string"
459 }
460 }
461 }
462 ],
463 "name": "AccountPrincipal",
464 "properties": [
465 {
466 "docs": {
467 "stability": "stable",
468 "summary": "AWS account ID (i.e. 123456789012)."
469 },
470 "immutable": true,
471 "locationInModule": {
472 "filename": "lib/principals.ts",
473 "line": 453
474 },
475 "name": "accountId",
476 "type": {
477 "primitive": "any"
478 }
479 },
480 {
481 "docs": {
482 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
483 "stability": "stable",
484 "summary": "The AWS account ID of this principal."
485 },
486 "immutable": true,
487 "locationInModule": {
488 "filename": "lib/principals.ts",
489 "line": 447
490 },
491 "name": "principalAccount",
492 "optional": true,
493 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
494 "type": {
495 "primitive": "string"
496 }
497 }
498 ],
499 "symbolId": "lib/principals:AccountPrincipal"
500 },
501 "@aws-cdk/aws-iam.AccountRootPrincipal": {
502 "assembly": "@aws-cdk/aws-iam",
503 "base": "@aws-cdk/aws-iam.AccountPrincipal",
504 "docs": {
505 "stability": "stable",
506 "summary": "Use the AWS account into which a stack is deployed as the principal entity in a policy.",
507 "example": "const bucket = new s3.Bucket(this, 'MyBucket');\nconst result = bucket.addToResourcePolicy(new iam.PolicyStatement({\n actions: ['s3:GetObject'],\n resources: [bucket.arnForObjects('file.txt')],\n principals: [new iam.AccountRootPrincipal()],\n}));",
508 "custom": {
509 "exampleMetadata": "infused"
510 }
511 },
512 "fqn": "@aws-cdk/aws-iam.AccountRootPrincipal",
513 "initializer": {
514 "docs": {
515 "stability": "stable"
516 },
517 "locationInModule": {
518 "filename": "lib/principals.ts",
519 "line": 721
520 }
521 },
522 "kind": "class",
523 "locationInModule": {
524 "filename": "lib/principals.ts",
525 "line": 720
526 },
527 "methods": [
528 {
529 "docs": {
530 "stability": "stable",
531 "summary": "Returns a string representation of an object."
532 },
533 "locationInModule": {
534 "filename": "lib/principals.ts",
535 "line": 725
536 },
537 "name": "toString",
538 "overrides": "@aws-cdk/aws-iam.AccountPrincipal",
539 "returns": {
540 "type": {
541 "primitive": "string"
542 }
543 }
544 }
545 ],
546 "name": "AccountRootPrincipal",
547 "symbolId": "lib/principals:AccountRootPrincipal"
548 },
549 "@aws-cdk/aws-iam.AddToPrincipalPolicyResult": {
550 "assembly": "@aws-cdk/aws-iam",
551 "datatype": true,
552 "docs": {
553 "stability": "stable",
554 "summary": "Result of calling `addToPrincipalPolicy`.",
555 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const dependable: cdk.IDependable;\nconst addToPrincipalPolicyResult: iam.AddToPrincipalPolicyResult = {\n statementAdded: false,\n\n // the properties below are optional\n policyDependable: dependable,\n};",
556 "custom": {
557 "exampleMetadata": "fixture=_generated"
558 }
559 },
560 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult",
561 "kind": "interface",
562 "locationInModule": {
563 "filename": "lib/principals.ts",
564 "line": 128
565 },
566 "name": "AddToPrincipalPolicyResult",
567 "properties": [
568 {
569 "abstract": true,
570 "docs": {
571 "stability": "stable",
572 "summary": "Whether the statement was added to the identity's policies."
573 },
574 "immutable": true,
575 "locationInModule": {
576 "filename": "lib/principals.ts",
577 "line": 133
578 },
579 "name": "statementAdded",
580 "type": {
581 "primitive": "boolean"
582 }
583 },
584 {
585 "abstract": true,
586 "docs": {
587 "default": "- Required if `statementAdded` is true.",
588 "stability": "stable",
589 "summary": "Dependable which allows depending on the policy change being applied."
590 },
591 "immutable": true,
592 "locationInModule": {
593 "filename": "lib/principals.ts",
594 "line": 140
595 },
596 "name": "policyDependable",
597 "optional": true,
598 "type": {
599 "fqn": "@aws-cdk/core.IDependable"
600 }
601 }
602 ],
603 "symbolId": "lib/principals:AddToPrincipalPolicyResult"
604 },
605 "@aws-cdk/aws-iam.AddToResourcePolicyResult": {
606 "assembly": "@aws-cdk/aws-iam",
607 "datatype": true,
608 "docs": {
609 "stability": "stable",
610 "summary": "Result of calling addToResourcePolicy.",
611 "example": "const bucket = s3.Bucket.fromBucketName(this, 'existingBucket', 'bucket-name');\n\n// No policy statement will be added to the resource\nconst result = bucket.addToResourcePolicy(new iam.PolicyStatement({\n actions: ['s3:GetObject'],\n resources: [bucket.arnForObjects('file.txt')],\n principals: [new iam.AccountRootPrincipal()],\n}));",
612 "custom": {
613 "exampleMetadata": "infused"
614 }
615 },
616 "fqn": "@aws-cdk/aws-iam.AddToResourcePolicyResult",
617 "kind": "interface",
618 "locationInModule": {
619 "filename": "lib/grant.ts",
620 "line": 316
621 },
622 "name": "AddToResourcePolicyResult",
623 "properties": [
624 {
625 "abstract": true,
626 "docs": {
627 "stability": "stable",
628 "summary": "Whether the statement was added."
629 },
630 "immutable": true,
631 "locationInModule": {
632 "filename": "lib/grant.ts",
633 "line": 320
634 },
635 "name": "statementAdded",
636 "type": {
637 "primitive": "boolean"
638 }
639 },
640 {
641 "abstract": true,
642 "docs": {
643 "default": "- If `statementAdded` is true, the resource object itself.\nOtherwise, no dependable.",
644 "stability": "stable",
645 "summary": "Dependable which allows depending on the policy change being applied."
646 },
647 "immutable": true,
648 "locationInModule": {
649 "filename": "lib/grant.ts",
650 "line": 328
651 },
652 "name": "policyDependable",
653 "optional": true,
654 "type": {
655 "fqn": "@aws-cdk/core.IDependable"
656 }
657 }
658 ],
659 "symbolId": "lib/grant:AddToResourcePolicyResult"
660 },
661 "@aws-cdk/aws-iam.AnyPrincipal": {
662 "assembly": "@aws-cdk/aws-iam",
663 "base": "@aws-cdk/aws-iam.ArnPrincipal",
664 "docs": {
665 "remarks": "Some services behave differently when you specify `Principal: '*'`\nor `Principal: { AWS: \"*\" }` in their resource policy.\n\n`AnyPrincipal` renders to `Principal: { AWS: \"*\" }`. This is correct\nmost of the time, but in cases where you need the other principal,\nuse `StarPrincipal` instead.",
666 "stability": "stable",
667 "summary": "A principal representing all AWS identities in all accounts.",
668 "example": "const topic = new sns.Topic(this, 'Topic');\nconst topicPolicy = new sns.TopicPolicy(this, 'TopicPolicy', {\n topics: [topic],\n});\n\ntopicPolicy.document.addStatements(new iam.PolicyStatement({\n actions: [\"sns:Subscribe\"],\n principals: [new iam.AnyPrincipal()],\n resources: [topic.topicArn],\n}));",
669 "custom": {
670 "exampleMetadata": "infused"
671 }
672 },
673 "fqn": "@aws-cdk/aws-iam.AnyPrincipal",
674 "initializer": {
675 "docs": {
676 "stability": "stable"
677 },
678 "locationInModule": {
679 "filename": "lib/principals.ts",
680 "line": 741
681 }
682 },
683 "kind": "class",
684 "locationInModule": {
685 "filename": "lib/principals.ts",
686 "line": 740
687 },
688 "methods": [
689 {
690 "docs": {
691 "stability": "stable",
692 "summary": "Returns a string representation of an object."
693 },
694 "locationInModule": {
695 "filename": "lib/principals.ts",
696 "line": 745
697 },
698 "name": "toString",
699 "overrides": "@aws-cdk/aws-iam.ArnPrincipal",
700 "returns": {
701 "type": {
702 "primitive": "string"
703 }
704 }
705 }
706 ],
707 "name": "AnyPrincipal",
708 "symbolId": "lib/principals:AnyPrincipal"
709 },
710 "@aws-cdk/aws-iam.Anyone": {
711 "assembly": "@aws-cdk/aws-iam",
712 "base": "@aws-cdk/aws-iam.AnyPrincipal",
713 "docs": {
714 "deprecated": "use `AnyPrincipal`",
715 "stability": "deprecated",
716 "summary": "A principal representing all identities in all accounts.",
717 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst anyone = new iam.Anyone();",
718 "custom": {
719 "exampleMetadata": "fixture=_generated"
720 }
721 },
722 "fqn": "@aws-cdk/aws-iam.Anyone",
723 "initializer": {
724 "docs": {
725 "stability": "stable"
726 },
727 "locationInModule": {
728 "filename": "lib/principals.ts",
729 "line": 741
730 }
731 },
732 "kind": "class",
733 "locationInModule": {
734 "filename": "lib/principals.ts",
735 "line": 754
736 },
737 "name": "Anyone",
738 "symbolId": "lib/principals:Anyone"
739 },
740 "@aws-cdk/aws-iam.ArnPrincipal": {
741 "assembly": "@aws-cdk/aws-iam",
742 "base": "@aws-cdk/aws-iam.PrincipalBase",
743 "docs": {
744 "remarks": "You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions.\nYou cannot specify IAM groups or instance profiles as principals",
745 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html",
746 "stability": "stable",
747 "summary": "Specify a principal by the Amazon Resource Name (ARN).",
748 "example": "declare const networkLoadBalancer1: elbv2.NetworkLoadBalancer;\ndeclare const networkLoadBalancer2: elbv2.NetworkLoadBalancer;\n\nnew ec2.VpcEndpointService(this, 'EndpointService', {\n vpcEndpointServiceLoadBalancers: [networkLoadBalancer1, networkLoadBalancer2],\n acceptanceRequired: true,\n allowedPrincipals: [new iam.ArnPrincipal('arn:aws:iam::123456789012:root')]\n});",
749 "custom": {
750 "exampleMetadata": "infused"
751 }
752 },
753 "fqn": "@aws-cdk/aws-iam.ArnPrincipal",
754 "initializer": {
755 "docs": {
756 "stability": "stable"
757 },
758 "locationInModule": {
759 "filename": "lib/principals.ts",
760 "line": 414
761 },
762 "parameters": [
763 {
764 "docs": {
765 "summary": "Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name)."
766 },
767 "name": "arn",
768 "type": {
769 "primitive": "string"
770 }
771 }
772 ]
773 },
774 "kind": "class",
775 "locationInModule": {
776 "filename": "lib/principals.ts",
777 "line": 409
778 },
779 "methods": [
780 {
781 "docs": {
782 "stability": "stable",
783 "summary": "Return whether or not this principal is equal to the given principal."
784 },
785 "locationInModule": {
786 "filename": "lib/principals.ts",
787 "line": 438
788 },
789 "name": "dedupeString",
790 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
791 "returns": {
792 "optional": true,
793 "type": {
794 "primitive": "string"
795 }
796 }
797 },
798 {
799 "docs": {
800 "stability": "stable",
801 "summary": "A convenience method for adding a condition that the principal is part of the specified AWS Organization."
802 },
803 "locationInModule": {
804 "filename": "lib/principals.ts",
805 "line": 430
806 },
807 "name": "inOrganization",
808 "parameters": [
809 {
810 "name": "organizationId",
811 "type": {
812 "primitive": "string"
813 }
814 }
815 ],
816 "returns": {
817 "type": {
818 "fqn": "@aws-cdk/aws-iam.PrincipalBase"
819 }
820 }
821 },
822 {
823 "docs": {
824 "stability": "stable",
825 "summary": "Returns a string representation of an object."
826 },
827 "locationInModule": {
828 "filename": "lib/principals.ts",
829 "line": 422
830 },
831 "name": "toString",
832 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
833 "returns": {
834 "type": {
835 "primitive": "string"
836 }
837 }
838 }
839 ],
840 "name": "ArnPrincipal",
841 "properties": [
842 {
843 "docs": {
844 "stability": "stable",
845 "summary": "Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name)."
846 },
847 "immutable": true,
848 "locationInModule": {
849 "filename": "lib/principals.ts",
850 "line": 414
851 },
852 "name": "arn",
853 "type": {
854 "primitive": "string"
855 }
856 },
857 {
858 "docs": {
859 "stability": "stable",
860 "summary": "Return the policy fragment that identifies this principal in a Policy."
861 },
862 "immutable": true,
863 "locationInModule": {
864 "filename": "lib/principals.ts",
865 "line": 418
866 },
867 "name": "policyFragment",
868 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
869 "type": {
870 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
871 }
872 }
873 ],
874 "symbolId": "lib/principals:ArnPrincipal"
875 },
876 "@aws-cdk/aws-iam.CanonicalUserPrincipal": {
877 "assembly": "@aws-cdk/aws-iam",
878 "base": "@aws-cdk/aws-iam.PrincipalBase",
879 "docs": {
880 "remarks": "See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html\n\nand\n\nhttps://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html\n\nfor more details.",
881 "stability": "stable",
882 "summary": "A policy principal for canonicalUserIds - useful for S3 bucket policies that use Origin Access identities.",
883 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst canonicalUserPrincipal = new iam.CanonicalUserPrincipal('canonicalUserId');",
884 "custom": {
885 "exampleMetadata": "fixture=_generated"
886 }
887 },
888 "fqn": "@aws-cdk/aws-iam.CanonicalUserPrincipal",
889 "initializer": {
890 "docs": {
891 "stability": "stable"
892 },
893 "locationInModule": {
894 "filename": "lib/principals.ts",
895 "line": 578
896 },
897 "parameters": [
898 {
899 "docs": {
900 "remarks": "root user and IAM users for an account all see the same ID.\n(i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)",
901 "summary": "unique identifier assigned by AWS for every account."
902 },
903 "name": "canonicalUserId",
904 "type": {
905 "primitive": "string"
906 }
907 }
908 ]
909 },
910 "kind": "class",
911 "locationInModule": {
912 "filename": "lib/principals.ts",
913 "line": 571
914 },
915 "methods": [
916 {
917 "docs": {
918 "stability": "stable",
919 "summary": "Return whether or not this principal is equal to the given principal."
920 },
921 "locationInModule": {
922 "filename": "lib/principals.ts",
923 "line": 590
924 },
925 "name": "dedupeString",
926 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
927 "returns": {
928 "optional": true,
929 "type": {
930 "primitive": "string"
931 }
932 }
933 },
934 {
935 "docs": {
936 "stability": "stable",
937 "summary": "Returns a string representation of an object."
938 },
939 "locationInModule": {
940 "filename": "lib/principals.ts",
941 "line": 586
942 },
943 "name": "toString",
944 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
945 "returns": {
946 "type": {
947 "primitive": "string"
948 }
949 }
950 }
951 ],
952 "name": "CanonicalUserPrincipal",
953 "properties": [
954 {
955 "docs": {
956 "remarks": "root user and IAM users for an account all see the same ID.\n(i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)",
957 "stability": "stable",
958 "summary": "unique identifier assigned by AWS for every account."
959 },
960 "immutable": true,
961 "locationInModule": {
962 "filename": "lib/principals.ts",
963 "line": 578
964 },
965 "name": "canonicalUserId",
966 "type": {
967 "primitive": "string"
968 }
969 },
970 {
971 "docs": {
972 "stability": "stable",
973 "summary": "Return the policy fragment that identifies this principal in a Policy."
974 },
975 "immutable": true,
976 "locationInModule": {
977 "filename": "lib/principals.ts",
978 "line": 582
979 },
980 "name": "policyFragment",
981 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
982 "type": {
983 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
984 }
985 }
986 ],
987 "symbolId": "lib/principals:CanonicalUserPrincipal"
988 },
989 "@aws-cdk/aws-iam.CfnAccessKey": {
990 "assembly": "@aws-cdk/aws-iam",
991 "base": "@aws-cdk/core.CfnResource",
992 "docs": {
993 "custom": {
994 "cloudformationResource": "AWS::IAM::AccessKey",
995 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html",
996 "exampleMetadata": "fixture=_generated"
997 },
998 "remarks": "Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is `Active` .\n\nIf you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. This operation works for access keys under the AWS account . Consequently, you can use this operation to manage AWS account root user credentials. This is true even if the AWS account has no associated users.\n\nFor information about quotas on the number of keys you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .\n\n> To ensure the security of your AWS account , the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.",
999 "stability": "external",
1000 "summary": "A CloudFormation `AWS::IAM::AccessKey`.",
1001 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnAccessKey = new iam.CfnAccessKey(this, 'MyCfnAccessKey', {\n userName: 'userName',\n\n // the properties below are optional\n serial: 123,\n status: 'status',\n});"
1002 },
1003 "fqn": "@aws-cdk/aws-iam.CfnAccessKey",
1004 "initializer": {
1005 "docs": {
1006 "stability": "external",
1007 "summary": "Create a new `AWS::IAM::AccessKey`."
1008 },
1009 "locationInModule": {
1010 "filename": "lib/iam.generated.ts",
1011 "line": 174
1012 },
1013 "parameters": [
1014 {
1015 "docs": {
1016 "summary": "- scope in which this resource is defined."
1017 },
1018 "name": "scope",
1019 "type": {
1020 "fqn": "@aws-cdk/core.Construct"
1021 }
1022 },
1023 {
1024 "docs": {
1025 "summary": "- scoped id of the resource."
1026 },
1027 "name": "id",
1028 "type": {
1029 "primitive": "string"
1030 }
1031 },
1032 {
1033 "docs": {
1034 "summary": "- resource properties."
1035 },
1036 "name": "props",
1037 "type": {
1038 "fqn": "@aws-cdk/aws-iam.CfnAccessKeyProps"
1039 }
1040 }
1041 ]
1042 },
1043 "interfaces": [
1044 "@aws-cdk/core.IInspectable"
1045 ],
1046 "kind": "class",
1047 "locationInModule": {
1048 "filename": "lib/iam.generated.ts",
1049 "line": 113
1050 },
1051 "methods": [
1052 {
1053 "docs": {
1054 "stability": "external",
1055 "summary": "Examines the CloudFormation resource and discloses attributes."
1056 },
1057 "locationInModule": {
1058 "filename": "lib/iam.generated.ts",
1059 "line": 190
1060 },
1061 "name": "inspect",
1062 "overrides": "@aws-cdk/core.IInspectable",
1063 "parameters": [
1064 {
1065 "docs": {
1066 "summary": "- tree inspector to collect and process attributes."
1067 },
1068 "name": "inspector",
1069 "type": {
1070 "fqn": "@aws-cdk/core.TreeInspector"
1071 }
1072 }
1073 ]
1074 },
1075 {
1076 "docs": {
1077 "stability": "external"
1078 },
1079 "locationInModule": {
1080 "filename": "lib/iam.generated.ts",
1081 "line": 203
1082 },
1083 "name": "renderProperties",
1084 "overrides": "@aws-cdk/core.CfnResource",
1085 "parameters": [
1086 {
1087 "name": "props",
1088 "type": {
1089 "collection": {
1090 "elementtype": {
1091 "primitive": "any"
1092 },
1093 "kind": "map"
1094 }
1095 }
1096 }
1097 ],
1098 "protected": true,
1099 "returns": {
1100 "type": {
1101 "collection": {
1102 "elementtype": {
1103 "primitive": "any"
1104 },
1105 "kind": "map"
1106 }
1107 }
1108 }
1109 }
1110 ],
1111 "name": "CfnAccessKey",
1112 "properties": [
1113 {
1114 "const": true,
1115 "docs": {
1116 "stability": "external",
1117 "summary": "The CloudFormation resource type name for this resource class."
1118 },
1119 "immutable": true,
1120 "locationInModule": {
1121 "filename": "lib/iam.generated.ts",
1122 "line": 117
1123 },
1124 "name": "CFN_RESOURCE_TYPE_NAME",
1125 "static": true,
1126 "type": {
1127 "primitive": "string"
1128 }
1129 },
1130 {
1131 "docs": {
1132 "custom": {
1133 "cloudformationAttribute": "SecretAccessKey"
1134 },
1135 "remarks": "For example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY.",
1136 "stability": "external",
1137 "summary": "Returns the secret access key for the specified AWS::IAM::AccessKey resource."
1138 },
1139 "immutable": true,
1140 "locationInModule": {
1141 "filename": "lib/iam.generated.ts",
1142 "line": 142
1143 },
1144 "name": "attrSecretAccessKey",
1145 "type": {
1146 "primitive": "string"
1147 }
1148 },
1149 {
1150 "docs": {
1151 "stability": "external"
1152 },
1153 "immutable": true,
1154 "locationInModule": {
1155 "filename": "lib/iam.generated.ts",
1156 "line": 195
1157 },
1158 "name": "cfnProperties",
1159 "overrides": "@aws-cdk/core.CfnResource",
1160 "protected": true,
1161 "type": {
1162 "collection": {
1163 "elementtype": {
1164 "primitive": "any"
1165 },
1166 "kind": "map"
1167 }
1168 }
1169 },
1170 {
1171 "docs": {
1172 "custom": {
1173 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-username"
1174 },
1175 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
1176 "stability": "external",
1177 "summary": "The name of the IAM user that the new key will belong to."
1178 },
1179 "locationInModule": {
1180 "filename": "lib/iam.generated.ts",
1181 "line": 151
1182 },
1183 "name": "userName",
1184 "type": {
1185 "primitive": "string"
1186 }
1187 },
1188 {
1189 "docs": {
1190 "custom": {
1191 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-serial"
1192 },
1193 "remarks": "Incrementing this value notifies CloudFormation that you want to rotate your access key. When you update your stack, CloudFormation will replace the existing access key with a new key.",
1194 "stability": "external",
1195 "summary": "This value is specific to CloudFormation and can only be *incremented* ."
1196 },
1197 "locationInModule": {
1198 "filename": "lib/iam.generated.ts",
1199 "line": 158
1200 },
1201 "name": "serial",
1202 "optional": true,
1203 "type": {
1204 "primitive": "number"
1205 }
1206 },
1207 {
1208 "docs": {
1209 "custom": {
1210 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-status"
1211 },
1212 "remarks": "`Active` means that the key is valid for API calls, while `Inactive` means it is not.",
1213 "stability": "external",
1214 "summary": "The status of the access key."
1215 },
1216 "locationInModule": {
1217 "filename": "lib/iam.generated.ts",
1218 "line": 165
1219 },
1220 "name": "status",
1221 "optional": true,
1222 "type": {
1223 "primitive": "string"
1224 }
1225 }
1226 ],
1227 "symbolId": "lib/iam.generated:CfnAccessKey"
1228 },
1229 "@aws-cdk/aws-iam.CfnAccessKeyProps": {
1230 "assembly": "@aws-cdk/aws-iam",
1231 "datatype": true,
1232 "docs": {
1233 "custom": {
1234 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html",
1235 "exampleMetadata": "fixture=_generated"
1236 },
1237 "stability": "external",
1238 "summary": "Properties for defining a `CfnAccessKey`.",
1239 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnAccessKeyProps: iam.CfnAccessKeyProps = {\n userName: 'userName',\n\n // the properties below are optional\n serial: 123,\n status: 'status',\n};"
1240 },
1241 "fqn": "@aws-cdk/aws-iam.CfnAccessKeyProps",
1242 "kind": "interface",
1243 "locationInModule": {
1244 "filename": "lib/iam.generated.ts",
1245 "line": 19
1246 },
1247 "name": "CfnAccessKeyProps",
1248 "properties": [
1249 {
1250 "abstract": true,
1251 "docs": {
1252 "custom": {
1253 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-username"
1254 },
1255 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
1256 "stability": "external",
1257 "summary": "The name of the IAM user that the new key will belong to."
1258 },
1259 "immutable": true,
1260 "locationInModule": {
1261 "filename": "lib/iam.generated.ts",
1262 "line": 28
1263 },
1264 "name": "userName",
1265 "type": {
1266 "primitive": "string"
1267 }
1268 },
1269 {
1270 "abstract": true,
1271 "docs": {
1272 "custom": {
1273 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-serial"
1274 },
1275 "remarks": "Incrementing this value notifies CloudFormation that you want to rotate your access key. When you update your stack, CloudFormation will replace the existing access key with a new key.",
1276 "stability": "external",
1277 "summary": "This value is specific to CloudFormation and can only be *incremented* ."
1278 },
1279 "immutable": true,
1280 "locationInModule": {
1281 "filename": "lib/iam.generated.ts",
1282 "line": 35
1283 },
1284 "name": "serial",
1285 "optional": true,
1286 "type": {
1287 "primitive": "number"
1288 }
1289 },
1290 {
1291 "abstract": true,
1292 "docs": {
1293 "custom": {
1294 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-status"
1295 },
1296 "remarks": "`Active` means that the key is valid for API calls, while `Inactive` means it is not.",
1297 "stability": "external",
1298 "summary": "The status of the access key."
1299 },
1300 "immutable": true,
1301 "locationInModule": {
1302 "filename": "lib/iam.generated.ts",
1303 "line": 42
1304 },
1305 "name": "status",
1306 "optional": true,
1307 "type": {
1308 "primitive": "string"
1309 }
1310 }
1311 ],
1312 "symbolId": "lib/iam.generated:CfnAccessKeyProps"
1313 },
1314 "@aws-cdk/aws-iam.CfnGroup": {
1315 "assembly": "@aws-cdk/aws-iam",
1316 "base": "@aws-cdk/core.CfnResource",
1317 "docs": {
1318 "custom": {
1319 "cloudformationResource": "AWS::IAM::Group",
1320 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html",
1321 "exampleMetadata": "fixture=_generated"
1322 },
1323 "remarks": "Creates a new group.\n\nFor information about the number of groups you can create, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
1324 "stability": "external",
1325 "summary": "A CloudFormation `AWS::IAM::Group`.",
1326 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnGroup = new iam.CfnGroup(this, 'MyCfnGroup', /* all optional props */ {\n groupName: 'groupName',\n managedPolicyArns: ['managedPolicyArns'],\n path: 'path',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n});"
1327 },
1328 "fqn": "@aws-cdk/aws-iam.CfnGroup",
1329 "initializer": {
1330 "docs": {
1331 "stability": "external",
1332 "summary": "Create a new `AWS::IAM::Group`."
1333 },
1334 "locationInModule": {
1335 "filename": "lib/iam.generated.ts",
1336 "line": 415
1337 },
1338 "parameters": [
1339 {
1340 "docs": {
1341 "summary": "- scope in which this resource is defined."
1342 },
1343 "name": "scope",
1344 "type": {
1345 "fqn": "@aws-cdk/core.Construct"
1346 }
1347 },
1348 {
1349 "docs": {
1350 "summary": "- scoped id of the resource."
1351 },
1352 "name": "id",
1353 "type": {
1354 "primitive": "string"
1355 }
1356 },
1357 {
1358 "docs": {
1359 "summary": "- resource properties."
1360 },
1361 "name": "props",
1362 "optional": true,
1363 "type": {
1364 "fqn": "@aws-cdk/aws-iam.CfnGroupProps"
1365 }
1366 }
1367 ]
1368 },
1369 "interfaces": [
1370 "@aws-cdk/core.IInspectable"
1371 ],
1372 "kind": "class",
1373 "locationInModule": {
1374 "filename": "lib/iam.generated.ts",
1375 "line": 331
1376 },
1377 "methods": [
1378 {
1379 "docs": {
1380 "stability": "external",
1381 "summary": "Examines the CloudFormation resource and discloses attributes."
1382 },
1383 "locationInModule": {
1384 "filename": "lib/iam.generated.ts",
1385 "line": 431
1386 },
1387 "name": "inspect",
1388 "overrides": "@aws-cdk/core.IInspectable",
1389 "parameters": [
1390 {
1391 "docs": {
1392 "summary": "- tree inspector to collect and process attributes."
1393 },
1394 "name": "inspector",
1395 "type": {
1396 "fqn": "@aws-cdk/core.TreeInspector"
1397 }
1398 }
1399 ]
1400 },
1401 {
1402 "docs": {
1403 "stability": "external"
1404 },
1405 "locationInModule": {
1406 "filename": "lib/iam.generated.ts",
1407 "line": 445
1408 },
1409 "name": "renderProperties",
1410 "overrides": "@aws-cdk/core.CfnResource",
1411 "parameters": [
1412 {
1413 "name": "props",
1414 "type": {
1415 "collection": {
1416 "elementtype": {
1417 "primitive": "any"
1418 },
1419 "kind": "map"
1420 }
1421 }
1422 }
1423 ],
1424 "protected": true,
1425 "returns": {
1426 "type": {
1427 "collection": {
1428 "elementtype": {
1429 "primitive": "any"
1430 },
1431 "kind": "map"
1432 }
1433 }
1434 }
1435 }
1436 ],
1437 "name": "CfnGroup",
1438 "properties": [
1439 {
1440 "const": true,
1441 "docs": {
1442 "stability": "external",
1443 "summary": "The CloudFormation resource type name for this resource class."
1444 },
1445 "immutable": true,
1446 "locationInModule": {
1447 "filename": "lib/iam.generated.ts",
1448 "line": 335
1449 },
1450 "name": "CFN_RESOURCE_TYPE_NAME",
1451 "static": true,
1452 "type": {
1453 "primitive": "string"
1454 }
1455 },
1456 {
1457 "docs": {
1458 "custom": {
1459 "cloudformationAttribute": "Arn"
1460 },
1461 "remarks": "For example: `arn:aws:iam::123456789012:group/mystack-mygroup-1DZETITOWEKVO` .",
1462 "stability": "external",
1463 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::Group` resource."
1464 },
1465 "immutable": true,
1466 "locationInModule": {
1467 "filename": "lib/iam.generated.ts",
1468 "line": 360
1469 },
1470 "name": "attrArn",
1471 "type": {
1472 "primitive": "string"
1473 }
1474 },
1475 {
1476 "docs": {
1477 "stability": "external"
1478 },
1479 "immutable": true,
1480 "locationInModule": {
1481 "filename": "lib/iam.generated.ts",
1482 "line": 436
1483 },
1484 "name": "cfnProperties",
1485 "overrides": "@aws-cdk/core.CfnResource",
1486 "protected": true,
1487 "type": {
1488 "collection": {
1489 "elementtype": {
1490 "primitive": "any"
1491 },
1492 "kind": "map"
1493 }
1494 }
1495 },
1496 {
1497 "docs": {
1498 "custom": {
1499 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-groupname"
1500 },
1501 "remarks": "The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both \"ADMINS\" and \"admins\". If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.\n\n> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
1502 "stability": "external",
1503 "summary": "The name of the group to create. Do not include the path in this value."
1504 },
1505 "locationInModule": {
1506 "filename": "lib/iam.generated.ts",
1507 "line": 375
1508 },
1509 "name": "groupName",
1510 "optional": true,
1511 "type": {
1512 "primitive": "string"
1513 }
1514 },
1515 {
1516 "docs": {
1517 "custom": {
1518 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-managepolicyarns"
1519 },
1520 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
1521 "stability": "external",
1522 "summary": "The Amazon Resource Name (ARN) of the IAM policy you want to attach."
1523 },
1524 "locationInModule": {
1525 "filename": "lib/iam.generated.ts",
1526 "line": 384
1527 },
1528 "name": "managedPolicyArns",
1529 "optional": true,
1530 "type": {
1531 "collection": {
1532 "elementtype": {
1533 "primitive": "string"
1534 },
1535 "kind": "array"
1536 }
1537 }
1538 },
1539 {
1540 "docs": {
1541 "custom": {
1542 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-path"
1543 },
1544 "remarks": "This parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
1545 "stability": "external",
1546 "summary": "The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* ."
1547 },
1548 "locationInModule": {
1549 "filename": "lib/iam.generated.ts",
1550 "line": 395
1551 },
1552 "name": "path",
1553 "optional": true,
1554 "type": {
1555 "primitive": "string"
1556 }
1557 },
1558 {
1559 "docs": {
1560 "custom": {
1561 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-policies"
1562 },
1563 "remarks": "To view AWS::IAM::Group snippets, see [Declaring an IAM Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group) .\n\n> The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.\n\nFor information about limits on the number of inline policies that you can embed in a group, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
1564 "stability": "external",
1565 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM group."
1566 },
1567 "locationInModule": {
1568 "filename": "lib/iam.generated.ts",
1569 "line": 406
1570 },
1571 "name": "policies",
1572 "optional": true,
1573 "type": {
1574 "union": {
1575 "types": [
1576 {
1577 "fqn": "@aws-cdk/core.IResolvable"
1578 },
1579 {
1580 "collection": {
1581 "elementtype": {
1582 "union": {
1583 "types": [
1584 {
1585 "fqn": "@aws-cdk/core.IResolvable"
1586 },
1587 {
1588 "fqn": "@aws-cdk/aws-iam.CfnGroup.PolicyProperty"
1589 }
1590 ]
1591 }
1592 },
1593 "kind": "array"
1594 }
1595 }
1596 ]
1597 }
1598 }
1599 }
1600 ],
1601 "symbolId": "lib/iam.generated:CfnGroup"
1602 },
1603 "@aws-cdk/aws-iam.CfnGroup.PolicyProperty": {
1604 "assembly": "@aws-cdk/aws-iam",
1605 "datatype": true,
1606 "docs": {
1607 "custom": {
1608 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html",
1609 "exampleMetadata": "fixture=_generated"
1610 },
1611 "remarks": "An attached policy is a managed policy that has been attached to a user, group, or role.\n\nFor more information about managed policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .",
1612 "stability": "external",
1613 "summary": "Contains information about an attached policy.",
1614 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst policyProperty: iam.CfnGroup.PolicyProperty = {\n policyDocument: policyDocument,\n policyName: 'policyName',\n};"
1615 },
1616 "fqn": "@aws-cdk/aws-iam.CfnGroup.PolicyProperty",
1617 "kind": "interface",
1618 "locationInModule": {
1619 "filename": "lib/iam.generated.ts",
1620 "line": 463
1621 },
1622 "name": "PolicyProperty",
1623 "namespace": "CfnGroup",
1624 "properties": [
1625 {
1626 "abstract": true,
1627 "docs": {
1628 "custom": {
1629 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument"
1630 },
1631 "stability": "external",
1632 "summary": "The policy document."
1633 },
1634 "immutable": true,
1635 "locationInModule": {
1636 "filename": "lib/iam.generated.ts",
1637 "line": 469
1638 },
1639 "name": "policyDocument",
1640 "type": {
1641 "primitive": "any"
1642 }
1643 },
1644 {
1645 "abstract": true,
1646 "docs": {
1647 "custom": {
1648 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname"
1649 },
1650 "stability": "external",
1651 "summary": "The friendly name (not ARN) identifying the policy."
1652 },
1653 "immutable": true,
1654 "locationInModule": {
1655 "filename": "lib/iam.generated.ts",
1656 "line": 475
1657 },
1658 "name": "policyName",
1659 "type": {
1660 "primitive": "string"
1661 }
1662 }
1663 ],
1664 "symbolId": "lib/iam.generated:CfnGroup.PolicyProperty"
1665 },
1666 "@aws-cdk/aws-iam.CfnGroupProps": {
1667 "assembly": "@aws-cdk/aws-iam",
1668 "datatype": true,
1669 "docs": {
1670 "custom": {
1671 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html",
1672 "exampleMetadata": "fixture=_generated"
1673 },
1674 "stability": "external",
1675 "summary": "Properties for defining a `CfnGroup`.",
1676 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnGroupProps: iam.CfnGroupProps = {\n groupName: 'groupName',\n managedPolicyArns: ['managedPolicyArns'],\n path: 'path',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n};"
1677 },
1678 "fqn": "@aws-cdk/aws-iam.CfnGroupProps",
1679 "kind": "interface",
1680 "locationInModule": {
1681 "filename": "lib/iam.generated.ts",
1682 "line": 216
1683 },
1684 "name": "CfnGroupProps",
1685 "properties": [
1686 {
1687 "abstract": true,
1688 "docs": {
1689 "custom": {
1690 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-groupname"
1691 },
1692 "remarks": "The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both \"ADMINS\" and \"admins\". If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.\n\n> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
1693 "stability": "external",
1694 "summary": "The name of the group to create. Do not include the path in this value."
1695 },
1696 "immutable": true,
1697 "locationInModule": {
1698 "filename": "lib/iam.generated.ts",
1699 "line": 231
1700 },
1701 "name": "groupName",
1702 "optional": true,
1703 "type": {
1704 "primitive": "string"
1705 }
1706 },
1707 {
1708 "abstract": true,
1709 "docs": {
1710 "custom": {
1711 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-managepolicyarns"
1712 },
1713 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
1714 "stability": "external",
1715 "summary": "The Amazon Resource Name (ARN) of the IAM policy you want to attach."
1716 },
1717 "immutable": true,
1718 "locationInModule": {
1719 "filename": "lib/iam.generated.ts",
1720 "line": 240
1721 },
1722 "name": "managedPolicyArns",
1723 "optional": true,
1724 "type": {
1725 "collection": {
1726 "elementtype": {
1727 "primitive": "string"
1728 },
1729 "kind": "array"
1730 }
1731 }
1732 },
1733 {
1734 "abstract": true,
1735 "docs": {
1736 "custom": {
1737 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-path"
1738 },
1739 "remarks": "This parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
1740 "stability": "external",
1741 "summary": "The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* ."
1742 },
1743 "immutable": true,
1744 "locationInModule": {
1745 "filename": "lib/iam.generated.ts",
1746 "line": 251
1747 },
1748 "name": "path",
1749 "optional": true,
1750 "type": {
1751 "primitive": "string"
1752 }
1753 },
1754 {
1755 "abstract": true,
1756 "docs": {
1757 "custom": {
1758 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-policies"
1759 },
1760 "remarks": "To view AWS::IAM::Group snippets, see [Declaring an IAM Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group) .\n\n> The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.\n\nFor information about limits on the number of inline policies that you can embed in a group, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
1761 "stability": "external",
1762 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM group."
1763 },
1764 "immutable": true,
1765 "locationInModule": {
1766 "filename": "lib/iam.generated.ts",
1767 "line": 262
1768 },
1769 "name": "policies",
1770 "optional": true,
1771 "type": {
1772 "union": {
1773 "types": [
1774 {
1775 "fqn": "@aws-cdk/core.IResolvable"
1776 },
1777 {
1778 "collection": {
1779 "elementtype": {
1780 "union": {
1781 "types": [
1782 {
1783 "fqn": "@aws-cdk/core.IResolvable"
1784 },
1785 {
1786 "fqn": "@aws-cdk/aws-iam.CfnGroup.PolicyProperty"
1787 }
1788 ]
1789 }
1790 },
1791 "kind": "array"
1792 }
1793 }
1794 ]
1795 }
1796 }
1797 }
1798 ],
1799 "symbolId": "lib/iam.generated:CfnGroupProps"
1800 },
1801 "@aws-cdk/aws-iam.CfnInstanceProfile": {
1802 "assembly": "@aws-cdk/aws-iam",
1803 "base": "@aws-cdk/core.CfnResource",
1804 "docs": {
1805 "custom": {
1806 "cloudformationResource": "AWS::IAM::InstanceProfile",
1807 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html",
1808 "exampleMetadata": "fixture=_generated"
1809 },
1810 "remarks": "Creates a new instance profile. For information about instance profiles, see [Using instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) .\n\nFor information about the number of instance profiles you can create, see [IAM object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .",
1811 "stability": "external",
1812 "summary": "A CloudFormation `AWS::IAM::InstanceProfile`.",
1813 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnInstanceProfile = new iam.CfnInstanceProfile(this, 'MyCfnInstanceProfile', {\n roles: ['roles'],\n\n // the properties below are optional\n instanceProfileName: 'instanceProfileName',\n path: 'path',\n});"
1814 },
1815 "fqn": "@aws-cdk/aws-iam.CfnInstanceProfile",
1816 "initializer": {
1817 "docs": {
1818 "stability": "external",
1819 "summary": "Create a new `AWS::IAM::InstanceProfile`."
1820 },
1821 "locationInModule": {
1822 "filename": "lib/iam.generated.ts",
1823 "line": 703
1824 },
1825 "parameters": [
1826 {
1827 "docs": {
1828 "summary": "- scope in which this resource is defined."
1829 },
1830 "name": "scope",
1831 "type": {
1832 "fqn": "@aws-cdk/core.Construct"
1833 }
1834 },
1835 {
1836 "docs": {
1837 "summary": "- scoped id of the resource."
1838 },
1839 "name": "id",
1840 "type": {
1841 "primitive": "string"
1842 }
1843 },
1844 {
1845 "docs": {
1846 "summary": "- resource properties."
1847 },
1848 "name": "props",
1849 "type": {
1850 "fqn": "@aws-cdk/aws-iam.CfnInstanceProfileProps"
1851 }
1852 }
1853 ]
1854 },
1855 "interfaces": [
1856 "@aws-cdk/core.IInspectable"
1857 ],
1858 "kind": "class",
1859 "locationInModule": {
1860 "filename": "lib/iam.generated.ts",
1861 "line": 634
1862 },
1863 "methods": [
1864 {
1865 "docs": {
1866 "stability": "external",
1867 "summary": "Examines the CloudFormation resource and discloses attributes."
1868 },
1869 "locationInModule": {
1870 "filename": "lib/iam.generated.ts",
1871 "line": 719
1872 },
1873 "name": "inspect",
1874 "overrides": "@aws-cdk/core.IInspectable",
1875 "parameters": [
1876 {
1877 "docs": {
1878 "summary": "- tree inspector to collect and process attributes."
1879 },
1880 "name": "inspector",
1881 "type": {
1882 "fqn": "@aws-cdk/core.TreeInspector"
1883 }
1884 }
1885 ]
1886 },
1887 {
1888 "docs": {
1889 "stability": "external"
1890 },
1891 "locationInModule": {
1892 "filename": "lib/iam.generated.ts",
1893 "line": 732
1894 },
1895 "name": "renderProperties",
1896 "overrides": "@aws-cdk/core.CfnResource",
1897 "parameters": [
1898 {
1899 "name": "props",
1900 "type": {
1901 "collection": {
1902 "elementtype": {
1903 "primitive": "any"
1904 },
1905 "kind": "map"
1906 }
1907 }
1908 }
1909 ],
1910 "protected": true,
1911 "returns": {
1912 "type": {
1913 "collection": {
1914 "elementtype": {
1915 "primitive": "any"
1916 },
1917 "kind": "map"
1918 }
1919 }
1920 }
1921 }
1922 ],
1923 "name": "CfnInstanceProfile",
1924 "properties": [
1925 {
1926 "const": true,
1927 "docs": {
1928 "stability": "external",
1929 "summary": "The CloudFormation resource type name for this resource class."
1930 },
1931 "immutable": true,
1932 "locationInModule": {
1933 "filename": "lib/iam.generated.ts",
1934 "line": 638
1935 },
1936 "name": "CFN_RESOURCE_TYPE_NAME",
1937 "static": true,
1938 "type": {
1939 "primitive": "string"
1940 }
1941 },
1942 {
1943 "docs": {
1944 "custom": {
1945 "cloudformationAttribute": "Arn"
1946 },
1947 "remarks": "`{\"Fn::GetAtt\" : [\"MyProfile\", \"Arn\"] }`\n\nThis returns a value such as `arn:aws:iam::1234567890:instance-profile/MyProfile-ASDNSDLKJ` .",
1948 "stability": "external",
1949 "summary": "Returns the Amazon Resource Name (ARN) for the instance profile. For example:."
1950 },
1951 "immutable": true,
1952 "locationInModule": {
1953 "filename": "lib/iam.generated.ts",
1954 "line": 667
1955 },
1956 "name": "attrArn",
1957 "type": {
1958 "primitive": "string"
1959 }
1960 },
1961 {
1962 "docs": {
1963 "stability": "external"
1964 },
1965 "immutable": true,
1966 "locationInModule": {
1967 "filename": "lib/iam.generated.ts",
1968 "line": 724
1969 },
1970 "name": "cfnProperties",
1971 "overrides": "@aws-cdk/core.CfnResource",
1972 "protected": true,
1973 "type": {
1974 "collection": {
1975 "elementtype": {
1976 "primitive": "any"
1977 },
1978 "kind": "map"
1979 }
1980 }
1981 },
1982 {
1983 "docs": {
1984 "custom": {
1985 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-roles"
1986 },
1987 "remarks": "Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.",
1988 "stability": "external",
1989 "summary": "The name of the role to associate with the instance profile."
1990 },
1991 "locationInModule": {
1992 "filename": "lib/iam.generated.ts",
1993 "line": 674
1994 },
1995 "name": "roles",
1996 "type": {
1997 "collection": {
1998 "elementtype": {
1999 "primitive": "string"
2000 },
2001 "kind": "array"
2002 }
2003 }
2004 },
2005 {
2006 "docs": {
2007 "custom": {
2008 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-instanceprofilename"
2009 },
2010 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2011 "stability": "external",
2012 "summary": "The name of the instance profile to create."
2013 },
2014 "locationInModule": {
2015 "filename": "lib/iam.generated.ts",
2016 "line": 683
2017 },
2018 "name": "instanceProfileName",
2019 "optional": true,
2020 "type": {
2021 "primitive": "string"
2022 }
2023 },
2024 {
2025 "docs": {
2026 "custom": {
2027 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-path"
2028 },
2029 "remarks": "For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
2030 "stability": "external",
2031 "summary": "The path to the instance profile."
2032 },
2033 "locationInModule": {
2034 "filename": "lib/iam.generated.ts",
2035 "line": 694
2036 },
2037 "name": "path",
2038 "optional": true,
2039 "type": {
2040 "primitive": "string"
2041 }
2042 }
2043 ],
2044 "symbolId": "lib/iam.generated:CfnInstanceProfile"
2045 },
2046 "@aws-cdk/aws-iam.CfnInstanceProfileProps": {
2047 "assembly": "@aws-cdk/aws-iam",
2048 "datatype": true,
2049 "docs": {
2050 "custom": {
2051 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html",
2052 "exampleMetadata": "fixture=_generated"
2053 },
2054 "stability": "external",
2055 "summary": "Properties for defining a `CfnInstanceProfile`.",
2056 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnInstanceProfileProps: iam.CfnInstanceProfileProps = {\n roles: ['roles'],\n\n // the properties below are optional\n instanceProfileName: 'instanceProfileName',\n path: 'path',\n};"
2057 },
2058 "fqn": "@aws-cdk/aws-iam.CfnInstanceProfileProps",
2059 "kind": "interface",
2060 "locationInModule": {
2061 "filename": "lib/iam.generated.ts",
2062 "line": 540
2063 },
2064 "name": "CfnInstanceProfileProps",
2065 "properties": [
2066 {
2067 "abstract": true,
2068 "docs": {
2069 "custom": {
2070 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-roles"
2071 },
2072 "remarks": "Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.",
2073 "stability": "external",
2074 "summary": "The name of the role to associate with the instance profile."
2075 },
2076 "immutable": true,
2077 "locationInModule": {
2078 "filename": "lib/iam.generated.ts",
2079 "line": 547
2080 },
2081 "name": "roles",
2082 "type": {
2083 "collection": {
2084 "elementtype": {
2085 "primitive": "string"
2086 },
2087 "kind": "array"
2088 }
2089 }
2090 },
2091 {
2092 "abstract": true,
2093 "docs": {
2094 "custom": {
2095 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-instanceprofilename"
2096 },
2097 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2098 "stability": "external",
2099 "summary": "The name of the instance profile to create."
2100 },
2101 "immutable": true,
2102 "locationInModule": {
2103 "filename": "lib/iam.generated.ts",
2104 "line": 556
2105 },
2106 "name": "instanceProfileName",
2107 "optional": true,
2108 "type": {
2109 "primitive": "string"
2110 }
2111 },
2112 {
2113 "abstract": true,
2114 "docs": {
2115 "custom": {
2116 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-path"
2117 },
2118 "remarks": "For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
2119 "stability": "external",
2120 "summary": "The path to the instance profile."
2121 },
2122 "immutable": true,
2123 "locationInModule": {
2124 "filename": "lib/iam.generated.ts",
2125 "line": 567
2126 },
2127 "name": "path",
2128 "optional": true,
2129 "type": {
2130 "primitive": "string"
2131 }
2132 }
2133 ],
2134 "symbolId": "lib/iam.generated:CfnInstanceProfileProps"
2135 },
2136 "@aws-cdk/aws-iam.CfnManagedPolicy": {
2137 "assembly": "@aws-cdk/aws-iam",
2138 "base": "@aws-cdk/core.CfnResource",
2139 "docs": {
2140 "custom": {
2141 "cloudformationResource": "AWS::IAM::ManagedPolicy",
2142 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html",
2143 "exampleMetadata": "fixture=_generated"
2144 },
2145 "remarks": "Creates a new managed policy for your AWS account .\n\nThis operation creates a policy version with a version identifier of `v1` and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide* .\n\nAs a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide* .\n\nFor more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .",
2146 "stability": "external",
2147 "summary": "A CloudFormation `AWS::IAM::ManagedPolicy`.",
2148 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnManagedPolicy = new iam.CfnManagedPolicy(this, 'MyCfnManagedPolicy', {\n policyDocument: policyDocument,\n\n // the properties below are optional\n description: 'description',\n groups: ['groups'],\n managedPolicyName: 'managedPolicyName',\n path: 'path',\n roles: ['roles'],\n users: ['users'],\n});"
2149 },
2150 "fqn": "@aws-cdk/aws-iam.CfnManagedPolicy",
2151 "initializer": {
2152 "docs": {
2153 "stability": "external",
2154 "summary": "Create a new `AWS::IAM::ManagedPolicy`."
2155 },
2156 "locationInModule": {
2157 "filename": "lib/iam.generated.ts",
2158 "line": 1034
2159 },
2160 "parameters": [
2161 {
2162 "docs": {
2163 "summary": "- scope in which this resource is defined."
2164 },
2165 "name": "scope",
2166 "type": {
2167 "fqn": "@aws-cdk/core.Construct"
2168 }
2169 },
2170 {
2171 "docs": {
2172 "summary": "- scoped id of the resource."
2173 },
2174 "name": "id",
2175 "type": {
2176 "primitive": "string"
2177 }
2178 },
2179 {
2180 "docs": {
2181 "summary": "- resource properties."
2182 },
2183 "name": "props",
2184 "type": {
2185 "fqn": "@aws-cdk/aws-iam.CfnManagedPolicyProps"
2186 }
2187 }
2188 ]
2189 },
2190 "interfaces": [
2191 "@aws-cdk/core.IInspectable"
2192 ],
2193 "kind": "class",
2194 "locationInModule": {
2195 "filename": "lib/iam.generated.ts",
2196 "line": 915
2197 },
2198 "methods": [
2199 {
2200 "docs": {
2201 "stability": "external",
2202 "summary": "Examines the CloudFormation resource and discloses attributes."
2203 },
2204 "locationInModule": {
2205 "filename": "lib/iam.generated.ts",
2206 "line": 1053
2207 },
2208 "name": "inspect",
2209 "overrides": "@aws-cdk/core.IInspectable",
2210 "parameters": [
2211 {
2212 "docs": {
2213 "summary": "- tree inspector to collect and process attributes."
2214 },
2215 "name": "inspector",
2216 "type": {
2217 "fqn": "@aws-cdk/core.TreeInspector"
2218 }
2219 }
2220 ]
2221 },
2222 {
2223 "docs": {
2224 "stability": "external"
2225 },
2226 "locationInModule": {
2227 "filename": "lib/iam.generated.ts",
2228 "line": 1070
2229 },
2230 "name": "renderProperties",
2231 "overrides": "@aws-cdk/core.CfnResource",
2232 "parameters": [
2233 {
2234 "name": "props",
2235 "type": {
2236 "collection": {
2237 "elementtype": {
2238 "primitive": "any"
2239 },
2240 "kind": "map"
2241 }
2242 }
2243 }
2244 ],
2245 "protected": true,
2246 "returns": {
2247 "type": {
2248 "collection": {
2249 "elementtype": {
2250 "primitive": "any"
2251 },
2252 "kind": "map"
2253 }
2254 }
2255 }
2256 }
2257 ],
2258 "name": "CfnManagedPolicy",
2259 "properties": [
2260 {
2261 "const": true,
2262 "docs": {
2263 "stability": "external",
2264 "summary": "The CloudFormation resource type name for this resource class."
2265 },
2266 "immutable": true,
2267 "locationInModule": {
2268 "filename": "lib/iam.generated.ts",
2269 "line": 919
2270 },
2271 "name": "CFN_RESOURCE_TYPE_NAME",
2272 "static": true,
2273 "type": {
2274 "primitive": "string"
2275 }
2276 },
2277 {
2278 "docs": {
2279 "stability": "external"
2280 },
2281 "immutable": true,
2282 "locationInModule": {
2283 "filename": "lib/iam.generated.ts",
2284 "line": 1058
2285 },
2286 "name": "cfnProperties",
2287 "overrides": "@aws-cdk/core.CfnResource",
2288 "protected": true,
2289 "type": {
2290 "collection": {
2291 "elementtype": {
2292 "primitive": "any"
2293 },
2294 "kind": "map"
2295 }
2296 }
2297 },
2298 {
2299 "docs": {
2300 "custom": {
2301 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-policydocument"
2302 },
2303 "remarks": "You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.\n\nThe maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and AWS STS character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length) .\n\nTo learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide* .\n\nThe [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
2304 "stability": "external",
2305 "summary": "The JSON policy document that you want to use as the content for the new policy."
2306 },
2307 "locationInModule": {
2308 "filename": "lib/iam.generated.ts",
2309 "line": 957
2310 },
2311 "name": "policyDocument",
2312 "type": {
2313 "primitive": "any"
2314 }
2315 },
2316 {
2317 "docs": {
2318 "custom": {
2319 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-description"
2320 },
2321 "remarks": "Typically used to store information about the permissions defined in the policy. For example, \"Grants access to production DynamoDB tables.\"\n\nThe policy description is immutable. After a value is assigned, it cannot be changed.",
2322 "stability": "external",
2323 "summary": "A friendly description of the policy."
2324 },
2325 "locationInModule": {
2326 "filename": "lib/iam.generated.ts",
2327 "line": 968
2328 },
2329 "name": "description",
2330 "optional": true,
2331 "type": {
2332 "primitive": "string"
2333 }
2334 },
2335 {
2336 "docs": {
2337 "custom": {
2338 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-groups"
2339 },
2340 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2341 "stability": "external",
2342 "summary": "The name (friendly name, not ARN) of the group to attach the policy to."
2343 },
2344 "locationInModule": {
2345 "filename": "lib/iam.generated.ts",
2346 "line": 977
2347 },
2348 "name": "groups",
2349 "optional": true,
2350 "type": {
2351 "collection": {
2352 "elementtype": {
2353 "primitive": "string"
2354 },
2355 "kind": "array"
2356 }
2357 }
2358 },
2359 {
2360 "docs": {
2361 "custom": {
2362 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-managedpolicyname"
2363 },
2364 "remarks": "> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
2365 "stability": "external",
2366 "summary": "The friendly name of the policy."
2367 },
2368 "locationInModule": {
2369 "filename": "lib/iam.generated.ts",
2370 "line": 990
2371 },
2372 "name": "managedPolicyName",
2373 "optional": true,
2374 "type": {
2375 "primitive": "string"
2376 }
2377 },
2378 {
2379 "docs": {
2380 "custom": {
2381 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-ec2-dhcpoptions-path"
2382 },
2383 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.\n\n> You cannot use an asterisk (*) in the path name.",
2384 "stability": "external",
2385 "summary": "The path for the policy."
2386 },
2387 "locationInModule": {
2388 "filename": "lib/iam.generated.ts",
2389 "line": 1005
2390 },
2391 "name": "path",
2392 "optional": true,
2393 "type": {
2394 "primitive": "string"
2395 }
2396 },
2397 {
2398 "docs": {
2399 "custom": {
2400 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-roles"
2401 },
2402 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
2403 "stability": "external",
2404 "summary": "The name (friendly name, not ARN) of the role to attach the policy to."
2405 },
2406 "locationInModule": {
2407 "filename": "lib/iam.generated.ts",
2408 "line": 1016
2409 },
2410 "name": "roles",
2411 "optional": true,
2412 "type": {
2413 "collection": {
2414 "elementtype": {
2415 "primitive": "string"
2416 },
2417 "kind": "array"
2418 }
2419 }
2420 },
2421 {
2422 "docs": {
2423 "custom": {
2424 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-users"
2425 },
2426 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2427 "stability": "external",
2428 "summary": "The name (friendly name, not ARN) of the IAM user to attach the policy to."
2429 },
2430 "locationInModule": {
2431 "filename": "lib/iam.generated.ts",
2432 "line": 1025
2433 },
2434 "name": "users",
2435 "optional": true,
2436 "type": {
2437 "collection": {
2438 "elementtype": {
2439 "primitive": "string"
2440 },
2441 "kind": "array"
2442 }
2443 }
2444 }
2445 ],
2446 "symbolId": "lib/iam.generated:CfnManagedPolicy"
2447 },
2448 "@aws-cdk/aws-iam.CfnManagedPolicyProps": {
2449 "assembly": "@aws-cdk/aws-iam",
2450 "datatype": true,
2451 "docs": {
2452 "custom": {
2453 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html",
2454 "exampleMetadata": "fixture=_generated"
2455 },
2456 "stability": "external",
2457 "summary": "Properties for defining a `CfnManagedPolicy`.",
2458 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnManagedPolicyProps: iam.CfnManagedPolicyProps = {\n policyDocument: policyDocument,\n\n // the properties below are optional\n description: 'description',\n groups: ['groups'],\n managedPolicyName: 'managedPolicyName',\n path: 'path',\n roles: ['roles'],\n users: ['users'],\n};"
2459 },
2460 "fqn": "@aws-cdk/aws-iam.CfnManagedPolicyProps",
2461 "kind": "interface",
2462 "locationInModule": {
2463 "filename": "lib/iam.generated.ts",
2464 "line": 745
2465 },
2466 "name": "CfnManagedPolicyProps",
2467 "properties": [
2468 {
2469 "abstract": true,
2470 "docs": {
2471 "custom": {
2472 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-policydocument"
2473 },
2474 "remarks": "You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.\n\nThe maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and AWS STS character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length) .\n\nTo learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide* .\n\nThe [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
2475 "stability": "external",
2476 "summary": "The JSON policy document that you want to use as the content for the new policy."
2477 },
2478 "immutable": true,
2479 "locationInModule": {
2480 "filename": "lib/iam.generated.ts",
2481 "line": 764
2482 },
2483 "name": "policyDocument",
2484 "type": {
2485 "primitive": "any"
2486 }
2487 },
2488 {
2489 "abstract": true,
2490 "docs": {
2491 "custom": {
2492 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-description"
2493 },
2494 "remarks": "Typically used to store information about the permissions defined in the policy. For example, \"Grants access to production DynamoDB tables.\"\n\nThe policy description is immutable. After a value is assigned, it cannot be changed.",
2495 "stability": "external",
2496 "summary": "A friendly description of the policy."
2497 },
2498 "immutable": true,
2499 "locationInModule": {
2500 "filename": "lib/iam.generated.ts",
2501 "line": 775
2502 },
2503 "name": "description",
2504 "optional": true,
2505 "type": {
2506 "primitive": "string"
2507 }
2508 },
2509 {
2510 "abstract": true,
2511 "docs": {
2512 "custom": {
2513 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-groups"
2514 },
2515 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2516 "stability": "external",
2517 "summary": "The name (friendly name, not ARN) of the group to attach the policy to."
2518 },
2519 "immutable": true,
2520 "locationInModule": {
2521 "filename": "lib/iam.generated.ts",
2522 "line": 784
2523 },
2524 "name": "groups",
2525 "optional": true,
2526 "type": {
2527 "collection": {
2528 "elementtype": {
2529 "primitive": "string"
2530 },
2531 "kind": "array"
2532 }
2533 }
2534 },
2535 {
2536 "abstract": true,
2537 "docs": {
2538 "custom": {
2539 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-managedpolicyname"
2540 },
2541 "remarks": "> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
2542 "stability": "external",
2543 "summary": "The friendly name of the policy."
2544 },
2545 "immutable": true,
2546 "locationInModule": {
2547 "filename": "lib/iam.generated.ts",
2548 "line": 797
2549 },
2550 "name": "managedPolicyName",
2551 "optional": true,
2552 "type": {
2553 "primitive": "string"
2554 }
2555 },
2556 {
2557 "abstract": true,
2558 "docs": {
2559 "custom": {
2560 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-ec2-dhcpoptions-path"
2561 },
2562 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.\n\n> You cannot use an asterisk (*) in the path name.",
2563 "stability": "external",
2564 "summary": "The path for the policy."
2565 },
2566 "immutable": true,
2567 "locationInModule": {
2568 "filename": "lib/iam.generated.ts",
2569 "line": 812
2570 },
2571 "name": "path",
2572 "optional": true,
2573 "type": {
2574 "primitive": "string"
2575 }
2576 },
2577 {
2578 "abstract": true,
2579 "docs": {
2580 "custom": {
2581 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-roles"
2582 },
2583 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
2584 "stability": "external",
2585 "summary": "The name (friendly name, not ARN) of the role to attach the policy to."
2586 },
2587 "immutable": true,
2588 "locationInModule": {
2589 "filename": "lib/iam.generated.ts",
2590 "line": 823
2591 },
2592 "name": "roles",
2593 "optional": true,
2594 "type": {
2595 "collection": {
2596 "elementtype": {
2597 "primitive": "string"
2598 },
2599 "kind": "array"
2600 }
2601 }
2602 },
2603 {
2604 "abstract": true,
2605 "docs": {
2606 "custom": {
2607 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-users"
2608 },
2609 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2610 "stability": "external",
2611 "summary": "The name (friendly name, not ARN) of the IAM user to attach the policy to."
2612 },
2613 "immutable": true,
2614 "locationInModule": {
2615 "filename": "lib/iam.generated.ts",
2616 "line": 832
2617 },
2618 "name": "users",
2619 "optional": true,
2620 "type": {
2621 "collection": {
2622 "elementtype": {
2623 "primitive": "string"
2624 },
2625 "kind": "array"
2626 }
2627 }
2628 }
2629 ],
2630 "symbolId": "lib/iam.generated:CfnManagedPolicyProps"
2631 },
2632 "@aws-cdk/aws-iam.CfnOIDCProvider": {
2633 "assembly": "@aws-cdk/aws-iam",
2634 "base": "@aws-cdk/core.CfnResource",
2635 "docs": {
2636 "custom": {
2637 "cloudformationResource": "AWS::IAM::OIDCProvider",
2638 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html",
2639 "exampleMetadata": "fixture=_generated"
2640 },
2641 "remarks": "Creates an IAM entity to describe an identity provider (IdP) that supports [OpenID Connect (OIDC)](https://docs.aws.amazon.com/http://openid.net/connect/) .\n\nThe OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between AWS and the OIDC provider.\n\nWhen you create the IAM OIDC provider, you specify the following:\n\n- The URL of the OIDC identity provider (IdP) to trust\n- A list of client IDs (also known as audiences) that identify the application or applications that are allowed to authenticate using the OIDC provider\n- A list of thumbprints of one or more server certificates that the IdP uses\n\nYou get all of this information from the OIDC IdP that you want to use to access AWS .\n\n> The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is best to limit access to the [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) operation to highly privileged users.",
2642 "stability": "external",
2643 "summary": "A CloudFormation `AWS::IAM::OIDCProvider`.",
2644 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnOIDCProvider = new iam.CfnOIDCProvider(this, 'MyCfnOIDCProvider', {\n thumbprintList: ['thumbprintList'],\n\n // the properties below are optional\n clientIdList: ['clientIdList'],\n tags: [{\n key: 'key',\n value: 'value',\n }],\n url: 'url',\n});"
2645 },
2646 "fqn": "@aws-cdk/aws-iam.CfnOIDCProvider",
2647 "initializer": {
2648 "docs": {
2649 "stability": "external",
2650 "summary": "Create a new `AWS::IAM::OIDCProvider`."
2651 },
2652 "locationInModule": {
2653 "filename": "lib/iam.generated.ts",
2654 "line": 1257
2655 },
2656 "parameters": [
2657 {
2658 "docs": {
2659 "summary": "- scope in which this resource is defined."
2660 },
2661 "name": "scope",
2662 "type": {
2663 "fqn": "@aws-cdk/core.Construct"
2664 }
2665 },
2666 {
2667 "docs": {
2668 "summary": "- scoped id of the resource."
2669 },
2670 "name": "id",
2671 "type": {
2672 "primitive": "string"
2673 }
2674 },
2675 {
2676 "docs": {
2677 "summary": "- resource properties."
2678 },
2679 "name": "props",
2680 "type": {
2681 "fqn": "@aws-cdk/aws-iam.CfnOIDCProviderProps"
2682 }
2683 }
2684 ]
2685 },
2686 "interfaces": [
2687 "@aws-cdk/core.IInspectable"
2688 ],
2689 "kind": "class",
2690 "locationInModule": {
2691 "filename": "lib/iam.generated.ts",
2692 "line": 1191
2693 },
2694 "methods": [
2695 {
2696 "docs": {
2697 "stability": "external",
2698 "summary": "Examines the CloudFormation resource and discloses attributes."
2699 },
2700 "locationInModule": {
2701 "filename": "lib/iam.generated.ts",
2702 "line": 1274
2703 },
2704 "name": "inspect",
2705 "overrides": "@aws-cdk/core.IInspectable",
2706 "parameters": [
2707 {
2708 "docs": {
2709 "summary": "- tree inspector to collect and process attributes."
2710 },
2711 "name": "inspector",
2712 "type": {
2713 "fqn": "@aws-cdk/core.TreeInspector"
2714 }
2715 }
2716 ]
2717 },
2718 {
2719 "docs": {
2720 "stability": "external"
2721 },
2722 "locationInModule": {
2723 "filename": "lib/iam.generated.ts",
2724 "line": 1288
2725 },
2726 "name": "renderProperties",
2727 "overrides": "@aws-cdk/core.CfnResource",
2728 "parameters": [
2729 {
2730 "name": "props",
2731 "type": {
2732 "collection": {
2733 "elementtype": {
2734 "primitive": "any"
2735 },
2736 "kind": "map"
2737 }
2738 }
2739 }
2740 ],
2741 "protected": true,
2742 "returns": {
2743 "type": {
2744 "collection": {
2745 "elementtype": {
2746 "primitive": "any"
2747 },
2748 "kind": "map"
2749 }
2750 }
2751 }
2752 }
2753 ],
2754 "name": "CfnOIDCProvider",
2755 "properties": [
2756 {
2757 "const": true,
2758 "docs": {
2759 "stability": "external",
2760 "summary": "The CloudFormation resource type name for this resource class."
2761 },
2762 "immutable": true,
2763 "locationInModule": {
2764 "filename": "lib/iam.generated.ts",
2765 "line": 1195
2766 },
2767 "name": "CFN_RESOURCE_TYPE_NAME",
2768 "static": true,
2769 "type": {
2770 "primitive": "string"
2771 }
2772 },
2773 {
2774 "docs": {
2775 "custom": {
2776 "cloudformationAttribute": "Arn"
2777 },
2778 "stability": "external",
2779 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::OIDCProvider` resource."
2780 },
2781 "immutable": true,
2782 "locationInModule": {
2783 "filename": "lib/iam.generated.ts",
2784 "line": 1220
2785 },
2786 "name": "attrArn",
2787 "type": {
2788 "primitive": "string"
2789 }
2790 },
2791 {
2792 "docs": {
2793 "stability": "external"
2794 },
2795 "immutable": true,
2796 "locationInModule": {
2797 "filename": "lib/iam.generated.ts",
2798 "line": 1279
2799 },
2800 "name": "cfnProperties",
2801 "overrides": "@aws-cdk/core.CfnResource",
2802 "protected": true,
2803 "type": {
2804 "collection": {
2805 "elementtype": {
2806 "primitive": "any"
2807 },
2808 "kind": "map"
2809 }
2810 }
2811 },
2812 {
2813 "docs": {
2814 "custom": {
2815 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-tags"
2816 },
2817 "remarks": "The returned list of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
2818 "stability": "external",
2819 "summary": "A list of tags that are attached to the specified IAM OIDC provider."
2820 },
2821 "immutable": true,
2822 "locationInModule": {
2823 "filename": "lib/iam.generated.ts",
2824 "line": 1241
2825 },
2826 "name": "tags",
2827 "type": {
2828 "fqn": "@aws-cdk/core.TagManager"
2829 }
2830 },
2831 {
2832 "docs": {
2833 "custom": {
2834 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-thumbprintlist"
2835 },
2836 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2837 "stability": "external",
2838 "summary": "A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object."
2839 },
2840 "locationInModule": {
2841 "filename": "lib/iam.generated.ts",
2842 "line": 1227
2843 },
2844 "name": "thumbprintList",
2845 "type": {
2846 "collection": {
2847 "elementtype": {
2848 "primitive": "string"
2849 },
2850 "kind": "array"
2851 }
2852 }
2853 },
2854 {
2855 "docs": {
2856 "custom": {
2857 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-clientidlist"
2858 },
2859 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2860 "stability": "external",
2861 "summary": "A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object."
2862 },
2863 "locationInModule": {
2864 "filename": "lib/iam.generated.ts",
2865 "line": 1234
2866 },
2867 "name": "clientIdList",
2868 "optional": true,
2869 "type": {
2870 "collection": {
2871 "elementtype": {
2872 "primitive": "string"
2873 },
2874 "kind": "array"
2875 }
2876 }
2877 },
2878 {
2879 "docs": {
2880 "custom": {
2881 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-url"
2882 },
2883 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2884 "stability": "external",
2885 "summary": "The URL that the IAM OIDC provider resource object is associated with."
2886 },
2887 "locationInModule": {
2888 "filename": "lib/iam.generated.ts",
2889 "line": 1248
2890 },
2891 "name": "url",
2892 "optional": true,
2893 "type": {
2894 "primitive": "string"
2895 }
2896 }
2897 ],
2898 "symbolId": "lib/iam.generated:CfnOIDCProvider"
2899 },
2900 "@aws-cdk/aws-iam.CfnOIDCProviderProps": {
2901 "assembly": "@aws-cdk/aws-iam",
2902 "datatype": true,
2903 "docs": {
2904 "custom": {
2905 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html",
2906 "exampleMetadata": "fixture=_generated"
2907 },
2908 "stability": "external",
2909 "summary": "Properties for defining a `CfnOIDCProvider`.",
2910 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnOIDCProviderProps: iam.CfnOIDCProviderProps = {\n thumbprintList: ['thumbprintList'],\n\n // the properties below are optional\n clientIdList: ['clientIdList'],\n tags: [{\n key: 'key',\n value: 'value',\n }],\n url: 'url',\n};"
2911 },
2912 "fqn": "@aws-cdk/aws-iam.CfnOIDCProviderProps",
2913 "kind": "interface",
2914 "locationInModule": {
2915 "filename": "lib/iam.generated.ts",
2916 "line": 1083
2917 },
2918 "name": "CfnOIDCProviderProps",
2919 "properties": [
2920 {
2921 "abstract": true,
2922 "docs": {
2923 "custom": {
2924 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-thumbprintlist"
2925 },
2926 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2927 "stability": "external",
2928 "summary": "A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object."
2929 },
2930 "immutable": true,
2931 "locationInModule": {
2932 "filename": "lib/iam.generated.ts",
2933 "line": 1090
2934 },
2935 "name": "thumbprintList",
2936 "type": {
2937 "collection": {
2938 "elementtype": {
2939 "primitive": "string"
2940 },
2941 "kind": "array"
2942 }
2943 }
2944 },
2945 {
2946 "abstract": true,
2947 "docs": {
2948 "custom": {
2949 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-clientidlist"
2950 },
2951 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2952 "stability": "external",
2953 "summary": "A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object."
2954 },
2955 "immutable": true,
2956 "locationInModule": {
2957 "filename": "lib/iam.generated.ts",
2958 "line": 1097
2959 },
2960 "name": "clientIdList",
2961 "optional": true,
2962 "type": {
2963 "collection": {
2964 "elementtype": {
2965 "primitive": "string"
2966 },
2967 "kind": "array"
2968 }
2969 }
2970 },
2971 {
2972 "abstract": true,
2973 "docs": {
2974 "custom": {
2975 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-tags"
2976 },
2977 "remarks": "The returned list of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
2978 "stability": "external",
2979 "summary": "A list of tags that are attached to the specified IAM OIDC provider."
2980 },
2981 "immutable": true,
2982 "locationInModule": {
2983 "filename": "lib/iam.generated.ts",
2984 "line": 1104
2985 },
2986 "name": "tags",
2987 "optional": true,
2988 "type": {
2989 "collection": {
2990 "elementtype": {
2991 "fqn": "@aws-cdk/core.CfnTag"
2992 },
2993 "kind": "array"
2994 }
2995 }
2996 },
2997 {
2998 "abstract": true,
2999 "docs": {
3000 "custom": {
3001 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-url"
3002 },
3003 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
3004 "stability": "external",
3005 "summary": "The URL that the IAM OIDC provider resource object is associated with."
3006 },
3007 "immutable": true,
3008 "locationInModule": {
3009 "filename": "lib/iam.generated.ts",
3010 "line": 1111
3011 },
3012 "name": "url",
3013 "optional": true,
3014 "type": {
3015 "primitive": "string"
3016 }
3017 }
3018 ],
3019 "symbolId": "lib/iam.generated:CfnOIDCProviderProps"
3020 },
3021 "@aws-cdk/aws-iam.CfnPolicy": {
3022 "assembly": "@aws-cdk/aws-iam",
3023 "base": "@aws-cdk/core.CfnResource",
3024 "docs": {
3025 "custom": {
3026 "cloudformationResource": "AWS::IAM::Policy",
3027 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html",
3028 "exampleMetadata": "fixture=_generated"
3029 },
3030 "remarks": "Adds or updates an inline policy document that is embedded in the specified IAM user, group, or role.\n\nAn IAM user can also have a managed policy attached to it. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .\n\nThe Groups, Roles, and Users properties are optional. However, you must specify at least one of these properties.\n\nFor information about limits on the number of inline policies that you can embed in an identity, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
3031 "stability": "external",
3032 "summary": "A CloudFormation `AWS::IAM::Policy`.",
3033 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnPolicy = new iam.CfnPolicy(this, 'MyCfnPolicy', {\n policyDocument: policyDocument,\n policyName: 'policyName',\n\n // the properties below are optional\n groups: ['groups'],\n roles: ['roles'],\n users: ['users'],\n});"
3034 },
3035 "fqn": "@aws-cdk/aws-iam.CfnPolicy",
3036 "initializer": {
3037 "docs": {
3038 "stability": "external",
3039 "summary": "Create a new `AWS::IAM::Policy`."
3040 },
3041 "locationInModule": {
3042 "filename": "lib/iam.generated.ts",
3043 "line": 1517
3044 },
3045 "parameters": [
3046 {
3047 "docs": {
3048 "summary": "- scope in which this resource is defined."
3049 },
3050 "name": "scope",
3051 "type": {
3052 "fqn": "@aws-cdk/core.Construct"
3053 }
3054 },
3055 {
3056 "docs": {
3057 "summary": "- scoped id of the resource."
3058 },
3059 "name": "id",
3060 "type": {
3061 "primitive": "string"
3062 }
3063 },
3064 {
3065 "docs": {
3066 "summary": "- resource properties."
3067 },
3068 "name": "props",
3069 "type": {
3070 "fqn": "@aws-cdk/aws-iam.CfnPolicyProps"
3071 }
3072 }
3073 ]
3074 },
3075 "interfaces": [
3076 "@aws-cdk/core.IInspectable"
3077 ],
3078 "kind": "class",
3079 "locationInModule": {
3080 "filename": "lib/iam.generated.ts",
3081 "line": 1432
3082 },
3083 "methods": [
3084 {
3085 "docs": {
3086 "stability": "external",
3087 "summary": "Examines the CloudFormation resource and discloses attributes."
3088 },
3089 "locationInModule": {
3090 "filename": "lib/iam.generated.ts",
3091 "line": 1535
3092 },
3093 "name": "inspect",
3094 "overrides": "@aws-cdk/core.IInspectable",
3095 "parameters": [
3096 {
3097 "docs": {
3098 "summary": "- tree inspector to collect and process attributes."
3099 },
3100 "name": "inspector",
3101 "type": {
3102 "fqn": "@aws-cdk/core.TreeInspector"
3103 }
3104 }
3105 ]
3106 },
3107 {
3108 "docs": {
3109 "stability": "external"
3110 },
3111 "locationInModule": {
3112 "filename": "lib/iam.generated.ts",
3113 "line": 1550
3114 },
3115 "name": "renderProperties",
3116 "overrides": "@aws-cdk/core.CfnResource",
3117 "parameters": [
3118 {
3119 "name": "props",
3120 "type": {
3121 "collection": {
3122 "elementtype": {
3123 "primitive": "any"
3124 },
3125 "kind": "map"
3126 }
3127 }
3128 }
3129 ],
3130 "protected": true,
3131 "returns": {
3132 "type": {
3133 "collection": {
3134 "elementtype": {
3135 "primitive": "any"
3136 },
3137 "kind": "map"
3138 }
3139 }
3140 }
3141 }
3142 ],
3143 "name": "CfnPolicy",
3144 "properties": [
3145 {
3146 "const": true,
3147 "docs": {
3148 "stability": "external",
3149 "summary": "The CloudFormation resource type name for this resource class."
3150 },
3151 "immutable": true,
3152 "locationInModule": {
3153 "filename": "lib/iam.generated.ts",
3154 "line": 1436
3155 },
3156 "name": "CFN_RESOURCE_TYPE_NAME",
3157 "static": true,
3158 "type": {
3159 "primitive": "string"
3160 }
3161 },
3162 {
3163 "docs": {
3164 "stability": "external"
3165 },
3166 "immutable": true,
3167 "locationInModule": {
3168 "filename": "lib/iam.generated.ts",
3169 "line": 1540
3170 },
3171 "name": "cfnProperties",
3172 "overrides": "@aws-cdk/core.CfnResource",
3173 "protected": true,
3174 "type": {
3175 "collection": {
3176 "elementtype": {
3177 "primitive": "any"
3178 },
3179 "kind": "map"
3180 }
3181 }
3182 },
3183 {
3184 "docs": {
3185 "custom": {
3186 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument"
3187 },
3188 "remarks": "You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.\n\nThe [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
3189 "stability": "external",
3190 "summary": "The policy document."
3191 },
3192 "locationInModule": {
3193 "filename": "lib/iam.generated.ts",
3194 "line": 1470
3195 },
3196 "name": "policyDocument",
3197 "type": {
3198 "primitive": "any"
3199 }
3200 },
3201 {
3202 "docs": {
3203 "custom": {
3204 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policyname"
3205 },
3206 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
3207 "stability": "external",
3208 "summary": "The name of the policy document."
3209 },
3210 "locationInModule": {
3211 "filename": "lib/iam.generated.ts",
3212 "line": 1479
3213 },
3214 "name": "policyName",
3215 "type": {
3216 "primitive": "string"
3217 }
3218 },
3219 {
3220 "docs": {
3221 "custom": {
3222 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-groups"
3223 },
3224 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.",
3225 "stability": "external",
3226 "summary": "The name of the group to associate the policy with."
3227 },
3228 "locationInModule": {
3229 "filename": "lib/iam.generated.ts",
3230 "line": 1488
3231 },
3232 "name": "groups",
3233 "optional": true,
3234 "type": {
3235 "collection": {
3236 "elementtype": {
3237 "primitive": "string"
3238 },
3239 "kind": "array"
3240 }
3241 }
3242 },
3243 {
3244 "docs": {
3245 "custom": {
3246 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-roles"
3247 },
3248 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
3249 "stability": "external",
3250 "summary": "The name of the role to associate the policy with."
3251 },
3252 "locationInModule": {
3253 "filename": "lib/iam.generated.ts",
3254 "line": 1499
3255 },
3256 "name": "roles",
3257 "optional": true,
3258 "type": {
3259 "collection": {
3260 "elementtype": {
3261 "primitive": "string"
3262 },
3263 "kind": "array"
3264 }
3265 }
3266 },
3267 {
3268 "docs": {
3269 "custom": {
3270 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-users"
3271 },
3272 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
3273 "stability": "external",
3274 "summary": "The name of the user to associate the policy with."
3275 },
3276 "locationInModule": {
3277 "filename": "lib/iam.generated.ts",
3278 "line": 1508
3279 },
3280 "name": "users",
3281 "optional": true,
3282 "type": {
3283 "collection": {
3284 "elementtype": {
3285 "primitive": "string"
3286 },
3287 "kind": "array"
3288 }
3289 }
3290 }
3291 ],
3292 "symbolId": "lib/iam.generated:CfnPolicy"
3293 },
3294 "@aws-cdk/aws-iam.CfnPolicyProps": {
3295 "assembly": "@aws-cdk/aws-iam",
3296 "datatype": true,
3297 "docs": {
3298 "custom": {
3299 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html",
3300 "exampleMetadata": "fixture=_generated"
3301 },
3302 "stability": "external",
3303 "summary": "Properties for defining a `CfnPolicy`.",
3304 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnPolicyProps: iam.CfnPolicyProps = {\n policyDocument: policyDocument,\n policyName: 'policyName',\n\n // the properties below are optional\n groups: ['groups'],\n roles: ['roles'],\n users: ['users'],\n};"
3305 },
3306 "fqn": "@aws-cdk/aws-iam.CfnPolicyProps",
3307 "kind": "interface",
3308 "locationInModule": {
3309 "filename": "lib/iam.generated.ts",
3310 "line": 1301
3311 },
3312 "name": "CfnPolicyProps",
3313 "properties": [
3314 {
3315 "abstract": true,
3316 "docs": {
3317 "custom": {
3318 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument"
3319 },
3320 "remarks": "You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.\n\nThe [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
3321 "stability": "external",
3322 "summary": "The policy document."
3323 },
3324 "immutable": true,
3325 "locationInModule": {
3326 "filename": "lib/iam.generated.ts",
3327 "line": 1316
3328 },
3329 "name": "policyDocument",
3330 "type": {
3331 "primitive": "any"
3332 }
3333 },
3334 {
3335 "abstract": true,
3336 "docs": {
3337 "custom": {
3338 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policyname"
3339 },
3340 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
3341 "stability": "external",
3342 "summary": "The name of the policy document."
3343 },
3344 "immutable": true,
3345 "locationInModule": {
3346 "filename": "lib/iam.generated.ts",
3347 "line": 1325
3348 },
3349 "name": "policyName",
3350 "type": {
3351 "primitive": "string"
3352 }
3353 },
3354 {
3355 "abstract": true,
3356 "docs": {
3357 "custom": {
3358 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-groups"
3359 },
3360 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.",
3361 "stability": "external",
3362 "summary": "The name of the group to associate the policy with."
3363 },
3364 "immutable": true,
3365 "locationInModule": {
3366 "filename": "lib/iam.generated.ts",
3367 "line": 1334
3368 },
3369 "name": "groups",
3370 "optional": true,
3371 "type": {
3372 "collection": {
3373 "elementtype": {
3374 "primitive": "string"
3375 },
3376 "kind": "array"
3377 }
3378 }
3379 },
3380 {
3381 "abstract": true,
3382 "docs": {
3383 "custom": {
3384 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-roles"
3385 },
3386 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
3387 "stability": "external",
3388 "summary": "The name of the role to associate the policy with."
3389 },
3390 "immutable": true,
3391 "locationInModule": {
3392 "filename": "lib/iam.generated.ts",
3393 "line": 1345
3394 },
3395 "name": "roles",
3396 "optional": true,
3397 "type": {
3398 "collection": {
3399 "elementtype": {
3400 "primitive": "string"
3401 },
3402 "kind": "array"
3403 }
3404 }
3405 },
3406 {
3407 "abstract": true,
3408 "docs": {
3409 "custom": {
3410 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-users"
3411 },
3412 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
3413 "stability": "external",
3414 "summary": "The name of the user to associate the policy with."
3415 },
3416 "immutable": true,
3417 "locationInModule": {
3418 "filename": "lib/iam.generated.ts",
3419 "line": 1354
3420 },
3421 "name": "users",
3422 "optional": true,
3423 "type": {
3424 "collection": {
3425 "elementtype": {
3426 "primitive": "string"
3427 },
3428 "kind": "array"
3429 }
3430 }
3431 }
3432 ],
3433 "symbolId": "lib/iam.generated:CfnPolicyProps"
3434 },
3435 "@aws-cdk/aws-iam.CfnRole": {
3436 "assembly": "@aws-cdk/aws-iam",
3437 "base": "@aws-cdk/core.CfnResource",
3438 "docs": {
3439 "custom": {
3440 "cloudformationResource": "AWS::IAM::Role",
3441 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html",
3442 "exampleMetadata": "fixture=_generated"
3443 },
3444 "remarks": "Creates a new role for your AWS account . For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html) . For information about quotas for role names and the number of roles you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .",
3445 "stability": "external",
3446 "summary": "A CloudFormation `AWS::IAM::Role`.",
3447 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const assumeRolePolicyDocument: any;\ndeclare const policyDocument: any;\nconst cfnRole = new iam.CfnRole(this, 'MyCfnRole', {\n assumeRolePolicyDocument: assumeRolePolicyDocument,\n\n // the properties below are optional\n description: 'description',\n managedPolicyArns: ['managedPolicyArns'],\n maxSessionDuration: 123,\n path: 'path',\n permissionsBoundary: 'permissionsBoundary',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n roleName: 'roleName',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n});"
3448 },
3449 "fqn": "@aws-cdk/aws-iam.CfnRole",
3450 "initializer": {
3451 "docs": {
3452 "stability": "external",
3453 "summary": "Create a new `AWS::IAM::Role`."
3454 },
3455 "locationInModule": {
3456 "filename": "lib/iam.generated.ts",
3457 "line": 1874
3458 },
3459 "parameters": [
3460 {
3461 "docs": {
3462 "summary": "- scope in which this resource is defined."
3463 },
3464 "name": "scope",
3465 "type": {
3466 "fqn": "@aws-cdk/core.Construct"
3467 }
3468 },
3469 {
3470 "docs": {
3471 "summary": "- scoped id of the resource."
3472 },
3473 "name": "id",
3474 "type": {
3475 "primitive": "string"
3476 }
3477 },
3478 {
3479 "docs": {
3480 "summary": "- resource properties."
3481 },
3482 "name": "props",
3483 "type": {
3484 "fqn": "@aws-cdk/aws-iam.CfnRoleProps"
3485 }
3486 }
3487 ]
3488 },
3489 "interfaces": [
3490 "@aws-cdk/core.IInspectable"
3491 ],
3492 "kind": "class",
3493 "locationInModule": {
3494 "filename": "lib/iam.generated.ts",
3495 "line": 1735
3496 },
3497 "methods": [
3498 {
3499 "docs": {
3500 "stability": "external",
3501 "summary": "Examines the CloudFormation resource and discloses attributes."
3502 },
3503 "locationInModule": {
3504 "filename": "lib/iam.generated.ts",
3505 "line": 1897
3506 },
3507 "name": "inspect",
3508 "overrides": "@aws-cdk/core.IInspectable",
3509 "parameters": [
3510 {
3511 "docs": {
3512 "summary": "- tree inspector to collect and process attributes."
3513 },
3514 "name": "inspector",
3515 "type": {
3516 "fqn": "@aws-cdk/core.TreeInspector"
3517 }
3518 }
3519 ]
3520 },
3521 {
3522 "docs": {
3523 "stability": "external"
3524 },
3525 "locationInModule": {
3526 "filename": "lib/iam.generated.ts",
3527 "line": 1916
3528 },
3529 "name": "renderProperties",
3530 "overrides": "@aws-cdk/core.CfnResource",
3531 "parameters": [
3532 {
3533 "name": "props",
3534 "type": {
3535 "collection": {
3536 "elementtype": {
3537 "primitive": "any"
3538 },
3539 "kind": "map"
3540 }
3541 }
3542 }
3543 ],
3544 "protected": true,
3545 "returns": {
3546 "type": {
3547 "collection": {
3548 "elementtype": {
3549 "primitive": "any"
3550 },
3551 "kind": "map"
3552 }
3553 }
3554 }
3555 }
3556 ],
3557 "name": "CfnRole",
3558 "properties": [
3559 {
3560 "const": true,
3561 "docs": {
3562 "stability": "external",
3563 "summary": "The CloudFormation resource type name for this resource class."
3564 },
3565 "immutable": true,
3566 "locationInModule": {
3567 "filename": "lib/iam.generated.ts",
3568 "line": 1739
3569 },
3570 "name": "CFN_RESOURCE_TYPE_NAME",
3571 "static": true,
3572 "type": {
3573 "primitive": "string"
3574 }
3575 },
3576 {
3577 "docs": {
3578 "custom": {
3579 "cloudformationAttribute": "Arn"
3580 },
3581 "remarks": "`{\"Fn::GetAtt\" : [\"MyRole\", \"Arn\"] }`\n\nThis will return a value such as `arn:aws:iam::1234567890:role/MyRole-AJJHDSKSDF` .",
3582 "stability": "external",
3583 "summary": "Returns the Amazon Resource Name (ARN) for the role. For example:."
3584 },
3585 "immutable": true,
3586 "locationInModule": {
3587 "filename": "lib/iam.generated.ts",
3588 "line": 1768
3589 },
3590 "name": "attrArn",
3591 "type": {
3592 "primitive": "string"
3593 }
3594 },
3595 {
3596 "docs": {
3597 "custom": {
3598 "cloudformationAttribute": "RoleId"
3599 },
3600 "remarks": "For more information about IDs, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in the *IAM User Guide* .",
3601 "stability": "external",
3602 "summary": "Returns the stable and unique string identifying the role. For example, `AIDAJQABLZS4A3QDU576Q` ."
3603 },
3604 "immutable": true,
3605 "locationInModule": {
3606 "filename": "lib/iam.generated.ts",
3607 "line": 1776
3608 },
3609 "name": "attrRoleId",
3610 "type": {
3611 "primitive": "string"
3612 }
3613 },
3614 {
3615 "docs": {
3616 "stability": "external"
3617 },
3618 "immutable": true,
3619 "locationInModule": {
3620 "filename": "lib/iam.generated.ts",
3621 "line": 1902
3622 },
3623 "name": "cfnProperties",
3624 "overrides": "@aws-cdk/core.CfnResource",
3625 "protected": true,
3626 "type": {
3627 "collection": {
3628 "elementtype": {
3629 "primitive": "any"
3630 },
3631 "kind": "map"
3632 }
3633 }
3634 },
3635 {
3636 "docs": {
3637 "custom": {
3638 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-tags"
3639 },
3640 "remarks": "For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
3641 "stability": "external",
3642 "summary": "A list of tags that are attached to the role."
3643 },
3644 "immutable": true,
3645 "locationInModule": {
3646 "filename": "lib/iam.generated.ts",
3647 "line": 1865
3648 },
3649 "name": "tags",
3650 "type": {
3651 "fqn": "@aws-cdk/core.TagManager"
3652 }
3653 },
3654 {
3655 "docs": {
3656 "custom": {
3657 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-assumerolepolicydocument"
3658 },
3659 "remarks": "Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples) . For more information about the elements that you can use in an IAM policy, see [IAM Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *IAM User Guide* .",
3660 "stability": "external",
3661 "summary": "The trust policy that is associated with this role."
3662 },
3663 "locationInModule": {
3664 "filename": "lib/iam.generated.ts",
3665 "line": 1783
3666 },
3667 "name": "assumeRolePolicyDocument",
3668 "type": {
3669 "primitive": "any"
3670 }
3671 },
3672 {
3673 "docs": {
3674 "custom": {
3675 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-description"
3676 },
3677 "stability": "external",
3678 "summary": "A description of the role that you provide."
3679 },
3680 "locationInModule": {
3681 "filename": "lib/iam.generated.ts",
3682 "line": 1790
3683 },
3684 "name": "description",
3685 "optional": true,
3686 "type": {
3687 "primitive": "string"
3688 }
3689 },
3690 {
3691 "docs": {
3692 "custom": {
3693 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-managepolicyarns"
3694 },
3695 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
3696 "stability": "external",
3697 "summary": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role."
3698 },
3699 "locationInModule": {
3700 "filename": "lib/iam.generated.ts",
3701 "line": 1799
3702 },
3703 "name": "managedPolicyArns",
3704 "optional": true,
3705 "type": {
3706 "collection": {
3707 "elementtype": {
3708 "primitive": "string"
3709 },
3710 "kind": "array"
3711 }
3712 }
3713 },
3714 {
3715 "docs": {
3716 "custom": {
3717 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-maxsessionduration"
3718 },
3719 "remarks": "If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.\n\nAnyone who assumes the role from the AWS CLI or API can use the `DurationSeconds` API parameter or the `duration-seconds` AWS CLI parameter to request a longer session. The `MaxSessionDuration` setting determines the maximum duration that can be requested using the `DurationSeconds` parameter. If users don't specify a value for the `DurationSeconds` parameter, their security credentials are valid for one hour by default. This applies when you use the `AssumeRole*` API operations or the `assume-role*` AWS CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide* .",
3720 "stability": "external",
3721 "summary": "The maximum session duration (in seconds) that you want to set for the specified role."
3722 },
3723 "locationInModule": {
3724 "filename": "lib/iam.generated.ts",
3725 "line": 1808
3726 },
3727 "name": "maxSessionDuration",
3728 "optional": true,
3729 "type": {
3730 "primitive": "number"
3731 }
3732 },
3733 {
3734 "docs": {
3735 "custom": {
3736 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path"
3737 },
3738 "remarks": "This parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
3739 "stability": "external",
3740 "summary": "The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* ."
3741 },
3742 "locationInModule": {
3743 "filename": "lib/iam.generated.ts",
3744 "line": 1819
3745 },
3746 "name": "path",
3747 "optional": true,
3748 "type": {
3749 "primitive": "string"
3750 }
3751 },
3752 {
3753 "docs": {
3754 "custom": {
3755 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary"
3756 },
3757 "remarks": "For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .",
3758 "stability": "external",
3759 "summary": "The ARN of the policy used to set the permissions boundary for the role."
3760 },
3761 "locationInModule": {
3762 "filename": "lib/iam.generated.ts",
3763 "line": 1828
3764 },
3765 "name": "permissionsBoundary",
3766 "optional": true,
3767 "type": {
3768 "primitive": "string"
3769 }
3770 },
3771 {
3772 "docs": {
3773 "custom": {
3774 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-policies"
3775 },
3776 "remarks": "When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) .\n\nA role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .\n\nFor information about limits on the number of inline policies that you can embed with a role, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
3777 "stability": "external",
3778 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM role."
3779 },
3780 "locationInModule": {
3781 "filename": "lib/iam.generated.ts",
3782 "line": 1843
3783 },
3784 "name": "policies",
3785 "optional": true,
3786 "type": {
3787 "union": {
3788 "types": [
3789 {
3790 "fqn": "@aws-cdk/core.IResolvable"
3791 },
3792 {
3793 "collection": {
3794 "elementtype": {
3795 "union": {
3796 "types": [
3797 {
3798 "fqn": "@aws-cdk/core.IResolvable"
3799 },
3800 {
3801 "fqn": "@aws-cdk/aws-iam.CfnRole.PolicyProperty"
3802 }
3803 ]
3804 }
3805 },
3806 "kind": "array"
3807 }
3808 }
3809 ]
3810 }
3811 }
3812 },
3813 {
3814 "docs": {
3815 "custom": {
3816 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-rolename"
3817 },
3818 "remarks": "For valid values, see the `RoleName` parameter for the [`CreateRole`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *IAM User Guide* .\n\nThis parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both \"Role1\" and \"role1\".\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
3819 "stability": "external",
3820 "summary": "A name for the IAM role, up to 64 characters in length."
3821 },
3822 "locationInModule": {
3823 "filename": "lib/iam.generated.ts",
3824 "line": 1858
3825 },
3826 "name": "roleName",
3827 "optional": true,
3828 "type": {
3829 "primitive": "string"
3830 }
3831 }
3832 ],
3833 "symbolId": "lib/iam.generated:CfnRole"
3834 },
3835 "@aws-cdk/aws-iam.CfnRole.PolicyProperty": {
3836 "assembly": "@aws-cdk/aws-iam",
3837 "datatype": true,
3838 "docs": {
3839 "custom": {
3840 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html",
3841 "exampleMetadata": "fixture=_generated"
3842 },
3843 "remarks": "An attached policy is a managed policy that has been attached to a user, group, or role.\n\nFor more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .",
3844 "stability": "external",
3845 "summary": "Contains information about an attached policy.",
3846 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst policyProperty: iam.CfnRole.PolicyProperty = {\n policyDocument: policyDocument,\n policyName: 'policyName',\n};"
3847 },
3848 "fqn": "@aws-cdk/aws-iam.CfnRole.PolicyProperty",
3849 "kind": "interface",
3850 "locationInModule": {
3851 "filename": "lib/iam.generated.ts",
3852 "line": 1934
3853 },
3854 "name": "PolicyProperty",
3855 "namespace": "CfnRole",
3856 "properties": [
3857 {
3858 "abstract": true,
3859 "docs": {
3860 "custom": {
3861 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument"
3862 },
3863 "remarks": "For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json) .",
3864 "stability": "external",
3865 "summary": "The entire contents of the policy that defines permissions."
3866 },
3867 "immutable": true,
3868 "locationInModule": {
3869 "filename": "lib/iam.generated.ts",
3870 "line": 1940
3871 },
3872 "name": "policyDocument",
3873 "type": {
3874 "primitive": "any"
3875 }
3876 },
3877 {
3878 "abstract": true,
3879 "docs": {
3880 "custom": {
3881 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname"
3882 },
3883 "stability": "external",
3884 "summary": "The friendly name (not ARN) identifying the policy."
3885 },
3886 "immutable": true,
3887 "locationInModule": {
3888 "filename": "lib/iam.generated.ts",
3889 "line": 1946
3890 },
3891 "name": "policyName",
3892 "type": {
3893 "primitive": "string"
3894 }
3895 }
3896 ],
3897 "symbolId": "lib/iam.generated:CfnRole.PolicyProperty"
3898 },
3899 "@aws-cdk/aws-iam.CfnRoleProps": {
3900 "assembly": "@aws-cdk/aws-iam",
3901 "datatype": true,
3902 "docs": {
3903 "custom": {
3904 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html",
3905 "exampleMetadata": "fixture=_generated"
3906 },
3907 "stability": "external",
3908 "summary": "Properties for defining a `CfnRole`.",
3909 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const assumeRolePolicyDocument: any;\ndeclare const policyDocument: any;\nconst cfnRoleProps: iam.CfnRoleProps = {\n assumeRolePolicyDocument: assumeRolePolicyDocument,\n\n // the properties below are optional\n description: 'description',\n managedPolicyArns: ['managedPolicyArns'],\n maxSessionDuration: 123,\n path: 'path',\n permissionsBoundary: 'permissionsBoundary',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n roleName: 'roleName',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n};"
3910 },
3911 "fqn": "@aws-cdk/aws-iam.CfnRoleProps",
3912 "kind": "interface",
3913 "locationInModule": {
3914 "filename": "lib/iam.generated.ts",
3915 "line": 1563
3916 },
3917 "name": "CfnRoleProps",
3918 "properties": [
3919 {
3920 "abstract": true,
3921 "docs": {
3922 "custom": {
3923 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-assumerolepolicydocument"
3924 },
3925 "remarks": "Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples) . For more information about the elements that you can use in an IAM policy, see [IAM Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *IAM User Guide* .",
3926 "stability": "external",
3927 "summary": "The trust policy that is associated with this role."
3928 },
3929 "immutable": true,
3930 "locationInModule": {
3931 "filename": "lib/iam.generated.ts",
3932 "line": 1570
3933 },
3934 "name": "assumeRolePolicyDocument",
3935 "type": {
3936 "primitive": "any"
3937 }
3938 },
3939 {
3940 "abstract": true,
3941 "docs": {
3942 "custom": {
3943 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-description"
3944 },
3945 "stability": "external",
3946 "summary": "A description of the role that you provide."
3947 },
3948 "immutable": true,
3949 "locationInModule": {
3950 "filename": "lib/iam.generated.ts",
3951 "line": 1577
3952 },
3953 "name": "description",
3954 "optional": true,
3955 "type": {
3956 "primitive": "string"
3957 }
3958 },
3959 {
3960 "abstract": true,
3961 "docs": {
3962 "custom": {
3963 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-managepolicyarns"
3964 },
3965 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
3966 "stability": "external",
3967 "summary": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role."
3968 },
3969 "immutable": true,
3970 "locationInModule": {
3971 "filename": "lib/iam.generated.ts",
3972 "line": 1586
3973 },
3974 "name": "managedPolicyArns",
3975 "optional": true,
3976 "type": {
3977 "collection": {
3978 "elementtype": {
3979 "primitive": "string"
3980 },
3981 "kind": "array"
3982 }
3983 }
3984 },
3985 {
3986 "abstract": true,
3987 "docs": {
3988 "custom": {
3989 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-maxsessionduration"
3990 },
3991 "remarks": "If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.\n\nAnyone who assumes the role from the AWS CLI or API can use the `DurationSeconds` API parameter or the `duration-seconds` AWS CLI parameter to request a longer session. The `MaxSessionDuration` setting determines the maximum duration that can be requested using the `DurationSeconds` parameter. If users don't specify a value for the `DurationSeconds` parameter, their security credentials are valid for one hour by default. This applies when you use the `AssumeRole*` API operations or the `assume-role*` AWS CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide* .",
3992 "stability": "external",
3993 "summary": "The maximum session duration (in seconds) that you want to set for the specified role."
3994 },
3995 "immutable": true,
3996 "locationInModule": {
3997 "filename": "lib/iam.generated.ts",
3998 "line": 1595
3999 },
4000 "name": "maxSessionDuration",
4001 "optional": true,
4002 "type": {
4003 "primitive": "number"
4004 }
4005 },
4006 {
4007 "abstract": true,
4008 "docs": {
4009 "custom": {
4010 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path"
4011 },
4012 "remarks": "This parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
4013 "stability": "external",
4014 "summary": "The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* ."
4015 },
4016 "immutable": true,
4017 "locationInModule": {
4018 "filename": "lib/iam.generated.ts",
4019 "line": 1606
4020 },
4021 "name": "path",
4022 "optional": true,
4023 "type": {
4024 "primitive": "string"
4025 }
4026 },
4027 {
4028 "abstract": true,
4029 "docs": {
4030 "custom": {
4031 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary"
4032 },
4033 "remarks": "For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .",
4034 "stability": "external",
4035 "summary": "The ARN of the policy used to set the permissions boundary for the role."
4036 },
4037 "immutable": true,
4038 "locationInModule": {
4039 "filename": "lib/iam.generated.ts",
4040 "line": 1615
4041 },
4042 "name": "permissionsBoundary",
4043 "optional": true,
4044 "type": {
4045 "primitive": "string"
4046 }
4047 },
4048 {
4049 "abstract": true,
4050 "docs": {
4051 "custom": {
4052 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-policies"
4053 },
4054 "remarks": "When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) .\n\nA role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .\n\nFor information about limits on the number of inline policies that you can embed with a role, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
4055 "stability": "external",
4056 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM role."
4057 },
4058 "immutable": true,
4059 "locationInModule": {
4060 "filename": "lib/iam.generated.ts",
4061 "line": 1630
4062 },
4063 "name": "policies",
4064 "optional": true,
4065 "type": {
4066 "union": {
4067 "types": [
4068 {
4069 "fqn": "@aws-cdk/core.IResolvable"
4070 },
4071 {
4072 "collection": {
4073 "elementtype": {
4074 "union": {
4075 "types": [
4076 {
4077 "fqn": "@aws-cdk/core.IResolvable"
4078 },
4079 {
4080 "fqn": "@aws-cdk/aws-iam.CfnRole.PolicyProperty"
4081 }
4082 ]
4083 }
4084 },
4085 "kind": "array"
4086 }
4087 }
4088 ]
4089 }
4090 }
4091 },
4092 {
4093 "abstract": true,
4094 "docs": {
4095 "custom": {
4096 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-rolename"
4097 },
4098 "remarks": "For valid values, see the `RoleName` parameter for the [`CreateRole`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *IAM User Guide* .\n\nThis parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both \"Role1\" and \"role1\".\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
4099 "stability": "external",
4100 "summary": "A name for the IAM role, up to 64 characters in length."
4101 },
4102 "immutable": true,
4103 "locationInModule": {
4104 "filename": "lib/iam.generated.ts",
4105 "line": 1645
4106 },
4107 "name": "roleName",
4108 "optional": true,
4109 "type": {
4110 "primitive": "string"
4111 }
4112 },
4113 {
4114 "abstract": true,
4115 "docs": {
4116 "custom": {
4117 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-tags"
4118 },
4119 "remarks": "For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
4120 "stability": "external",
4121 "summary": "A list of tags that are attached to the role."
4122 },
4123 "immutable": true,
4124 "locationInModule": {
4125 "filename": "lib/iam.generated.ts",
4126 "line": 1652
4127 },
4128 "name": "tags",
4129 "optional": true,
4130 "type": {
4131 "collection": {
4132 "elementtype": {
4133 "fqn": "@aws-cdk/core.CfnTag"
4134 },
4135 "kind": "array"
4136 }
4137 }
4138 }
4139 ],
4140 "symbolId": "lib/iam.generated:CfnRoleProps"
4141 },
4142 "@aws-cdk/aws-iam.CfnSAMLProvider": {
4143 "assembly": "@aws-cdk/aws-iam",
4144 "base": "@aws-cdk/core.CfnResource",
4145 "docs": {
4146 "custom": {
4147 "cloudformationResource": "AWS::IAM::SAMLProvider",
4148 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html",
4149 "exampleMetadata": "fixture=_generated"
4150 },
4151 "remarks": "Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.\n\nThe SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .\n\nWhen you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.\n\n> This operation requires [Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) .\n\nFor more information, see [Enabling SAML 2.0 federated users to access the AWS Management Console](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html) and [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide* .",
4152 "stability": "external",
4153 "summary": "A CloudFormation `AWS::IAM::SAMLProvider`.",
4154 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnSAMLProvider = new iam.CfnSAMLProvider(this, 'MyCfnSAMLProvider', {\n samlMetadataDocument: 'samlMetadataDocument',\n\n // the properties below are optional\n name: 'name',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n});"
4155 },
4156 "fqn": "@aws-cdk/aws-iam.CfnSAMLProvider",
4157 "initializer": {
4158 "docs": {
4159 "stability": "external",
4160 "summary": "Create a new `AWS::IAM::SAMLProvider`."
4161 },
4162 "locationInModule": {
4163 "filename": "lib/iam.generated.ts",
4164 "line": 2176
4165 },
4166 "parameters": [
4167 {
4168 "docs": {
4169 "summary": "- scope in which this resource is defined."
4170 },
4171 "name": "scope",
4172 "type": {
4173 "fqn": "@aws-cdk/core.Construct"
4174 }
4175 },
4176 {
4177 "docs": {
4178 "summary": "- scoped id of the resource."
4179 },
4180 "name": "id",
4181 "type": {
4182 "primitive": "string"
4183 }
4184 },
4185 {
4186 "docs": {
4187 "summary": "- resource properties."
4188 },
4189 "name": "props",
4190 "type": {
4191 "fqn": "@aws-cdk/aws-iam.CfnSAMLProviderProps"
4192 }
4193 }
4194 ]
4195 },
4196 "interfaces": [
4197 "@aws-cdk/core.IInspectable"
4198 ],
4199 "kind": "class",
4200 "locationInModule": {
4201 "filename": "lib/iam.generated.ts",
4202 "line": 2111
4203 },
4204 "methods": [
4205 {
4206 "docs": {
4207 "stability": "external",
4208 "summary": "Examines the CloudFormation resource and discloses attributes."
4209 },
4210 "locationInModule": {
4211 "filename": "lib/iam.generated.ts",
4212 "line": 2192
4213 },
4214 "name": "inspect",
4215 "overrides": "@aws-cdk/core.IInspectable",
4216 "parameters": [
4217 {
4218 "docs": {
4219 "summary": "- tree inspector to collect and process attributes."
4220 },
4221 "name": "inspector",
4222 "type": {
4223 "fqn": "@aws-cdk/core.TreeInspector"
4224 }
4225 }
4226 ]
4227 },
4228 {
4229 "docs": {
4230 "stability": "external"
4231 },
4232 "locationInModule": {
4233 "filename": "lib/iam.generated.ts",
4234 "line": 2205
4235 },
4236 "name": "renderProperties",
4237 "overrides": "@aws-cdk/core.CfnResource",
4238 "parameters": [
4239 {
4240 "name": "props",
4241 "type": {
4242 "collection": {
4243 "elementtype": {
4244 "primitive": "any"
4245 },
4246 "kind": "map"
4247 }
4248 }
4249 }
4250 ],
4251 "protected": true,
4252 "returns": {
4253 "type": {
4254 "collection": {
4255 "elementtype": {
4256 "primitive": "any"
4257 },
4258 "kind": "map"
4259 }
4260 }
4261 }
4262 }
4263 ],
4264 "name": "CfnSAMLProvider",
4265 "properties": [
4266 {
4267 "const": true,
4268 "docs": {
4269 "stability": "external",
4270 "summary": "The CloudFormation resource type name for this resource class."
4271 },
4272 "immutable": true,
4273 "locationInModule": {
4274 "filename": "lib/iam.generated.ts",
4275 "line": 2115
4276 },
4277 "name": "CFN_RESOURCE_TYPE_NAME",
4278 "static": true,
4279 "type": {
4280 "primitive": "string"
4281 }
4282 },
4283 {
4284 "docs": {
4285 "custom": {
4286 "cloudformationAttribute": "Arn"
4287 },
4288 "stability": "external",
4289 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::SAMLProvider` resource."
4290 },
4291 "immutable": true,
4292 "locationInModule": {
4293 "filename": "lib/iam.generated.ts",
4294 "line": 2140
4295 },
4296 "name": "attrArn",
4297 "type": {
4298 "primitive": "string"
4299 }
4300 },
4301 {
4302 "docs": {
4303 "stability": "external"
4304 },
4305 "immutable": true,
4306 "locationInModule": {
4307 "filename": "lib/iam.generated.ts",
4308 "line": 2197
4309 },
4310 "name": "cfnProperties",
4311 "overrides": "@aws-cdk/core.CfnResource",
4312 "protected": true,
4313 "type": {
4314 "collection": {
4315 "elementtype": {
4316 "primitive": "any"
4317 },
4318 "kind": "map"
4319 }
4320 }
4321 },
4322 {
4323 "docs": {
4324 "custom": {
4325 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-tags"
4326 },
4327 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
4328 "stability": "external",
4329 "summary": "A list of tags that you want to attach to the new IAM SAML provider."
4330 },
4331 "immutable": true,
4332 "locationInModule": {
4333 "filename": "lib/iam.generated.ts",
4334 "line": 2167
4335 },
4336 "name": "tags",
4337 "type": {
4338 "fqn": "@aws-cdk/core.TagManager"
4339 }
4340 },
4341 {
4342 "docs": {
4343 "custom": {
4344 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-samlmetadatadocument"
4345 },
4346 "remarks": "For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*",
4347 "stability": "external",
4348 "summary": "An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP."
4349 },
4350 "locationInModule": {
4351 "filename": "lib/iam.generated.ts",
4352 "line": 2149
4353 },
4354 "name": "samlMetadataDocument",
4355 "type": {
4356 "primitive": "string"
4357 }
4358 },
4359 {
4360 "docs": {
4361 "custom": {
4362 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-name"
4363 },
4364 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
4365 "stability": "external",
4366 "summary": "The name of the provider to create."
4367 },
4368 "locationInModule": {
4369 "filename": "lib/iam.generated.ts",
4370 "line": 2158
4371 },
4372 "name": "name",
4373 "optional": true,
4374 "type": {
4375 "primitive": "string"
4376 }
4377 }
4378 ],
4379 "symbolId": "lib/iam.generated:CfnSAMLProvider"
4380 },
4381 "@aws-cdk/aws-iam.CfnSAMLProviderProps": {
4382 "assembly": "@aws-cdk/aws-iam",
4383 "datatype": true,
4384 "docs": {
4385 "custom": {
4386 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html",
4387 "exampleMetadata": "fixture=_generated"
4388 },
4389 "stability": "external",
4390 "summary": "Properties for defining a `CfnSAMLProvider`.",
4391 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnSAMLProviderProps: iam.CfnSAMLProviderProps = {\n samlMetadataDocument: 'samlMetadataDocument',\n\n // the properties below are optional\n name: 'name',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n};"
4392 },
4393 "fqn": "@aws-cdk/aws-iam.CfnSAMLProviderProps",
4394 "kind": "interface",
4395 "locationInModule": {
4396 "filename": "lib/iam.generated.ts",
4397 "line": 2011
4398 },
4399 "name": "CfnSAMLProviderProps",
4400 "properties": [
4401 {
4402 "abstract": true,
4403 "docs": {
4404 "custom": {
4405 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-samlmetadatadocument"
4406 },
4407 "remarks": "For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*",
4408 "stability": "external",
4409 "summary": "An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP."
4410 },
4411 "immutable": true,
4412 "locationInModule": {
4413 "filename": "lib/iam.generated.ts",
4414 "line": 2020
4415 },
4416 "name": "samlMetadataDocument",
4417 "type": {
4418 "primitive": "string"
4419 }
4420 },
4421 {
4422 "abstract": true,
4423 "docs": {
4424 "custom": {
4425 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-name"
4426 },
4427 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
4428 "stability": "external",
4429 "summary": "The name of the provider to create."
4430 },
4431 "immutable": true,
4432 "locationInModule": {
4433 "filename": "lib/iam.generated.ts",
4434 "line": 2029
4435 },
4436 "name": "name",
4437 "optional": true,
4438 "type": {
4439 "primitive": "string"
4440 }
4441 },
4442 {
4443 "abstract": true,
4444 "docs": {
4445 "custom": {
4446 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-tags"
4447 },
4448 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
4449 "stability": "external",
4450 "summary": "A list of tags that you want to attach to the new IAM SAML provider."
4451 },
4452 "immutable": true,
4453 "locationInModule": {
4454 "filename": "lib/iam.generated.ts",
4455 "line": 2038
4456 },
4457 "name": "tags",
4458 "optional": true,
4459 "type": {
4460 "collection": {
4461 "elementtype": {
4462 "fqn": "@aws-cdk/core.CfnTag"
4463 },
4464 "kind": "array"
4465 }
4466 }
4467 }
4468 ],
4469 "symbolId": "lib/iam.generated:CfnSAMLProviderProps"
4470 },
4471 "@aws-cdk/aws-iam.CfnServerCertificate": {
4472 "assembly": "@aws-cdk/aws-iam",
4473 "base": "@aws-cdk/core.CfnResource",
4474 "docs": {
4475 "custom": {
4476 "cloudformationResource": "AWS::IAM::ServerCertificate",
4477 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html",
4478 "exampleMetadata": "fixture=_generated"
4479 },
4480 "remarks": "Uploads a server certificate entity for the AWS account . The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.\n\nWe recommend that you use [AWS Certificate Manager](https://docs.aws.amazon.com/acm/) to provision, manage, and deploy your server certificates. With ACM you can request a certificate, deploy it to AWS resources, and let ACM handle certificate renewals for you. Certificates provided by ACM are free. For more information about using ACM, see the [AWS Certificate Manager User Guide](https://docs.aws.amazon.com/acm/latest/userguide/) .\n\nFor more information about working with server certificates, see [Working with server certificates](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) in the *IAM User Guide* . This topic includes a list of AWS services that can use the server certificates that you manage with IAM.\n\nFor information about the number of server certificates you can upload, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .\n\n> Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET when calling `UploadServerCertificate` . For information about setting up signatures and authorization through the API, see [Signing AWS API requests](https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) in the *AWS General Reference* . For general information about using the Query API with IAM, see [Calling the API by making HTTP query requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html) in the *IAM User Guide* .",
4481 "stability": "external",
4482 "summary": "A CloudFormation `AWS::IAM::ServerCertificate`.",
4483 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnServerCertificate = new iam.CfnServerCertificate(this, 'MyCfnServerCertificate', /* all optional props */ {\n certificateBody: 'certificateBody',\n certificateChain: 'certificateChain',\n path: 'path',\n privateKey: 'privateKey',\n serverCertificateName: 'serverCertificateName',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n});"
4484 },
4485 "fqn": "@aws-cdk/aws-iam.CfnServerCertificate",
4486 "initializer": {
4487 "docs": {
4488 "stability": "external",
4489 "summary": "Create a new `AWS::IAM::ServerCertificate`."
4490 },
4491 "locationInModule": {
4492 "filename": "lib/iam.generated.ts",
4493 "line": 2445
4494 },
4495 "parameters": [
4496 {
4497 "docs": {
4498 "summary": "- scope in which this resource is defined."
4499 },
4500 "name": "scope",
4501 "type": {
4502 "fqn": "@aws-cdk/core.Construct"
4503 }
4504 },
4505 {
4506 "docs": {
4507 "summary": "- scoped id of the resource."
4508 },
4509 "name": "id",
4510 "type": {
4511 "primitive": "string"
4512 }
4513 },
4514 {
4515 "docs": {
4516 "summary": "- resource properties."
4517 },
4518 "name": "props",
4519 "optional": true,
4520 "type": {
4521 "fqn": "@aws-cdk/aws-iam.CfnServerCertificateProps"
4522 }
4523 }
4524 ]
4525 },
4526 "interfaces": [
4527 "@aws-cdk/core.IInspectable"
4528 ],
4529 "kind": "class",
4530 "locationInModule": {
4531 "filename": "lib/iam.generated.ts",
4532 "line": 2353
4533 },
4534 "methods": [
4535 {
4536 "docs": {
4537 "stability": "external",
4538 "summary": "Examines the CloudFormation resource and discloses attributes."
4539 },
4540 "locationInModule": {
4541 "filename": "lib/iam.generated.ts",
4542 "line": 2463
4543 },
4544 "name": "inspect",
4545 "overrides": "@aws-cdk/core.IInspectable",
4546 "parameters": [
4547 {
4548 "docs": {
4549 "summary": "- tree inspector to collect and process attributes."
4550 },
4551 "name": "inspector",
4552 "type": {
4553 "fqn": "@aws-cdk/core.TreeInspector"
4554 }
4555 }
4556 ]
4557 },
4558 {
4559 "docs": {
4560 "stability": "external"
4561 },
4562 "locationInModule": {
4563 "filename": "lib/iam.generated.ts",
4564 "line": 2479
4565 },
4566 "name": "renderProperties",
4567 "overrides": "@aws-cdk/core.CfnResource",
4568 "parameters": [
4569 {
4570 "name": "props",
4571 "type": {
4572 "collection": {
4573 "elementtype": {
4574 "primitive": "any"
4575 },
4576 "kind": "map"
4577 }
4578 }
4579 }
4580 ],
4581 "protected": true,
4582 "returns": {
4583 "type": {
4584 "collection": {
4585 "elementtype": {
4586 "primitive": "any"
4587 },
4588 "kind": "map"
4589 }
4590 }
4591 }
4592 }
4593 ],
4594 "name": "CfnServerCertificate",
4595 "properties": [
4596 {
4597 "const": true,
4598 "docs": {
4599 "stability": "external",
4600 "summary": "The CloudFormation resource type name for this resource class."
4601 },
4602 "immutable": true,
4603 "locationInModule": {
4604 "filename": "lib/iam.generated.ts",
4605 "line": 2357
4606 },
4607 "name": "CFN_RESOURCE_TYPE_NAME",
4608 "static": true,
4609 "type": {
4610 "primitive": "string"
4611 }
4612 },
4613 {
4614 "docs": {
4615 "custom": {
4616 "cloudformationAttribute": "Arn"
4617 },
4618 "stability": "external",
4619 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::ServerCertificate` resource."
4620 },
4621 "immutable": true,
4622 "locationInModule": {
4623 "filename": "lib/iam.generated.ts",
4624 "line": 2382
4625 },
4626 "name": "attrArn",
4627 "type": {
4628 "primitive": "string"
4629 }
4630 },
4631 {
4632 "docs": {
4633 "stability": "external"
4634 },
4635 "immutable": true,
4636 "locationInModule": {
4637 "filename": "lib/iam.generated.ts",
4638 "line": 2468
4639 },
4640 "name": "cfnProperties",
4641 "overrides": "@aws-cdk/core.CfnResource",
4642 "protected": true,
4643 "type": {
4644 "collection": {
4645 "elementtype": {
4646 "primitive": "any"
4647 },
4648 "kind": "map"
4649 }
4650 }
4651 },
4652 {
4653 "docs": {
4654 "custom": {
4655 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-tags"
4656 },
4657 "remarks": "For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
4658 "stability": "external",
4659 "summary": "A list of tags that are attached to the server certificate."
4660 },
4661 "immutable": true,
4662 "locationInModule": {
4663 "filename": "lib/iam.generated.ts",
4664 "line": 2436
4665 },
4666 "name": "tags",
4667 "type": {
4668 "fqn": "@aws-cdk/core.TagManager"
4669 }
4670 },
4671 {
4672 "docs": {
4673 "custom": {
4674 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatebody"
4675 },
4676 "stability": "external",
4677 "summary": "The contents of the public key certificate."
4678 },
4679 "locationInModule": {
4680 "filename": "lib/iam.generated.ts",
4681 "line": 2389
4682 },
4683 "name": "certificateBody",
4684 "optional": true,
4685 "type": {
4686 "primitive": "string"
4687 }
4688 },
4689 {
4690 "docs": {
4691 "custom": {
4692 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatechain"
4693 },
4694 "stability": "external",
4695 "summary": "The contents of the public key certificate chain."
4696 },
4697 "locationInModule": {
4698 "filename": "lib/iam.generated.ts",
4699 "line": 2396
4700 },
4701 "name": "certificateChain",
4702 "optional": true,
4703 "type": {
4704 "primitive": "string"
4705 }
4706 },
4707 {
4708 "docs": {
4709 "custom": {
4710 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-path"
4711 },
4712 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.\n\n> If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the `path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/` ).",
4713 "stability": "external",
4714 "summary": "The path for the server certificate."
4715 },
4716 "locationInModule": {
4717 "filename": "lib/iam.generated.ts",
4718 "line": 2407
4719 },
4720 "name": "path",
4721 "optional": true,
4722 "type": {
4723 "primitive": "string"
4724 }
4725 },
4726 {
4727 "docs": {
4728 "custom": {
4729 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-privatekey"
4730 },
4731 "remarks": "The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
4732 "stability": "external",
4733 "summary": "The contents of the private key in PEM-encoded format."
4734 },
4735 "locationInModule": {
4736 "filename": "lib/iam.generated.ts",
4737 "line": 2420
4738 },
4739 "name": "privateKey",
4740 "optional": true,
4741 "type": {
4742 "primitive": "string"
4743 }
4744 },
4745 {
4746 "docs": {
4747 "custom": {
4748 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-servercertificatename"
4749 },
4750 "remarks": "Do not include the path in this value. The name of the certificate cannot contain any spaces.\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
4751 "stability": "external",
4752 "summary": "The name for the server certificate."
4753 },
4754 "locationInModule": {
4755 "filename": "lib/iam.generated.ts",
4756 "line": 2429
4757 },
4758 "name": "serverCertificateName",
4759 "optional": true,
4760 "type": {
4761 "primitive": "string"
4762 }
4763 }
4764 ],
4765 "symbolId": "lib/iam.generated:CfnServerCertificate"
4766 },
4767 "@aws-cdk/aws-iam.CfnServerCertificateProps": {
4768 "assembly": "@aws-cdk/aws-iam",
4769 "datatype": true,
4770 "docs": {
4771 "custom": {
4772 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html",
4773 "exampleMetadata": "fixture=_generated"
4774 },
4775 "stability": "external",
4776 "summary": "Properties for defining a `CfnServerCertificate`.",
4777 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnServerCertificateProps: iam.CfnServerCertificateProps = {\n certificateBody: 'certificateBody',\n certificateChain: 'certificateChain',\n path: 'path',\n privateKey: 'privateKey',\n serverCertificateName: 'serverCertificateName',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n};"
4778 },
4779 "fqn": "@aws-cdk/aws-iam.CfnServerCertificateProps",
4780 "kind": "interface",
4781 "locationInModule": {
4782 "filename": "lib/iam.generated.ts",
4783 "line": 2218
4784 },
4785 "name": "CfnServerCertificateProps",
4786 "properties": [
4787 {
4788 "abstract": true,
4789 "docs": {
4790 "custom": {
4791 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatebody"
4792 },
4793 "stability": "external",
4794 "summary": "The contents of the public key certificate."
4795 },
4796 "immutable": true,
4797 "locationInModule": {
4798 "filename": "lib/iam.generated.ts",
4799 "line": 2225
4800 },
4801 "name": "certificateBody",
4802 "optional": true,
4803 "type": {
4804 "primitive": "string"
4805 }
4806 },
4807 {
4808 "abstract": true,
4809 "docs": {
4810 "custom": {
4811 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatechain"
4812 },
4813 "stability": "external",
4814 "summary": "The contents of the public key certificate chain."
4815 },
4816 "immutable": true,
4817 "locationInModule": {
4818 "filename": "lib/iam.generated.ts",
4819 "line": 2232
4820 },
4821 "name": "certificateChain",
4822 "optional": true,
4823 "type": {
4824 "primitive": "string"
4825 }
4826 },
4827 {
4828 "abstract": true,
4829 "docs": {
4830 "custom": {
4831 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-path"
4832 },
4833 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.\n\n> If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the `path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/` ).",
4834 "stability": "external",
4835 "summary": "The path for the server certificate."
4836 },
4837 "immutable": true,
4838 "locationInModule": {
4839 "filename": "lib/iam.generated.ts",
4840 "line": 2243
4841 },
4842 "name": "path",
4843 "optional": true,
4844 "type": {
4845 "primitive": "string"
4846 }
4847 },
4848 {
4849 "abstract": true,
4850 "docs": {
4851 "custom": {
4852 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-privatekey"
4853 },
4854 "remarks": "The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
4855 "stability": "external",
4856 "summary": "The contents of the private key in PEM-encoded format."
4857 },
4858 "immutable": true,
4859 "locationInModule": {
4860 "filename": "lib/iam.generated.ts",
4861 "line": 2256
4862 },
4863 "name": "privateKey",
4864 "optional": true,
4865 "type": {
4866 "primitive": "string"
4867 }
4868 },
4869 {
4870 "abstract": true,
4871 "docs": {
4872 "custom": {
4873 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-servercertificatename"
4874 },
4875 "remarks": "Do not include the path in this value. The name of the certificate cannot contain any spaces.\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
4876 "stability": "external",
4877 "summary": "The name for the server certificate."
4878 },
4879 "immutable": true,
4880 "locationInModule": {
4881 "filename": "lib/iam.generated.ts",
4882 "line": 2265
4883 },
4884 "name": "serverCertificateName",
4885 "optional": true,
4886 "type": {
4887 "primitive": "string"
4888 }
4889 },
4890 {
4891 "abstract": true,
4892 "docs": {
4893 "custom": {
4894 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-tags"
4895 },
4896 "remarks": "For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
4897 "stability": "external",
4898 "summary": "A list of tags that are attached to the server certificate."
4899 },
4900 "immutable": true,
4901 "locationInModule": {
4902 "filename": "lib/iam.generated.ts",
4903 "line": 2272
4904 },
4905 "name": "tags",
4906 "optional": true,
4907 "type": {
4908 "collection": {
4909 "elementtype": {
4910 "fqn": "@aws-cdk/core.CfnTag"
4911 },
4912 "kind": "array"
4913 }
4914 }
4915 }
4916 ],
4917 "symbolId": "lib/iam.generated:CfnServerCertificateProps"
4918 },
4919 "@aws-cdk/aws-iam.CfnServiceLinkedRole": {
4920 "assembly": "@aws-cdk/aws-iam",
4921 "base": "@aws-cdk/core.CfnResource",
4922 "docs": {
4923 "custom": {
4924 "cloudformationResource": "AWS::IAM::ServiceLinkedRole",
4925 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html",
4926 "exampleMetadata": "infused"
4927 },
4928 "remarks": "Creates an IAM role that is linked to a specific AWS service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your AWS resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed. For more information, see [Using service-linked roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) in the *IAM User Guide* .\n\nTo attach a policy to this service-linked role, you must make the request using the AWS service that depends on this role.",
4929 "stability": "external",
4930 "summary": "A CloudFormation `AWS::IAM::ServiceLinkedRole`.",
4931 "example": "const slr = new iam.CfnServiceLinkedRole(this, 'ElasticSLR', {\n awsServiceName: 'es.amazonaws.com',\n});"
4932 },
4933 "fqn": "@aws-cdk/aws-iam.CfnServiceLinkedRole",
4934 "initializer": {
4935 "docs": {
4936 "stability": "external",
4937 "summary": "Create a new `AWS::IAM::ServiceLinkedRole`."
4938 },
4939 "locationInModule": {
4940 "filename": "lib/iam.generated.ts",
4941 "line": 2641
4942 },
4943 "parameters": [
4944 {
4945 "docs": {
4946 "summary": "- scope in which this resource is defined."
4947 },
4948 "name": "scope",
4949 "type": {
4950 "fqn": "@aws-cdk/core.Construct"
4951 }
4952 },
4953 {
4954 "docs": {
4955 "summary": "- scoped id of the resource."
4956 },
4957 "name": "id",
4958 "type": {
4959 "primitive": "string"
4960 }
4961 },
4962 {
4963 "docs": {
4964 "summary": "- resource properties."
4965 },
4966 "name": "props",
4967 "type": {
4968 "fqn": "@aws-cdk/aws-iam.CfnServiceLinkedRoleProps"
4969 }
4970 }
4971 ]
4972 },
4973 "interfaces": [
4974 "@aws-cdk/core.IInspectable"
4975 ],
4976 "kind": "class",
4977 "locationInModule": {
4978 "filename": "lib/iam.generated.ts",
4979 "line": 2584
4980 },
4981 "methods": [
4982 {
4983 "docs": {
4984 "stability": "external",
4985 "summary": "Examines the CloudFormation resource and discloses attributes."
4986 },
4987 "locationInModule": {
4988 "filename": "lib/iam.generated.ts",
4989 "line": 2656
4990 },
4991 "name": "inspect",
4992 "overrides": "@aws-cdk/core.IInspectable",
4993 "parameters": [
4994 {
4995 "docs": {
4996 "summary": "- tree inspector to collect and process attributes."
4997 },
4998 "name": "inspector",
4999 "type": {
5000 "fqn": "@aws-cdk/core.TreeInspector"
5001 }
5002 }
5003 ]
5004 },
5005 {
5006 "docs": {
5007 "stability": "external"
5008 },
5009 "locationInModule": {
5010 "filename": "lib/iam.generated.ts",
5011 "line": 2669
5012 },
5013 "name": "renderProperties",
5014 "overrides": "@aws-cdk/core.CfnResource",
5015 "parameters": [
5016 {
5017 "name": "props",
5018 "type": {
5019 "collection": {
5020 "elementtype": {
5021 "primitive": "any"
5022 },
5023 "kind": "map"
5024 }
5025 }
5026 }
5027 ],
5028 "protected": true,
5029 "returns": {
5030 "type": {
5031 "collection": {
5032 "elementtype": {
5033 "primitive": "any"
5034 },
5035 "kind": "map"
5036 }
5037 }
5038 }
5039 }
5040 ],
5041 "name": "CfnServiceLinkedRole",
5042 "properties": [
5043 {
5044 "const": true,
5045 "docs": {
5046 "stability": "external",
5047 "summary": "The CloudFormation resource type name for this resource class."
5048 },
5049 "immutable": true,
5050 "locationInModule": {
5051 "filename": "lib/iam.generated.ts",
5052 "line": 2588
5053 },
5054 "name": "CFN_RESOURCE_TYPE_NAME",
5055 "static": true,
5056 "type": {
5057 "primitive": "string"
5058 }
5059 },
5060 {
5061 "docs": {
5062 "stability": "external"
5063 },
5064 "immutable": true,
5065 "locationInModule": {
5066 "filename": "lib/iam.generated.ts",
5067 "line": 2661
5068 },
5069 "name": "cfnProperties",
5070 "overrides": "@aws-cdk/core.CfnResource",
5071 "protected": true,
5072 "type": {
5073 "collection": {
5074 "elementtype": {
5075 "primitive": "any"
5076 },
5077 "kind": "map"
5078 }
5079 }
5080 },
5081 {
5082 "docs": {
5083 "custom": {
5084 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-awsservicename"
5085 },
5086 "remarks": "You use a string similar to a URL but without the http:// in front. For example: `elasticbeanstalk.amazonaws.com` .\n\nService principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the *IAM User Guide* . Look for the services that have *Yes* in the *Service-Linked Role* column. Choose the *Yes* link to view the service-linked role documentation for that service.",
5087 "stability": "external",
5088 "summary": "The service principal for the AWS service to which this role is attached."
5089 },
5090 "locationInModule": {
5091 "filename": "lib/iam.generated.ts",
5092 "line": 2616
5093 },
5094 "name": "awsServiceName",
5095 "type": {
5096 "primitive": "string"
5097 }
5098 },
5099 {
5100 "docs": {
5101 "custom": {
5102 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-customsuffix"
5103 },
5104 "remarks": "If you make multiple requests for the same service, then you must supply a different `CustomSuffix` for each request. Otherwise the request fails with a duplicate role name error. For example, you could add `-1` or `-debug` to the suffix.\n\nSome services do not support the `CustomSuffix` parameter. If you provide an optional suffix and the operation fails, try the operation again without the suffix.",
5105 "stability": "external",
5106 "summary": "A string that you provide, which is combined with the service-provided prefix to form the complete role name."
5107 },
5108 "locationInModule": {
5109 "filename": "lib/iam.generated.ts",
5110 "line": 2625
5111 },
5112 "name": "customSuffix",
5113 "optional": true,
5114 "type": {
5115 "primitive": "string"
5116 }
5117 },
5118 {
5119 "docs": {
5120 "custom": {
5121 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-description"
5122 },
5123 "stability": "external",
5124 "summary": "The description of the role."
5125 },
5126 "locationInModule": {
5127 "filename": "lib/iam.generated.ts",
5128 "line": 2632
5129 },
5130 "name": "description",
5131 "optional": true,
5132 "type": {
5133 "primitive": "string"
5134 }
5135 }
5136 ],
5137 "symbolId": "lib/iam.generated:CfnServiceLinkedRole"
5138 },
5139 "@aws-cdk/aws-iam.CfnServiceLinkedRoleProps": {
5140 "assembly": "@aws-cdk/aws-iam",
5141 "datatype": true,
5142 "docs": {
5143 "custom": {
5144 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html",
5145 "exampleMetadata": "infused"
5146 },
5147 "stability": "external",
5148 "summary": "Properties for defining a `CfnServiceLinkedRole`.",
5149 "example": "const slr = new iam.CfnServiceLinkedRole(this, 'ElasticSLR', {\n awsServiceName: 'es.amazonaws.com',\n});"
5150 },
5151 "fqn": "@aws-cdk/aws-iam.CfnServiceLinkedRoleProps",
5152 "kind": "interface",
5153 "locationInModule": {
5154 "filename": "lib/iam.generated.ts",
5155 "line": 2492
5156 },
5157 "name": "CfnServiceLinkedRoleProps",
5158 "properties": [
5159 {
5160 "abstract": true,
5161 "docs": {
5162 "custom": {
5163 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-awsservicename"
5164 },
5165 "remarks": "You use a string similar to a URL but without the http:// in front. For example: `elasticbeanstalk.amazonaws.com` .\n\nService principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the *IAM User Guide* . Look for the services that have *Yes* in the *Service-Linked Role* column. Choose the *Yes* link to view the service-linked role documentation for that service.",
5166 "stability": "external",
5167 "summary": "The service principal for the AWS service to which this role is attached."
5168 },
5169 "immutable": true,
5170 "locationInModule": {
5171 "filename": "lib/iam.generated.ts",
5172 "line": 2501
5173 },
5174 "name": "awsServiceName",
5175 "type": {
5176 "primitive": "string"
5177 }
5178 },
5179 {
5180 "abstract": true,
5181 "docs": {
5182 "custom": {
5183 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-customsuffix"
5184 },
5185 "remarks": "If you make multiple requests for the same service, then you must supply a different `CustomSuffix` for each request. Otherwise the request fails with a duplicate role name error. For example, you could add `-1` or `-debug` to the suffix.\n\nSome services do not support the `CustomSuffix` parameter. If you provide an optional suffix and the operation fails, try the operation again without the suffix.",
5186 "stability": "external",
5187 "summary": "A string that you provide, which is combined with the service-provided prefix to form the complete role name."
5188 },
5189 "immutable": true,
5190 "locationInModule": {
5191 "filename": "lib/iam.generated.ts",
5192 "line": 2510
5193 },
5194 "name": "customSuffix",
5195 "optional": true,
5196 "type": {
5197 "primitive": "string"
5198 }
5199 },
5200 {
5201 "abstract": true,
5202 "docs": {
5203 "custom": {
5204 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-description"
5205 },
5206 "stability": "external",
5207 "summary": "The description of the role."
5208 },
5209 "immutable": true,
5210 "locationInModule": {
5211 "filename": "lib/iam.generated.ts",
5212 "line": 2517
5213 },
5214 "name": "description",
5215 "optional": true,
5216 "type": {
5217 "primitive": "string"
5218 }
5219 }
5220 ],
5221 "symbolId": "lib/iam.generated:CfnServiceLinkedRoleProps"
5222 },
5223 "@aws-cdk/aws-iam.CfnUser": {
5224 "assembly": "@aws-cdk/aws-iam",
5225 "base": "@aws-cdk/core.CfnResource",
5226 "docs": {
5227 "custom": {
5228 "cloudformationResource": "AWS::IAM::User",
5229 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html",
5230 "exampleMetadata": "fixture=_generated"
5231 },
5232 "remarks": "Creates a new IAM user for your AWS account .\n\nFor information about quotas for the number of IAM users you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .",
5233 "stability": "external",
5234 "summary": "A CloudFormation `AWS::IAM::User`.",
5235 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnUser = new iam.CfnUser(this, 'MyCfnUser', /* all optional props */ {\n groups: ['groups'],\n loginProfile: {\n password: 'password',\n\n // the properties below are optional\n passwordResetRequired: false,\n },\n managedPolicyArns: ['managedPolicyArns'],\n path: 'path',\n permissionsBoundary: 'permissionsBoundary',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n tags: [{\n key: 'key',\n value: 'value',\n }],\n userName: 'userName',\n});"
5236 },
5237 "fqn": "@aws-cdk/aws-iam.CfnUser",
5238 "initializer": {
5239 "docs": {
5240 "stability": "external",
5241 "summary": "Create a new `AWS::IAM::User`."
5242 },
5243 "locationInModule": {
5244 "filename": "lib/iam.generated.ts",
5245 "line": 2969
5246 },
5247 "parameters": [
5248 {
5249 "docs": {
5250 "summary": "- scope in which this resource is defined."
5251 },
5252 "name": "scope",
5253 "type": {
5254 "fqn": "@aws-cdk/core.Construct"
5255 }
5256 },
5257 {
5258 "docs": {
5259 "summary": "- scoped id of the resource."
5260 },
5261 "name": "id",
5262 "type": {
5263 "primitive": "string"
5264 }
5265 },
5266 {
5267 "docs": {
5268 "summary": "- resource properties."
5269 },
5270 "name": "props",
5271 "optional": true,
5272 "type": {
5273 "fqn": "@aws-cdk/aws-iam.CfnUserProps"
5274 }
5275 }
5276 ]
5277 },
5278 "interfaces": [
5279 "@aws-cdk/core.IInspectable"
5280 ],
5281 "kind": "class",
5282 "locationInModule": {
5283 "filename": "lib/iam.generated.ts",
5284 "line": 2847
5285 },
5286 "methods": [
5287 {
5288 "docs": {
5289 "stability": "external",
5290 "summary": "Examines the CloudFormation resource and discloses attributes."
5291 },
5292 "locationInModule": {
5293 "filename": "lib/iam.generated.ts",
5294 "line": 2989
5295 },
5296 "name": "inspect",
5297 "overrides": "@aws-cdk/core.IInspectable",
5298 "parameters": [
5299 {
5300 "docs": {
5301 "summary": "- tree inspector to collect and process attributes."
5302 },
5303 "name": "inspector",
5304 "type": {
5305 "fqn": "@aws-cdk/core.TreeInspector"
5306 }
5307 }
5308 ]
5309 },
5310 {
5311 "docs": {
5312 "stability": "external"
5313 },
5314 "locationInModule": {
5315 "filename": "lib/iam.generated.ts",
5316 "line": 3007
5317 },
5318 "name": "renderProperties",
5319 "overrides": "@aws-cdk/core.CfnResource",
5320 "parameters": [
5321 {
5322 "name": "props",
5323 "type": {
5324 "collection": {
5325 "elementtype": {
5326 "primitive": "any"
5327 },
5328 "kind": "map"
5329 }
5330 }
5331 }
5332 ],
5333 "protected": true,
5334 "returns": {
5335 "type": {
5336 "collection": {
5337 "elementtype": {
5338 "primitive": "any"
5339 },
5340 "kind": "map"
5341 }
5342 }
5343 }
5344 }
5345 ],
5346 "name": "CfnUser",
5347 "properties": [
5348 {
5349 "const": true,
5350 "docs": {
5351 "stability": "external",
5352 "summary": "The CloudFormation resource type name for this resource class."
5353 },
5354 "immutable": true,
5355 "locationInModule": {
5356 "filename": "lib/iam.generated.ts",
5357 "line": 2851
5358 },
5359 "name": "CFN_RESOURCE_TYPE_NAME",
5360 "static": true,
5361 "type": {
5362 "primitive": "string"
5363 }
5364 },
5365 {
5366 "docs": {
5367 "custom": {
5368 "cloudformationAttribute": "Arn"
5369 },
5370 "remarks": "For example: `arn:aws:iam::123456789012:user/mystack-myuser-1CCXAFG2H2U4D` .",
5371 "stability": "external",
5372 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::User` resource."
5373 },
5374 "immutable": true,
5375 "locationInModule": {
5376 "filename": "lib/iam.generated.ts",
5377 "line": 2876
5378 },
5379 "name": "attrArn",
5380 "type": {
5381 "primitive": "string"
5382 }
5383 },
5384 {
5385 "docs": {
5386 "stability": "external"
5387 },
5388 "immutable": true,
5389 "locationInModule": {
5390 "filename": "lib/iam.generated.ts",
5391 "line": 2994
5392 },
5393 "name": "cfnProperties",
5394 "overrides": "@aws-cdk/core.CfnResource",
5395 "protected": true,
5396 "type": {
5397 "collection": {
5398 "elementtype": {
5399 "primitive": "any"
5400 },
5401 "kind": "map"
5402 }
5403 }
5404 },
5405 {
5406 "docs": {
5407 "custom": {
5408 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-tags"
5409 },
5410 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
5411 "stability": "external",
5412 "summary": "A list of tags that you want to attach to the new user."
5413 },
5414 "immutable": true,
5415 "locationInModule": {
5416 "filename": "lib/iam.generated.ts",
5417 "line": 2945
5418 },
5419 "name": "tags",
5420 "type": {
5421 "fqn": "@aws-cdk/core.TagManager"
5422 }
5423 },
5424 {
5425 "docs": {
5426 "custom": {
5427 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-groups"
5428 },
5429 "stability": "external",
5430 "summary": "A list of group names to which you want to add the user."
5431 },
5432 "locationInModule": {
5433 "filename": "lib/iam.generated.ts",
5434 "line": 2883
5435 },
5436 "name": "groups",
5437 "optional": true,
5438 "type": {
5439 "collection": {
5440 "elementtype": {
5441 "primitive": "string"
5442 },
5443 "kind": "array"
5444 }
5445 }
5446 },
5447 {
5448 "docs": {
5449 "custom": {
5450 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-loginprofile"
5451 },
5452 "remarks": "A password allows an IAM user to access AWS services through the AWS Management Console .\n\nYou can use the AWS CLI , the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the AWS Management Console .\n\nFor more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .",
5453 "stability": "external",
5454 "summary": "Creates a password for the specified IAM user."
5455 },
5456 "locationInModule": {
5457 "filename": "lib/iam.generated.ts",
5458 "line": 2894
5459 },
5460 "name": "loginProfile",
5461 "optional": true,
5462 "type": {
5463 "union": {
5464 "types": [
5465 {
5466 "fqn": "@aws-cdk/core.IResolvable"
5467 },
5468 {
5469 "fqn": "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty"
5470 }
5471 ]
5472 }
5473 }
5474 },
5475 {
5476 "docs": {
5477 "custom": {
5478 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-managepolicyarns"
5479 },
5480 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
5481 "stability": "external",
5482 "summary": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user."
5483 },
5484 "locationInModule": {
5485 "filename": "lib/iam.generated.ts",
5486 "line": 2903
5487 },
5488 "name": "managedPolicyArns",
5489 "optional": true,
5490 "type": {
5491 "collection": {
5492 "elementtype": {
5493 "primitive": "string"
5494 },
5495 "kind": "array"
5496 }
5497 }
5498 },
5499 {
5500 "docs": {
5501 "custom": {
5502 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-path"
5503 },
5504 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
5505 "stability": "external",
5506 "summary": "The path for the user name."
5507 },
5508 "locationInModule": {
5509 "filename": "lib/iam.generated.ts",
5510 "line": 2914
5511 },
5512 "name": "path",
5513 "optional": true,
5514 "type": {
5515 "primitive": "string"
5516 }
5517 },
5518 {
5519 "docs": {
5520 "custom": {
5521 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-permissionsboundary"
5522 },
5523 "remarks": "A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .\n\nFor more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide* .",
5524 "stability": "external",
5525 "summary": "The ARN of the managed policy that is used to set the permissions boundary for the user."
5526 },
5527 "locationInModule": {
5528 "filename": "lib/iam.generated.ts",
5529 "line": 2925
5530 },
5531 "name": "permissionsBoundary",
5532 "optional": true,
5533 "type": {
5534 "primitive": "string"
5535 }
5536 },
5537 {
5538 "docs": {
5539 "custom": {
5540 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-policies"
5541 },
5542 "remarks": "To view AWS::IAM::User snippets, see [Declaring an IAM User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user) .\n\n> The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.\n\nFor information about limits on the number of inline policies that you can embed in a user, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
5543 "stability": "external",
5544 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM user."
5545 },
5546 "locationInModule": {
5547 "filename": "lib/iam.generated.ts",
5548 "line": 2936
5549 },
5550 "name": "policies",
5551 "optional": true,
5552 "type": {
5553 "union": {
5554 "types": [
5555 {
5556 "fqn": "@aws-cdk/core.IResolvable"
5557 },
5558 {
5559 "collection": {
5560 "elementtype": {
5561 "union": {
5562 "types": [
5563 {
5564 "fqn": "@aws-cdk/core.IResolvable"
5565 },
5566 {
5567 "fqn": "@aws-cdk/aws-iam.CfnUser.PolicyProperty"
5568 }
5569 ]
5570 }
5571 },
5572 "kind": "array"
5573 }
5574 }
5575 ]
5576 }
5577 }
5578 },
5579 {
5580 "docs": {
5581 "custom": {
5582 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-username"
5583 },
5584 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both \"John\" and \"john\".\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
5585 "stability": "external",
5586 "summary": "The name of the user to create. Do not include the path in this value."
5587 },
5588 "locationInModule": {
5589 "filename": "lib/iam.generated.ts",
5590 "line": 2960
5591 },
5592 "name": "userName",
5593 "optional": true,
5594 "type": {
5595 "primitive": "string"
5596 }
5597 }
5598 ],
5599 "symbolId": "lib/iam.generated:CfnUser"
5600 },
5601 "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty": {
5602 "assembly": "@aws-cdk/aws-iam",
5603 "datatype": true,
5604 "docs": {
5605 "custom": {
5606 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html",
5607 "exampleMetadata": "fixture=_generated"
5608 },
5609 "remarks": "For more information about managing passwords, see [Managing Passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .",
5610 "stability": "external",
5611 "summary": "Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console .",
5612 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst loginProfileProperty: iam.CfnUser.LoginProfileProperty = {\n password: 'password',\n\n // the properties below are optional\n passwordResetRequired: false,\n};"
5613 },
5614 "fqn": "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty",
5615 "kind": "interface",
5616 "locationInModule": {
5617 "filename": "lib/iam.generated.ts",
5618 "line": 3021
5619 },
5620 "name": "LoginProfileProperty",
5621 "namespace": "CfnUser",
5622 "properties": [
5623 {
5624 "abstract": true,
5625 "docs": {
5626 "custom": {
5627 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html#cfn-iam-user-loginprofile-password"
5628 },
5629 "stability": "external",
5630 "summary": "The user's password."
5631 },
5632 "immutable": true,
5633 "locationInModule": {
5634 "filename": "lib/iam.generated.ts",
5635 "line": 3027
5636 },
5637 "name": "password",
5638 "type": {
5639 "primitive": "string"
5640 }
5641 },
5642 {
5643 "abstract": true,
5644 "docs": {
5645 "custom": {
5646 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html#cfn-iam-user-loginprofile-passwordresetrequired"
5647 },
5648 "stability": "external",
5649 "summary": "Specifies whether the user is required to set a new password on next sign-in."
5650 },
5651 "immutable": true,
5652 "locationInModule": {
5653 "filename": "lib/iam.generated.ts",
5654 "line": 3033
5655 },
5656 "name": "passwordResetRequired",
5657 "optional": true,
5658 "type": {
5659 "union": {
5660 "types": [
5661 {
5662 "primitive": "boolean"
5663 },
5664 {
5665 "fqn": "@aws-cdk/core.IResolvable"
5666 }
5667 ]
5668 }
5669 }
5670 }
5671 ],
5672 "symbolId": "lib/iam.generated:CfnUser.LoginProfileProperty"
5673 },
5674 "@aws-cdk/aws-iam.CfnUser.PolicyProperty": {
5675 "assembly": "@aws-cdk/aws-iam",
5676 "datatype": true,
5677 "docs": {
5678 "custom": {
5679 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html",
5680 "exampleMetadata": "fixture=_generated"
5681 },
5682 "remarks": "An attached policy is a managed policy that has been attached to a user, group, or role.\n\nFor more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .",
5683 "stability": "external",
5684 "summary": "Contains information about an attached policy.",
5685 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst policyProperty: iam.CfnUser.PolicyProperty = {\n policyDocument: policyDocument,\n policyName: 'policyName',\n};"
5686 },
5687 "fqn": "@aws-cdk/aws-iam.CfnUser.PolicyProperty",
5688 "kind": "interface",
5689 "locationInModule": {
5690 "filename": "lib/iam.generated.ts",
5691 "line": 3102
5692 },
5693 "name": "PolicyProperty",
5694 "namespace": "CfnUser",
5695 "properties": [
5696 {
5697 "abstract": true,
5698 "docs": {
5699 "custom": {
5700 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument"
5701 },
5702 "remarks": "For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json) .",
5703 "stability": "external",
5704 "summary": "The entire contents of the policy that defines permissions."
5705 },
5706 "immutable": true,
5707 "locationInModule": {
5708 "filename": "lib/iam.generated.ts",
5709 "line": 3108
5710 },
5711 "name": "policyDocument",
5712 "type": {
5713 "primitive": "any"
5714 }
5715 },
5716 {
5717 "abstract": true,
5718 "docs": {
5719 "custom": {
5720 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname"
5721 },
5722 "stability": "external",
5723 "summary": "The friendly name (not ARN) identifying the policy."
5724 },
5725 "immutable": true,
5726 "locationInModule": {
5727 "filename": "lib/iam.generated.ts",
5728 "line": 3114
5729 },
5730 "name": "policyName",
5731 "type": {
5732 "primitive": "string"
5733 }
5734 }
5735 ],
5736 "symbolId": "lib/iam.generated:CfnUser.PolicyProperty"
5737 },
5738 "@aws-cdk/aws-iam.CfnUserProps": {
5739 "assembly": "@aws-cdk/aws-iam",
5740 "datatype": true,
5741 "docs": {
5742 "custom": {
5743 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html",
5744 "exampleMetadata": "fixture=_generated"
5745 },
5746 "stability": "external",
5747 "summary": "Properties for defining a `CfnUser`.",
5748 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnUserProps: iam.CfnUserProps = {\n groups: ['groups'],\n loginProfile: {\n password: 'password',\n\n // the properties below are optional\n passwordResetRequired: false,\n },\n managedPolicyArns: ['managedPolicyArns'],\n path: 'path',\n permissionsBoundary: 'permissionsBoundary',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n tags: [{\n key: 'key',\n value: 'value',\n }],\n userName: 'userName',\n};"
5749 },
5750 "fqn": "@aws-cdk/aws-iam.CfnUserProps",
5751 "kind": "interface",
5752 "locationInModule": {
5753 "filename": "lib/iam.generated.ts",
5754 "line": 2682
5755 },
5756 "name": "CfnUserProps",
5757 "properties": [
5758 {
5759 "abstract": true,
5760 "docs": {
5761 "custom": {
5762 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-groups"
5763 },
5764 "stability": "external",
5765 "summary": "A list of group names to which you want to add the user."
5766 },
5767 "immutable": true,
5768 "locationInModule": {
5769 "filename": "lib/iam.generated.ts",
5770 "line": 2689
5771 },
5772 "name": "groups",
5773 "optional": true,
5774 "type": {
5775 "collection": {
5776 "elementtype": {
5777 "primitive": "string"
5778 },
5779 "kind": "array"
5780 }
5781 }
5782 },
5783 {
5784 "abstract": true,
5785 "docs": {
5786 "custom": {
5787 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-loginprofile"
5788 },
5789 "remarks": "A password allows an IAM user to access AWS services through the AWS Management Console .\n\nYou can use the AWS CLI , the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the AWS Management Console .\n\nFor more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .",
5790 "stability": "external",
5791 "summary": "Creates a password for the specified IAM user."
5792 },
5793 "immutable": true,
5794 "locationInModule": {
5795 "filename": "lib/iam.generated.ts",
5796 "line": 2700
5797 },
5798 "name": "loginProfile",
5799 "optional": true,
5800 "type": {
5801 "union": {
5802 "types": [
5803 {
5804 "fqn": "@aws-cdk/core.IResolvable"
5805 },
5806 {
5807 "fqn": "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty"
5808 }
5809 ]
5810 }
5811 }
5812 },
5813 {
5814 "abstract": true,
5815 "docs": {
5816 "custom": {
5817 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-managepolicyarns"
5818 },
5819 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
5820 "stability": "external",
5821 "summary": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user."
5822 },
5823 "immutable": true,
5824 "locationInModule": {
5825 "filename": "lib/iam.generated.ts",
5826 "line": 2709
5827 },
5828 "name": "managedPolicyArns",
5829 "optional": true,
5830 "type": {
5831 "collection": {
5832 "elementtype": {
5833 "primitive": "string"
5834 },
5835 "kind": "array"
5836 }
5837 }
5838 },
5839 {
5840 "abstract": true,
5841 "docs": {
5842 "custom": {
5843 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-path"
5844 },
5845 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
5846 "stability": "external",
5847 "summary": "The path for the user name."
5848 },
5849 "immutable": true,
5850 "locationInModule": {
5851 "filename": "lib/iam.generated.ts",
5852 "line": 2720
5853 },
5854 "name": "path",
5855 "optional": true,
5856 "type": {
5857 "primitive": "string"
5858 }
5859 },
5860 {
5861 "abstract": true,
5862 "docs": {
5863 "custom": {
5864 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-permissionsboundary"
5865 },
5866 "remarks": "A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .\n\nFor more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide* .",
5867 "stability": "external",
5868 "summary": "The ARN of the managed policy that is used to set the permissions boundary for the user."
5869 },
5870 "immutable": true,
5871 "locationInModule": {
5872 "filename": "lib/iam.generated.ts",
5873 "line": 2731
5874 },
5875 "name": "permissionsBoundary",
5876 "optional": true,
5877 "type": {
5878 "primitive": "string"
5879 }
5880 },
5881 {
5882 "abstract": true,
5883 "docs": {
5884 "custom": {
5885 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-policies"
5886 },
5887 "remarks": "To view AWS::IAM::User snippets, see [Declaring an IAM User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user) .\n\n> The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.\n\nFor information about limits on the number of inline policies that you can embed in a user, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
5888 "stability": "external",
5889 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM user."
5890 },
5891 "immutable": true,
5892 "locationInModule": {
5893 "filename": "lib/iam.generated.ts",
5894 "line": 2742
5895 },
5896 "name": "policies",
5897 "optional": true,
5898 "type": {
5899 "union": {
5900 "types": [
5901 {
5902 "fqn": "@aws-cdk/core.IResolvable"
5903 },
5904 {
5905 "collection": {
5906 "elementtype": {
5907 "union": {
5908 "types": [
5909 {
5910 "fqn": "@aws-cdk/core.IResolvable"
5911 },
5912 {
5913 "fqn": "@aws-cdk/aws-iam.CfnUser.PolicyProperty"
5914 }
5915 ]
5916 }
5917 },
5918 "kind": "array"
5919 }
5920 }
5921 ]
5922 }
5923 }
5924 },
5925 {
5926 "abstract": true,
5927 "docs": {
5928 "custom": {
5929 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-tags"
5930 },
5931 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
5932 "stability": "external",
5933 "summary": "A list of tags that you want to attach to the new user."
5934 },
5935 "immutable": true,
5936 "locationInModule": {
5937 "filename": "lib/iam.generated.ts",
5938 "line": 2751
5939 },
5940 "name": "tags",
5941 "optional": true,
5942 "type": {
5943 "collection": {
5944 "elementtype": {
5945 "fqn": "@aws-cdk/core.CfnTag"
5946 },
5947 "kind": "array"
5948 }
5949 }
5950 },
5951 {
5952 "abstract": true,
5953 "docs": {
5954 "custom": {
5955 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-username"
5956 },
5957 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both \"John\" and \"john\".\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
5958 "stability": "external",
5959 "summary": "The name of the user to create. Do not include the path in this value."
5960 },
5961 "immutable": true,
5962 "locationInModule": {
5963 "filename": "lib/iam.generated.ts",
5964 "line": 2766
5965 },
5966 "name": "userName",
5967 "optional": true,
5968 "type": {
5969 "primitive": "string"
5970 }
5971 }
5972 ],
5973 "symbolId": "lib/iam.generated:CfnUserProps"
5974 },
5975 "@aws-cdk/aws-iam.CfnUserToGroupAddition": {
5976 "assembly": "@aws-cdk/aws-iam",
5977 "base": "@aws-cdk/core.CfnResource",
5978 "docs": {
5979 "custom": {
5980 "cloudformationResource": "AWS::IAM::UserToGroupAddition",
5981 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html",
5982 "exampleMetadata": "fixture=_generated"
5983 },
5984 "remarks": "Adds the specified user to the specified group.",
5985 "stability": "external",
5986 "summary": "A CloudFormation `AWS::IAM::UserToGroupAddition`.",
5987 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnUserToGroupAddition = new iam.CfnUserToGroupAddition(this, 'MyCfnUserToGroupAddition', {\n groupName: 'groupName',\n users: ['users'],\n});"
5988 },
5989 "fqn": "@aws-cdk/aws-iam.CfnUserToGroupAddition",
5990 "initializer": {
5991 "docs": {
5992 "stability": "external",
5993 "summary": "Create a new `AWS::IAM::UserToGroupAddition`."
5994 },
5995 "locationInModule": {
5996 "filename": "lib/iam.generated.ts",
5997 "line": 3306
5998 },
5999 "parameters": [
6000 {
6001 "docs": {
6002 "summary": "- scope in which this resource is defined."
6003 },
6004 "name": "scope",
6005 "type": {
6006 "fqn": "@aws-cdk/core.Construct"
6007 }
6008 },
6009 {
6010 "docs": {
6011 "summary": "- scoped id of the resource."
6012 },
6013 "name": "id",
6014 "type": {
6015 "primitive": "string"
6016 }
6017 },
6018 {
6019 "docs": {
6020 "summary": "- resource properties."
6021 },
6022 "name": "props",
6023 "type": {
6024 "fqn": "@aws-cdk/aws-iam.CfnUserToGroupAdditionProps"
6025 }
6026 }
6027 ]
6028 },
6029 "interfaces": [
6030 "@aws-cdk/core.IInspectable"
6031 ],
6032 "kind": "class",
6033 "locationInModule": {
6034 "filename": "lib/iam.generated.ts",
6035 "line": 3258
6036 },
6037 "methods": [
6038 {
6039 "docs": {
6040 "stability": "external",
6041 "summary": "Examines the CloudFormation resource and discloses attributes."
6042 },
6043 "locationInModule": {
6044 "filename": "lib/iam.generated.ts",
6045 "line": 3321
6046 },
6047 "name": "inspect",
6048 "overrides": "@aws-cdk/core.IInspectable",
6049 "parameters": [
6050 {
6051 "docs": {
6052 "summary": "- tree inspector to collect and process attributes."
6053 },
6054 "name": "inspector",
6055 "type": {
6056 "fqn": "@aws-cdk/core.TreeInspector"
6057 }
6058 }
6059 ]
6060 },
6061 {
6062 "docs": {
6063 "stability": "external"
6064 },
6065 "locationInModule": {
6066 "filename": "lib/iam.generated.ts",
6067 "line": 3333
6068 },
6069 "name": "renderProperties",
6070 "overrides": "@aws-cdk/core.CfnResource",
6071 "parameters": [
6072 {
6073 "name": "props",
6074 "type": {
6075 "collection": {
6076 "elementtype": {
6077 "primitive": "any"
6078 },
6079 "kind": "map"
6080 }
6081 }
6082 }
6083 ],
6084 "protected": true,
6085 "returns": {
6086 "type": {
6087 "collection": {
6088 "elementtype": {
6089 "primitive": "any"
6090 },
6091 "kind": "map"
6092 }
6093 }
6094 }
6095 }
6096 ],
6097 "name": "CfnUserToGroupAddition",
6098 "properties": [
6099 {
6100 "const": true,
6101 "docs": {
6102 "stability": "external",
6103 "summary": "The CloudFormation resource type name for this resource class."
6104 },
6105 "immutable": true,
6106 "locationInModule": {
6107 "filename": "lib/iam.generated.ts",
6108 "line": 3262
6109 },
6110 "name": "CFN_RESOURCE_TYPE_NAME",
6111 "static": true,
6112 "type": {
6113 "primitive": "string"
6114 }
6115 },
6116 {
6117 "docs": {
6118 "stability": "external"
6119 },
6120 "immutable": true,
6121 "locationInModule": {
6122 "filename": "lib/iam.generated.ts",
6123 "line": 3326
6124 },
6125 "name": "cfnProperties",
6126 "overrides": "@aws-cdk/core.CfnResource",
6127 "protected": true,
6128 "type": {
6129 "collection": {
6130 "elementtype": {
6131 "primitive": "any"
6132 },
6133 "kind": "map"
6134 }
6135 }
6136 },
6137 {
6138 "docs": {
6139 "custom": {
6140 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-groupname"
6141 },
6142 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
6143 "stability": "external",
6144 "summary": "The name of the group to update."
6145 },
6146 "locationInModule": {
6147 "filename": "lib/iam.generated.ts",
6148 "line": 3290
6149 },
6150 "name": "groupName",
6151 "type": {
6152 "primitive": "string"
6153 }
6154 },
6155 {
6156 "docs": {
6157 "custom": {
6158 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-users"
6159 },
6160 "stability": "external",
6161 "summary": "A list of the names of the users that you want to add to the group."
6162 },
6163 "locationInModule": {
6164 "filename": "lib/iam.generated.ts",
6165 "line": 3297
6166 },
6167 "name": "users",
6168 "type": {
6169 "collection": {
6170 "elementtype": {
6171 "primitive": "string"
6172 },
6173 "kind": "array"
6174 }
6175 }
6176 }
6177 ],
6178 "symbolId": "lib/iam.generated:CfnUserToGroupAddition"
6179 },
6180 "@aws-cdk/aws-iam.CfnUserToGroupAdditionProps": {
6181 "assembly": "@aws-cdk/aws-iam",
6182 "datatype": true,
6183 "docs": {
6184 "custom": {
6185 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html",
6186 "exampleMetadata": "fixture=_generated"
6187 },
6188 "stability": "external",
6189 "summary": "Properties for defining a `CfnUserToGroupAddition`.",
6190 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnUserToGroupAdditionProps: iam.CfnUserToGroupAdditionProps = {\n groupName: 'groupName',\n users: ['users'],\n};"
6191 },
6192 "fqn": "@aws-cdk/aws-iam.CfnUserToGroupAdditionProps",
6193 "kind": "interface",
6194 "locationInModule": {
6195 "filename": "lib/iam.generated.ts",
6196 "line": 3179
6197 },
6198 "name": "CfnUserToGroupAdditionProps",
6199 "properties": [
6200 {
6201 "abstract": true,
6202 "docs": {
6203 "custom": {
6204 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-groupname"
6205 },
6206 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
6207 "stability": "external",
6208 "summary": "The name of the group to update."
6209 },
6210 "immutable": true,
6211 "locationInModule": {
6212 "filename": "lib/iam.generated.ts",
6213 "line": 3188
6214 },
6215 "name": "groupName",
6216 "type": {
6217 "primitive": "string"
6218 }
6219 },
6220 {
6221 "abstract": true,
6222 "docs": {
6223 "custom": {
6224 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-users"
6225 },
6226 "stability": "external",
6227 "summary": "A list of the names of the users that you want to add to the group."
6228 },
6229 "immutable": true,
6230 "locationInModule": {
6231 "filename": "lib/iam.generated.ts",
6232 "line": 3195
6233 },
6234 "name": "users",
6235 "type": {
6236 "collection": {
6237 "elementtype": {
6238 "primitive": "string"
6239 },
6240 "kind": "array"
6241 }
6242 }
6243 }
6244 ],
6245 "symbolId": "lib/iam.generated:CfnUserToGroupAdditionProps"
6246 },
6247 "@aws-cdk/aws-iam.CfnVirtualMFADevice": {
6248 "assembly": "@aws-cdk/aws-iam",
6249 "base": "@aws-cdk/core.CfnResource",
6250 "docs": {
6251 "custom": {
6252 "cloudformationResource": "AWS::IAM::VirtualMFADevice",
6253 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html",
6254 "exampleMetadata": "fixture=_generated"
6255 },
6256 "remarks": "Creates a new virtual MFA device for the AWS account . After creating the virtual MFA, use [EnableMFADevice](https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html) to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, see [Using a virtual MFA device](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) in the *IAM User Guide* .\n\nFor information about the maximum number of MFA devices you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .\n\n> The seed information contained in the QR code and the Base32 string should be treated like any other secret access information. In other words, protect the seed information as you would your AWS access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.",
6257 "stability": "external",
6258 "summary": "A CloudFormation `AWS::IAM::VirtualMFADevice`.",
6259 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnVirtualMFADevice = new iam.CfnVirtualMFADevice(this, 'MyCfnVirtualMFADevice', {\n users: ['users'],\n\n // the properties below are optional\n path: 'path',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n virtualMfaDeviceName: 'virtualMfaDeviceName',\n});"
6260 },
6261 "fqn": "@aws-cdk/aws-iam.CfnVirtualMFADevice",
6262 "initializer": {
6263 "docs": {
6264 "stability": "external",
6265 "summary": "Create a new `AWS::IAM::VirtualMFADevice`."
6266 },
6267 "locationInModule": {
6268 "filename": "lib/iam.generated.ts",
6269 "line": 3528
6270 },
6271 "parameters": [
6272 {
6273 "docs": {
6274 "summary": "- scope in which this resource is defined."
6275 },
6276 "name": "scope",
6277 "type": {
6278 "fqn": "@aws-cdk/core.Construct"
6279 }
6280 },
6281 {
6282 "docs": {
6283 "summary": "- scoped id of the resource."
6284 },
6285 "name": "id",
6286 "type": {
6287 "primitive": "string"
6288 }
6289 },
6290 {
6291 "docs": {
6292 "summary": "- resource properties."
6293 },
6294 "name": "props",
6295 "type": {
6296 "fqn": "@aws-cdk/aws-iam.CfnVirtualMFADeviceProps"
6297 }
6298 }
6299 ]
6300 },
6301 "interfaces": [
6302 "@aws-cdk/core.IInspectable"
6303 ],
6304 "kind": "class",
6305 "locationInModule": {
6306 "filename": "lib/iam.generated.ts",
6307 "line": 3454
6308 },
6309 "methods": [
6310 {
6311 "docs": {
6312 "stability": "external",
6313 "summary": "Examines the CloudFormation resource and discloses attributes."
6314 },
6315 "locationInModule": {
6316 "filename": "lib/iam.generated.ts",
6317 "line": 3545
6318 },
6319 "name": "inspect",
6320 "overrides": "@aws-cdk/core.IInspectable",
6321 "parameters": [
6322 {
6323 "docs": {
6324 "summary": "- tree inspector to collect and process attributes."
6325 },
6326 "name": "inspector",
6327 "type": {
6328 "fqn": "@aws-cdk/core.TreeInspector"
6329 }
6330 }
6331 ]
6332 },
6333 {
6334 "docs": {
6335 "stability": "external"
6336 },
6337 "locationInModule": {
6338 "filename": "lib/iam.generated.ts",
6339 "line": 3559
6340 },
6341 "name": "renderProperties",
6342 "overrides": "@aws-cdk/core.CfnResource",
6343 "parameters": [
6344 {
6345 "name": "props",
6346 "type": {
6347 "collection": {
6348 "elementtype": {
6349 "primitive": "any"
6350 },
6351 "kind": "map"
6352 }
6353 }
6354 }
6355 ],
6356 "protected": true,
6357 "returns": {
6358 "type": {
6359 "collection": {
6360 "elementtype": {
6361 "primitive": "any"
6362 },
6363 "kind": "map"
6364 }
6365 }
6366 }
6367 }
6368 ],
6369 "name": "CfnVirtualMFADevice",
6370 "properties": [
6371 {
6372 "const": true,
6373 "docs": {
6374 "stability": "external",
6375 "summary": "The CloudFormation resource type name for this resource class."
6376 },
6377 "immutable": true,
6378 "locationInModule": {
6379 "filename": "lib/iam.generated.ts",
6380 "line": 3458
6381 },
6382 "name": "CFN_RESOURCE_TYPE_NAME",
6383 "static": true,
6384 "type": {
6385 "primitive": "string"
6386 }
6387 },
6388 {
6389 "docs": {
6390 "custom": {
6391 "cloudformationAttribute": "SerialNumber"
6392 },
6393 "stability": "external",
6394 "summary": "Returns the serial number for the specified `AWS::IAM::VirtualMFADevice` resource."
6395 },
6396 "immutable": true,
6397 "locationInModule": {
6398 "filename": "lib/iam.generated.ts",
6399 "line": 3483
6400 },
6401 "name": "attrSerialNumber",
6402 "type": {
6403 "primitive": "string"
6404 }
6405 },
6406 {
6407 "docs": {
6408 "stability": "external"
6409 },
6410 "immutable": true,
6411 "locationInModule": {
6412 "filename": "lib/iam.generated.ts",
6413 "line": 3550
6414 },
6415 "name": "cfnProperties",
6416 "overrides": "@aws-cdk/core.CfnResource",
6417 "protected": true,
6418 "type": {
6419 "collection": {
6420 "elementtype": {
6421 "primitive": "any"
6422 },
6423 "kind": "map"
6424 }
6425 }
6426 },
6427 {
6428 "docs": {
6429 "custom": {
6430 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-tags"
6431 },
6432 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
6433 "stability": "external",
6434 "summary": "A list of tags that you want to attach to the new IAM virtual MFA device."
6435 },
6436 "immutable": true,
6437 "locationInModule": {
6438 "filename": "lib/iam.generated.ts",
6439 "line": 3510
6440 },
6441 "name": "tags",
6442 "type": {
6443 "fqn": "@aws-cdk/core.TagManager"
6444 }
6445 },
6446 {
6447 "docs": {
6448 "custom": {
6449 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-users"
6450 },
6451 "stability": "external",
6452 "summary": "The IAM user associated with this virtual MFA device."
6453 },
6454 "locationInModule": {
6455 "filename": "lib/iam.generated.ts",
6456 "line": 3490
6457 },
6458 "name": "users",
6459 "type": {
6460 "collection": {
6461 "elementtype": {
6462 "primitive": "string"
6463 },
6464 "kind": "array"
6465 }
6466 }
6467 },
6468 {
6469 "docs": {
6470 "custom": {
6471 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-path"
6472 },
6473 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
6474 "stability": "external",
6475 "summary": "The path for the virtual MFA device."
6476 },
6477 "locationInModule": {
6478 "filename": "lib/iam.generated.ts",
6479 "line": 3501
6480 },
6481 "name": "path",
6482 "optional": true,
6483 "type": {
6484 "primitive": "string"
6485 }
6486 },
6487 {
6488 "docs": {
6489 "custom": {
6490 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-virtualmfadevicename"
6491 },
6492 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
6493 "stability": "external",
6494 "summary": "The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device."
6495 },
6496 "locationInModule": {
6497 "filename": "lib/iam.generated.ts",
6498 "line": 3519
6499 },
6500 "name": "virtualMfaDeviceName",
6501 "optional": true,
6502 "type": {
6503 "primitive": "string"
6504 }
6505 }
6506 ],
6507 "symbolId": "lib/iam.generated:CfnVirtualMFADevice"
6508 },
6509 "@aws-cdk/aws-iam.CfnVirtualMFADeviceProps": {
6510 "assembly": "@aws-cdk/aws-iam",
6511 "datatype": true,
6512 "docs": {
6513 "custom": {
6514 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html",
6515 "exampleMetadata": "fixture=_generated"
6516 },
6517 "stability": "external",
6518 "summary": "Properties for defining a `CfnVirtualMFADevice`.",
6519 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnVirtualMFADeviceProps: iam.CfnVirtualMFADeviceProps = {\n users: ['users'],\n\n // the properties below are optional\n path: 'path',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n virtualMfaDeviceName: 'virtualMfaDeviceName',\n};"
6520 },
6521 "fqn": "@aws-cdk/aws-iam.CfnVirtualMFADeviceProps",
6522 "kind": "interface",
6523 "locationInModule": {
6524 "filename": "lib/iam.generated.ts",
6525 "line": 3346
6526 },
6527 "name": "CfnVirtualMFADeviceProps",
6528 "properties": [
6529 {
6530 "abstract": true,
6531 "docs": {
6532 "custom": {
6533 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-users"
6534 },
6535 "stability": "external",
6536 "summary": "The IAM user associated with this virtual MFA device."
6537 },
6538 "immutable": true,
6539 "locationInModule": {
6540 "filename": "lib/iam.generated.ts",
6541 "line": 3353
6542 },
6543 "name": "users",
6544 "type": {
6545 "collection": {
6546 "elementtype": {
6547 "primitive": "string"
6548 },
6549 "kind": "array"
6550 }
6551 }
6552 },
6553 {
6554 "abstract": true,
6555 "docs": {
6556 "custom": {
6557 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-path"
6558 },
6559 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
6560 "stability": "external",
6561 "summary": "The path for the virtual MFA device."
6562 },
6563 "immutable": true,
6564 "locationInModule": {
6565 "filename": "lib/iam.generated.ts",
6566 "line": 3364
6567 },
6568 "name": "path",
6569 "optional": true,
6570 "type": {
6571 "primitive": "string"
6572 }
6573 },
6574 {
6575 "abstract": true,
6576 "docs": {
6577 "custom": {
6578 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-tags"
6579 },
6580 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
6581 "stability": "external",
6582 "summary": "A list of tags that you want to attach to the new IAM virtual MFA device."
6583 },
6584 "immutable": true,
6585 "locationInModule": {
6586 "filename": "lib/iam.generated.ts",
6587 "line": 3373
6588 },
6589 "name": "tags",
6590 "optional": true,
6591 "type": {
6592 "collection": {
6593 "elementtype": {
6594 "fqn": "@aws-cdk/core.CfnTag"
6595 },
6596 "kind": "array"
6597 }
6598 }
6599 },
6600 {
6601 "abstract": true,
6602 "docs": {
6603 "custom": {
6604 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-virtualmfadevicename"
6605 },
6606 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
6607 "stability": "external",
6608 "summary": "The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device."
6609 },
6610 "immutable": true,
6611 "locationInModule": {
6612 "filename": "lib/iam.generated.ts",
6613 "line": 3382
6614 },
6615 "name": "virtualMfaDeviceName",
6616 "optional": true,
6617 "type": {
6618 "primitive": "string"
6619 }
6620 }
6621 ],
6622 "symbolId": "lib/iam.generated:CfnVirtualMFADeviceProps"
6623 },
6624 "@aws-cdk/aws-iam.CommonGrantOptions": {
6625 "assembly": "@aws-cdk/aws-iam",
6626 "datatype": true,
6627 "docs": {
6628 "stability": "stable",
6629 "summary": "Basic options for a grant operation.",
6630 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const grantable: iam.IGrantable;\nconst commonGrantOptions: iam.CommonGrantOptions = {\n actions: ['actions'],\n grantee: grantable,\n resourceArns: ['resourceArns'],\n};",
6631 "custom": {
6632 "exampleMetadata": "fixture=_generated"
6633 }
6634 },
6635 "fqn": "@aws-cdk/aws-iam.CommonGrantOptions",
6636 "kind": "interface",
6637 "locationInModule": {
6638 "filename": "lib/grant.ts",
6639 "line": 9
6640 },
6641 "name": "CommonGrantOptions",
6642 "properties": [
6643 {
6644 "abstract": true,
6645 "docs": {
6646 "stability": "stable",
6647 "summary": "The actions to grant."
6648 },
6649 "immutable": true,
6650 "locationInModule": {
6651 "filename": "lib/grant.ts",
6652 "line": 20
6653 },
6654 "name": "actions",
6655 "type": {
6656 "collection": {
6657 "elementtype": {
6658 "primitive": "string"
6659 },
6660 "kind": "array"
6661 }
6662 }
6663 },
6664 {
6665 "abstract": true,
6666 "docs": {
6667 "default": "if principal is undefined, no work is done.",
6668 "stability": "stable",
6669 "summary": "The principal to grant to."
6670 },
6671 "immutable": true,
6672 "locationInModule": {
6673 "filename": "lib/grant.ts",
6674 "line": 15
6675 },
6676 "name": "grantee",
6677 "type": {
6678 "fqn": "@aws-cdk/aws-iam.IGrantable"
6679 }
6680 },
6681 {
6682 "abstract": true,
6683 "docs": {
6684 "stability": "stable",
6685 "summary": "The resource ARNs to grant to."
6686 },
6687 "immutable": true,
6688 "locationInModule": {
6689 "filename": "lib/grant.ts",
6690 "line": 25
6691 },
6692 "name": "resourceArns",
6693 "type": {
6694 "collection": {
6695 "elementtype": {
6696 "primitive": "string"
6697 },
6698 "kind": "array"
6699 }
6700 }
6701 }
6702 ],
6703 "symbolId": "lib/grant:CommonGrantOptions"
6704 },
6705 "@aws-cdk/aws-iam.ComparablePrincipal": {
6706 "assembly": "@aws-cdk/aws-iam",
6707 "docs": {
6708 "stability": "stable",
6709 "summary": "Helper class for working with `IComparablePrincipal`s.",
6710 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst comparablePrincipal = new iam.ComparablePrincipal();",
6711 "custom": {
6712 "exampleMetadata": "fixture=_generated"
6713 }
6714 },
6715 "fqn": "@aws-cdk/aws-iam.ComparablePrincipal",
6716 "initializer": {
6717 "docs": {
6718 "stability": "stable"
6719 }
6720 },
6721 "kind": "class",
6722 "locationInModule": {
6723 "filename": "lib/principals.ts",
6724 "line": 90
6725 },
6726 "methods": [
6727 {
6728 "docs": {
6729 "stability": "stable",
6730 "summary": "Return the dedupeString of the given principal, if available."
6731 },
6732 "locationInModule": {
6733 "filename": "lib/principals.ts",
6734 "line": 101
6735 },
6736 "name": "dedupeStringFor",
6737 "parameters": [
6738 {
6739 "name": "x",
6740 "type": {
6741 "fqn": "@aws-cdk/aws-iam.IPrincipal"
6742 }
6743 }
6744 ],
6745 "returns": {
6746 "optional": true,
6747 "type": {
6748 "primitive": "string"
6749 }
6750 },
6751 "static": true
6752 },
6753 {
6754 "docs": {
6755 "stability": "stable",
6756 "summary": "Whether or not the given principal is a comparable principal."
6757 },
6758 "locationInModule": {
6759 "filename": "lib/principals.ts",
6760 "line": 94
6761 },
6762 "name": "isComparablePrincipal",
6763 "parameters": [
6764 {
6765 "name": "x",
6766 "type": {
6767 "fqn": "@aws-cdk/aws-iam.IPrincipal"
6768 }
6769 }
6770 ],
6771 "returns": {
6772 "type": {
6773 "primitive": "boolean"
6774 }
6775 },
6776 "static": true
6777 }
6778 ],
6779 "name": "ComparablePrincipal",
6780 "symbolId": "lib/principals:ComparablePrincipal"
6781 },
6782 "@aws-cdk/aws-iam.CompositeDependable": {
6783 "assembly": "@aws-cdk/aws-iam",
6784 "docs": {
6785 "remarks": "Not as simple as eagerly getting the dependency roots from the\ninner dependables, as they may be mutable so we need to defer\nthe query.",
6786 "stability": "stable",
6787 "summary": "Composite dependable.",
6788 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const dependable: cdk.IDependable;\nconst compositeDependable = new iam.CompositeDependable(dependable);",
6789 "custom": {
6790 "exampleMetadata": "fixture=_generated"
6791 }
6792 },
6793 "fqn": "@aws-cdk/aws-iam.CompositeDependable",
6794 "initializer": {
6795 "docs": {
6796 "stability": "stable"
6797 },
6798 "locationInModule": {
6799 "filename": "lib/grant.ts",
6800 "line": 339
6801 },
6802 "parameters": [
6803 {
6804 "name": "dependables",
6805 "type": {
6806 "fqn": "@aws-cdk/core.IDependable"
6807 },
6808 "variadic": true
6809 }
6810 ],
6811 "variadic": true
6812 },
6813 "interfaces": [
6814 "@aws-cdk/core.IDependable"
6815 ],
6816 "kind": "class",
6817 "locationInModule": {
6818 "filename": "lib/grant.ts",
6819 "line": 338
6820 },
6821 "name": "CompositeDependable",
6822 "symbolId": "lib/grant:CompositeDependable"
6823 },
6824 "@aws-cdk/aws-iam.CompositePrincipal": {
6825 "assembly": "@aws-cdk/aws-iam",
6826 "base": "@aws-cdk/aws-iam.PrincipalBase",
6827 "docs": {
6828 "remarks": "A composite principal cannot\nhave conditions. i.e. multiple ServicePrincipals that form a composite principal",
6829 "stability": "stable",
6830 "summary": "Represents a principal that has multiple types of principals.",
6831 "example": "const role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.CompositePrincipal(\n new iam.ServicePrincipal('ec2.amazonaws.com'),\n new iam.AccountPrincipal('1818188181818187272')\n ),\n});",
6832 "custom": {
6833 "exampleMetadata": "infused"
6834 }
6835 },
6836 "fqn": "@aws-cdk/aws-iam.CompositePrincipal",
6837 "initializer": {
6838 "docs": {
6839 "stability": "stable"
6840 },
6841 "locationInModule": {
6842 "filename": "lib/principals.ts",
6843 "line": 788
6844 },
6845 "parameters": [
6846 {
6847 "name": "principals",
6848 "type": {
6849 "fqn": "@aws-cdk/aws-iam.IPrincipal"
6850 },
6851 "variadic": true
6852 }
6853 ],
6854 "variadic": true
6855 },
6856 "kind": "class",
6857 "locationInModule": {
6858 "filename": "lib/principals.ts",
6859 "line": 784
6860 },
6861 "methods": [
6862 {
6863 "docs": {
6864 "remarks": "Composite principals cannot have\nconditions.",
6865 "stability": "stable",
6866 "summary": "Adds IAM principals to the composite principal."
6867 },
6868 "locationInModule": {
6869 "filename": "lib/principals.ts",
6870 "line": 803
6871 },
6872 "name": "addPrincipals",
6873 "parameters": [
6874 {
6875 "docs": {
6876 "summary": "IAM principals that will be added to the composite principal."
6877 },
6878 "name": "principals",
6879 "type": {
6880 "fqn": "@aws-cdk/aws-iam.IPrincipal"
6881 },
6882 "variadic": true
6883 }
6884 ],
6885 "returns": {
6886 "type": {
6887 "fqn": "@aws-cdk/aws-iam.CompositePrincipal"
6888 }
6889 },
6890 "variadic": true
6891 },
6892 {
6893 "docs": {
6894 "remarks": "Add the statements to the AssumeRolePolicyDocument necessary to give this principal\npermissions to assume the given role.",
6895 "stability": "stable",
6896 "summary": "Add the princpial to the AssumeRolePolicyDocument."
6897 },
6898 "locationInModule": {
6899 "filename": "lib/principals.ts",
6900 "line": 808
6901 },
6902 "name": "addToAssumeRolePolicy",
6903 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6904 "parameters": [
6905 {
6906 "name": "doc",
6907 "type": {
6908 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
6909 }
6910 }
6911 ]
6912 },
6913 {
6914 "docs": {
6915 "stability": "stable",
6916 "summary": "Return whether or not this principal is equal to the given principal."
6917 },
6918 "locationInModule": {
6919 "filename": "lib/principals.ts",
6920 "line": 839
6921 },
6922 "name": "dedupeString",
6923 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6924 "returns": {
6925 "optional": true,
6926 "type": {
6927 "primitive": "string"
6928 }
6929 }
6930 },
6931 {
6932 "docs": {
6933 "stability": "stable",
6934 "summary": "Returns a string representation of an object."
6935 },
6936 "locationInModule": {
6937 "filename": "lib/principals.ts",
6938 "line": 835
6939 },
6940 "name": "toString",
6941 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6942 "returns": {
6943 "type": {
6944 "primitive": "string"
6945 }
6946 }
6947 }
6948 ],
6949 "name": "CompositePrincipal",
6950 "properties": [
6951 {
6952 "docs": {
6953 "stability": "stable",
6954 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
6955 },
6956 "immutable": true,
6957 "locationInModule": {
6958 "filename": "lib/principals.ts",
6959 "line": 785
6960 },
6961 "name": "assumeRoleAction",
6962 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6963 "type": {
6964 "primitive": "string"
6965 }
6966 },
6967 {
6968 "docs": {
6969 "stability": "stable",
6970 "summary": "Return the policy fragment that identifies this principal in a Policy."
6971 },
6972 "immutable": true,
6973 "locationInModule": {
6974 "filename": "lib/principals.ts",
6975 "line": 814
6976 },
6977 "name": "policyFragment",
6978 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6979 "type": {
6980 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
6981 }
6982 }
6983 ],
6984 "symbolId": "lib/principals:CompositePrincipal"
6985 },
6986 "@aws-cdk/aws-iam.Effect": {
6987 "assembly": "@aws-cdk/aws-iam",
6988 "docs": {
6989 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_effect.html",
6990 "stability": "stable",
6991 "summary": "The Effect element of an IAM policy.",
6992 "example": "declare const books: apigateway.Resource;\ndeclare const iamUser: iam.User;\n\nconst getBooks = books.addMethod('GET', new apigateway.HttpIntegration('http://amazon.com'), {\n authorizationType: apigateway.AuthorizationType.IAM\n});\n\niamUser.attachInlinePolicy(new iam.Policy(this, 'AllowBooks', {\n statements: [\n new iam.PolicyStatement({\n actions: [ 'execute-api:Invoke' ],\n effect: iam.Effect.ALLOW,\n resources: [ getBooks.methodArn ]\n })\n ]\n}))",
6993 "custom": {
6994 "exampleMetadata": "infused"
6995 }
6996 },
6997 "fqn": "@aws-cdk/aws-iam.Effect",
6998 "kind": "enum",
6999 "locationInModule": {
7000 "filename": "lib/policy-statement.ts",
7001 "line": 587
7002 },
7003 "members": [
7004 {
7005 "docs": {
7006 "remarks": "By default, access to resources are denied.",
7007 "stability": "stable",
7008 "summary": "Allows access to a resource in an IAM policy statement."
7009 },
7010 "name": "ALLOW"
7011 },
7012 {
7013 "docs": {
7014 "remarks": "By default, all requests are denied implicitly.",
7015 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html",
7016 "stability": "stable",
7017 "summary": "Explicitly deny access to a resource."
7018 },
7019 "name": "DENY"
7020 }
7021 ],
7022 "name": "Effect",
7023 "symbolId": "lib/policy-statement:Effect"
7024 },
7025 "@aws-cdk/aws-iam.FederatedPrincipal": {
7026 "assembly": "@aws-cdk/aws-iam",
7027 "base": "@aws-cdk/aws-iam.PrincipalBase",
7028 "docs": {
7029 "remarks": "Additional condition keys are available when the temporary security credentials are used to make a request.\nYou can use these keys to write policies that limit the access of federated users.",
7030 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif",
7031 "stability": "stable",
7032 "summary": "Principal entity that represents a federated identity provider such as Amazon Cognito, that can be used to provide temporary security credentials to users who have been authenticated.",
7033 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const conditions: any;\nconst federatedPrincipal = new iam.FederatedPrincipal('federated', {\n conditionsKey: conditions,\n}, /* all optional props */ 'assumeRoleAction');",
7034 "custom": {
7035 "exampleMetadata": "fixture=_generated"
7036 }
7037 },
7038 "fqn": "@aws-cdk/aws-iam.FederatedPrincipal",
7039 "initializer": {
7040 "docs": {
7041 "stability": "stable"
7042 },
7043 "locationInModule": {
7044 "filename": "lib/principals.ts",
7045 "line": 613
7046 },
7047 "parameters": [
7048 {
7049 "docs": {
7050 "summary": "federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito)."
7051 },
7052 "name": "federated",
7053 "type": {
7054 "primitive": "string"
7055 }
7056 },
7057 {
7058 "docs": {
7059 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
7060 "summary": "The conditions under which the policy is in effect."
7061 },
7062 "name": "conditions",
7063 "type": {
7064 "collection": {
7065 "elementtype": {
7066 "primitive": "any"
7067 },
7068 "kind": "map"
7069 }
7070 }
7071 },
7072 {
7073 "name": "assumeRoleAction",
7074 "optional": true,
7075 "type": {
7076 "primitive": "string"
7077 }
7078 }
7079 ]
7080 },
7081 "kind": "class",
7082 "locationInModule": {
7083 "filename": "lib/principals.ts",
7084 "line": 603
7085 },
7086 "methods": [
7087 {
7088 "docs": {
7089 "stability": "stable",
7090 "summary": "Return whether or not this principal is equal to the given principal."
7091 },
7092 "locationInModule": {
7093 "filename": "lib/principals.ts",
7094 "line": 630
7095 },
7096 "name": "dedupeString",
7097 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
7098 "returns": {
7099 "optional": true,
7100 "type": {
7101 "primitive": "string"
7102 }
7103 }
7104 },
7105 {
7106 "docs": {
7107 "stability": "stable",
7108 "summary": "Returns a string representation of an object."
7109 },
7110 "locationInModule": {
7111 "filename": "lib/principals.ts",
7112 "line": 626
7113 },
7114 "name": "toString",
7115 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
7116 "returns": {
7117 "type": {
7118 "primitive": "string"
7119 }
7120 }
7121 }
7122 ],
7123 "name": "FederatedPrincipal",
7124 "properties": [
7125 {
7126 "docs": {
7127 "stability": "stable",
7128 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
7129 },
7130 "immutable": true,
7131 "locationInModule": {
7132 "filename": "lib/principals.ts",
7133 "line": 604
7134 },
7135 "name": "assumeRoleAction",
7136 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
7137 "type": {
7138 "primitive": "string"
7139 }
7140 },
7141 {
7142 "docs": {
7143 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
7144 "stability": "stable",
7145 "summary": "The conditions under which the policy is in effect."
7146 },
7147 "immutable": true,
7148 "locationInModule": {
7149 "filename": "lib/principals.ts",
7150 "line": 615
7151 },
7152 "name": "conditions",
7153 "type": {
7154 "collection": {
7155 "elementtype": {
7156 "primitive": "any"
7157 },
7158 "kind": "map"
7159 }
7160 }
7161 },
7162 {
7163 "docs": {
7164 "stability": "stable",
7165 "summary": "federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito)."
7166 },
7167 "immutable": true,
7168 "locationInModule": {
7169 "filename": "lib/principals.ts",
7170 "line": 614
7171 },
7172 "name": "federated",
7173 "type": {
7174 "primitive": "string"
7175 }
7176 },
7177 {
7178 "docs": {
7179 "stability": "stable",
7180 "summary": "Return the policy fragment that identifies this principal in a Policy."
7181 },
7182 "immutable": true,
7183 "locationInModule": {
7184 "filename": "lib/principals.ts",
7185 "line": 622
7186 },
7187 "name": "policyFragment",
7188 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
7189 "type": {
7190 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
7191 }
7192 }
7193 ],
7194 "symbolId": "lib/principals:FederatedPrincipal"
7195 },
7196 "@aws-cdk/aws-iam.FromRoleArnOptions": {
7197 "assembly": "@aws-cdk/aws-iam",
7198 "datatype": true,
7199 "docs": {
7200 "stability": "stable",
7201 "summary": "Options allowing customizing the behavior of {@link Role.fromRoleArn}.",
7202 "example": "const role = iam.Role.fromRoleArn(this, 'Role', 'arn:aws:iam::123456789012:role/MyExistingRole', {\n // Set 'mutable' to 'false' to use the role as-is and prevent adding new\n // policies to it. The default is 'true', which means the role may be\n // modified as part of the deployment.\n mutable: false,\n});",
7203 "custom": {
7204 "exampleMetadata": "infused"
7205 }
7206 },
7207 "fqn": "@aws-cdk/aws-iam.FromRoleArnOptions",
7208 "kind": "interface",
7209 "locationInModule": {
7210 "filename": "lib/role.ts",
7211 "line": 146
7212 },
7213 "name": "FromRoleArnOptions",
7214 "properties": [
7215 {
7216 "abstract": true,
7217 "docs": {
7218 "default": "false",
7219 "remarks": "If this is `false` or not specified, grant permissions added to this role are ignored.\nIt is your own responsibility to make sure the role has the required permissions.\n\nIf this is `true`, any grant permissions will be added to the resource instead.",
7220 "stability": "stable",
7221 "summary": "For immutable roles: add grants to resources instead of dropping them."
7222 },
7223 "immutable": true,
7224 "locationInModule": {
7225 "filename": "lib/role.ts",
7226 "line": 164
7227 },
7228 "name": "addGrantsToResources",
7229 "optional": true,
7230 "type": {
7231 "primitive": "boolean"
7232 }
7233 },
7234 {
7235 "abstract": true,
7236 "docs": {
7237 "default": "true",
7238 "stability": "stable",
7239 "summary": "Whether the imported role can be modified by attaching policy resources to it."
7240 },
7241 "immutable": true,
7242 "locationInModule": {
7243 "filename": "lib/role.ts",
7244 "line": 152
7245 },
7246 "name": "mutable",
7247 "optional": true,
7248 "type": {
7249 "primitive": "boolean"
7250 }
7251 }
7252 ],
7253 "symbolId": "lib/role:FromRoleArnOptions"
7254 },
7255 "@aws-cdk/aws-iam.Grant": {
7256 "assembly": "@aws-cdk/aws-iam",
7257 "docs": {
7258 "remarks": "This class is not instantiable by consumers on purpose, so that they will be\nrequired to call the Grant factory functions.",
7259 "stability": "stable",
7260 "summary": "Result of a grant() operation.",
7261 "example": "declare const instance: ec2.Instance;\ndeclare const volume: ec2.Volume;\n\nconst attachGrant = volume.grantAttachVolumeByResourceTag(instance.grantPrincipal, [instance]);\nconst detachGrant = volume.grantDetachVolumeByResourceTag(instance.grantPrincipal, [instance]);",
7262 "custom": {
7263 "exampleMetadata": "infused"
7264 }
7265 },
7266 "fqn": "@aws-cdk/aws-iam.Grant",
7267 "interfaces": [
7268 "@aws-cdk/core.IDependable"
7269 ],
7270 "kind": "class",
7271 "locationInModule": {
7272 "filename": "lib/grant.ts",
7273 "line": 99
7274 },
7275 "methods": [
7276 {
7277 "docs": {
7278 "remarks": "Absence of a principal leads to a warning, but failing to add\nthe permissions to a present principal is not an error.",
7279 "stability": "stable",
7280 "summary": "Try to grant the given permissions to the given principal."
7281 },
7282 "locationInModule": {
7283 "filename": "lib/grant.ts",
7284 "line": 158
7285 },
7286 "name": "addToPrincipal",
7287 "parameters": [
7288 {
7289 "name": "options",
7290 "type": {
7291 "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalOptions"
7292 }
7293 }
7294 ],
7295 "returns": {
7296 "type": {
7297 "fqn": "@aws-cdk/aws-iam.Grant"
7298 }
7299 },
7300 "static": true
7301 },
7302 {
7303 "docs": {
7304 "remarks": "As long as any principal is given, granting on the principal may fail (in\ncase of a non-identity principal), but granting on the resource will\nnever fail.\n\nStatement will be the resource statement.",
7305 "stability": "stable",
7306 "summary": "Add a grant both on the principal and on the resource."
7307 },
7308 "locationInModule": {
7309 "filename": "lib/grant.ts",
7310 "line": 185
7311 },
7312 "name": "addToPrincipalAndResource",
7313 "parameters": [
7314 {
7315 "name": "options",
7316 "type": {
7317 "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalAndResourceOptions"
7318 }
7319 }
7320 ],
7321 "returns": {
7322 "type": {
7323 "fqn": "@aws-cdk/aws-iam.Grant"
7324 }
7325 },
7326 "static": true
7327 },
7328 {
7329 "docs": {
7330 "remarks": "The permissions will be added to the principal policy primarily, falling\nback to the resource policy if necessary. The permissions must be granted\nsomewhere.\n\n- Trying to grant permissions to a principal that does not admit adding to\n the principal policy while not providing a resource with a resource policy\n is an error.\n- Trying to grant permissions to an absent principal (possible in the\n case of imported resources) leads to a warning being added to the\n resource construct.",
7331 "stability": "stable",
7332 "summary": "Grant the given permissions to the principal."
7333 },
7334 "locationInModule": {
7335 "filename": "lib/grant.ts",
7336 "line": 114
7337 },
7338 "name": "addToPrincipalOrResource",
7339 "parameters": [
7340 {
7341 "name": "options",
7342 "type": {
7343 "fqn": "@aws-cdk/aws-iam.GrantWithResourceOptions"
7344 }
7345 }
7346 ],
7347 "returns": {
7348 "type": {
7349 "fqn": "@aws-cdk/aws-iam.Grant"
7350 }
7351 },
7352 "static": true
7353 },
7354 {
7355 "docs": {
7356 "remarks": "This can be used for e.g. imported resources where you may not be able to modify\nthe resource's policy or some underlying policy which you don't know about.",
7357 "stability": "stable",
7358 "summary": "Returns a \"no-op\" `Grant` object which represents a \"dropped grant\"."
7359 },
7360 "locationInModule": {
7361 "filename": "lib/grant.ts",
7362 "line": 217
7363 },
7364 "name": "drop",
7365 "parameters": [
7366 {
7367 "docs": {
7368 "summary": "The intended grantee."
7369 },
7370 "name": "grantee",
7371 "type": {
7372 "fqn": "@aws-cdk/aws-iam.IGrantable"
7373 }
7374 },
7375 {
7376 "docs": {
7377 "summary": "The user's intent (will be ignored at the moment)."
7378 },
7379 "name": "_intent",
7380 "type": {
7381 "primitive": "string"
7382 }
7383 }
7384 ],
7385 "returns": {
7386 "type": {
7387 "fqn": "@aws-cdk/aws-iam.Grant"
7388 }
7389 },
7390 "static": true
7391 },
7392 {
7393 "docs": {
7394 "remarks": "The same as construct.node.addDependency(grant), but slightly nicer to read.",
7395 "stability": "stable",
7396 "summary": "Make sure this grant is applied before the given constructs are deployed."
7397 },
7398 "locationInModule": {
7399 "filename": "lib/grant.ts",
7400 "line": 279
7401 },
7402 "name": "applyBefore",
7403 "parameters": [
7404 {
7405 "name": "constructs",
7406 "type": {
7407 "fqn": "@aws-cdk/core.IConstruct"
7408 },
7409 "variadic": true
7410 }
7411 ],
7412 "variadic": true
7413 },
7414 {
7415 "docs": {
7416 "stability": "stable",
7417 "summary": "Throw an error if this grant wasn't successful."
7418 },
7419 "locationInModule": {
7420 "filename": "lib/grant.ts",
7421 "line": 267
7422 },
7423 "name": "assertSuccess"
7424 }
7425 ],
7426 "name": "Grant",
7427 "properties": [
7428 {
7429 "docs": {
7430 "stability": "stable",
7431 "summary": "Whether the grant operation was successful."
7432 },
7433 "immutable": true,
7434 "locationInModule": {
7435 "filename": "lib/grant.ts",
7436 "line": 260
7437 },
7438 "name": "success",
7439 "type": {
7440 "primitive": "boolean"
7441 }
7442 },
7443 {
7444 "docs": {
7445 "remarks": "Can be accessed to (e.g.) add additional conditions to the statement.",
7446 "stability": "stable",
7447 "summary": "The statement that was added to the principal's policy."
7448 },
7449 "immutable": true,
7450 "locationInModule": {
7451 "filename": "lib/grant.ts",
7452 "line": 228
7453 },
7454 "name": "principalStatement",
7455 "optional": true,
7456 "type": {
7457 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
7458 }
7459 },
7460 {
7461 "docs": {
7462 "remarks": "Can be accessed to (e.g.) add additional conditions to the statement.",
7463 "stability": "stable",
7464 "summary": "The statement that was added to the resource policy."
7465 },
7466 "immutable": true,
7467 "locationInModule": {
7468 "filename": "lib/grant.ts",
7469 "line": 235
7470 },
7471 "name": "resourceStatement",
7472 "optional": true,
7473 "type": {
7474 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
7475 }
7476 }
7477 ],
7478 "symbolId": "lib/grant:Grant"
7479 },
7480 "@aws-cdk/aws-iam.GrantOnPrincipalAndResourceOptions": {
7481 "assembly": "@aws-cdk/aws-iam",
7482 "datatype": true,
7483 "docs": {
7484 "stability": "stable",
7485 "summary": "Options for a grant operation to both identity and resource.",
7486 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const grantable: iam.IGrantable;\ndeclare const principal: iam.IPrincipal;\ndeclare const resourceWithPolicy: iam.IResourceWithPolicy;\nconst grantOnPrincipalAndResourceOptions: iam.GrantOnPrincipalAndResourceOptions = {\n actions: ['actions'],\n grantee: grantable,\n resource: resourceWithPolicy,\n resourceArns: ['resourceArns'],\n\n // the properties below are optional\n resourcePolicyPrincipal: principal,\n resourceSelfArns: ['resourceSelfArns'],\n};",
7487 "custom": {
7488 "exampleMetadata": "fixture=_generated"
7489 }
7490 },
7491 "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalAndResourceOptions",
7492 "interfaces": [
7493 "@aws-cdk/aws-iam.CommonGrantOptions"
7494 ],
7495 "kind": "interface",
7496 "locationInModule": {
7497 "filename": "lib/grant.ts",
7498 "line": 68
7499 },
7500 "name": "GrantOnPrincipalAndResourceOptions",
7501 "properties": [
7502 {
7503 "abstract": true,
7504 "docs": {
7505 "remarks": "The statement will always be added to the resource policy.",
7506 "stability": "stable",
7507 "summary": "The resource with a resource policy."
7508 },
7509 "immutable": true,
7510 "locationInModule": {
7511 "filename": "lib/grant.ts",
7512 "line": 74
7513 },
7514 "name": "resource",
7515 "type": {
7516 "fqn": "@aws-cdk/aws-iam.IResourceWithPolicy"
7517 }
7518 },
7519 {
7520 "abstract": true,
7521 "docs": {
7522 "default": "- the principal of the grantee will be used",
7523 "stability": "stable",
7524 "summary": "The principal to use in the statement for the resource policy."
7525 },
7526 "immutable": true,
7527 "locationInModule": {
7528 "filename": "lib/grant.ts",
7529 "line": 90
7530 },
7531 "name": "resourcePolicyPrincipal",
7532 "optional": true,
7533 "type": {
7534 "fqn": "@aws-cdk/aws-iam.IPrincipal"
7535 }
7536 },
7537 {
7538 "abstract": true,
7539 "docs": {
7540 "default": "Same as regular resource ARNs",
7541 "remarks": "(Depending on the resource type, this needs to be '*' in a resource policy).",
7542 "stability": "stable",
7543 "summary": "When referring to the resource in a resource policy, use this as ARN."
7544 },
7545 "immutable": true,
7546 "locationInModule": {
7547 "filename": "lib/grant.ts",
7548 "line": 83
7549 },
7550 "name": "resourceSelfArns",
7551 "optional": true,
7552 "type": {
7553 "collection": {
7554 "elementtype": {
7555 "primitive": "string"
7556 },
7557 "kind": "array"
7558 }
7559 }
7560 }
7561 ],
7562 "symbolId": "lib/grant:GrantOnPrincipalAndResourceOptions"
7563 },
7564 "@aws-cdk/aws-iam.GrantOnPrincipalOptions": {
7565 "assembly": "@aws-cdk/aws-iam",
7566 "datatype": true,
7567 "docs": {
7568 "stability": "stable",
7569 "summary": "Options for a grant operation that only applies to principals.",
7570 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const construct: cdk.Construct;\ndeclare const grantable: iam.IGrantable;\nconst grantOnPrincipalOptions: iam.GrantOnPrincipalOptions = {\n actions: ['actions'],\n grantee: grantable,\n resourceArns: ['resourceArns'],\n\n // the properties below are optional\n scope: construct,\n};",
7571 "custom": {
7572 "exampleMetadata": "fixture=_generated"
7573 }
7574 },
7575 "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalOptions",
7576 "interfaces": [
7577 "@aws-cdk/aws-iam.CommonGrantOptions"
7578 ],
7579 "kind": "interface",
7580 "locationInModule": {
7581 "filename": "lib/grant.ts",
7582 "line": 55
7583 },
7584 "name": "GrantOnPrincipalOptions",
7585 "properties": [
7586 {
7587 "abstract": true,
7588 "docs": {
7589 "default": "- the construct in which this construct is defined",
7590 "stability": "stable",
7591 "summary": "Construct to report warnings on in case grant could not be registered."
7592 },
7593 "immutable": true,
7594 "locationInModule": {
7595 "filename": "lib/grant.ts",
7596 "line": 61
7597 },
7598 "name": "scope",
7599 "optional": true,
7600 "type": {
7601 "fqn": "@aws-cdk/core.IConstruct"
7602 }
7603 }
7604 ],
7605 "symbolId": "lib/grant:GrantOnPrincipalOptions"
7606 },
7607 "@aws-cdk/aws-iam.GrantWithResourceOptions": {
7608 "assembly": "@aws-cdk/aws-iam",
7609 "datatype": true,
7610 "docs": {
7611 "stability": "stable",
7612 "summary": "Options for a grant operation.",
7613 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const grantable: iam.IGrantable;\ndeclare const resourceWithPolicy: iam.IResourceWithPolicy;\nconst grantWithResourceOptions: iam.GrantWithResourceOptions = {\n actions: ['actions'],\n grantee: grantable,\n resource: resourceWithPolicy,\n resourceArns: ['resourceArns'],\n\n // the properties below are optional\n resourceSelfArns: ['resourceSelfArns'],\n};",
7614 "custom": {
7615 "exampleMetadata": "fixture=_generated"
7616 }
7617 },
7618 "fqn": "@aws-cdk/aws-iam.GrantWithResourceOptions",
7619 "interfaces": [
7620 "@aws-cdk/aws-iam.CommonGrantOptions"
7621 ],
7622 "kind": "interface",
7623 "locationInModule": {
7624 "filename": "lib/grant.ts",
7625 "line": 32
7626 },
7627 "name": "GrantWithResourceOptions",
7628 "properties": [
7629 {
7630 "abstract": true,
7631 "docs": {
7632 "remarks": "The statement will be added to the resource policy if it couldn't be\nadded to the principal policy.",
7633 "stability": "stable",
7634 "summary": "The resource with a resource policy."
7635 },
7636 "immutable": true,
7637 "locationInModule": {
7638 "filename": "lib/grant.ts",
7639 "line": 39
7640 },
7641 "name": "resource",
7642 "type": {
7643 "fqn": "@aws-cdk/aws-iam.IResourceWithPolicy"
7644 }
7645 },
7646 {
7647 "abstract": true,
7648 "docs": {
7649 "default": "Same as regular resource ARNs",
7650 "remarks": "(Depending on the resource type, this needs to be '*' in a resource policy).",
7651 "stability": "stable",
7652 "summary": "When referring to the resource in a resource policy, use this as ARN."
7653 },
7654 "immutable": true,
7655 "locationInModule": {
7656 "filename": "lib/grant.ts",
7657 "line": 48
7658 },
7659 "name": "resourceSelfArns",
7660 "optional": true,
7661 "type": {
7662 "collection": {
7663 "elementtype": {
7664 "primitive": "string"
7665 },
7666 "kind": "array"
7667 }
7668 }
7669 }
7670 ],
7671 "symbolId": "lib/grant:GrantWithResourceOptions"
7672 },
7673 "@aws-cdk/aws-iam.Group": {
7674 "assembly": "@aws-cdk/aws-iam",
7675 "base": "@aws-cdk/core.Resource",
7676 "docs": {
7677 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html",
7678 "stability": "stable",
7679 "summary": "An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users.",
7680 "example": "const user = new iam.User(this, 'MyUser'); // or User.fromUserName(stack, 'User', 'johnsmith');\nconst group = new iam.Group(this, 'MyGroup'); // or Group.fromGroupArn(stack, 'Group', 'arn:aws:iam::account-id:group/group-name');\n\nuser.addToGroup(group);\n// or\ngroup.addUser(user);",
7681 "custom": {
7682 "exampleMetadata": "infused"
7683 }
7684 },
7685 "fqn": "@aws-cdk/aws-iam.Group",
7686 "initializer": {
7687 "docs": {
7688 "stability": "stable"
7689 },
7690 "locationInModule": {
7691 "filename": "lib/group.ts",
7692 "line": 182
7693 },
7694 "parameters": [
7695 {
7696 "name": "scope",
7697 "type": {
7698 "fqn": "constructs.Construct"
7699 }
7700 },
7701 {
7702 "name": "id",
7703 "type": {
7704 "primitive": "string"
7705 }
7706 },
7707 {
7708 "name": "props",
7709 "optional": true,
7710 "type": {
7711 "fqn": "@aws-cdk/aws-iam.GroupProps"
7712 }
7713 }
7714 ]
7715 },
7716 "interfaces": [
7717 "@aws-cdk/aws-iam.IGroup"
7718 ],
7719 "kind": "class",
7720 "locationInModule": {
7721 "filename": "lib/group.ts",
7722 "line": 130
7723 },
7724 "methods": [
7725 {
7726 "docs": {
7727 "remarks": "If the imported Group ARN is a Token (such as a\n`CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced\ngroup has a `path` (like `arn:...:group/AdminGroup/NetworkAdmin`), the\n`groupName` property will not resolve to the correct value. Instead it\nwill resolve to the first path component. We unfortunately cannot express\nthe correct calculation of the full path name as a CloudFormation\nexpression. In this scenario the Group ARN should be supplied without the\n`path` in order to resolve the correct group resource.",
7728 "stability": "stable",
7729 "summary": "Import an external group by ARN."
7730 },
7731 "locationInModule": {
7732 "filename": "lib/group.ts",
7733 "line": 147
7734 },
7735 "name": "fromGroupArn",
7736 "parameters": [
7737 {
7738 "docs": {
7739 "summary": "construct scope."
7740 },
7741 "name": "scope",
7742 "type": {
7743 "fqn": "constructs.Construct"
7744 }
7745 },
7746 {
7747 "docs": {
7748 "summary": "construct id."
7749 },
7750 "name": "id",
7751 "type": {
7752 "primitive": "string"
7753 }
7754 },
7755 {
7756 "docs": {
7757 "summary": "the ARN of the group to import (e.g. `arn:aws:iam::account-id:group/group-name`)."
7758 },
7759 "name": "groupArn",
7760 "type": {
7761 "primitive": "string"
7762 }
7763 }
7764 ],
7765 "returns": {
7766 "type": {
7767 "fqn": "@aws-cdk/aws-iam.IGroup"
7768 }
7769 },
7770 "static": true
7771 },
7772 {
7773 "docs": {
7774 "remarks": "This method has same caveats of `fromGroupArn`",
7775 "stability": "stable",
7776 "summary": "Import an existing group by given name (with path)."
7777 },
7778 "locationInModule": {
7779 "filename": "lib/group.ts",
7780 "line": 167
7781 },
7782 "name": "fromGroupName",
7783 "parameters": [
7784 {
7785 "docs": {
7786 "summary": "construct scope."
7787 },
7788 "name": "scope",
7789 "type": {
7790 "fqn": "constructs.Construct"
7791 }
7792 },
7793 {
7794 "docs": {
7795 "summary": "construct id."
7796 },
7797 "name": "id",
7798 "type": {
7799 "primitive": "string"
7800 }
7801 },
7802 {
7803 "docs": {
7804 "summary": "the groupName (path included) of the existing group to import."
7805 },
7806 "name": "groupName",
7807 "type": {
7808 "primitive": "string"
7809 }
7810 }
7811 ],
7812 "returns": {
7813 "type": {
7814 "fqn": "@aws-cdk/aws-iam.IGroup"
7815 }
7816 },
7817 "static": true
7818 },
7819 {
7820 "docs": {
7821 "stability": "stable",
7822 "summary": "Attaches a managed policy to this group."
7823 },
7824 "locationInModule": {
7825 "filename": "lib/group.ts",
7826 "line": 209
7827 },
7828 "name": "addManagedPolicy",
7829 "overrides": "@aws-cdk/aws-iam.IIdentity",
7830 "parameters": [
7831 {
7832 "docs": {
7833 "summary": "The managed policy to attach."
7834 },
7835 "name": "policy",
7836 "type": {
7837 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
7838 }
7839 }
7840 ]
7841 },
7842 {
7843 "docs": {
7844 "stability": "stable",
7845 "summary": "Add to the policy of this principal."
7846 },
7847 "locationInModule": {
7848 "filename": "lib/group.ts",
7849 "line": 119
7850 },
7851 "name": "addToPolicy",
7852 "overrides": "@aws-cdk/aws-iam.IPrincipal",
7853 "parameters": [
7854 {
7855 "name": "statement",
7856 "type": {
7857 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
7858 }
7859 }
7860 ],
7861 "returns": {
7862 "type": {
7863 "primitive": "boolean"
7864 }
7865 }
7866 },
7867 {
7868 "docs": {
7869 "stability": "stable",
7870 "summary": "Adds an IAM statement to the default policy."
7871 },
7872 "locationInModule": {
7873 "filename": "lib/group.ts",
7874 "line": 109
7875 },
7876 "name": "addToPrincipalPolicy",
7877 "overrides": "@aws-cdk/aws-iam.IPrincipal",
7878 "parameters": [
7879 {
7880 "name": "statement",
7881 "type": {
7882 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
7883 }
7884 }
7885 ],
7886 "returns": {
7887 "type": {
7888 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
7889 }
7890 }
7891 },
7892 {
7893 "docs": {
7894 "stability": "stable",
7895 "summary": "Adds a user to this group."
7896 },
7897 "locationInModule": {
7898 "filename": "lib/group.ts",
7899 "line": 102
7900 },
7901 "name": "addUser",
7902 "parameters": [
7903 {
7904 "name": "user",
7905 "type": {
7906 "fqn": "@aws-cdk/aws-iam.IUser"
7907 }
7908 }
7909 ]
7910 },
7911 {
7912 "docs": {
7913 "stability": "stable",
7914 "summary": "Attaches a policy to this group."
7915 },
7916 "locationInModule": {
7917 "filename": "lib/group.ts",
7918 "line": 90
7919 },
7920 "name": "attachInlinePolicy",
7921 "overrides": "@aws-cdk/aws-iam.IIdentity",
7922 "parameters": [
7923 {
7924 "docs": {
7925 "summary": "The policy to attach."
7926 },
7927 "name": "policy",
7928 "type": {
7929 "fqn": "@aws-cdk/aws-iam.Policy"
7930 }
7931 }
7932 ]
7933 }
7934 ],
7935 "name": "Group",
7936 "properties": [
7937 {
7938 "docs": {
7939 "stability": "stable",
7940 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
7941 },
7942 "immutable": true,
7943 "locationInModule": {
7944 "filename": "lib/group.ts",
7945 "line": 77
7946 },
7947 "name": "assumeRoleAction",
7948 "overrides": "@aws-cdk/aws-iam.IPrincipal",
7949 "type": {
7950 "primitive": "string"
7951 }
7952 },
7953 {
7954 "docs": {
7955 "stability": "stable",
7956 "summary": "The principal to grant permissions to."
7957 },
7958 "immutable": true,
7959 "locationInModule": {
7960 "filename": "lib/group.ts",
7961 "line": 75
7962 },
7963 "name": "grantPrincipal",
7964 "overrides": "@aws-cdk/aws-iam.IGrantable",
7965 "type": {
7966 "fqn": "@aws-cdk/aws-iam.IPrincipal"
7967 }
7968 },
7969 {
7970 "docs": {
7971 "stability": "stable",
7972 "summary": "Returns the IAM Group ARN."
7973 },
7974 "immutable": true,
7975 "locationInModule": {
7976 "filename": "lib/group.ts",
7977 "line": 178
7978 },
7979 "name": "groupArn",
7980 "overrides": "@aws-cdk/aws-iam.IGroup",
7981 "type": {
7982 "primitive": "string"
7983 }
7984 },
7985 {
7986 "docs": {
7987 "stability": "stable",
7988 "summary": "Returns the IAM Group Name."
7989 },
7990 "immutable": true,
7991 "locationInModule": {
7992 "filename": "lib/group.ts",
7993 "line": 177
7994 },
7995 "name": "groupName",
7996 "overrides": "@aws-cdk/aws-iam.IGroup",
7997 "type": {
7998 "primitive": "string"
7999 }
8000 },
8001 {
8002 "docs": {
8003 "stability": "stable",
8004 "summary": "Return the policy fragment that identifies this principal in a Policy."
8005 },
8006 "immutable": true,
8007 "locationInModule": {
8008 "filename": "lib/group.ts",
8009 "line": 82
8010 },
8011 "name": "policyFragment",
8012 "overrides": "@aws-cdk/aws-iam.IPrincipal",
8013 "type": {
8014 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
8015 }
8016 },
8017 {
8018 "docs": {
8019 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
8020 "stability": "stable",
8021 "summary": "The AWS account ID of this principal."
8022 },
8023 "immutable": true,
8024 "locationInModule": {
8025 "filename": "lib/group.ts",
8026 "line": 76
8027 },
8028 "name": "principalAccount",
8029 "optional": true,
8030 "overrides": "@aws-cdk/aws-iam.IPrincipal",
8031 "type": {
8032 "primitive": "string"
8033 }
8034 }
8035 ],
8036 "symbolId": "lib/group:Group"
8037 },
8038 "@aws-cdk/aws-iam.GroupProps": {
8039 "assembly": "@aws-cdk/aws-iam",
8040 "datatype": true,
8041 "docs": {
8042 "stability": "stable",
8043 "summary": "Properties for defining an IAM group.",
8044 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const managedPolicy: iam.ManagedPolicy;\nconst groupProps: iam.GroupProps = {\n groupName: 'groupName',\n managedPolicies: [managedPolicy],\n path: 'path',\n};",
8045 "custom": {
8046 "exampleMetadata": "fixture=_generated"
8047 }
8048 },
8049 "fqn": "@aws-cdk/aws-iam.GroupProps",
8050 "kind": "interface",
8051 "locationInModule": {
8052 "filename": "lib/group.ts",
8053 "line": 36
8054 },
8055 "name": "GroupProps",
8056 "properties": [
8057 {
8058 "abstract": true,
8059 "docs": {
8060 "default": "Generated by CloudFormation (recommended)",
8061 "remarks": "For valid values, see the GroupName parameter\nfor the CreateGroup action in the IAM API Reference. If you don't specify\na name, AWS CloudFormation generates a unique physical ID and uses that\nID for the group name.\n\nIf you specify a name, you must specify the CAPABILITY_NAMED_IAM value to\nacknowledge your template's capabilities. For more information, see\nAcknowledging IAM Resources in AWS CloudFormation Templates.",
8062 "stability": "stable",
8063 "summary": "A name for the IAM group."
8064 },
8065 "immutable": true,
8066 "locationInModule": {
8067 "filename": "lib/group.ts",
8068 "line": 49
8069 },
8070 "name": "groupName",
8071 "optional": true,
8072 "type": {
8073 "primitive": "string"
8074 }
8075 },
8076 {
8077 "abstract": true,
8078 "docs": {
8079 "default": "- No managed policies.",
8080 "remarks": "You can add managed policies later using\n`addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.",
8081 "stability": "stable",
8082 "summary": "A list of managed policies associated with this role."
8083 },
8084 "immutable": true,
8085 "locationInModule": {
8086 "filename": "lib/group.ts",
8087 "line": 59
8088 },
8089 "name": "managedPolicies",
8090 "optional": true,
8091 "type": {
8092 "collection": {
8093 "elementtype": {
8094 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
8095 },
8096 "kind": "array"
8097 }
8098 }
8099 },
8100 {
8101 "abstract": true,
8102 "docs": {
8103 "default": "/",
8104 "remarks": "For more information about paths, see [IAM\nIdentifiers](http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html)\nin the IAM User Guide.",
8105 "stability": "stable",
8106 "summary": "The path to the group."
8107 },
8108 "immutable": true,
8109 "locationInModule": {
8110 "filename": "lib/group.ts",
8111 "line": 68
8112 },
8113 "name": "path",
8114 "optional": true,
8115 "type": {
8116 "primitive": "string"
8117 }
8118 }
8119 ],
8120 "symbolId": "lib/group:GroupProps"
8121 },
8122 "@aws-cdk/aws-iam.IAccessKey": {
8123 "assembly": "@aws-cdk/aws-iam",
8124 "docs": {
8125 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html",
8126 "stability": "stable",
8127 "summary": "Represents an IAM Access Key."
8128 },
8129 "fqn": "@aws-cdk/aws-iam.IAccessKey",
8130 "interfaces": [
8131 "@aws-cdk/core.IResource"
8132 ],
8133 "kind": "interface",
8134 "locationInModule": {
8135 "filename": "lib/access-key.ts",
8136 "line": 26
8137 },
8138 "name": "IAccessKey",
8139 "properties": [
8140 {
8141 "abstract": true,
8142 "docs": {
8143 "custom": {
8144 "attribute": "true"
8145 },
8146 "stability": "stable",
8147 "summary": "The Access Key ID."
8148 },
8149 "immutable": true,
8150 "locationInModule": {
8151 "filename": "lib/access-key.ts",
8152 "line": 32
8153 },
8154 "name": "accessKeyId",
8155 "type": {
8156 "primitive": "string"
8157 }
8158 },
8159 {
8160 "abstract": true,
8161 "docs": {
8162 "custom": {
8163 "attribute": "true"
8164 },
8165 "stability": "stable",
8166 "summary": "The Secret Access Key."
8167 },
8168 "immutable": true,
8169 "locationInModule": {
8170 "filename": "lib/access-key.ts",
8171 "line": 39
8172 },
8173 "name": "secretAccessKey",
8174 "type": {
8175 "fqn": "@aws-cdk/core.SecretValue"
8176 }
8177 }
8178 ],
8179 "symbolId": "lib/access-key:IAccessKey"
8180 },
8181 "@aws-cdk/aws-iam.IAssumeRolePrincipal": {
8182 "assembly": "@aws-cdk/aws-iam",
8183 "docs": {
8184 "remarks": "More complex types of identity providers need more control over Role's policy documents\nthan simply `{ Effect: 'Allow', Action: 'AssumeRole', Principal: <Whatever> }`.\n\nIf that control is necessary, they can implement `IAssumeRolePrincipal` to get full\naccess to a Role's AssumeRolePolicyDocument.",
8185 "stability": "stable",
8186 "summary": "A type of principal that has more control over its own representation in AssumeRolePolicyDocuments."
8187 },
8188 "fqn": "@aws-cdk/aws-iam.IAssumeRolePrincipal",
8189 "interfaces": [
8190 "@aws-cdk/aws-iam.IPrincipal"
8191 ],
8192 "kind": "interface",
8193 "locationInModule": {
8194 "filename": "lib/principals.ts",
8195 "line": 115
8196 },
8197 "methods": [
8198 {
8199 "abstract": true,
8200 "docs": {
8201 "remarks": "Add the statements to the AssumeRolePolicyDocument necessary to give this principal\npermissions to assume the given role.",
8202 "stability": "stable",
8203 "summary": "Add the princpial to the AssumeRolePolicyDocument."
8204 },
8205 "locationInModule": {
8206 "filename": "lib/principals.ts",
8207 "line": 122
8208 },
8209 "name": "addToAssumeRolePolicy",
8210 "parameters": [
8211 {
8212 "name": "document",
8213 "type": {
8214 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
8215 }
8216 }
8217 ]
8218 }
8219 ],
8220 "name": "IAssumeRolePrincipal",
8221 "symbolId": "lib/principals:IAssumeRolePrincipal"
8222 },
8223 "@aws-cdk/aws-iam.IComparablePrincipal": {
8224 "assembly": "@aws-cdk/aws-iam",
8225 "docs": {
8226 "remarks": "This only needs to be implemented for principals that could potentially be value-equal.\nIdentity-equal principals will be handled correctly by default.",
8227 "stability": "stable",
8228 "summary": "Interface for principals that can be compared."
8229 },
8230 "fqn": "@aws-cdk/aws-iam.IComparablePrincipal",
8231 "interfaces": [
8232 "@aws-cdk/aws-iam.IPrincipal"
8233 ],
8234 "kind": "interface",
8235 "locationInModule": {
8236 "filename": "lib/principals.ts",
8237 "line": 79
8238 },
8239 "methods": [
8240 {
8241 "abstract": true,
8242 "docs": {
8243 "stability": "stable",
8244 "summary": "Return a string format of this principal which should be identical if the two principals are the same."
8245 },
8246 "locationInModule": {
8247 "filename": "lib/principals.ts",
8248 "line": 84
8249 },
8250 "name": "dedupeString",
8251 "returns": {
8252 "optional": true,
8253 "type": {
8254 "primitive": "string"
8255 }
8256 }
8257 }
8258 ],
8259 "name": "IComparablePrincipal",
8260 "symbolId": "lib/principals:IComparablePrincipal"
8261 },
8262 "@aws-cdk/aws-iam.IGrantable": {
8263 "assembly": "@aws-cdk/aws-iam",
8264 "docs": {
8265 "stability": "stable",
8266 "summary": "Any object that has an associated principal that a permission can be granted to."
8267 },
8268 "fqn": "@aws-cdk/aws-iam.IGrantable",
8269 "kind": "interface",
8270 "locationInModule": {
8271 "filename": "lib/principals.ts",
8272 "line": 13
8273 },
8274 "name": "IGrantable",
8275 "properties": [
8276 {
8277 "abstract": true,
8278 "docs": {
8279 "stability": "stable",
8280 "summary": "The principal to grant permissions to."
8281 },
8282 "immutable": true,
8283 "locationInModule": {
8284 "filename": "lib/principals.ts",
8285 "line": 17
8286 },
8287 "name": "grantPrincipal",
8288 "type": {
8289 "fqn": "@aws-cdk/aws-iam.IPrincipal"
8290 }
8291 }
8292 ],
8293 "symbolId": "lib/principals:IGrantable"
8294 },
8295 "@aws-cdk/aws-iam.IGroup": {
8296 "assembly": "@aws-cdk/aws-iam",
8297 "docs": {
8298 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html",
8299 "stability": "stable",
8300 "summary": "Represents an IAM Group."
8301 },
8302 "fqn": "@aws-cdk/aws-iam.IGroup",
8303 "interfaces": [
8304 "@aws-cdk/aws-iam.IIdentity"
8305 ],
8306 "kind": "interface",
8307 "locationInModule": {
8308 "filename": "lib/group.ts",
8309 "line": 17
8310 },
8311 "name": "IGroup",
8312 "properties": [
8313 {
8314 "abstract": true,
8315 "docs": {
8316 "custom": {
8317 "attribute": "true"
8318 },
8319 "stability": "stable",
8320 "summary": "Returns the IAM Group ARN."
8321 },
8322 "immutable": true,
8323 "locationInModule": {
8324 "filename": "lib/group.ts",
8325 "line": 30
8326 },
8327 "name": "groupArn",
8328 "type": {
8329 "primitive": "string"
8330 }
8331 },
8332 {
8333 "abstract": true,
8334 "docs": {
8335 "custom": {
8336 "attribute": "true"
8337 },
8338 "stability": "stable",
8339 "summary": "Returns the IAM Group Name."
8340 },
8341 "immutable": true,
8342 "locationInModule": {
8343 "filename": "lib/group.ts",
8344 "line": 23
8345 },
8346 "name": "groupName",
8347 "type": {
8348 "primitive": "string"
8349 }
8350 }
8351 ],
8352 "symbolId": "lib/group:IGroup"
8353 },
8354 "@aws-cdk/aws-iam.IIdentity": {
8355 "assembly": "@aws-cdk/aws-iam",
8356 "docs": {
8357 "stability": "stable",
8358 "summary": "A construct that represents an IAM principal, such as a user, group or role."
8359 },
8360 "fqn": "@aws-cdk/aws-iam.IIdentity",
8361 "interfaces": [
8362 "@aws-cdk/aws-iam.IPrincipal",
8363 "@aws-cdk/core.IResource"
8364 ],
8365 "kind": "interface",
8366 "locationInModule": {
8367 "filename": "lib/identity-base.ts",
8368 "line": 9
8369 },
8370 "methods": [
8371 {
8372 "abstract": true,
8373 "docs": {
8374 "stability": "stable",
8375 "summary": "Attaches a managed policy to this principal."
8376 },
8377 "locationInModule": {
8378 "filename": "lib/identity-base.ts",
8379 "line": 21
8380 },
8381 "name": "addManagedPolicy",
8382 "parameters": [
8383 {
8384 "docs": {
8385 "summary": "The managed policy."
8386 },
8387 "name": "policy",
8388 "type": {
8389 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
8390 }
8391 }
8392 ]
8393 },
8394 {
8395 "abstract": true,
8396 "docs": {
8397 "remarks": "This is the same as calling `policy.addToXxx(principal)`.",
8398 "stability": "stable",
8399 "summary": "Attaches an inline policy to this principal."
8400 },
8401 "locationInModule": {
8402 "filename": "lib/identity-base.ts",
8403 "line": 15
8404 },
8405 "name": "attachInlinePolicy",
8406 "parameters": [
8407 {
8408 "docs": {
8409 "summary": "The policy resource to attach to this principal [disable-awslint:ref-via-interface]."
8410 },
8411 "name": "policy",
8412 "type": {
8413 "fqn": "@aws-cdk/aws-iam.Policy"
8414 }
8415 }
8416 ]
8417 }
8418 ],
8419 "name": "IIdentity",
8420 "symbolId": "lib/identity-base:IIdentity"
8421 },
8422 "@aws-cdk/aws-iam.IManagedPolicy": {
8423 "assembly": "@aws-cdk/aws-iam",
8424 "docs": {
8425 "stability": "stable",
8426 "summary": "A managed policy."
8427 },
8428 "fqn": "@aws-cdk/aws-iam.IManagedPolicy",
8429 "kind": "interface",
8430 "locationInModule": {
8431 "filename": "lib/managed-policy.ts",
8432 "line": 14
8433 },
8434 "name": "IManagedPolicy",
8435 "properties": [
8436 {
8437 "abstract": true,
8438 "docs": {
8439 "custom": {
8440 "attribute": "true"
8441 },
8442 "stability": "stable",
8443 "summary": "The ARN of the managed policy."
8444 },
8445 "immutable": true,
8446 "locationInModule": {
8447 "filename": "lib/managed-policy.ts",
8448 "line": 19
8449 },
8450 "name": "managedPolicyArn",
8451 "type": {
8452 "primitive": "string"
8453 }
8454 }
8455 ],
8456 "symbolId": "lib/managed-policy:IManagedPolicy"
8457 },
8458 "@aws-cdk/aws-iam.IOpenIdConnectProvider": {
8459 "assembly": "@aws-cdk/aws-iam",
8460 "docs": {
8461 "stability": "stable",
8462 "summary": "Represents an IAM OpenID Connect provider."
8463 },
8464 "fqn": "@aws-cdk/aws-iam.IOpenIdConnectProvider",
8465 "interfaces": [
8466 "@aws-cdk/core.IResource"
8467 ],
8468 "kind": "interface",
8469 "locationInModule": {
8470 "filename": "lib/oidc-provider.ts",
8471 "line": 19
8472 },
8473 "name": "IOpenIdConnectProvider",
8474 "properties": [
8475 {
8476 "abstract": true,
8477 "docs": {
8478 "stability": "stable",
8479 "summary": "The Amazon Resource Name (ARN) of the IAM OpenID Connect provider."
8480 },
8481 "immutable": true,
8482 "locationInModule": {
8483 "filename": "lib/oidc-provider.ts",
8484 "line": 23
8485 },
8486 "name": "openIdConnectProviderArn",
8487 "type": {
8488 "primitive": "string"
8489 }
8490 },
8491 {
8492 "abstract": true,
8493 "docs": {
8494 "stability": "stable",
8495 "summary": "The issuer for OIDC Provider."
8496 },
8497 "immutable": true,
8498 "locationInModule": {
8499 "filename": "lib/oidc-provider.ts",
8500 "line": 28
8501 },
8502 "name": "openIdConnectProviderIssuer",
8503 "type": {
8504 "primitive": "string"
8505 }
8506 }
8507 ],
8508 "symbolId": "lib/oidc-provider:IOpenIdConnectProvider"
8509 },
8510 "@aws-cdk/aws-iam.IPolicy": {
8511 "assembly": "@aws-cdk/aws-iam",
8512 "docs": {
8513 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage.html",
8514 "stability": "stable",
8515 "summary": "Represents an IAM Policy."
8516 },
8517 "fqn": "@aws-cdk/aws-iam.IPolicy",
8518 "interfaces": [
8519 "@aws-cdk/core.IResource"
8520 ],
8521 "kind": "interface",
8522 "locationInModule": {
8523 "filename": "lib/policy.ts",
8524 "line": 16
8525 },
8526 "name": "IPolicy",
8527 "properties": [
8528 {
8529 "abstract": true,
8530 "docs": {
8531 "custom": {
8532 "attribute": "true"
8533 },
8534 "stability": "stable",
8535 "summary": "The name of this policy."
8536 },
8537 "immutable": true,
8538 "locationInModule": {
8539 "filename": "lib/policy.ts",
8540 "line": 22
8541 },
8542 "name": "policyName",
8543 "type": {
8544 "primitive": "string"
8545 }
8546 }
8547 ],
8548 "symbolId": "lib/policy:IPolicy"
8549 },
8550 "@aws-cdk/aws-iam.IPrincipal": {
8551 "assembly": "@aws-cdk/aws-iam",
8552 "docs": {
8553 "remarks": "An IPrincipal describes a logical entity that can perform AWS API calls\nagainst sets of resources, optionally under certain conditions.\n\nExamples of simple principals are IAM objects that you create, such\nas Users or Roles.\n\nAn example of a more complex principals is a `ServicePrincipal` (such as\n`new ServicePrincipal(\"sns.amazonaws.com\")`, which represents the Simple\nNotifications Service).\n\nA single logical Principal may also map to a set of physical principals.\nFor example, `new OrganizationPrincipal('o-1234')` represents all\nidentities that are part of the given AWS Organization.",
8554 "stability": "stable",
8555 "summary": "Represents a logical IAM principal."
8556 },
8557 "fqn": "@aws-cdk/aws-iam.IPrincipal",
8558 "interfaces": [
8559 "@aws-cdk/aws-iam.IGrantable"
8560 ],
8561 "kind": "interface",
8562 "locationInModule": {
8563 "filename": "lib/principals.ts",
8564 "line": 37
8565 },
8566 "methods": [
8567 {
8568 "abstract": true,
8569 "docs": {
8570 "deprecated": "Use `addToPrincipalPolicy` instead.",
8571 "returns": "true if the statement was added, false if the principal in\nquestion does not have a policy document to add the statement to.",
8572 "stability": "deprecated",
8573 "summary": "Add to the policy of this principal."
8574 },
8575 "locationInModule": {
8576 "filename": "lib/principals.ts",
8577 "line": 65
8578 },
8579 "name": "addToPolicy",
8580 "parameters": [
8581 {
8582 "name": "statement",
8583 "type": {
8584 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
8585 }
8586 }
8587 ],
8588 "returns": {
8589 "type": {
8590 "primitive": "boolean"
8591 }
8592 }
8593 },
8594 {
8595 "abstract": true,
8596 "docs": {
8597 "stability": "stable",
8598 "summary": "Add to the policy of this principal."
8599 },
8600 "locationInModule": {
8601 "filename": "lib/principals.ts",
8602 "line": 70
8603 },
8604 "name": "addToPrincipalPolicy",
8605 "parameters": [
8606 {
8607 "name": "statement",
8608 "type": {
8609 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
8610 }
8611 }
8612 ],
8613 "returns": {
8614 "type": {
8615 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
8616 }
8617 }
8618 }
8619 ],
8620 "name": "IPrincipal",
8621 "properties": [
8622 {
8623 "abstract": true,
8624 "docs": {
8625 "stability": "stable",
8626 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
8627 },
8628 "immutable": true,
8629 "locationInModule": {
8630 "filename": "lib/principals.ts",
8631 "line": 41
8632 },
8633 "name": "assumeRoleAction",
8634 "type": {
8635 "primitive": "string"
8636 }
8637 },
8638 {
8639 "abstract": true,
8640 "docs": {
8641 "stability": "stable",
8642 "summary": "Return the policy fragment that identifies this principal in a Policy."
8643 },
8644 "immutable": true,
8645 "locationInModule": {
8646 "filename": "lib/principals.ts",
8647 "line": 46
8648 },
8649 "name": "policyFragment",
8650 "type": {
8651 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
8652 }
8653 },
8654 {
8655 "abstract": true,
8656 "docs": {
8657 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
8658 "stability": "stable",
8659 "summary": "The AWS account ID of this principal."
8660 },
8661 "immutable": true,
8662 "locationInModule": {
8663 "filename": "lib/principals.ts",
8664 "line": 55
8665 },
8666 "name": "principalAccount",
8667 "optional": true,
8668 "type": {
8669 "primitive": "string"
8670 }
8671 }
8672 ],
8673 "symbolId": "lib/principals:IPrincipal"
8674 },
8675 "@aws-cdk/aws-iam.IResourceWithPolicy": {
8676 "assembly": "@aws-cdk/aws-iam",
8677 "docs": {
8678 "stability": "stable",
8679 "summary": "A resource with a resource policy that can be added to."
8680 },
8681 "fqn": "@aws-cdk/aws-iam.IResourceWithPolicy",
8682 "interfaces": [
8683 "@aws-cdk/core.IResource"
8684 ],
8685 "kind": "interface",
8686 "locationInModule": {
8687 "filename": "lib/grant.ts",
8688 "line": 306
8689 },
8690 "methods": [
8691 {
8692 "abstract": true,
8693 "docs": {
8694 "stability": "stable",
8695 "summary": "Add a statement to the resource's resource policy."
8696 },
8697 "locationInModule": {
8698 "filename": "lib/grant.ts",
8699 "line": 310
8700 },
8701 "name": "addToResourcePolicy",
8702 "parameters": [
8703 {
8704 "name": "statement",
8705 "type": {
8706 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
8707 }
8708 }
8709 ],
8710 "returns": {
8711 "type": {
8712 "fqn": "@aws-cdk/aws-iam.AddToResourcePolicyResult"
8713 }
8714 }
8715 }
8716 ],
8717 "name": "IResourceWithPolicy",
8718 "symbolId": "lib/grant:IResourceWithPolicy"
8719 },
8720 "@aws-cdk/aws-iam.IRole": {
8721 "assembly": "@aws-cdk/aws-iam",
8722 "docs": {
8723 "stability": "stable",
8724 "summary": "A Role object."
8725 },
8726 "fqn": "@aws-cdk/aws-iam.IRole",
8727 "interfaces": [
8728 "@aws-cdk/aws-iam.IIdentity"
8729 ],
8730 "kind": "interface",
8731 "locationInModule": {
8732 "filename": "lib/role.ts",
8733 "line": 573
8734 },
8735 "methods": [
8736 {
8737 "abstract": true,
8738 "docs": {
8739 "stability": "stable",
8740 "summary": "Grant the actions defined in actions to the identity Principal on this resource."
8741 },
8742 "locationInModule": {
8743 "filename": "lib/role.ts",
8744 "line": 591
8745 },
8746 "name": "grant",
8747 "parameters": [
8748 {
8749 "name": "grantee",
8750 "type": {
8751 "fqn": "@aws-cdk/aws-iam.IPrincipal"
8752 }
8753 },
8754 {
8755 "name": "actions",
8756 "type": {
8757 "primitive": "string"
8758 },
8759 "variadic": true
8760 }
8761 ],
8762 "returns": {
8763 "type": {
8764 "fqn": "@aws-cdk/aws-iam.Grant"
8765 }
8766 },
8767 "variadic": true
8768 },
8769 {
8770 "abstract": true,
8771 "docs": {
8772 "stability": "stable",
8773 "summary": "Grant permissions to the given principal to assume this role."
8774 },
8775 "locationInModule": {
8776 "filename": "lib/role.ts",
8777 "line": 601
8778 },
8779 "name": "grantAssumeRole",
8780 "parameters": [
8781 {
8782 "name": "grantee",
8783 "type": {
8784 "fqn": "@aws-cdk/aws-iam.IPrincipal"
8785 }
8786 }
8787 ],
8788 "returns": {
8789 "type": {
8790 "fqn": "@aws-cdk/aws-iam.Grant"
8791 }
8792 }
8793 },
8794 {
8795 "abstract": true,
8796 "docs": {
8797 "stability": "stable",
8798 "summary": "Grant permissions to the given principal to pass this role."
8799 },
8800 "locationInModule": {
8801 "filename": "lib/role.ts",
8802 "line": 596
8803 },
8804 "name": "grantPassRole",
8805 "parameters": [
8806 {
8807 "name": "grantee",
8808 "type": {
8809 "fqn": "@aws-cdk/aws-iam.IPrincipal"
8810 }
8811 }
8812 ],
8813 "returns": {
8814 "type": {
8815 "fqn": "@aws-cdk/aws-iam.Grant"
8816 }
8817 }
8818 }
8819 ],
8820 "name": "IRole",
8821 "properties": [
8822 {
8823 "abstract": true,
8824 "docs": {
8825 "custom": {
8826 "attribute": "true"
8827 },
8828 "stability": "stable",
8829 "summary": "Returns the ARN of this role."
8830 },
8831 "immutable": true,
8832 "locationInModule": {
8833 "filename": "lib/role.ts",
8834 "line": 579
8835 },
8836 "name": "roleArn",
8837 "type": {
8838 "primitive": "string"
8839 }
8840 },
8841 {
8842 "abstract": true,
8843 "docs": {
8844 "custom": {
8845 "attribute": "true"
8846 },
8847 "stability": "stable",
8848 "summary": "Returns the name of this role."
8849 },
8850 "immutable": true,
8851 "locationInModule": {
8852 "filename": "lib/role.ts",
8853 "line": 586
8854 },
8855 "name": "roleName",
8856 "type": {
8857 "primitive": "string"
8858 }
8859 }
8860 ],
8861 "symbolId": "lib/role:IRole"
8862 },
8863 "@aws-cdk/aws-iam.ISamlProvider": {
8864 "assembly": "@aws-cdk/aws-iam",
8865 "docs": {
8866 "stability": "stable",
8867 "summary": "A SAML provider."
8868 },
8869 "fqn": "@aws-cdk/aws-iam.ISamlProvider",
8870 "interfaces": [
8871 "@aws-cdk/core.IResource"
8872 ],
8873 "kind": "interface",
8874 "locationInModule": {
8875 "filename": "lib/saml-provider.ts",
8876 "line": 9
8877 },
8878 "name": "ISamlProvider",
8879 "properties": [
8880 {
8881 "abstract": true,
8882 "docs": {
8883 "custom": {
8884 "attribute": "true"
8885 },
8886 "stability": "stable",
8887 "summary": "The Amazon Resource Name (ARN) of the provider."
8888 },
8889 "immutable": true,
8890 "locationInModule": {
8891 "filename": "lib/saml-provider.ts",
8892 "line": 15
8893 },
8894 "name": "samlProviderArn",
8895 "type": {
8896 "primitive": "string"
8897 }
8898 }
8899 ],
8900 "symbolId": "lib/saml-provider:ISamlProvider"
8901 },
8902 "@aws-cdk/aws-iam.IUser": {
8903 "assembly": "@aws-cdk/aws-iam",
8904 "docs": {
8905 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html",
8906 "stability": "stable",
8907 "summary": "Represents an IAM user."
8908 },
8909 "fqn": "@aws-cdk/aws-iam.IUser",
8910 "interfaces": [
8911 "@aws-cdk/aws-iam.IIdentity"
8912 ],
8913 "kind": "interface",
8914 "locationInModule": {
8915 "filename": "lib/user.ts",
8916 "line": 17
8917 },
8918 "methods": [
8919 {
8920 "abstract": true,
8921 "docs": {
8922 "stability": "stable",
8923 "summary": "Adds this user to a group."
8924 },
8925 "locationInModule": {
8926 "filename": "lib/user.ts",
8927 "line": 33
8928 },
8929 "name": "addToGroup",
8930 "parameters": [
8931 {
8932 "name": "group",
8933 "type": {
8934 "fqn": "@aws-cdk/aws-iam.IGroup"
8935 }
8936 }
8937 ]
8938 }
8939 ],
8940 "name": "IUser",
8941 "properties": [
8942 {
8943 "abstract": true,
8944 "docs": {
8945 "custom": {
8946 "attribute": "true"
8947 },
8948 "stability": "stable",
8949 "summary": "The user's ARN."
8950 },
8951 "immutable": true,
8952 "locationInModule": {
8953 "filename": "lib/user.ts",
8954 "line": 28
8955 },
8956 "name": "userArn",
8957 "type": {
8958 "primitive": "string"
8959 }
8960 },
8961 {
8962 "abstract": true,
8963 "docs": {
8964 "custom": {
8965 "attribute": "true"
8966 },
8967 "stability": "stable",
8968 "summary": "The user's name."
8969 },
8970 "immutable": true,
8971 "locationInModule": {
8972 "filename": "lib/user.ts",
8973 "line": 22
8974 },
8975 "name": "userName",
8976 "type": {
8977 "primitive": "string"
8978 }
8979 }
8980 ],
8981 "symbolId": "lib/user:IUser"
8982 },
8983 "@aws-cdk/aws-iam.LazyRole": {
8984 "assembly": "@aws-cdk/aws-iam",
8985 "base": "@aws-cdk/core.Resource",
8986 "docs": {
8987 "custom": {
8988 "resource": "AWS::IAM::Role",
8989 "exampleMetadata": "fixture=_generated"
8990 },
8991 "remarks": "This construct can be used to simplify logic in other constructs\nwhich need to create a role but only if certain configurations occur\n(such as when AutoScaling is configured). The role can be configured in one\nplace, but if it never gets used it doesn't get instantiated and will\nnot be synthesized or deployed.",
8992 "stability": "stable",
8993 "summary": "An IAM role that only gets attached to the construct tree once it gets used, not before.",
8994 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const managedPolicy: iam.ManagedPolicy;\ndeclare const policyDocument: iam.PolicyDocument;\ndeclare const principal: iam.IPrincipal;\nconst lazyRole = new iam.LazyRole(this, 'MyLazyRole', {\n assumedBy: principal,\n\n // the properties below are optional\n description: 'description',\n externalId: 'externalId',\n externalIds: ['externalIds'],\n inlinePolicies: {\n inlinePoliciesKey: policyDocument,\n },\n managedPolicies: [managedPolicy],\n maxSessionDuration: cdk.Duration.minutes(30),\n path: 'path',\n permissionsBoundary: managedPolicy,\n roleName: 'roleName',\n});"
8995 },
8996 "fqn": "@aws-cdk/aws-iam.LazyRole",
8997 "initializer": {
8998 "docs": {
8999 "stability": "stable"
9000 },
9001 "locationInModule": {
9002 "filename": "lib/lazy-role.ts",
9003 "line": 38
9004 },
9005 "parameters": [
9006 {
9007 "name": "scope",
9008 "type": {
9009 "fqn": "constructs.Construct"
9010 }
9011 },
9012 {
9013 "name": "id",
9014 "type": {
9015 "primitive": "string"
9016 }
9017 },
9018 {
9019 "name": "props",
9020 "type": {
9021 "fqn": "@aws-cdk/aws-iam.LazyRoleProps"
9022 }
9023 }
9024 ]
9025 },
9026 "interfaces": [
9027 "@aws-cdk/aws-iam.IRole"
9028 ],
9029 "kind": "class",
9030 "locationInModule": {
9031 "filename": "lib/lazy-role.ts",
9032 "line": 28
9033 },
9034 "methods": [
9035 {
9036 "docs": {
9037 "stability": "stable",
9038 "summary": "Attaches a managed policy to this role."
9039 },
9040 "locationInModule": {
9041 "filename": "lib/lazy-role.ts",
9042 "line": 76
9043 },
9044 "name": "addManagedPolicy",
9045 "overrides": "@aws-cdk/aws-iam.IIdentity",
9046 "parameters": [
9047 {
9048 "docs": {
9049 "summary": "The managed policy to attach."
9050 },
9051 "name": "policy",
9052 "type": {
9053 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
9054 }
9055 }
9056 ]
9057 },
9058 {
9059 "docs": {
9060 "stability": "stable",
9061 "summary": "Add to the policy of this principal."
9062 },
9063 "locationInModule": {
9064 "filename": "lib/lazy-role.ts",
9065 "line": 56
9066 },
9067 "name": "addToPolicy",
9068 "overrides": "@aws-cdk/aws-iam.IPrincipal",
9069 "parameters": [
9070 {
9071 "name": "statement",
9072 "type": {
9073 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
9074 }
9075 }
9076 ],
9077 "returns": {
9078 "type": {
9079 "primitive": "boolean"
9080 }
9081 }
9082 },
9083 {
9084 "docs": {
9085 "remarks": "If there is no default policy attached to this role, it will be created.",
9086 "stability": "stable",
9087 "summary": "Adds a permission to the role's default policy document."
9088 },
9089 "locationInModule": {
9090 "filename": "lib/lazy-role.ts",
9091 "line": 47
9092 },
9093 "name": "addToPrincipalPolicy",
9094 "overrides": "@aws-cdk/aws-iam.IPrincipal",
9095 "parameters": [
9096 {
9097 "docs": {
9098 "summary": "The permission statement to add to the policy document."
9099 },
9100 "name": "statement",
9101 "type": {
9102 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
9103 }
9104 }
9105 ],
9106 "returns": {
9107 "type": {
9108 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
9109 }
9110 }
9111 },
9112 {
9113 "docs": {
9114 "stability": "stable",
9115 "summary": "Attaches a policy to this role."
9116 },
9117 "locationInModule": {
9118 "filename": "lib/lazy-role.ts",
9119 "line": 64
9120 },
9121 "name": "attachInlinePolicy",
9122 "overrides": "@aws-cdk/aws-iam.IIdentity",
9123 "parameters": [
9124 {
9125 "docs": {
9126 "summary": "The policy to attach."
9127 },
9128 "name": "policy",
9129 "type": {
9130 "fqn": "@aws-cdk/aws-iam.Policy"
9131 }
9132 }
9133 ]
9134 },
9135 {
9136 "docs": {
9137 "stability": "stable",
9138 "summary": "Grant the actions defined in actions to the identity Principal on this resource."
9139 },
9140 "locationInModule": {
9141 "filename": "lib/lazy-role.ts",
9142 "line": 111
9143 },
9144 "name": "grant",
9145 "overrides": "@aws-cdk/aws-iam.IRole",
9146 "parameters": [
9147 {
9148 "name": "identity",
9149 "type": {
9150 "fqn": "@aws-cdk/aws-iam.IPrincipal"
9151 }
9152 },
9153 {
9154 "name": "actions",
9155 "type": {
9156 "primitive": "string"
9157 },
9158 "variadic": true
9159 }
9160 ],
9161 "returns": {
9162 "type": {
9163 "fqn": "@aws-cdk/aws-iam.Grant"
9164 }
9165 },
9166 "variadic": true
9167 },
9168 {
9169 "docs": {
9170 "stability": "stable",
9171 "summary": "Grant permissions to the given principal to assume this role."
9172 },
9173 "locationInModule": {
9174 "filename": "lib/lazy-role.ts",
9175 "line": 125
9176 },
9177 "name": "grantAssumeRole",
9178 "overrides": "@aws-cdk/aws-iam.IRole",
9179 "parameters": [
9180 {
9181 "name": "identity",
9182 "type": {
9183 "fqn": "@aws-cdk/aws-iam.IPrincipal"
9184 }
9185 }
9186 ],
9187 "returns": {
9188 "type": {
9189 "fqn": "@aws-cdk/aws-iam.Grant"
9190 }
9191 }
9192 },
9193 {
9194 "docs": {
9195 "stability": "stable",
9196 "summary": "Grant permissions to the given principal to pass this role."
9197 },
9198 "locationInModule": {
9199 "filename": "lib/lazy-role.ts",
9200 "line": 118
9201 },
9202 "name": "grantPassRole",
9203 "overrides": "@aws-cdk/aws-iam.IRole",
9204 "parameters": [
9205 {
9206 "name": "identity",
9207 "type": {
9208 "fqn": "@aws-cdk/aws-iam.IPrincipal"
9209 }
9210 }
9211 ],
9212 "returns": {
9213 "type": {
9214 "fqn": "@aws-cdk/aws-iam.Grant"
9215 }
9216 }
9217 }
9218 ],
9219 "name": "LazyRole",
9220 "properties": [
9221 {
9222 "docs": {
9223 "stability": "stable",
9224 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
9225 },
9226 "immutable": true,
9227 "locationInModule": {
9228 "filename": "lib/lazy-role.ts",
9229 "line": 31
9230 },
9231 "name": "assumeRoleAction",
9232 "overrides": "@aws-cdk/aws-iam.IPrincipal",
9233 "type": {
9234 "primitive": "string"
9235 }
9236 },
9237 {
9238 "docs": {
9239 "stability": "stable",
9240 "summary": "The principal to grant permissions to."
9241 },
9242 "immutable": true,
9243 "locationInModule": {
9244 "filename": "lib/lazy-role.ts",
9245 "line": 29
9246 },
9247 "name": "grantPrincipal",
9248 "overrides": "@aws-cdk/aws-iam.IGrantable",
9249 "type": {
9250 "fqn": "@aws-cdk/aws-iam.IPrincipal"
9251 }
9252 },
9253 {
9254 "docs": {
9255 "stability": "stable",
9256 "summary": "Return the policy fragment that identifies this principal in a Policy."
9257 },
9258 "immutable": true,
9259 "locationInModule": {
9260 "filename": "lib/lazy-role.ts",
9261 "line": 104
9262 },
9263 "name": "policyFragment",
9264 "overrides": "@aws-cdk/aws-iam.IPrincipal",
9265 "type": {
9266 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
9267 }
9268 },
9269 {
9270 "docs": {
9271 "stability": "stable",
9272 "summary": "Returns the ARN of this role."
9273 },
9274 "immutable": true,
9275 "locationInModule": {
9276 "filename": "lib/lazy-role.ts",
9277 "line": 87
9278 },
9279 "name": "roleArn",
9280 "overrides": "@aws-cdk/aws-iam.IRole",
9281 "type": {
9282 "primitive": "string"
9283 }
9284 },
9285 {
9286 "docs": {
9287 "custom": {
9288 "attribute": "true"
9289 },
9290 "stability": "stable",
9291 "summary": "Returns the stable and unique string identifying the role (i.e. AIDAJQABLZS4A3QDU576Q)."
9292 },
9293 "immutable": true,
9294 "locationInModule": {
9295 "filename": "lib/lazy-role.ts",
9296 "line": 96
9297 },
9298 "name": "roleId",
9299 "type": {
9300 "primitive": "string"
9301 }
9302 },
9303 {
9304 "docs": {
9305 "stability": "stable",
9306 "summary": "Returns the name of this role."
9307 },
9308 "immutable": true,
9309 "locationInModule": {
9310 "filename": "lib/lazy-role.ts",
9311 "line": 100
9312 },
9313 "name": "roleName",
9314 "overrides": "@aws-cdk/aws-iam.IRole",
9315 "type": {
9316 "primitive": "string"
9317 }
9318 },
9319 {
9320 "docs": {
9321 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
9322 "stability": "stable",
9323 "summary": "The AWS account ID of this principal."
9324 },
9325 "immutable": true,
9326 "locationInModule": {
9327 "filename": "lib/lazy-role.ts",
9328 "line": 30
9329 },
9330 "name": "principalAccount",
9331 "optional": true,
9332 "overrides": "@aws-cdk/aws-iam.IPrincipal",
9333 "type": {
9334 "primitive": "string"
9335 }
9336 }
9337 ],
9338 "symbolId": "lib/lazy-role:LazyRole"
9339 },
9340 "@aws-cdk/aws-iam.LazyRoleProps": {
9341 "assembly": "@aws-cdk/aws-iam",
9342 "datatype": true,
9343 "docs": {
9344 "stability": "stable",
9345 "summary": "Properties for defining a LazyRole.",
9346 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const managedPolicy: iam.ManagedPolicy;\ndeclare const policyDocument: iam.PolicyDocument;\ndeclare const principal: iam.IPrincipal;\nconst lazyRoleProps: iam.LazyRoleProps = {\n assumedBy: principal,\n\n // the properties below are optional\n description: 'description',\n externalId: 'externalId',\n externalIds: ['externalIds'],\n inlinePolicies: {\n inlinePoliciesKey: policyDocument,\n },\n managedPolicies: [managedPolicy],\n maxSessionDuration: cdk.Duration.minutes(30),\n path: 'path',\n permissionsBoundary: managedPolicy,\n roleName: 'roleName',\n};",
9347 "custom": {
9348 "exampleMetadata": "fixture=_generated"
9349 }
9350 },
9351 "fqn": "@aws-cdk/aws-iam.LazyRoleProps",
9352 "interfaces": [
9353 "@aws-cdk/aws-iam.RoleProps"
9354 ],
9355 "kind": "interface",
9356 "locationInModule": {
9357 "filename": "lib/lazy-role.ts",
9358 "line": 13
9359 },
9360 "name": "LazyRoleProps",
9361 "symbolId": "lib/lazy-role:LazyRoleProps"
9362 },
9363 "@aws-cdk/aws-iam.ManagedPolicy": {
9364 "assembly": "@aws-cdk/aws-iam",
9365 "base": "@aws-cdk/core.Resource",
9366 "docs": {
9367 "stability": "stable",
9368 "summary": "Managed policy.",
9369 "example": "const myRole = new iam.Role(this, 'My Role', {\n assumedBy: new iam.ServicePrincipal('sns.amazonaws.com'),\n});\n\nconst fn = new lambda.Function(this, 'MyFunction', {\n runtime: lambda.Runtime.NODEJS_16_X,\n handler: 'index.handler',\n code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')),\n role: myRole, // user-provided role\n});\n\nmyRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName(\"service-role/AWSLambdaBasicExecutionRole\"));\nmyRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName(\"service-role/AWSLambdaVPCAccessExecutionRole\")); // only required if your function lives in a VPC",
9370 "custom": {
9371 "exampleMetadata": "infused"
9372 }
9373 },
9374 "fqn": "@aws-cdk/aws-iam.ManagedPolicy",
9375 "initializer": {
9376 "docs": {
9377 "stability": "stable"
9378 },
9379 "locationInModule": {
9380 "filename": "lib/managed-policy.ts",
9381 "line": 208
9382 },
9383 "parameters": [
9384 {
9385 "name": "scope",
9386 "type": {
9387 "fqn": "constructs.Construct"
9388 }
9389 },
9390 {
9391 "name": "id",
9392 "type": {
9393 "primitive": "string"
9394 }
9395 },
9396 {
9397 "name": "props",
9398 "optional": true,
9399 "type": {
9400 "fqn": "@aws-cdk/aws-iam.ManagedPolicyProps"
9401 }
9402 }
9403 ]
9404 },
9405 "interfaces": [
9406 "@aws-cdk/aws-iam.IManagedPolicy"
9407 ],
9408 "kind": "class",
9409 "locationInModule": {
9410 "filename": "lib/managed-policy.ts",
9411 "line": 102
9412 },
9413 "methods": [
9414 {
9415 "docs": {
9416 "remarks": "For this managed policy, you only need to know the name to be able to use it.\n\nSome managed policy names start with \"service-role/\", some start with\n\"job-function/\", and some don't start with anything. Include the\nprefix when constructing this object.",
9417 "stability": "stable",
9418 "summary": "Import a managed policy from one of the policies that AWS manages."
9419 },
9420 "locationInModule": {
9421 "filename": "lib/managed-policy.ts",
9422 "line": 157
9423 },
9424 "name": "fromAwsManagedPolicyName",
9425 "parameters": [
9426 {
9427 "name": "managedPolicyName",
9428 "type": {
9429 "primitive": "string"
9430 }
9431 }
9432 ],
9433 "returns": {
9434 "type": {
9435 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
9436 }
9437 },
9438 "static": true
9439 },
9440 {
9441 "docs": {
9442 "remarks": "For this managed policy, you only need to know the ARN to be able to use it.\nThis can be useful if you got the ARN from a CloudFormation Export.\n\nIf the imported Managed Policy ARN is a Token (such as a\n`CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced\nmanaged policy has a `path` (like `arn:...:policy/AdminPolicy/AdminAllow`), the\n`managedPolicyName` property will not resolve to the correct value. Instead it\nwill resolve to the first path component. We unfortunately cannot express\nthe correct calculation of the full path name as a CloudFormation\nexpression. In this scenario the Managed Policy ARN should be supplied without the\n`path` in order to resolve the correct managed policy resource.",
9443 "stability": "stable",
9444 "summary": "Import an external managed policy by ARN."
9445 },
9446 "locationInModule": {
9447 "filename": "lib/managed-policy.ts",
9448 "line": 141
9449 },
9450 "name": "fromManagedPolicyArn",
9451 "parameters": [
9452 {
9453 "docs": {
9454 "summary": "construct scope."
9455 },
9456 "name": "scope",
9457 "type": {
9458 "fqn": "constructs.Construct"
9459 }
9460 },
9461 {
9462 "docs": {
9463 "summary": "construct id."
9464 },
9465 "name": "id",
9466 "type": {
9467 "primitive": "string"
9468 }
9469 },
9470 {
9471 "docs": {
9472 "summary": "the ARN of the managed policy to import."
9473 },
9474 "name": "managedPolicyArn",
9475 "type": {
9476 "primitive": "string"
9477 }
9478 }
9479 ],
9480 "returns": {
9481 "type": {
9482 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
9483 }
9484 },
9485 "static": true
9486 },
9487 {
9488 "docs": {
9489 "remarks": "For this managed policy, you only need to know the name to be able to use it.",
9490 "stability": "stable",
9491 "summary": "Import a customer managed policy from the managedPolicyName."
9492 },
9493 "locationInModule": {
9494 "filename": "lib/managed-policy.ts",
9495 "line": 109
9496 },
9497 "name": "fromManagedPolicyName",
9498 "parameters": [
9499 {
9500 "name": "scope",
9501 "type": {
9502 "fqn": "constructs.Construct"
9503 }
9504 },
9505 {
9506 "name": "id",
9507 "type": {
9508 "primitive": "string"
9509 }
9510 },
9511 {
9512 "name": "managedPolicyName",
9513 "type": {
9514 "primitive": "string"
9515 }
9516 }
9517 ],
9518 "returns": {
9519 "type": {
9520 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
9521 }
9522 },
9523 "static": true
9524 },
9525 {
9526 "docs": {
9527 "stability": "stable",
9528 "summary": "Adds a statement to the policy document."
9529 },
9530 "locationInModule": {
9531 "filename": "lib/managed-policy.ts",
9532 "line": 259
9533 },
9534 "name": "addStatements",
9535 "parameters": [
9536 {
9537 "name": "statement",
9538 "type": {
9539 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
9540 },
9541 "variadic": true
9542 }
9543 ],
9544 "variadic": true
9545 },
9546 {
9547 "docs": {
9548 "stability": "stable",
9549 "summary": "Attaches this policy to a group."
9550 },
9551 "locationInModule": {
9552 "filename": "lib/managed-policy.ts",
9553 "line": 282
9554 },
9555 "name": "attachToGroup",
9556 "parameters": [
9557 {
9558 "name": "group",
9559 "type": {
9560 "fqn": "@aws-cdk/aws-iam.IGroup"
9561 }
9562 }
9563 ]
9564 },
9565 {
9566 "docs": {
9567 "stability": "stable",
9568 "summary": "Attaches this policy to a role."
9569 },
9570 "locationInModule": {
9571 "filename": "lib/managed-policy.ts",
9572 "line": 274
9573 },
9574 "name": "attachToRole",
9575 "parameters": [
9576 {
9577 "name": "role",
9578 "type": {
9579 "fqn": "@aws-cdk/aws-iam.IRole"
9580 }
9581 }
9582 ]
9583 },
9584 {
9585 "docs": {
9586 "stability": "stable",
9587 "summary": "Attaches this policy to a user."
9588 },
9589 "locationInModule": {
9590 "filename": "lib/managed-policy.ts",
9591 "line": 266
9592 },
9593 "name": "attachToUser",
9594 "parameters": [
9595 {
9596 "name": "user",
9597 "type": {
9598 "fqn": "@aws-cdk/aws-iam.IUser"
9599 }
9600 }
9601 ]
9602 },
9603 {
9604 "docs": {
9605 "remarks": "This method can be implemented by derived constructs in order to perform\nvalidation logic. It is called on all constructs before synthesis.",
9606 "stability": "stable",
9607 "summary": "Validate the current construct."
9608 },
9609 "locationInModule": {
9610 "filename": "lib/managed-policy.ts",
9611 "line": 287
9612 },
9613 "name": "validate",
9614 "overrides": "@aws-cdk/core.Construct",
9615 "protected": true,
9616 "returns": {
9617 "type": {
9618 "collection": {
9619 "elementtype": {
9620 "primitive": "string"
9621 },
9622 "kind": "array"
9623 }
9624 }
9625 }
9626 }
9627 ],
9628 "name": "ManagedPolicy",
9629 "properties": [
9630 {
9631 "docs": {
9632 "custom": {
9633 "attribute": "true"
9634 },
9635 "stability": "stable",
9636 "summary": "The description of this policy."
9637 },
9638 "immutable": true,
9639 "locationInModule": {
9640 "filename": "lib/managed-policy.ts",
9641 "line": 195
9642 },
9643 "name": "description",
9644 "type": {
9645 "primitive": "string"
9646 }
9647 },
9648 {
9649 "docs": {
9650 "stability": "stable",
9651 "summary": "The policy document."
9652 },
9653 "immutable": true,
9654 "locationInModule": {
9655 "filename": "lib/managed-policy.ts",
9656 "line": 181
9657 },
9658 "name": "document",
9659 "type": {
9660 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
9661 }
9662 },
9663 {
9664 "docs": {
9665 "custom": {
9666 "attribute": "true"
9667 },
9668 "stability": "stable",
9669 "summary": "Returns the ARN of this managed policy."
9670 },
9671 "immutable": true,
9672 "locationInModule": {
9673 "filename": "lib/managed-policy.ts",
9674 "line": 176
9675 },
9676 "name": "managedPolicyArn",
9677 "overrides": "@aws-cdk/aws-iam.IManagedPolicy",
9678 "type": {
9679 "primitive": "string"
9680 }
9681 },
9682 {
9683 "docs": {
9684 "custom": {
9685 "attribute": "true"
9686 },
9687 "stability": "stable",
9688 "summary": "The name of this policy."
9689 },
9690 "immutable": true,
9691 "locationInModule": {
9692 "filename": "lib/managed-policy.ts",
9693 "line": 188
9694 },
9695 "name": "managedPolicyName",
9696 "type": {
9697 "primitive": "string"
9698 }
9699 },
9700 {
9701 "docs": {
9702 "custom": {
9703 "attribute": "true"
9704 },
9705 "stability": "stable",
9706 "summary": "The path of this policy."
9707 },
9708 "immutable": true,
9709 "locationInModule": {
9710 "filename": "lib/managed-policy.ts",
9711 "line": 202
9712 },
9713 "name": "path",
9714 "type": {
9715 "primitive": "string"
9716 }
9717 }
9718 ],
9719 "symbolId": "lib/managed-policy:ManagedPolicy"
9720 },
9721 "@aws-cdk/aws-iam.ManagedPolicyProps": {
9722 "assembly": "@aws-cdk/aws-iam",
9723 "datatype": true,
9724 "docs": {
9725 "stability": "stable",
9726 "summary": "Properties for defining an IAM managed policy.",
9727 "example": "const policyDocument = {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"FirstStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\"iam:ChangePassword\"],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"SecondStatement\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListAllMyBuckets\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"ThirdStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:List*\",\n \"s3:Get*\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::confidential-data\",\n \"arn:aws:s3:::confidential-data/*\"\n ],\n \"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": \"true\"}}\n }\n ]\n};\n\nconst customPolicyDocument = iam.PolicyDocument.fromJson(policyDocument);\n\n// You can pass this document as an initial document to a ManagedPolicy\n// or inline Policy.\nconst newManagedPolicy = new iam.ManagedPolicy(this, 'MyNewManagedPolicy', {\n document: customPolicyDocument,\n});\nconst newPolicy = new iam.Policy(this, 'MyNewPolicy', {\n document: customPolicyDocument,\n});",
9728 "custom": {
9729 "exampleMetadata": "infused"
9730 }
9731 },
9732 "fqn": "@aws-cdk/aws-iam.ManagedPolicyProps",
9733 "kind": "interface",
9734 "locationInModule": {
9735 "filename": "lib/managed-policy.ts",
9736 "line": 25
9737 },
9738 "name": "ManagedPolicyProps",
9739 "properties": [
9740 {
9741 "abstract": true,
9742 "docs": {
9743 "default": "- empty",
9744 "remarks": "Typically used to store information about the\npermissions defined in the policy. For example, \"Grants access to production DynamoDB tables.\"\nThe policy description is immutable. After a value is assigned, it cannot be changed.",
9745 "stability": "stable",
9746 "summary": "A description of the managed policy."
9747 },
9748 "immutable": true,
9749 "locationInModule": {
9750 "filename": "lib/managed-policy.ts",
9751 "line": 42
9752 },
9753 "name": "description",
9754 "optional": true,
9755 "type": {
9756 "primitive": "string"
9757 }
9758 },
9759 {
9760 "abstract": true,
9761 "docs": {
9762 "default": "- An empty policy.",
9763 "remarks": "If omited, any\n`PolicyStatement` provided in the `statements` property will be applied\nagainst the empty default `PolicyDocument`.",
9764 "stability": "stable",
9765 "summary": "Initial PolicyDocument to use for this ManagedPolicy."
9766 },
9767 "immutable": true,
9768 "locationInModule": {
9769 "filename": "lib/managed-policy.ts",
9770 "line": 95
9771 },
9772 "name": "document",
9773 "optional": true,
9774 "type": {
9775 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
9776 }
9777 },
9778 {
9779 "abstract": true,
9780 "docs": {
9781 "default": "- No groups.",
9782 "remarks": "You can also use `attachToGroup(group)` to attach this policy to a group.",
9783 "stability": "stable",
9784 "summary": "Groups to attach this policy to."
9785 },
9786 "immutable": true,
9787 "locationInModule": {
9788 "filename": "lib/managed-policy.ts",
9789 "line": 78
9790 },
9791 "name": "groups",
9792 "optional": true,
9793 "type": {
9794 "collection": {
9795 "elementtype": {
9796 "fqn": "@aws-cdk/aws-iam.IGroup"
9797 },
9798 "kind": "array"
9799 }
9800 }
9801 },
9802 {
9803 "abstract": true,
9804 "docs": {
9805 "default": "- A name is automatically generated.",
9806 "remarks": "If you specify multiple policies for an entity,\nspecify unique names. For example, if you specify a list of policies for\nan IAM role, each policy must have a unique name.",
9807 "stability": "stable",
9808 "summary": "The name of the managed policy."
9809 },
9810 "immutable": true,
9811 "locationInModule": {
9812 "filename": "lib/managed-policy.ts",
9813 "line": 33
9814 },
9815 "name": "managedPolicyName",
9816 "optional": true,
9817 "type": {
9818 "primitive": "string"
9819 }
9820 },
9821 {
9822 "abstract": true,
9823 "docs": {
9824 "default": "- \"/\"",
9825 "remarks": "This parameter allows (through its regex pattern) a string of characters\nconsisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes.\nIn addition, it can contain any ASCII character from the ! (\\u0021) through the DEL character (\\u007F),\nincluding most punctuation characters, digits, and upper and lowercased letters.\n\nFor more information about paths, see IAM Identifiers in the IAM User Guide.",
9826 "stability": "stable",
9827 "summary": "The path for the policy."
9828 },
9829 "immutable": true,
9830 "locationInModule": {
9831 "filename": "lib/managed-policy.ts",
9832 "line": 54
9833 },
9834 "name": "path",
9835 "optional": true,
9836 "type": {
9837 "primitive": "string"
9838 }
9839 },
9840 {
9841 "abstract": true,
9842 "docs": {
9843 "default": "- No roles.",
9844 "remarks": "You can also use `attachToRole(role)` to attach this policy to a role.",
9845 "stability": "stable",
9846 "summary": "Roles to attach this policy to."
9847 },
9848 "immutable": true,
9849 "locationInModule": {
9850 "filename": "lib/managed-policy.ts",
9851 "line": 70
9852 },
9853 "name": "roles",
9854 "optional": true,
9855 "type": {
9856 "collection": {
9857 "elementtype": {
9858 "fqn": "@aws-cdk/aws-iam.IRole"
9859 },
9860 "kind": "array"
9861 }
9862 }
9863 },
9864 {
9865 "abstract": true,
9866 "docs": {
9867 "default": "- No statements.",
9868 "remarks": "You can also use `addPermission(statement)` to add permissions later.",
9869 "stability": "stable",
9870 "summary": "Initial set of permissions to add to this policy document."
9871 },
9872 "immutable": true,
9873 "locationInModule": {
9874 "filename": "lib/managed-policy.ts",
9875 "line": 86
9876 },
9877 "name": "statements",
9878 "optional": true,
9879 "type": {
9880 "collection": {
9881 "elementtype": {
9882 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
9883 },
9884 "kind": "array"
9885 }
9886 }
9887 },
9888 {
9889 "abstract": true,
9890 "docs": {
9891 "default": "- No users.",
9892 "remarks": "You can also use `attachToUser(user)` to attach this policy to a user.",
9893 "stability": "stable",
9894 "summary": "Users to attach this policy to."
9895 },
9896 "immutable": true,
9897 "locationInModule": {
9898 "filename": "lib/managed-policy.ts",
9899 "line": 62
9900 },
9901 "name": "users",
9902 "optional": true,
9903 "type": {
9904 "collection": {
9905 "elementtype": {
9906 "fqn": "@aws-cdk/aws-iam.IUser"
9907 },
9908 "kind": "array"
9909 }
9910 }
9911 }
9912 ],
9913 "symbolId": "lib/managed-policy:ManagedPolicyProps"
9914 },
9915 "@aws-cdk/aws-iam.OpenIdConnectPrincipal": {
9916 "assembly": "@aws-cdk/aws-iam",
9917 "base": "@aws-cdk/aws-iam.WebIdentityPrincipal",
9918 "docs": {
9919 "stability": "stable",
9920 "summary": "A principal that represents a federated identity provider as from a OpenID Connect provider.",
9921 "example": "const provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});\nconst principal = new iam.OpenIdConnectPrincipal(provider);",
9922 "custom": {
9923 "exampleMetadata": "infused"
9924 }
9925 },
9926 "fqn": "@aws-cdk/aws-iam.OpenIdConnectPrincipal",
9927 "initializer": {
9928 "docs": {
9929 "stability": "stable"
9930 },
9931 "locationInModule": {
9932 "filename": "lib/principals.ts",
9933 "line": 672
9934 },
9935 "parameters": [
9936 {
9937 "docs": {
9938 "summary": "OpenID Connect provider."
9939 },
9940 "name": "openIdConnectProvider",
9941 "type": {
9942 "fqn": "@aws-cdk/aws-iam.IOpenIdConnectProvider"
9943 }
9944 },
9945 {
9946 "docs": {
9947 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
9948 "summary": "The conditions under which the policy is in effect."
9949 },
9950 "name": "conditions",
9951 "optional": true,
9952 "type": {
9953 "collection": {
9954 "elementtype": {
9955 "primitive": "any"
9956 },
9957 "kind": "map"
9958 }
9959 }
9960 }
9961 ]
9962 },
9963 "kind": "class",
9964 "locationInModule": {
9965 "filename": "lib/principals.ts",
9966 "line": 664
9967 },
9968 "methods": [
9969 {
9970 "docs": {
9971 "stability": "stable",
9972 "summary": "Returns a string representation of an object."
9973 },
9974 "locationInModule": {
9975 "filename": "lib/principals.ts",
9976 "line": 680
9977 },
9978 "name": "toString",
9979 "overrides": "@aws-cdk/aws-iam.WebIdentityPrincipal",
9980 "returns": {
9981 "type": {
9982 "primitive": "string"
9983 }
9984 }
9985 }
9986 ],
9987 "name": "OpenIdConnectPrincipal",
9988 "properties": [
9989 {
9990 "docs": {
9991 "stability": "stable",
9992 "summary": "Return the policy fragment that identifies this principal in a Policy."
9993 },
9994 "immutable": true,
9995 "locationInModule": {
9996 "filename": "lib/principals.ts",
9997 "line": 676
9998 },
9999 "name": "policyFragment",
10000 "overrides": "@aws-cdk/aws-iam.WebIdentityPrincipal",
10001 "type": {
10002 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
10003 }
10004 }
10005 ],
10006 "symbolId": "lib/principals:OpenIdConnectPrincipal"
10007 },
10008 "@aws-cdk/aws-iam.OpenIdConnectProvider": {
10009 "assembly": "@aws-cdk/aws-iam",
10010 "base": "@aws-cdk/core.Resource",
10011 "docs": {
10012 "custom": {
10013 "resource": "AWS::CloudFormation::CustomResource",
10014 "exampleMetadata": "infused"
10015 },
10016 "remarks": "You use an IAM OIDC identity provider\nwhen you want to establish trust between an OIDC-compatible IdP and your AWS\naccount. This is useful when creating a mobile app or web application that\nrequires access to AWS resources, but you don't want to create custom sign-in\ncode or manage your own user identities.",
10017 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html",
10018 "stability": "stable",
10019 "summary": "IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce.",
10020 "example": "const provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});"
10021 },
10022 "fqn": "@aws-cdk/aws-iam.OpenIdConnectProvider",
10023 "initializer": {
10024 "docs": {
10025 "stability": "stable",
10026 "summary": "Defines an OpenID Connect provider."
10027 },
10028 "locationInModule": {
10029 "filename": "lib/oidc-provider.ts",
10030 "line": 140
10031 },
10032 "parameters": [
10033 {
10034 "docs": {
10035 "summary": "The definition scope."
10036 },
10037 "name": "scope",
10038 "type": {
10039 "fqn": "constructs.Construct"
10040 }
10041 },
10042 {
10043 "docs": {
10044 "summary": "Construct ID."
10045 },
10046 "name": "id",
10047 "type": {
10048 "primitive": "string"
10049 }
10050 },
10051 {
10052 "docs": {
10053 "summary": "Initialization properties."
10054 },
10055 "name": "props",
10056 "type": {
10057 "fqn": "@aws-cdk/aws-iam.OpenIdConnectProviderProps"
10058 }
10059 }
10060 ]
10061 },
10062 "interfaces": [
10063 "@aws-cdk/aws-iam.IOpenIdConnectProvider"
10064 ],
10065 "kind": "class",
10066 "locationInModule": {
10067 "filename": "lib/oidc-provider.ts",
10068 "line": 104
10069 },
10070 "methods": [
10071 {
10072 "docs": {
10073 "stability": "stable",
10074 "summary": "Imports an Open ID connect provider from an ARN."
10075 },
10076 "locationInModule": {
10077 "filename": "lib/oidc-provider.ts",
10078 "line": 111
10079 },
10080 "name": "fromOpenIdConnectProviderArn",
10081 "parameters": [
10082 {
10083 "docs": {
10084 "summary": "The definition scope."
10085 },
10086 "name": "scope",
10087 "type": {
10088 "fqn": "constructs.Construct"
10089 }
10090 },
10091 {
10092 "docs": {
10093 "summary": "ID of the construct."
10094 },
10095 "name": "id",
10096 "type": {
10097 "primitive": "string"
10098 }
10099 },
10100 {
10101 "docs": {
10102 "summary": "the ARN to import."
10103 },
10104 "name": "openIdConnectProviderArn",
10105 "type": {
10106 "primitive": "string"
10107 }
10108 }
10109 ],
10110 "returns": {
10111 "type": {
10112 "fqn": "@aws-cdk/aws-iam.IOpenIdConnectProvider"
10113 }
10114 },
10115 "static": true
10116 }
10117 ],
10118 "name": "OpenIdConnectProvider",
10119 "properties": [
10120 {
10121 "docs": {
10122 "stability": "stable",
10123 "summary": "The Amazon Resource Name (ARN) of the IAM OpenID Connect provider."
10124 },
10125 "immutable": true,
10126 "locationInModule": {
10127 "filename": "lib/oidc-provider.ts",
10128 "line": 125
10129 },
10130 "name": "openIdConnectProviderArn",
10131 "overrides": "@aws-cdk/aws-iam.IOpenIdConnectProvider",
10132 "type": {
10133 "primitive": "string"
10134 }
10135 },
10136 {
10137 "docs": {
10138 "stability": "stable",
10139 "summary": "The issuer for OIDC Provider."
10140 },
10141 "immutable": true,
10142 "locationInModule": {
10143 "filename": "lib/oidc-provider.ts",
10144 "line": 127
10145 },
10146 "name": "openIdConnectProviderIssuer",
10147 "overrides": "@aws-cdk/aws-iam.IOpenIdConnectProvider",
10148 "type": {
10149 "primitive": "string"
10150 }
10151 },
10152 {
10153 "docs": {
10154 "stability": "stable",
10155 "summary": "The thumbprints configured for this provider."
10156 },
10157 "immutable": true,
10158 "locationInModule": {
10159 "filename": "lib/oidc-provider.ts",
10160 "line": 132
10161 },
10162 "name": "openIdConnectProviderthumbprints",
10163 "type": {
10164 "primitive": "string"
10165 }
10166 }
10167 ],
10168 "symbolId": "lib/oidc-provider:OpenIdConnectProvider"
10169 },
10170 "@aws-cdk/aws-iam.OpenIdConnectProviderProps": {
10171 "assembly": "@aws-cdk/aws-iam",
10172 "datatype": true,
10173 "docs": {
10174 "stability": "stable",
10175 "summary": "Initialization properties for `OpenIdConnectProvider`.",
10176 "example": "const provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});",
10177 "custom": {
10178 "exampleMetadata": "infused"
10179 }
10180 },
10181 "fqn": "@aws-cdk/aws-iam.OpenIdConnectProviderProps",
10182 "kind": "interface",
10183 "locationInModule": {
10184 "filename": "lib/oidc-provider.ts",
10185 "line": 34
10186 },
10187 "name": "OpenIdConnectProviderProps",
10188 "properties": [
10189 {
10190 "abstract": true,
10191 "docs": {
10192 "remarks": "The URL must begin with https:// and\nshould correspond to the iss claim in the provider's OpenID Connect ID\ntokens. Per the OIDC standard, path components are allowed but query\nparameters are not. Typically the URL consists of only a hostname, like\nhttps://server.example.org or https://example.com.\n\nYou cannot register the same provider multiple times in a single AWS\naccount. If you try to submit a URL that has already been used for an\nOpenID Connect provider in the AWS account, you will get an error.",
10193 "stability": "stable",
10194 "summary": "The URL of the identity provider."
10195 },
10196 "immutable": true,
10197 "locationInModule": {
10198 "filename": "lib/oidc-provider.ts",
10199 "line": 46
10200 },
10201 "name": "url",
10202 "type": {
10203 "primitive": "string"
10204 }
10205 },
10206 {
10207 "abstract": true,
10208 "docs": {
10209 "default": "- no clients are allowed",
10210 "remarks": "When a mobile or web app\nregisters with an OpenID Connect provider, they establish a value that\nidentifies the application. (This is the value that's sent as the client_id\nparameter on OAuth requests.)\n\nYou can register multiple client IDs with the same provider. For example,\nyou might have multiple applications that use the same OIDC provider. You\ncannot register more than 100 client IDs with a single IAM OIDC provider.\n\nClient IDs are up to 255 characters long.",
10211 "stability": "stable",
10212 "summary": "A list of client IDs (also known as audiences)."
10213 },
10214 "immutable": true,
10215 "locationInModule": {
10216 "filename": "lib/oidc-provider.ts",
10217 "line": 62
10218 },
10219 "name": "clientIds",
10220 "optional": true,
10221 "type": {
10222 "collection": {
10223 "elementtype": {
10224 "primitive": "string"
10225 },
10226 "kind": "array"
10227 }
10228 }
10229 },
10230 {
10231 "abstract": true,
10232 "docs": {
10233 "default": "- If no thumbprints are specified (an empty array or `undefined`),\nthe thumbprint of the root certificate authority will be obtained from the\nprovider's server as described in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html",
10234 "remarks": "Typically this list includes only one entry. However, IAM lets you have up\nto five thumbprints for an OIDC provider. This lets you maintain multiple\nthumbprints if the identity provider is rotating certificates.\n\nThe server certificate thumbprint is the hex-encoded SHA-1 hash value of\nthe X.509 certificate used by the domain where the OpenID Connect provider\nmakes its keys available. It is always a 40-character string.\n\nYou must provide at least one thumbprint when creating an IAM OIDC\nprovider. For example, assume that the OIDC provider is server.example.com\nand the provider stores its keys at\nhttps://keys.server.example.com/openid-connect. In that case, the\nthumbprint string would be the hex-encoded SHA-1 hash value of the\ncertificate used by https://keys.server.example.com.",
10235 "stability": "stable",
10236 "summary": "A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificates."
10237 },
10238 "immutable": true,
10239 "locationInModule": {
10240 "filename": "lib/oidc-provider.ts",
10241 "line": 87
10242 },
10243 "name": "thumbprints",
10244 "optional": true,
10245 "type": {
10246 "collection": {
10247 "elementtype": {
10248 "primitive": "string"
10249 },
10250 "kind": "array"
10251 }
10252 }
10253 }
10254 ],
10255 "symbolId": "lib/oidc-provider:OpenIdConnectProviderProps"
10256 },
10257 "@aws-cdk/aws-iam.OrganizationPrincipal": {
10258 "assembly": "@aws-cdk/aws-iam",
10259 "base": "@aws-cdk/aws-iam.PrincipalBase",
10260 "docs": {
10261 "stability": "stable",
10262 "summary": "A principal that represents an AWS Organization.",
10263 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst organizationPrincipal = new iam.OrganizationPrincipal('organizationId');",
10264 "custom": {
10265 "exampleMetadata": "fixture=_generated"
10266 }
10267 },
10268 "fqn": "@aws-cdk/aws-iam.OrganizationPrincipal",
10269 "initializer": {
10270 "docs": {
10271 "stability": "stable"
10272 },
10273 "locationInModule": {
10274 "filename": "lib/principals.ts",
10275 "line": 538
10276 },
10277 "parameters": [
10278 {
10279 "docs": {
10280 "summary": "The unique identifier (ID) of an organization (i.e. o-12345abcde)."
10281 },
10282 "name": "organizationId",
10283 "type": {
10284 "primitive": "string"
10285 }
10286 }
10287 ]
10288 },
10289 "kind": "class",
10290 "locationInModule": {
10291 "filename": "lib/principals.ts",
10292 "line": 533
10293 },
10294 "methods": [
10295 {
10296 "docs": {
10297 "stability": "stable",
10298 "summary": "Return whether or not this principal is equal to the given principal."
10299 },
10300 "locationInModule": {
10301 "filename": "lib/principals.ts",
10302 "line": 553
10303 },
10304 "name": "dedupeString",
10305 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
10306 "returns": {
10307 "optional": true,
10308 "type": {
10309 "primitive": "string"
10310 }
10311 }
10312 },
10313 {
10314 "docs": {
10315 "stability": "stable",
10316 "summary": "Returns a string representation of an object."
10317 },
10318 "locationInModule": {
10319 "filename": "lib/principals.ts",
10320 "line": 549
10321 },
10322 "name": "toString",
10323 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
10324 "returns": {
10325 "type": {
10326 "primitive": "string"
10327 }
10328 }
10329 }
10330 ],
10331 "name": "OrganizationPrincipal",
10332 "properties": [
10333 {
10334 "docs": {
10335 "stability": "stable",
10336 "summary": "The unique identifier (ID) of an organization (i.e. o-12345abcde)."
10337 },
10338 "immutable": true,
10339 "locationInModule": {
10340 "filename": "lib/principals.ts",
10341 "line": 538
10342 },
10343 "name": "organizationId",
10344 "type": {
10345 "primitive": "string"
10346 }
10347 },
10348 {
10349 "docs": {
10350 "stability": "stable",
10351 "summary": "Return the policy fragment that identifies this principal in a Policy."
10352 },
10353 "immutable": true,
10354 "locationInModule": {
10355 "filename": "lib/principals.ts",
10356 "line": 542
10357 },
10358 "name": "policyFragment",
10359 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
10360 "type": {
10361 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
10362 }
10363 }
10364 ],
10365 "symbolId": "lib/principals:OrganizationPrincipal"
10366 },
10367 "@aws-cdk/aws-iam.PermissionsBoundary": {
10368 "assembly": "@aws-cdk/aws-iam",
10369 "docs": {
10370 "remarks": "```ts\nconst policy = iam.ManagedPolicy.fromAwsManagedPolicyName('ReadOnlyAccess');\niam.PermissionsBoundary.of(this).apply(policy);\n```",
10371 "stability": "stable",
10372 "summary": "Modify the Permissions Boundaries of Users and Roles in a construct tree.",
10373 "example": "declare const project: codebuild.Project;\niam.PermissionsBoundary.of(project).apply(new codebuild.UntrustedCodeBoundaryPolicy(this, 'Boundary'));",
10374 "custom": {
10375 "exampleMetadata": "infused"
10376 }
10377 },
10378 "fqn": "@aws-cdk/aws-iam.PermissionsBoundary",
10379 "kind": "class",
10380 "locationInModule": {
10381 "filename": "lib/permissions-boundary.ts",
10382 "line": 14
10383 },
10384 "methods": [
10385 {
10386 "docs": {
10387 "stability": "stable",
10388 "summary": "Access the Permissions Boundaries of a construct tree."
10389 },
10390 "locationInModule": {
10391 "filename": "lib/permissions-boundary.ts",
10392 "line": 18
10393 },
10394 "name": "of",
10395 "parameters": [
10396 {
10397 "name": "scope",
10398 "type": {
10399 "fqn": "constructs.IConstruct"
10400 }
10401 }
10402 ],
10403 "returns": {
10404 "type": {
10405 "fqn": "@aws-cdk/aws-iam.PermissionsBoundary"
10406 }
10407 },
10408 "static": true
10409 },
10410 {
10411 "docs": {
10412 "remarks": "Will override any Permissions Boundaries configured previously; in case\na Permission Boundary is applied in multiple scopes, the Boundary applied\nclosest to the Role wins.",
10413 "stability": "stable",
10414 "summary": "Apply the given policy as Permissions Boundary to all Roles and Users in the scope."
10415 },
10416 "locationInModule": {
10417 "filename": "lib/permissions-boundary.ts",
10418 "line": 33
10419 },
10420 "name": "apply",
10421 "parameters": [
10422 {
10423 "name": "boundaryPolicy",
10424 "type": {
10425 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
10426 }
10427 }
10428 ]
10429 },
10430 {
10431 "docs": {
10432 "stability": "stable",
10433 "summary": "Remove previously applied Permissions Boundaries."
10434 },
10435 "locationInModule": {
10436 "filename": "lib/permissions-boundary.ts",
10437 "line": 49
10438 },
10439 "name": "clear"
10440 }
10441 ],
10442 "name": "PermissionsBoundary",
10443 "symbolId": "lib/permissions-boundary:PermissionsBoundary"
10444 },
10445 "@aws-cdk/aws-iam.Policy": {
10446 "assembly": "@aws-cdk/aws-iam",
10447 "base": "@aws-cdk/core.Resource",
10448 "docs": {
10449 "remarks": "For more information about IAM policies, see [Overview of IAM\nPolicies](http://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html)\nin the IAM User Guide guide.",
10450 "stability": "stable",
10451 "summary": "The AWS::IAM::Policy resource associates an IAM policy with IAM users, roles, or groups.",
10452 "example": "declare const postAuthFn: lambda.Function;\n\nconst userpool = new cognito.UserPool(this, 'myuserpool', {\n lambdaTriggers: {\n postAuthentication: postAuthFn,\n },\n});\n\n// provide permissions to describe the user pool scoped to the ARN the user pool\npostAuthFn.role?.attachInlinePolicy(new iam.Policy(this, 'userpool-policy', {\n statements: [new iam.PolicyStatement({\n actions: ['cognito-idp:DescribeUserPool'],\n resources: [userpool.userPoolArn],\n })],\n}));",
10453 "custom": {
10454 "exampleMetadata": "infused"
10455 }
10456 },
10457 "fqn": "@aws-cdk/aws-iam.Policy",
10458 "initializer": {
10459 "docs": {
10460 "stability": "stable"
10461 },
10462 "locationInModule": {
10463 "filename": "lib/policy.ts",
10464 "line": 128
10465 },
10466 "parameters": [
10467 {
10468 "name": "scope",
10469 "type": {
10470 "fqn": "constructs.Construct"
10471 }
10472 },
10473 {
10474 "name": "id",
10475 "type": {
10476 "primitive": "string"
10477 }
10478 },
10479 {
10480 "name": "props",
10481 "optional": true,
10482 "type": {
10483 "fqn": "@aws-cdk/aws-iam.PolicyProps"
10484 }
10485 }
10486 ]
10487 },
10488 "interfaces": [
10489 "@aws-cdk/aws-iam.IPolicy"
10490 ],
10491 "kind": "class",
10492 "locationInModule": {
10493 "filename": "lib/policy.ts",
10494 "line": 103
10495 },
10496 "methods": [
10497 {
10498 "docs": {
10499 "stability": "stable",
10500 "summary": "Import a policy in this app based on its name."
10501 },
10502 "locationInModule": {
10503 "filename": "lib/policy.ts",
10504 "line": 108
10505 },
10506 "name": "fromPolicyName",
10507 "parameters": [
10508 {
10509 "name": "scope",
10510 "type": {
10511 "fqn": "constructs.Construct"
10512 }
10513 },
10514 {
10515 "name": "id",
10516 "type": {
10517 "primitive": "string"
10518 }
10519 },
10520 {
10521 "name": "policyName",
10522 "type": {
10523 "primitive": "string"
10524 }
10525 }
10526 ],
10527 "returns": {
10528 "type": {
10529 "fqn": "@aws-cdk/aws-iam.IPolicy"
10530 }
10531 },
10532 "static": true
10533 },
10534 {
10535 "docs": {
10536 "stability": "stable",
10537 "summary": "Adds a statement to the policy document."
10538 },
10539 "locationInModule": {
10540 "filename": "lib/policy.ts",
10541 "line": 185
10542 },
10543 "name": "addStatements",
10544 "parameters": [
10545 {
10546 "name": "statement",
10547 "type": {
10548 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
10549 },
10550 "variadic": true
10551 }
10552 ],
10553 "variadic": true
10554 },
10555 {
10556 "docs": {
10557 "stability": "stable",
10558 "summary": "Attaches this policy to a group."
10559 },
10560 "locationInModule": {
10561 "filename": "lib/policy.ts",
10562 "line": 210
10563 },
10564 "name": "attachToGroup",
10565 "parameters": [
10566 {
10567 "name": "group",
10568 "type": {
10569 "fqn": "@aws-cdk/aws-iam.IGroup"
10570 }
10571 }
10572 ]
10573 },
10574 {
10575 "docs": {
10576 "stability": "stable",
10577 "summary": "Attaches this policy to a role."
10578 },
10579 "locationInModule": {
10580 "filename": "lib/policy.ts",
10581 "line": 201
10582 },
10583 "name": "attachToRole",
10584 "parameters": [
10585 {
10586 "name": "role",
10587 "type": {
10588 "fqn": "@aws-cdk/aws-iam.IRole"
10589 }
10590 }
10591 ]
10592 },
10593 {
10594 "docs": {
10595 "stability": "stable",
10596 "summary": "Attaches this policy to a user."
10597 },
10598 "locationInModule": {
10599 "filename": "lib/policy.ts",
10600 "line": 192
10601 },
10602 "name": "attachToUser",
10603 "parameters": [
10604 {
10605 "name": "user",
10606 "type": {
10607 "fqn": "@aws-cdk/aws-iam.IUser"
10608 }
10609 }
10610 ]
10611 },
10612 {
10613 "docs": {
10614 "remarks": "This method can be implemented by derived constructs in order to perform\nvalidation logic. It is called on all constructs before synthesis.",
10615 "stability": "stable",
10616 "summary": "Validate the current construct."
10617 },
10618 "locationInModule": {
10619 "filename": "lib/policy.ts",
10620 "line": 226
10621 },
10622 "name": "validate",
10623 "overrides": "@aws-cdk/core.Construct",
10624 "protected": true,
10625 "returns": {
10626 "type": {
10627 "collection": {
10628 "elementtype": {
10629 "primitive": "string"
10630 },
10631 "kind": "array"
10632 }
10633 }
10634 }
10635 }
10636 ],
10637 "name": "Policy",
10638 "properties": [
10639 {
10640 "docs": {
10641 "stability": "stable",
10642 "summary": "The policy document."
10643 },
10644 "immutable": true,
10645 "locationInModule": {
10646 "filename": "lib/policy.ts",
10647 "line": 119
10648 },
10649 "name": "document",
10650 "type": {
10651 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
10652 }
10653 },
10654 {
10655 "docs": {
10656 "custom": {
10657 "attribute": "true"
10658 },
10659 "stability": "stable",
10660 "summary": "The name of this policy."
10661 },
10662 "immutable": true,
10663 "locationInModule": {
10664 "filename": "lib/policy.ts",
10665 "line": 221
10666 },
10667 "name": "policyName",
10668 "overrides": "@aws-cdk/aws-iam.IPolicy",
10669 "type": {
10670 "primitive": "string"
10671 }
10672 }
10673 ],
10674 "symbolId": "lib/policy:Policy"
10675 },
10676 "@aws-cdk/aws-iam.PolicyDocument": {
10677 "assembly": "@aws-cdk/aws-iam",
10678 "docs": {
10679 "stability": "stable",
10680 "summary": "A PolicyDocument is a collection of statements.",
10681 "example": "const myTrustedAdminRole = iam.Role.fromRoleArn(this, 'TrustedRole', 'arn:aws:iam:....');\n// Creates a limited admin policy and assigns to the account root.\nconst myCustomPolicy = new iam.PolicyDocument({\n statements: [new iam.PolicyStatement({\n actions: [\n 'kms:Create*',\n 'kms:Describe*',\n 'kms:Enable*',\n 'kms:List*',\n 'kms:Put*',\n ],\n principals: [new iam.AccountRootPrincipal()],\n resources: ['*'],\n })],\n});\nconst key = new kms.Key(this, 'MyKey', {\n policy: myCustomPolicy,\n});",
10682 "custom": {
10683 "exampleMetadata": "infused"
10684 }
10685 },
10686 "fqn": "@aws-cdk/aws-iam.PolicyDocument",
10687 "initializer": {
10688 "docs": {
10689 "stability": "stable"
10690 },
10691 "locationInModule": {
10692 "filename": "lib/policy-document.ts",
10693 "line": 70
10694 },
10695 "parameters": [
10696 {
10697 "name": "props",
10698 "optional": true,
10699 "type": {
10700 "fqn": "@aws-cdk/aws-iam.PolicyDocumentProps"
10701 }
10702 }
10703 ]
10704 },
10705 "interfaces": [
10706 "@aws-cdk/core.IResolvable"
10707 ],
10708 "kind": "class",
10709 "locationInModule": {
10710 "filename": "lib/policy-document.ts",
10711 "line": 48
10712 },
10713 "methods": [
10714 {
10715 "docs": {
10716 "remarks": "This will accept an object created from the `.toJSON()` call",
10717 "stability": "stable",
10718 "summary": "Creates a new PolicyDocument based on the object provided."
10719 },
10720 "locationInModule": {
10721 "filename": "lib/policy-document.ts",
10722 "line": 55
10723 },
10724 "name": "fromJson",
10725 "parameters": [
10726 {
10727 "docs": {
10728 "summary": "the PolicyDocument in object form."
10729 },
10730 "name": "obj",
10731 "type": {
10732 "primitive": "any"
10733 }
10734 }
10735 ],
10736 "returns": {
10737 "type": {
10738 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
10739 }
10740 },
10741 "static": true
10742 },
10743 {
10744 "docs": {
10745 "stability": "stable",
10746 "summary": "Adds a statement to the policy document."
10747 },
10748 "locationInModule": {
10749 "filename": "lib/policy-document.ts",
10750 "line": 115
10751 },
10752 "name": "addStatements",
10753 "parameters": [
10754 {
10755 "docs": {
10756 "summary": "the statement to add."
10757 },
10758 "name": "statement",
10759 "type": {
10760 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
10761 },
10762 "variadic": true
10763 }
10764 ],
10765 "variadic": true
10766 },
10767 {
10768 "docs": {
10769 "stability": "stable",
10770 "summary": "Produce the Token's value at resolution time."
10771 },
10772 "locationInModule": {
10773 "filename": "lib/policy-document.ts",
10774 "line": 78
10775 },
10776 "name": "resolve",
10777 "overrides": "@aws-cdk/core.IResolvable",
10778 "parameters": [
10779 {
10780 "name": "context",
10781 "type": {
10782 "fqn": "@aws-cdk/core.IResolveContext"
10783 }
10784 }
10785 ],
10786 "returns": {
10787 "type": {
10788 "primitive": "any"
10789 }
10790 }
10791 },
10792 {
10793 "docs": {
10794 "remarks": "Used when JSON.stringify() is called",
10795 "stability": "stable",
10796 "summary": "JSON-ify the document."
10797 },
10798 "locationInModule": {
10799 "filename": "lib/policy-document.ts",
10800 "line": 133
10801 },
10802 "name": "toJSON",
10803 "returns": {
10804 "type": {
10805 "primitive": "any"
10806 }
10807 }
10808 },
10809 {
10810 "docs": {
10811 "stability": "stable",
10812 "summary": "Encode the policy document as a string."
10813 },
10814 "locationInModule": {
10815 "filename": "lib/policy-document.ts",
10816 "line": 122
10817 },
10818 "name": "toString",
10819 "overrides": "@aws-cdk/core.IResolvable",
10820 "returns": {
10821 "type": {
10822 "primitive": "string"
10823 }
10824 }
10825 },
10826 {
10827 "docs": {
10828 "returns": "An array of validation error messages, or an empty array if the document is valid.",
10829 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json",
10830 "stability": "stable",
10831 "summary": "Validate that all policy statements in the policy document satisfies the requirements for any policy."
10832 },
10833 "locationInModule": {
10834 "filename": "lib/policy-document.ts",
10835 "line": 145
10836 },
10837 "name": "validateForAnyPolicy",
10838 "returns": {
10839 "type": {
10840 "collection": {
10841 "elementtype": {
10842 "primitive": "string"
10843 },
10844 "kind": "array"
10845 }
10846 }
10847 }
10848 },
10849 {
10850 "docs": {
10851 "returns": "An array of validation error messages, or an empty array if the document is valid.",
10852 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json",
10853 "stability": "stable",
10854 "summary": "Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy."
10855 },
10856 "locationInModule": {
10857 "filename": "lib/policy-document.ts",
10858 "line": 177
10859 },
10860 "name": "validateForIdentityPolicy",
10861 "returns": {
10862 "type": {
10863 "collection": {
10864 "elementtype": {
10865 "primitive": "string"
10866 },
10867 "kind": "array"
10868 }
10869 }
10870 }
10871 },
10872 {
10873 "docs": {
10874 "returns": "An array of validation error messages, or an empty array if the document is valid.",
10875 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json",
10876 "stability": "stable",
10877 "summary": "Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy."
10878 },
10879 "locationInModule": {
10880 "filename": "lib/policy-document.ts",
10881 "line": 161
10882 },
10883 "name": "validateForResourcePolicy",
10884 "returns": {
10885 "type": {
10886 "collection": {
10887 "elementtype": {
10888 "primitive": "string"
10889 },
10890 "kind": "array"
10891 }
10892 }
10893 }
10894 }
10895 ],
10896 "name": "PolicyDocument",
10897 "properties": [
10898 {
10899 "docs": {
10900 "remarks": "This may return an array with a single informational element indicating how\nto get this property populated, if it was skipped for performance reasons.",
10901 "stability": "stable",
10902 "summary": "The creation stack of this resolvable which will be appended to errors thrown during resolution."
10903 },
10904 "immutable": true,
10905 "locationInModule": {
10906 "filename": "lib/policy-document.ts",
10907 "line": 65
10908 },
10909 "name": "creationStack",
10910 "overrides": "@aws-cdk/core.IResolvable",
10911 "type": {
10912 "collection": {
10913 "elementtype": {
10914 "primitive": "string"
10915 },
10916 "kind": "array"
10917 }
10918 }
10919 },
10920 {
10921 "docs": {
10922 "stability": "stable",
10923 "summary": "Whether the policy document contains any statements."
10924 },
10925 "immutable": true,
10926 "locationInModule": {
10927 "filename": "lib/policy-document.ts",
10928 "line": 98
10929 },
10930 "name": "isEmpty",
10931 "type": {
10932 "primitive": "boolean"
10933 }
10934 },
10935 {
10936 "docs": {
10937 "remarks": "Can be used, for example, to generate unique \"sid\"s within the policy.",
10938 "stability": "stable",
10939 "summary": "The number of statements already added to this policy."
10940 },
10941 "immutable": true,
10942 "locationInModule": {
10943 "filename": "lib/policy-document.ts",
10944 "line": 106
10945 },
10946 "name": "statementCount",
10947 "type": {
10948 "primitive": "number"
10949 }
10950 }
10951 ],
10952 "symbolId": "lib/policy-document:PolicyDocument"
10953 },
10954 "@aws-cdk/aws-iam.PolicyDocumentProps": {
10955 "assembly": "@aws-cdk/aws-iam",
10956 "datatype": true,
10957 "docs": {
10958 "stability": "stable",
10959 "summary": "Properties for a new PolicyDocument.",
10960 "example": "const myTrustedAdminRole = iam.Role.fromRoleArn(this, 'TrustedRole', 'arn:aws:iam:....');\n// Creates a limited admin policy and assigns to the account root.\nconst myCustomPolicy = new iam.PolicyDocument({\n statements: [new iam.PolicyStatement({\n actions: [\n 'kms:Create*',\n 'kms:Describe*',\n 'kms:Enable*',\n 'kms:List*',\n 'kms:Put*',\n ],\n principals: [new iam.AccountRootPrincipal()],\n resources: ['*'],\n })],\n});\nconst key = new kms.Key(this, 'MyKey', {\n policy: myCustomPolicy,\n});",
10961 "custom": {
10962 "exampleMetadata": "infused"
10963 }
10964 },
10965 "fqn": "@aws-cdk/aws-iam.PolicyDocumentProps",
10966 "kind": "interface",
10967 "locationInModule": {
10968 "filename": "lib/policy-document.ts",
10969 "line": 11
10970 },
10971 "name": "PolicyDocumentProps",
10972 "properties": [
10973 {
10974 "abstract": true,
10975 "docs": {
10976 "default": "false",
10977 "stability": "stable",
10978 "summary": "Automatically assign Statement Ids to all statements."
10979 },
10980 "immutable": true,
10981 "locationInModule": {
10982 "filename": "lib/policy-document.ts",
10983 "line": 17
10984 },
10985 "name": "assignSids",
10986 "optional": true,
10987 "type": {
10988 "primitive": "boolean"
10989 }
10990 },
10991 {
10992 "abstract": true,
10993 "docs": {
10994 "default": "- false, unless the feature flag `@aws-cdk/aws-iam:minimizePolicies` is set",
10995 "remarks": "To avoid overrunning the maximum policy size, combine statements if they produce\nthe same result. Merging happens according to the following rules:\n\n- The Effect of both statements is the same\n- Neither of the statements have a 'Sid'\n- Combine Principals if the rest of the statement is exactly the same.\n- Combine Resources if the rest of the statement is exactly the same.\n- Combine Actions if the rest of the statement is exactly the same.\n- We will never combine NotPrincipals, NotResources or NotActions, because doing\n so would change the meaning of the policy document.",
10996 "stability": "stable",
10997 "summary": "Try to minimize the policy by merging statements."
10998 },
10999 "immutable": true,
11000 "locationInModule": {
11001 "filename": "lib/policy-document.ts",
11002 "line": 42
11003 },
11004 "name": "minimize",
11005 "optional": true,
11006 "type": {
11007 "primitive": "boolean"
11008 }
11009 },
11010 {
11011 "abstract": true,
11012 "docs": {
11013 "default": "- No statements",
11014 "stability": "stable",
11015 "summary": "Initial statements to add to the policy document."
11016 },
11017 "immutable": true,
11018 "locationInModule": {
11019 "filename": "lib/policy-document.ts",
11020 "line": 24
11021 },
11022 "name": "statements",
11023 "optional": true,
11024 "type": {
11025 "collection": {
11026 "elementtype": {
11027 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
11028 },
11029 "kind": "array"
11030 }
11031 }
11032 }
11033 ],
11034 "symbolId": "lib/policy-document:PolicyDocumentProps"
11035 },
11036 "@aws-cdk/aws-iam.PolicyProps": {
11037 "assembly": "@aws-cdk/aws-iam",
11038 "datatype": true,
11039 "docs": {
11040 "stability": "stable",
11041 "summary": "Properties for defining an IAM inline policy document.",
11042 "example": "declare const postAuthFn: lambda.Function;\n\nconst userpool = new cognito.UserPool(this, 'myuserpool', {\n lambdaTriggers: {\n postAuthentication: postAuthFn,\n },\n});\n\n// provide permissions to describe the user pool scoped to the ARN the user pool\npostAuthFn.role?.attachInlinePolicy(new iam.Policy(this, 'userpool-policy', {\n statements: [new iam.PolicyStatement({\n actions: ['cognito-idp:DescribeUserPool'],\n resources: [userpool.userPoolArn],\n })],\n}));",
11043 "custom": {
11044 "exampleMetadata": "infused"
11045 }
11046 },
11047 "fqn": "@aws-cdk/aws-iam.PolicyProps",
11048 "kind": "interface",
11049 "locationInModule": {
11050 "filename": "lib/policy.ts",
11051 "line": 28
11052 },
11053 "name": "PolicyProps",
11054 "properties": [
11055 {
11056 "abstract": true,
11057 "docs": {
11058 "default": "- An empty policy.",
11059 "remarks": "If omited, any\n`PolicyStatement` provided in the `statements` property will be applied\nagainst the empty default `PolicyDocument`.",
11060 "stability": "stable",
11061 "summary": "Initial PolicyDocument to use for this Policy."
11062 },
11063 "immutable": true,
11064 "locationInModule": {
11065 "filename": "lib/policy.ts",
11066 "line": 94
11067 },
11068 "name": "document",
11069 "optional": true,
11070 "type": {
11071 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
11072 }
11073 },
11074 {
11075 "abstract": true,
11076 "docs": {
11077 "default": "false",
11078 "remarks": "Unless set to `true`, this `Policy` construct will not materialize to an\n`AWS::IAM::Policy` CloudFormation resource in case it would have no effect\n(for example, if it remains unattached to an IAM identity or if it has no\nstatements). This is generally desired behavior, since it prevents\ncreating invalid--and hence undeployable--CloudFormation templates.\n\nIn cases where you know the policy must be created and it is actually\nan error if no statements have been added to it, you can set this to `true`.",
11079 "stability": "stable",
11080 "summary": "Force creation of an `AWS::IAM::Policy`."
11081 },
11082 "immutable": true,
11083 "locationInModule": {
11084 "filename": "lib/policy.ts",
11085 "line": 85
11086 },
11087 "name": "force",
11088 "optional": true,
11089 "type": {
11090 "primitive": "boolean"
11091 }
11092 },
11093 {
11094 "abstract": true,
11095 "docs": {
11096 "default": "- No groups.",
11097 "remarks": "You can also use `attachToGroup(group)` to attach this policy to a group.",
11098 "stability": "stable",
11099 "summary": "Groups to attach this policy to."
11100 },
11101 "immutable": true,
11102 "locationInModule": {
11103 "filename": "lib/policy.ts",
11104 "line": 61
11105 },
11106 "name": "groups",
11107 "optional": true,
11108 "type": {
11109 "collection": {
11110 "elementtype": {
11111 "fqn": "@aws-cdk/aws-iam.IGroup"
11112 },
11113 "kind": "array"
11114 }
11115 }
11116 },
11117 {
11118 "abstract": true,
11119 "docs": {
11120 "default": "- Uses the logical ID of the policy resource, which is ensured\nto be unique within the stack.",
11121 "remarks": "If you specify multiple policies for an entity,\nspecify unique names. For example, if you specify a list of policies for\nan IAM role, each policy must have a unique name.",
11122 "stability": "stable",
11123 "summary": "The name of the policy."
11124 },
11125 "immutable": true,
11126 "locationInModule": {
11127 "filename": "lib/policy.ts",
11128 "line": 37
11129 },
11130 "name": "policyName",
11131 "optional": true,
11132 "type": {
11133 "primitive": "string"
11134 }
11135 },
11136 {
11137 "abstract": true,
11138 "docs": {
11139 "default": "- No roles.",
11140 "remarks": "You can also use `attachToRole(role)` to attach this policy to a role.",
11141 "stability": "stable",
11142 "summary": "Roles to attach this policy to."
11143 },
11144 "immutable": true,
11145 "locationInModule": {
11146 "filename": "lib/policy.ts",
11147 "line": 53
11148 },
11149 "name": "roles",
11150 "optional": true,
11151 "type": {
11152 "collection": {
11153 "elementtype": {
11154 "fqn": "@aws-cdk/aws-iam.IRole"
11155 },
11156 "kind": "array"
11157 }
11158 }
11159 },
11160 {
11161 "abstract": true,
11162 "docs": {
11163 "default": "- No statements.",
11164 "remarks": "You can also use `addStatements(...statement)` to add permissions later.",
11165 "stability": "stable",
11166 "summary": "Initial set of permissions to add to this policy document."
11167 },
11168 "immutable": true,
11169 "locationInModule": {
11170 "filename": "lib/policy.ts",
11171 "line": 69
11172 },
11173 "name": "statements",
11174 "optional": true,
11175 "type": {
11176 "collection": {
11177 "elementtype": {
11178 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
11179 },
11180 "kind": "array"
11181 }
11182 }
11183 },
11184 {
11185 "abstract": true,
11186 "docs": {
11187 "default": "- No users.",
11188 "remarks": "You can also use `attachToUser(user)` to attach this policy to a user.",
11189 "stability": "stable",
11190 "summary": "Users to attach this policy to."
11191 },
11192 "immutable": true,
11193 "locationInModule": {
11194 "filename": "lib/policy.ts",
11195 "line": 45
11196 },
11197 "name": "users",
11198 "optional": true,
11199 "type": {
11200 "collection": {
11201 "elementtype": {
11202 "fqn": "@aws-cdk/aws-iam.IUser"
11203 },
11204 "kind": "array"
11205 }
11206 }
11207 }
11208 ],
11209 "symbolId": "lib/policy:PolicyProps"
11210 },
11211 "@aws-cdk/aws-iam.PolicyStatement": {
11212 "assembly": "@aws-cdk/aws-iam",
11213 "docs": {
11214 "stability": "stable",
11215 "summary": "Represents a statement in an IAM policy document.",
11216 "example": " // Add gateway endpoints when creating the VPC\n const vpc = new ec2.Vpc(this, 'MyVpc', {\n gatewayEndpoints: {\n S3: {\n service: ec2.GatewayVpcEndpointAwsService.S3,\n },\n },\n });\n\n // Alternatively gateway endpoints can be added on the VPC\n const dynamoDbEndpoint = vpc.addGatewayEndpoint('DynamoDbEndpoint', {\n service: ec2.GatewayVpcEndpointAwsService.DYNAMODB,\n });\n\n // This allows to customize the endpoint policy\n dynamoDbEndpoint.addToPolicy(\n new iam.PolicyStatement({ // Restrict to listing and describing tables\n principals: [new iam.AnyPrincipal()],\n actions: ['dynamodb:DescribeTable', 'dynamodb:ListTables'],\n resources: ['*'],\n }));\n\n // Add an interface endpoint\n vpc.addInterfaceEndpoint('EcrDockerEndpoint', {\n service: ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER,\n\n // Uncomment the following to allow more fine-grained control over\n // who can access the endpoint via the '.connections' object.\n // open: false\n });",
11217 "custom": {
11218 "exampleMetadata": "lit=test/integ.vpc-endpoint.lit.ts infused"
11219 }
11220 },
11221 "fqn": "@aws-cdk/aws-iam.PolicyStatement",
11222 "initializer": {
11223 "docs": {
11224 "stability": "stable"
11225 },
11226 "locationInModule": {
11227 "filename": "lib/policy-statement.ts",
11228 "line": 95
11229 },
11230 "parameters": [
11231 {
11232 "name": "props",
11233 "optional": true,
11234 "type": {
11235 "fqn": "@aws-cdk/aws-iam.PolicyStatementProps"
11236 }
11237 }
11238 ]
11239 },
11240 "kind": "class",
11241 "locationInModule": {
11242 "filename": "lib/policy-statement.ts",
11243 "line": 43
11244 },
11245 "methods": [
11246 {
11247 "docs": {
11248 "remarks": "This will accept an object created from the `.toJSON()` call",
11249 "stability": "stable",
11250 "summary": "Creates a new PolicyStatement based on the object provided."
11251 },
11252 "locationInModule": {
11253 "filename": "lib/policy-statement.ts",
11254 "line": 50
11255 },
11256 "name": "fromJson",
11257 "parameters": [
11258 {
11259 "docs": {
11260 "summary": "the PolicyStatement in object form."
11261 },
11262 "name": "obj",
11263 "type": {
11264 "primitive": "any"
11265 }
11266 }
11267 ],
11268 "returns": {
11269 "type": {
11270 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
11271 }
11272 },
11273 "static": true
11274 },
11275 {
11276 "docs": {
11277 "remarks": "This method can only be called once: subsequent calls will overwrite earlier calls.",
11278 "stability": "stable",
11279 "summary": "Add a condition that limits to a given account."
11280 },
11281 "locationInModule": {
11282 "filename": "lib/policy-statement.ts",
11283 "line": 367
11284 },
11285 "name": "addAccountCondition",
11286 "parameters": [
11287 {
11288 "name": "accountId",
11289 "type": {
11290 "primitive": "string"
11291 }
11292 }
11293 ]
11294 },
11295 {
11296 "docs": {
11297 "stability": "stable",
11298 "summary": "Adds an AWS account root user principal to this policy statement."
11299 },
11300 "locationInModule": {
11301 "filename": "lib/policy-statement.ts",
11302 "line": 250
11303 },
11304 "name": "addAccountRootPrincipal"
11305 },
11306 {
11307 "docs": {
11308 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html",
11309 "stability": "stable",
11310 "summary": "Specify allowed actions into the \"Action\" section of the policy statement."
11311 },
11312 "locationInModule": {
11313 "filename": "lib/policy-statement.ts",
11314 "line": 129
11315 },
11316 "name": "addActions",
11317 "parameters": [
11318 {
11319 "docs": {
11320 "summary": "actions that will be allowed."
11321 },
11322 "name": "actions",
11323 "type": {
11324 "primitive": "string"
11325 },
11326 "variadic": true
11327 }
11328 ],
11329 "variadic": true
11330 },
11331 {
11332 "docs": {
11333 "stability": "stable",
11334 "summary": "Adds a ``\"*\"`` resource to this statement."
11335 },
11336 "locationInModule": {
11337 "filename": "lib/policy-statement.ts",
11338 "line": 307
11339 },
11340 "name": "addAllResources"
11341 },
11342 {
11343 "docs": {
11344 "stability": "stable",
11345 "summary": "Adds all identities in all accounts (\"*\") to this policy statement."
11346 },
11347 "locationInModule": {
11348 "filename": "lib/policy-statement.ts",
11349 "line": 266
11350 },
11351 "name": "addAnyPrincipal"
11352 },
11353 {
11354 "docs": {
11355 "remarks": "You cannot specify IAM groups and instance profiles as principals.",
11356 "stability": "stable",
11357 "summary": "Specify a principal using the ARN identifier of the principal."
11358 },
11359 "locationInModule": {
11360 "filename": "lib/policy-statement.ts",
11361 "line": 222
11362 },
11363 "name": "addArnPrincipal",
11364 "parameters": [
11365 {
11366 "docs": {
11367 "summary": "ARN identifier of AWS account, IAM user, or IAM role (i.e. arn:aws:iam::123456789012:user/user-name)."
11368 },
11369 "name": "arn",
11370 "type": {
11371 "primitive": "string"
11372 }
11373 }
11374 ]
11375 },
11376 {
11377 "docs": {
11378 "stability": "stable",
11379 "summary": "Specify AWS account ID as the principal entity to the \"Principal\" section of a policy statement."
11380 },
11381 "locationInModule": {
11382 "filename": "lib/policy-statement.ts",
11383 "line": 212
11384 },
11385 "name": "addAwsAccountPrincipal",
11386 "parameters": [
11387 {
11388 "name": "accountId",
11389 "type": {
11390 "primitive": "string"
11391 }
11392 }
11393 ]
11394 },
11395 {
11396 "docs": {
11397 "stability": "stable",
11398 "summary": "Adds a canonical user ID principal to this policy document."
11399 },
11400 "locationInModule": {
11401 "filename": "lib/policy-statement.ts",
11402 "line": 259
11403 },
11404 "name": "addCanonicalUserPrincipal",
11405 "parameters": [
11406 {
11407 "docs": {
11408 "summary": "unique identifier assigned by AWS for every account."
11409 },
11410 "name": "canonicalUserId",
11411 "type": {
11412 "primitive": "string"
11413 }
11414 }
11415 ]
11416 },
11417 {
11418 "docs": {
11419 "remarks": "If multiple calls are made to add a condition with the same operator and field, only\nthe last one wins. For example:\n\n```ts\ndeclare const stmt: iam.PolicyStatement;\n\nstmt.addCondition('StringEquals', { 'aws:SomeField': '1' });\nstmt.addCondition('StringEquals', { 'aws:SomeField': '2' });\n```\n\nWill end up with the single condition `StringEquals: { 'aws:SomeField': '2' }`.\n\nIf you meant to add a condition to say that the field can be *either* `1` or `2`, write\nthis:\n\n```ts\ndeclare const stmt: iam.PolicyStatement;\n\nstmt.addCondition('StringEquals', { 'aws:SomeField': ['1', '2'] });\n```",
11420 "stability": "stable",
11421 "summary": "Add a condition to the Policy."
11422 },
11423 "locationInModule": {
11424 "filename": "lib/policy-statement.ts",
11425 "line": 346
11426 },
11427 "name": "addCondition",
11428 "parameters": [
11429 {
11430 "name": "key",
11431 "type": {
11432 "primitive": "string"
11433 }
11434 },
11435 {
11436 "name": "value",
11437 "type": {
11438 "primitive": "any"
11439 }
11440 }
11441 ]
11442 },
11443 {
11444 "docs": {
11445 "remarks": "See the `addCondition` function for a caveat on calling this method multiple times.",
11446 "stability": "stable",
11447 "summary": "Add multiple conditions to the Policy."
11448 },
11449 "locationInModule": {
11450 "filename": "lib/policy-statement.ts",
11451 "line": 356
11452 },
11453 "name": "addConditions",
11454 "parameters": [
11455 {
11456 "name": "conditions",
11457 "type": {
11458 "collection": {
11459 "elementtype": {
11460 "primitive": "any"
11461 },
11462 "kind": "map"
11463 }
11464 }
11465 }
11466 ]
11467 },
11468 {
11469 "docs": {
11470 "stability": "stable",
11471 "summary": "Adds a federated identity provider such as Amazon Cognito to this policy statement."
11472 },
11473 "locationInModule": {
11474 "filename": "lib/policy-statement.ts",
11475 "line": 243
11476 },
11477 "name": "addFederatedPrincipal",
11478 "parameters": [
11479 {
11480 "docs": {
11481 "summary": "federated identity provider (i.e. 'cognito-identity.amazonaws.com')."
11482 },
11483 "name": "federated",
11484 "type": {
11485 "primitive": "any"
11486 }
11487 },
11488 {
11489 "docs": {
11490 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
11491 "summary": "The conditions under which the policy is in effect."
11492 },
11493 "name": "conditions",
11494 "type": {
11495 "collection": {
11496 "elementtype": {
11497 "primitive": "any"
11498 },
11499 "kind": "map"
11500 }
11501 }
11502 }
11503 ]
11504 },
11505 {
11506 "docs": {
11507 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html",
11508 "stability": "stable",
11509 "summary": "Explicitly allow all actions except the specified list of actions into the \"NotAction\" section of the policy document."
11510 },
11511 "locationInModule": {
11512 "filename": "lib/policy-statement.ts",
11513 "line": 144
11514 },
11515 "name": "addNotActions",
11516 "parameters": [
11517 {
11518 "docs": {
11519 "remarks": "All other actions will be permitted.",
11520 "summary": "actions that will be denied."
11521 },
11522 "name": "notActions",
11523 "type": {
11524 "primitive": "string"
11525 },
11526 "variadic": true
11527 }
11528 ],
11529 "variadic": true
11530 },
11531 {
11532 "docs": {
11533 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html",
11534 "stability": "stable",
11535 "summary": "Specify principals that is not allowed or denied access to the \"NotPrincipal\" section of a policy statement."
11536 },
11537 "locationInModule": {
11538 "filename": "lib/policy-statement.ts",
11539 "line": 190
11540 },
11541 "name": "addNotPrincipals",
11542 "parameters": [
11543 {
11544 "docs": {
11545 "summary": "IAM principals that will be denied access."
11546 },
11547 "name": "notPrincipals",
11548 "type": {
11549 "fqn": "@aws-cdk/aws-iam.IPrincipal"
11550 },
11551 "variadic": true
11552 }
11553 ],
11554 "variadic": true
11555 },
11556 {
11557 "docs": {
11558 "remarks": "All resources except the specified list will be matched.",
11559 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html",
11560 "stability": "stable",
11561 "summary": "Specify resources that this policy statement will not apply to in the \"NotResource\" section of this policy statement."
11562 },
11563 "locationInModule": {
11564 "filename": "lib/policy-statement.ts",
11565 "line": 297
11566 },
11567 "name": "addNotResources",
11568 "parameters": [
11569 {
11570 "docs": {
11571 "summary": "Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to."
11572 },
11573 "name": "arns",
11574 "type": {
11575 "primitive": "string"
11576 },
11577 "variadic": true
11578 }
11579 ],
11580 "variadic": true
11581 },
11582 {
11583 "docs": {
11584 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html",
11585 "stability": "stable",
11586 "summary": "Adds principals to the \"Principal\" section of a policy statement."
11587 },
11588 "locationInModule": {
11589 "filename": "lib/policy-statement.ts",
11590 "line": 169
11591 },
11592 "name": "addPrincipals",
11593 "parameters": [
11594 {
11595 "docs": {
11596 "summary": "IAM principals that will be added."
11597 },
11598 "name": "principals",
11599 "type": {
11600 "fqn": "@aws-cdk/aws-iam.IPrincipal"
11601 },
11602 "variadic": true
11603 }
11604 ],
11605 "variadic": true
11606 },
11607 {
11608 "docs": {
11609 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html",
11610 "stability": "stable",
11611 "summary": "Specify resources that this policy statement applies into the \"Resource\" section of this policy statement."
11612 },
11613 "locationInModule": {
11614 "filename": "lib/policy-statement.ts",
11615 "line": 282
11616 },
11617 "name": "addResources",
11618 "parameters": [
11619 {
11620 "docs": {
11621 "summary": "Amazon Resource Names (ARNs) of the resources that this policy statement applies to."
11622 },
11623 "name": "arns",
11624 "type": {
11625 "primitive": "string"
11626 },
11627 "variadic": true
11628 }
11629 ],
11630 "variadic": true
11631 },
11632 {
11633 "docs": {
11634 "stability": "stable",
11635 "summary": "Adds a service principal to this policy statement."
11636 },
11637 "locationInModule": {
11638 "filename": "lib/policy-statement.ts",
11639 "line": 232
11640 },
11641 "name": "addServicePrincipal",
11642 "parameters": [
11643 {
11644 "docs": {
11645 "summary": "the service name for which a service principal is requested (e.g: `s3.amazonaws.com`)."
11646 },
11647 "name": "service",
11648 "type": {
11649 "primitive": "string"
11650 }
11651 },
11652 {
11653 "docs": {
11654 "summary": "options for adding the service principal (such as specifying a principal in a different region)."
11655 },
11656 "name": "opts",
11657 "optional": true,
11658 "type": {
11659 "fqn": "@aws-cdk/aws-iam.ServicePrincipalOpts"
11660 }
11661 }
11662 ]
11663 },
11664 {
11665 "docs": {
11666 "stability": "stable",
11667 "summary": "Create a new `PolicyStatement` with the same exact properties as this one, except for the overrides."
11668 },
11669 "locationInModule": {
11670 "filename": "lib/policy-statement.ts",
11671 "line": 375
11672 },
11673 "name": "copy",
11674 "parameters": [
11675 {
11676 "name": "overrides",
11677 "optional": true,
11678 "type": {
11679 "fqn": "@aws-cdk/aws-iam.PolicyStatementProps"
11680 }
11681 }
11682 ],
11683 "returns": {
11684 "type": {
11685 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
11686 }
11687 }
11688 },
11689 {
11690 "docs": {
11691 "remarks": "Used when JSON.stringify() is called",
11692 "stability": "stable",
11693 "summary": "JSON-ify the statement."
11694 },
11695 "locationInModule": {
11696 "filename": "lib/policy-statement.ts",
11697 "line": 425
11698 },
11699 "name": "toJSON",
11700 "returns": {
11701 "type": {
11702 "primitive": "any"
11703 }
11704 }
11705 },
11706 {
11707 "docs": {
11708 "remarks": "Used when JSON.stringify() is called",
11709 "stability": "stable",
11710 "summary": "JSON-ify the policy statement."
11711 },
11712 "locationInModule": {
11713 "filename": "lib/policy-statement.ts",
11714 "line": 397
11715 },
11716 "name": "toStatementJson",
11717 "returns": {
11718 "type": {
11719 "primitive": "any"
11720 }
11721 }
11722 },
11723 {
11724 "docs": {
11725 "stability": "stable",
11726 "summary": "String representation of this policy statement."
11727 },
11728 "locationInModule": {
11729 "filename": "lib/policy-statement.ts",
11730 "line": 414
11731 },
11732 "name": "toString",
11733 "returns": {
11734 "type": {
11735 "primitive": "string"
11736 }
11737 }
11738 },
11739 {
11740 "docs": {
11741 "returns": "An array of validation error messages, or an empty array if the statement is valid.",
11742 "stability": "stable",
11743 "summary": "Validate that the policy statement satisfies base requirements for a policy."
11744 },
11745 "locationInModule": {
11746 "filename": "lib/policy-statement.ts",
11747 "line": 461
11748 },
11749 "name": "validateForAnyPolicy",
11750 "returns": {
11751 "type": {
11752 "collection": {
11753 "elementtype": {
11754 "primitive": "string"
11755 },
11756 "kind": "array"
11757 }
11758 }
11759 }
11760 },
11761 {
11762 "docs": {
11763 "returns": "An array of validation error messages, or an empty array if the statement is valid.",
11764 "stability": "stable",
11765 "summary": "Validate that the policy statement satisfies all requirements for an identity-based policy."
11766 },
11767 "locationInModule": {
11768 "filename": "lib/policy-statement.ts",
11769 "line": 487
11770 },
11771 "name": "validateForIdentityPolicy",
11772 "returns": {
11773 "type": {
11774 "collection": {
11775 "elementtype": {
11776 "primitive": "string"
11777 },
11778 "kind": "array"
11779 }
11780 }
11781 }
11782 },
11783 {
11784 "docs": {
11785 "returns": "An array of validation error messages, or an empty array if the statement is valid.",
11786 "stability": "stable",
11787 "summary": "Validate that the policy statement satisfies all requirements for a resource-based policy."
11788 },
11789 "locationInModule": {
11790 "filename": "lib/policy-statement.ts",
11791 "line": 474
11792 },
11793 "name": "validateForResourcePolicy",
11794 "returns": {
11795 "type": {
11796 "collection": {
11797 "elementtype": {
11798 "primitive": "string"
11799 },
11800 "kind": "array"
11801 }
11802 }
11803 }
11804 }
11805 ],
11806 "name": "PolicyStatement",
11807 "properties": [
11808 {
11809 "docs": {
11810 "stability": "stable",
11811 "summary": "The Actions added to this statement."
11812 },
11813 "immutable": true,
11814 "locationInModule": {
11815 "filename": "lib/policy-statement.ts",
11816 "line": 501
11817 },
11818 "name": "actions",
11819 "type": {
11820 "collection": {
11821 "elementtype": {
11822 "primitive": "string"
11823 },
11824 "kind": "array"
11825 }
11826 }
11827 },
11828 {
11829 "docs": {
11830 "stability": "stable",
11831 "summary": "The conditions added to this statement."
11832 },
11833 "immutable": true,
11834 "locationInModule": {
11835 "filename": "lib/policy-statement.ts",
11836 "line": 543
11837 },
11838 "name": "conditions",
11839 "type": {
11840 "primitive": "any"
11841 }
11842 },
11843 {
11844 "docs": {
11845 "stability": "stable",
11846 "summary": "Indicates if this permission has a \"Principal\" section."
11847 },
11848 "immutable": true,
11849 "locationInModule": {
11850 "filename": "lib/policy-statement.ts",
11851 "line": 158
11852 },
11853 "name": "hasPrincipal",
11854 "type": {
11855 "primitive": "boolean"
11856 }
11857 },
11858 {
11859 "docs": {
11860 "stability": "stable",
11861 "summary": "Indicates if this permission has at least one resource associated with it."
11862 },
11863 "immutable": true,
11864 "locationInModule": {
11865 "filename": "lib/policy-statement.ts",
11866 "line": 314
11867 },
11868 "name": "hasResource",
11869 "type": {
11870 "primitive": "boolean"
11871 }
11872 },
11873 {
11874 "docs": {
11875 "stability": "stable",
11876 "summary": "The NotActions added to this statement."
11877 },
11878 "immutable": true,
11879 "locationInModule": {
11880 "filename": "lib/policy-statement.ts",
11881 "line": 508
11882 },
11883 "name": "notActions",
11884 "type": {
11885 "collection": {
11886 "elementtype": {
11887 "primitive": "string"
11888 },
11889 "kind": "array"
11890 }
11891 }
11892 },
11893 {
11894 "docs": {
11895 "stability": "stable",
11896 "summary": "The NotPrincipals added to this statement."
11897 },
11898 "immutable": true,
11899 "locationInModule": {
11900 "filename": "lib/policy-statement.ts",
11901 "line": 522
11902 },
11903 "name": "notPrincipals",
11904 "type": {
11905 "collection": {
11906 "elementtype": {
11907 "fqn": "@aws-cdk/aws-iam.IPrincipal"
11908 },
11909 "kind": "array"
11910 }
11911 }
11912 },
11913 {
11914 "docs": {
11915 "stability": "stable",
11916 "summary": "The NotResources added to this statement."
11917 },
11918 "immutable": true,
11919 "locationInModule": {
11920 "filename": "lib/policy-statement.ts",
11921 "line": 536
11922 },
11923 "name": "notResources",
11924 "type": {
11925 "collection": {
11926 "elementtype": {
11927 "primitive": "string"
11928 },
11929 "kind": "array"
11930 }
11931 }
11932 },
11933 {
11934 "docs": {
11935 "stability": "stable",
11936 "summary": "The Principals added to this statement."
11937 },
11938 "immutable": true,
11939 "locationInModule": {
11940 "filename": "lib/policy-statement.ts",
11941 "line": 515
11942 },
11943 "name": "principals",
11944 "type": {
11945 "collection": {
11946 "elementtype": {
11947 "fqn": "@aws-cdk/aws-iam.IPrincipal"
11948 },
11949 "kind": "array"
11950 }
11951 }
11952 },
11953 {
11954 "docs": {
11955 "stability": "stable",
11956 "summary": "The Resources added to this statement."
11957 },
11958 "immutable": true,
11959 "locationInModule": {
11960 "filename": "lib/policy-statement.ts",
11961 "line": 529
11962 },
11963 "name": "resources",
11964 "type": {
11965 "collection": {
11966 "elementtype": {
11967 "primitive": "string"
11968 },
11969 "kind": "array"
11970 }
11971 }
11972 },
11973 {
11974 "docs": {
11975 "stability": "stable",
11976 "summary": "Whether to allow or deny the actions in this statement."
11977 },
11978 "locationInModule": {
11979 "filename": "lib/policy-statement.ts",
11980 "line": 80
11981 },
11982 "name": "effect",
11983 "type": {
11984 "fqn": "@aws-cdk/aws-iam.Effect"
11985 }
11986 },
11987 {
11988 "docs": {
11989 "stability": "stable",
11990 "summary": "Statement ID for this statement."
11991 },
11992 "locationInModule": {
11993 "filename": "lib/policy-statement.ts",
11994 "line": 75
11995 },
11996 "name": "sid",
11997 "optional": true,
11998 "type": {
11999 "primitive": "string"
12000 }
12001 }
12002 ],
12003 "symbolId": "lib/policy-statement:PolicyStatement"
12004 },
12005 "@aws-cdk/aws-iam.PolicyStatementProps": {
12006 "assembly": "@aws-cdk/aws-iam",
12007 "datatype": true,
12008 "docs": {
12009 "stability": "stable",
12010 "summary": "Interface for creating a policy statement.",
12011 "example": " // Add gateway endpoints when creating the VPC\n const vpc = new ec2.Vpc(this, 'MyVpc', {\n gatewayEndpoints: {\n S3: {\n service: ec2.GatewayVpcEndpointAwsService.S3,\n },\n },\n });\n\n // Alternatively gateway endpoints can be added on the VPC\n const dynamoDbEndpoint = vpc.addGatewayEndpoint('DynamoDbEndpoint', {\n service: ec2.GatewayVpcEndpointAwsService.DYNAMODB,\n });\n\n // This allows to customize the endpoint policy\n dynamoDbEndpoint.addToPolicy(\n new iam.PolicyStatement({ // Restrict to listing and describing tables\n principals: [new iam.AnyPrincipal()],\n actions: ['dynamodb:DescribeTable', 'dynamodb:ListTables'],\n resources: ['*'],\n }));\n\n // Add an interface endpoint\n vpc.addInterfaceEndpoint('EcrDockerEndpoint', {\n service: ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER,\n\n // Uncomment the following to allow more fine-grained control over\n // who can access the endpoint via the '.connections' object.\n // open: false\n });",
12012 "custom": {
12013 "exampleMetadata": "lit=test/integ.vpc-endpoint.lit.ts infused"
12014 }
12015 },
12016 "fqn": "@aws-cdk/aws-iam.PolicyStatementProps",
12017 "kind": "interface",
12018 "locationInModule": {
12019 "filename": "lib/policy-statement.ts",
12020 "line": 634
12021 },
12022 "name": "PolicyStatementProps",
12023 "properties": [
12024 {
12025 "abstract": true,
12026 "docs": {
12027 "default": "- no actions",
12028 "stability": "stable",
12029 "summary": "List of actions to add to the statement."
12030 },
12031 "immutable": true,
12032 "locationInModule": {
12033 "filename": "lib/policy-statement.ts",
12034 "line": 651
12035 },
12036 "name": "actions",
12037 "optional": true,
12038 "type": {
12039 "collection": {
12040 "elementtype": {
12041 "primitive": "string"
12042 },
12043 "kind": "array"
12044 }
12045 }
12046 },
12047 {
12048 "abstract": true,
12049 "docs": {
12050 "default": "- no condition",
12051 "stability": "stable",
12052 "summary": "Conditions to add to the statement."
12053 },
12054 "immutable": true,
12055 "locationInModule": {
12056 "filename": "lib/policy-statement.ts",
12057 "line": 693
12058 },
12059 "name": "conditions",
12060 "optional": true,
12061 "type": {
12062 "collection": {
12063 "elementtype": {
12064 "primitive": "any"
12065 },
12066 "kind": "map"
12067 }
12068 }
12069 },
12070 {
12071 "abstract": true,
12072 "docs": {
12073 "default": "Effect.ALLOW",
12074 "stability": "stable",
12075 "summary": "Whether to allow or deny the actions in this statement."
12076 },
12077 "immutable": true,
12078 "locationInModule": {
12079 "filename": "lib/policy-statement.ts",
12080 "line": 700
12081 },
12082 "name": "effect",
12083 "optional": true,
12084 "type": {
12085 "fqn": "@aws-cdk/aws-iam.Effect"
12086 }
12087 },
12088 {
12089 "abstract": true,
12090 "docs": {
12091 "default": "- no not-actions",
12092 "stability": "stable",
12093 "summary": "List of not actions to add to the statement."
12094 },
12095 "immutable": true,
12096 "locationInModule": {
12097 "filename": "lib/policy-statement.ts",
12098 "line": 658
12099 },
12100 "name": "notActions",
12101 "optional": true,
12102 "type": {
12103 "collection": {
12104 "elementtype": {
12105 "primitive": "string"
12106 },
12107 "kind": "array"
12108 }
12109 }
12110 },
12111 {
12112 "abstract": true,
12113 "docs": {
12114 "default": "- no not principals",
12115 "stability": "stable",
12116 "summary": "List of not principals to add to the statement."
12117 },
12118 "immutable": true,
12119 "locationInModule": {
12120 "filename": "lib/policy-statement.ts",
12121 "line": 672
12122 },
12123 "name": "notPrincipals",
12124 "optional": true,
12125 "type": {
12126 "collection": {
12127 "elementtype": {
12128 "fqn": "@aws-cdk/aws-iam.IPrincipal"
12129 },
12130 "kind": "array"
12131 }
12132 }
12133 },
12134 {
12135 "abstract": true,
12136 "docs": {
12137 "default": "- no not-resources",
12138 "stability": "stable",
12139 "summary": "NotResource ARNs to add to the statement."
12140 },
12141 "immutable": true,
12142 "locationInModule": {
12143 "filename": "lib/policy-statement.ts",
12144 "line": 686
12145 },
12146 "name": "notResources",
12147 "optional": true,
12148 "type": {
12149 "collection": {
12150 "elementtype": {
12151 "primitive": "string"
12152 },
12153 "kind": "array"
12154 }
12155 }
12156 },
12157 {
12158 "abstract": true,
12159 "docs": {
12160 "default": "- no principals",
12161 "stability": "stable",
12162 "summary": "List of principals to add to the statement."
12163 },
12164 "immutable": true,
12165 "locationInModule": {
12166 "filename": "lib/policy-statement.ts",
12167 "line": 665
12168 },
12169 "name": "principals",
12170 "optional": true,
12171 "type": {
12172 "collection": {
12173 "elementtype": {
12174 "fqn": "@aws-cdk/aws-iam.IPrincipal"
12175 },
12176 "kind": "array"
12177 }
12178 }
12179 },
12180 {
12181 "abstract": true,
12182 "docs": {
12183 "default": "- no resources",
12184 "stability": "stable",
12185 "summary": "Resource ARNs to add to the statement."
12186 },
12187 "immutable": true,
12188 "locationInModule": {
12189 "filename": "lib/policy-statement.ts",
12190 "line": 679
12191 },
12192 "name": "resources",
12193 "optional": true,
12194 "type": {
12195 "collection": {
12196 "elementtype": {
12197 "primitive": "string"
12198 },
12199 "kind": "array"
12200 }
12201 }
12202 },
12203 {
12204 "abstract": true,
12205 "docs": {
12206 "default": "- no sid",
12207 "remarks": "You can assign a Sid value to each statement in a\nstatement array. In services that let you specify an ID element, such as\nSQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In\nIAM, the Sid value must be unique within a JSON policy.",
12208 "stability": "stable",
12209 "summary": "The Sid (statement ID) is an optional identifier that you provide for the policy statement."
12210 },
12211 "immutable": true,
12212 "locationInModule": {
12213 "filename": "lib/policy-statement.ts",
12214 "line": 644
12215 },
12216 "name": "sid",
12217 "optional": true,
12218 "type": {
12219 "primitive": "string"
12220 }
12221 }
12222 ],
12223 "symbolId": "lib/policy-statement:PolicyStatementProps"
12224 },
12225 "@aws-cdk/aws-iam.PrincipalBase": {
12226 "abstract": true,
12227 "assembly": "@aws-cdk/aws-iam",
12228 "docs": {
12229 "stability": "stable",
12230 "summary": "Base class for policy principals.",
12231 "example": "const tagParam = new CfnParameter(this, 'TagName');\n\nconst stringEquals = new CfnJson(this, 'ConditionJson', {\n value: {\n [`aws:PrincipalTag/${tagParam.valueAsString}`]: true,\n },\n});\n\nconst principal = new iam.AccountRootPrincipal().withConditions({\n StringEquals: stringEquals,\n});\n\nnew iam.Role(this, 'MyRole', { assumedBy: principal });",
12232 "custom": {
12233 "exampleMetadata": "infused"
12234 }
12235 },
12236 "fqn": "@aws-cdk/aws-iam.PrincipalBase",
12237 "initializer": {
12238 "docs": {
12239 "stability": "stable"
12240 }
12241 },
12242 "interfaces": [
12243 "@aws-cdk/aws-iam.IAssumeRolePrincipal",
12244 "@aws-cdk/aws-iam.IComparablePrincipal"
12245 ],
12246 "kind": "class",
12247 "locationInModule": {
12248 "filename": "lib/principals.ts",
12249 "line": 146
12250 },
12251 "methods": [
12252 {
12253 "docs": {
12254 "remarks": "Add the statements to the AssumeRolePolicyDocument necessary to give this principal\npermissions to assume the given role.",
12255 "stability": "stable",
12256 "summary": "Add the princpial to the AssumeRolePolicyDocument."
12257 },
12258 "locationInModule": {
12259 "filename": "lib/principals.ts",
12260 "line": 170
12261 },
12262 "name": "addToAssumeRolePolicy",
12263 "overrides": "@aws-cdk/aws-iam.IAssumeRolePrincipal",
12264 "parameters": [
12265 {
12266 "name": "document",
12267 "type": {
12268 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
12269 }
12270 }
12271 ]
12272 },
12273 {
12274 "docs": {
12275 "stability": "stable",
12276 "summary": "Add to the policy of this principal."
12277 },
12278 "locationInModule": {
12279 "filename": "lib/principals.ts",
12280 "line": 160
12281 },
12282 "name": "addToPolicy",
12283 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12284 "parameters": [
12285 {
12286 "name": "statement",
12287 "type": {
12288 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
12289 }
12290 }
12291 ],
12292 "returns": {
12293 "type": {
12294 "primitive": "boolean"
12295 }
12296 }
12297 },
12298 {
12299 "docs": {
12300 "stability": "stable",
12301 "summary": "Add to the policy of this principal."
12302 },
12303 "locationInModule": {
12304 "filename": "lib/principals.ts",
12305 "line": 164
12306 },
12307 "name": "addToPrincipalPolicy",
12308 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12309 "parameters": [
12310 {
12311 "name": "_statement",
12312 "type": {
12313 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
12314 }
12315 }
12316 ],
12317 "returns": {
12318 "type": {
12319 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
12320 }
12321 }
12322 },
12323 {
12324 "abstract": true,
12325 "docs": {
12326 "stability": "stable",
12327 "summary": "Return whether or not this principal is equal to the given principal."
12328 },
12329 "locationInModule": {
12330 "filename": "lib/principals.ts",
12331 "line": 219
12332 },
12333 "name": "dedupeString",
12334 "overrides": "@aws-cdk/aws-iam.IComparablePrincipal",
12335 "returns": {
12336 "optional": true,
12337 "type": {
12338 "primitive": "string"
12339 }
12340 }
12341 },
12342 {
12343 "docs": {
12344 "remarks": "Used when JSON.stringify() is called",
12345 "stability": "stable",
12346 "summary": "JSON-ify the principal."
12347 },
12348 "locationInModule": {
12349 "filename": "lib/principals.ts",
12350 "line": 189
12351 },
12352 "name": "toJSON",
12353 "returns": {
12354 "type": {
12355 "collection": {
12356 "elementtype": {
12357 "collection": {
12358 "elementtype": {
12359 "primitive": "string"
12360 },
12361 "kind": "array"
12362 }
12363 },
12364 "kind": "map"
12365 }
12366 }
12367 }
12368 },
12369 {
12370 "docs": {
12371 "stability": "stable",
12372 "summary": "Returns a string representation of an object."
12373 },
12374 "locationInModule": {
12375 "filename": "lib/principals.ts",
12376 "line": 178
12377 },
12378 "name": "toString",
12379 "returns": {
12380 "type": {
12381 "primitive": "string"
12382 }
12383 }
12384 },
12385 {
12386 "docs": {
12387 "remarks": "When there is a value for the same operator and key in both the principal and the\nconditions parameter, the value from the conditions parameter will be used.",
12388 "returns": "a new PrincipalWithConditions object.",
12389 "stability": "stable",
12390 "summary": "Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added."
12391 },
12392 "locationInModule": {
12393 "filename": "lib/principals.ts",
12394 "line": 203
12395 },
12396 "name": "withConditions",
12397 "parameters": [
12398 {
12399 "name": "conditions",
12400 "type": {
12401 "collection": {
12402 "elementtype": {
12403 "primitive": "any"
12404 },
12405 "kind": "map"
12406 }
12407 }
12408 }
12409 ],
12410 "returns": {
12411 "type": {
12412 "fqn": "@aws-cdk/aws-iam.PrincipalBase"
12413 }
12414 }
12415 },
12416 {
12417 "docs": {
12418 "returns": "a new SessionTagsPrincipal object.",
12419 "stability": "stable",
12420 "summary": "Returns a new principal using this principal as the base, with session tags enabled."
12421 },
12422 "locationInModule": {
12423 "filename": "lib/principals.ts",
12424 "line": 212
12425 },
12426 "name": "withSessionTags",
12427 "returns": {
12428 "type": {
12429 "fqn": "@aws-cdk/aws-iam.PrincipalBase"
12430 }
12431 }
12432 }
12433 ],
12434 "name": "PrincipalBase",
12435 "properties": [
12436 {
12437 "docs": {
12438 "stability": "stable",
12439 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
12440 },
12441 "immutable": true,
12442 "locationInModule": {
12443 "filename": "lib/principals.ts",
12444 "line": 158
12445 },
12446 "name": "assumeRoleAction",
12447 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12448 "type": {
12449 "primitive": "string"
12450 }
12451 },
12452 {
12453 "docs": {
12454 "stability": "stable",
12455 "summary": "The principal to grant permissions to."
12456 },
12457 "immutable": true,
12458 "locationInModule": {
12459 "filename": "lib/principals.ts",
12460 "line": 147
12461 },
12462 "name": "grantPrincipal",
12463 "overrides": "@aws-cdk/aws-iam.IGrantable",
12464 "type": {
12465 "fqn": "@aws-cdk/aws-iam.IPrincipal"
12466 }
12467 },
12468 {
12469 "abstract": true,
12470 "docs": {
12471 "stability": "stable",
12472 "summary": "Return the policy fragment that identifies this principal in a Policy."
12473 },
12474 "immutable": true,
12475 "locationInModule": {
12476 "filename": "lib/principals.ts",
12477 "line": 153
12478 },
12479 "name": "policyFragment",
12480 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12481 "type": {
12482 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
12483 }
12484 },
12485 {
12486 "docs": {
12487 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
12488 "stability": "stable",
12489 "summary": "The AWS account ID of this principal."
12490 },
12491 "immutable": true,
12492 "locationInModule": {
12493 "filename": "lib/principals.ts",
12494 "line": 148
12495 },
12496 "name": "principalAccount",
12497 "optional": true,
12498 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12499 "type": {
12500 "primitive": "string"
12501 }
12502 }
12503 ],
12504 "symbolId": "lib/principals:PrincipalBase"
12505 },
12506 "@aws-cdk/aws-iam.PrincipalPolicyFragment": {
12507 "assembly": "@aws-cdk/aws-iam",
12508 "docs": {
12509 "remarks": "This consists of the JSON used in the \"Principal\" field, and optionally a\nset of \"Condition\"s that need to be applied to the policy.\n\nGenerally, a principal looks like:\n\n { '<TYPE>': ['ID', 'ID', ...] }\n\nAnd this is also the type of the field `principalJson`. However, there is a\nspecial type of principal that is just the string '*', which is treated\ndifferently by some services. To represent that principal, `principalJson`\nshould contain `{ 'LiteralString': ['*'] }`.",
12510 "stability": "stable",
12511 "summary": "A collection of the fields in a PolicyStatement that can be used to identify a principal.",
12512 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const conditions: any;\nconst principalPolicyFragment = new iam.PrincipalPolicyFragment({\n principalJsonKey: ['principalJson'],\n}, /* all optional props */ {\n conditionsKey: conditions,\n});",
12513 "custom": {
12514 "exampleMetadata": "fixture=_generated"
12515 }
12516 },
12517 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment",
12518 "initializer": {
12519 "docs": {
12520 "stability": "stable"
12521 },
12522 "locationInModule": {
12523 "filename": "lib/principals.ts",
12524 "line": 392
12525 },
12526 "parameters": [
12527 {
12528 "docs": {
12529 "summary": "JSON of the \"Principal\" section in a policy statement."
12530 },
12531 "name": "principalJson",
12532 "type": {
12533 "collection": {
12534 "elementtype": {
12535 "collection": {
12536 "elementtype": {
12537 "primitive": "string"
12538 },
12539 "kind": "array"
12540 }
12541 },
12542 "kind": "map"
12543 }
12544 }
12545 },
12546 {
12547 "docs": {
12548 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).\nconditions that need to be applied to this policy",
12549 "summary": "The conditions under which the policy is in effect."
12550 },
12551 "name": "conditions",
12552 "optional": true,
12553 "type": {
12554 "collection": {
12555 "elementtype": {
12556 "primitive": "any"
12557 },
12558 "kind": "map"
12559 }
12560 }
12561 }
12562 ]
12563 },
12564 "kind": "class",
12565 "locationInModule": {
12566 "filename": "lib/principals.ts",
12567 "line": 386
12568 },
12569 "name": "PrincipalPolicyFragment",
12570 "properties": [
12571 {
12572 "docs": {
12573 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).\nconditions that need to be applied to this policy",
12574 "stability": "stable",
12575 "summary": "The conditions under which the policy is in effect."
12576 },
12577 "immutable": true,
12578 "locationInModule": {
12579 "filename": "lib/principals.ts",
12580 "line": 398
12581 },
12582 "name": "conditions",
12583 "type": {
12584 "collection": {
12585 "elementtype": {
12586 "primitive": "any"
12587 },
12588 "kind": "map"
12589 }
12590 }
12591 },
12592 {
12593 "docs": {
12594 "stability": "stable",
12595 "summary": "JSON of the \"Principal\" section in a policy statement."
12596 },
12597 "immutable": true,
12598 "locationInModule": {
12599 "filename": "lib/principals.ts",
12600 "line": 393
12601 },
12602 "name": "principalJson",
12603 "type": {
12604 "collection": {
12605 "elementtype": {
12606 "collection": {
12607 "elementtype": {
12608 "primitive": "string"
12609 },
12610 "kind": "array"
12611 }
12612 },
12613 "kind": "map"
12614 }
12615 }
12616 }
12617 ],
12618 "symbolId": "lib/principals:PrincipalPolicyFragment"
12619 },
12620 "@aws-cdk/aws-iam.PrincipalWithConditions": {
12621 "assembly": "@aws-cdk/aws-iam",
12622 "base": "@aws-cdk/aws-iam.PrincipalBase",
12623 "docs": {
12624 "remarks": "For more information about conditions, see:\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html",
12625 "stability": "stable",
12626 "summary": "An IAM principal with additional conditions specifying when the policy is in effect.",
12627 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const conditions: any;\ndeclare const principal: iam.IPrincipal;\nconst principalWithConditions = new iam.PrincipalWithConditions(principal, {\n conditionsKey: conditions,\n});",
12628 "custom": {
12629 "exampleMetadata": "fixture=_generated"
12630 }
12631 },
12632 "fqn": "@aws-cdk/aws-iam.PrincipalWithConditions",
12633 "initializer": {
12634 "docs": {
12635 "stability": "stable"
12636 },
12637 "locationInModule": {
12638 "filename": "lib/principals.ts",
12639 "line": 260
12640 },
12641 "parameters": [
12642 {
12643 "name": "principal",
12644 "type": {
12645 "fqn": "@aws-cdk/aws-iam.IPrincipal"
12646 }
12647 },
12648 {
12649 "name": "conditions",
12650 "type": {
12651 "collection": {
12652 "elementtype": {
12653 "primitive": "any"
12654 },
12655 "kind": "map"
12656 }
12657 }
12658 }
12659 ]
12660 },
12661 "kind": "class",
12662 "locationInModule": {
12663 "filename": "lib/principals.ts",
12664 "line": 257
12665 },
12666 "methods": [
12667 {
12668 "docs": {
12669 "stability": "stable",
12670 "summary": "Add a condition to the principal."
12671 },
12672 "locationInModule": {
12673 "filename": "lib/principals.ts",
12674 "line": 268
12675 },
12676 "name": "addCondition",
12677 "parameters": [
12678 {
12679 "name": "key",
12680 "type": {
12681 "primitive": "string"
12682 }
12683 },
12684 {
12685 "name": "value",
12686 "type": {
12687 "primitive": "any"
12688 }
12689 }
12690 ]
12691 },
12692 {
12693 "docs": {
12694 "remarks": "Values from the conditions parameter will overwrite existing values with the same operator\nand key.",
12695 "stability": "stable",
12696 "summary": "Adds multiple conditions to the principal."
12697 },
12698 "locationInModule": {
12699 "filename": "lib/principals.ts",
12700 "line": 279
12701 },
12702 "name": "addConditions",
12703 "parameters": [
12704 {
12705 "name": "conditions",
12706 "type": {
12707 "collection": {
12708 "elementtype": {
12709 "primitive": "any"
12710 },
12711 "kind": "map"
12712 }
12713 }
12714 }
12715 ]
12716 },
12717 {
12718 "docs": {
12719 "stability": "stable",
12720 "summary": "Add to the policy of this principal."
12721 },
12722 "locationInModule": {
12723 "filename": "lib/principals.ts",
12724 "line": 235
12725 },
12726 "name": "addToPolicy",
12727 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12728 "parameters": [
12729 {
12730 "name": "statement",
12731 "type": {
12732 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
12733 }
12734 }
12735 ],
12736 "returns": {
12737 "type": {
12738 "primitive": "boolean"
12739 }
12740 }
12741 },
12742 {
12743 "docs": {
12744 "stability": "stable",
12745 "summary": "Add to the policy of this principal."
12746 },
12747 "locationInModule": {
12748 "filename": "lib/principals.ts",
12749 "line": 238
12750 },
12751 "name": "addToPrincipalPolicy",
12752 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12753 "parameters": [
12754 {
12755 "name": "statement",
12756 "type": {
12757 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
12758 }
12759 }
12760 ],
12761 "returns": {
12762 "type": {
12763 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
12764 }
12765 }
12766 },
12767 {
12768 "docs": {
12769 "stability": "stable",
12770 "summary": "Append the given string to the wrapped principal's dedupe string (if available)."
12771 },
12772 "locationInModule": {
12773 "filename": "lib/principals.ts",
12774 "line": 245
12775 },
12776 "name": "appendDedupe",
12777 "parameters": [
12778 {
12779 "name": "append",
12780 "type": {
12781 "primitive": "string"
12782 }
12783 }
12784 ],
12785 "protected": true,
12786 "returns": {
12787 "optional": true,
12788 "type": {
12789 "primitive": "string"
12790 }
12791 }
12792 },
12793 {
12794 "docs": {
12795 "stability": "stable",
12796 "summary": "Return whether or not this principal is equal to the given principal."
12797 },
12798 "locationInModule": {
12799 "filename": "lib/principals.ts",
12800 "line": 311
12801 },
12802 "name": "dedupeString",
12803 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12804 "returns": {
12805 "optional": true,
12806 "type": {
12807 "primitive": "string"
12808 }
12809 }
12810 },
12811 {
12812 "docs": {
12813 "remarks": "Used when JSON.stringify() is called",
12814 "stability": "stable",
12815 "summary": "JSON-ify the principal."
12816 },
12817 "locationInModule": {
12818 "filename": "lib/principals.ts",
12819 "line": 306
12820 },
12821 "name": "toJSON",
12822 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12823 "returns": {
12824 "type": {
12825 "collection": {
12826 "elementtype": {
12827 "collection": {
12828 "elementtype": {
12829 "primitive": "string"
12830 },
12831 "kind": "array"
12832 }
12833 },
12834 "kind": "map"
12835 }
12836 }
12837 }
12838 },
12839 {
12840 "docs": {
12841 "stability": "stable",
12842 "summary": "Returns a string representation of an object."
12843 },
12844 "locationInModule": {
12845 "filename": "lib/principals.ts",
12846 "line": 297
12847 },
12848 "name": "toString",
12849 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12850 "returns": {
12851 "type": {
12852 "primitive": "string"
12853 }
12854 }
12855 }
12856 ],
12857 "name": "PrincipalWithConditions",
12858 "properties": [
12859 {
12860 "docs": {
12861 "stability": "stable",
12862 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
12863 },
12864 "immutable": true,
12865 "locationInModule": {
12866 "filename": "lib/principals.ts",
12867 "line": 226
12868 },
12869 "name": "assumeRoleAction",
12870 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12871 "type": {
12872 "primitive": "string"
12873 }
12874 },
12875 {
12876 "docs": {
12877 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
12878 "stability": "stable",
12879 "summary": "The conditions under which the policy is in effect."
12880 },
12881 "immutable": true,
12882 "locationInModule": {
12883 "filename": "lib/principals.ts",
12884 "line": 289
12885 },
12886 "name": "conditions",
12887 "type": {
12888 "collection": {
12889 "elementtype": {
12890 "primitive": "any"
12891 },
12892 "kind": "map"
12893 }
12894 }
12895 },
12896 {
12897 "docs": {
12898 "stability": "stable",
12899 "summary": "Return the policy fragment that identifies this principal in a Policy."
12900 },
12901 "immutable": true,
12902 "locationInModule": {
12903 "filename": "lib/principals.ts",
12904 "line": 293
12905 },
12906 "name": "policyFragment",
12907 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12908 "type": {
12909 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
12910 }
12911 },
12912 {
12913 "docs": {
12914 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
12915 "stability": "stable",
12916 "summary": "The AWS account ID of this principal."
12917 },
12918 "immutable": true,
12919 "locationInModule": {
12920 "filename": "lib/principals.ts",
12921 "line": 227
12922 },
12923 "name": "principalAccount",
12924 "optional": true,
12925 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12926 "type": {
12927 "primitive": "string"
12928 }
12929 }
12930 ],
12931 "symbolId": "lib/principals:PrincipalWithConditions"
12932 },
12933 "@aws-cdk/aws-iam.Role": {
12934 "assembly": "@aws-cdk/aws-iam",
12935 "base": "@aws-cdk/core.Resource",
12936 "docs": {
12937 "remarks": "Defines an IAM role. The role is created with an assume policy document associated with\nthe specified AWS service principal defined in `serviceAssumeRole`.",
12938 "stability": "stable",
12939 "summary": "IAM Role.",
12940 "example": "const lambdaRole = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),\n description: 'Example role...',\n});\n\nconst stream = new kinesis.Stream(this, 'MyEncryptedStream', {\n encryption: kinesis.StreamEncryption.KMS,\n});\n\n// give lambda permissions to read stream\nstream.grantRead(lambdaRole);",
12941 "custom": {
12942 "exampleMetadata": "infused"
12943 }
12944 },
12945 "fqn": "@aws-cdk/aws-iam.Role",
12946 "initializer": {
12947 "docs": {
12948 "stability": "stable"
12949 },
12950 "locationInModule": {
12951 "filename": "lib/role.ts",
12952 "line": 357
12953 },
12954 "parameters": [
12955 {
12956 "name": "scope",
12957 "type": {
12958 "fqn": "constructs.Construct"
12959 }
12960 },
12961 {
12962 "name": "id",
12963 "type": {
12964 "primitive": "string"
12965 }
12966 },
12967 {
12968 "name": "props",
12969 "type": {
12970 "fqn": "@aws-cdk/aws-iam.RoleProps"
12971 }
12972 }
12973 ]
12974 },
12975 "interfaces": [
12976 "@aws-cdk/aws-iam.IRole"
12977 ],
12978 "kind": "class",
12979 "locationInModule": {
12980 "filename": "lib/role.ts",
12981 "line": 173
12982 },
12983 "methods": [
12984 {
12985 "docs": {
12986 "remarks": "If the imported Role ARN is a Token (such as a\n`CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced\nrole has a `path` (like `arn:...:role/AdminRoles/Alice`), the\n`roleName` property will not resolve to the correct value. Instead it\nwill resolve to the first path component. We unfortunately cannot express\nthe correct calculation of the full path name as a CloudFormation\nexpression. In this scenario the Role ARN should be supplied without the\n`path` in order to resolve the correct role resource.",
12987 "stability": "stable",
12988 "summary": "Import an external role by ARN."
12989 },
12990 "locationInModule": {
12991 "filename": "lib/role.ts",
12992 "line": 191
12993 },
12994 "name": "fromRoleArn",
12995 "parameters": [
12996 {
12997 "docs": {
12998 "summary": "construct scope."
12999 },
13000 "name": "scope",
13001 "type": {
13002 "fqn": "constructs.Construct"
13003 }
13004 },
13005 {
13006 "docs": {
13007 "summary": "construct id."
13008 },
13009 "name": "id",
13010 "type": {
13011 "primitive": "string"
13012 }
13013 },
13014 {
13015 "docs": {
13016 "summary": "the ARN of the role to import."
13017 },
13018 "name": "roleArn",
13019 "type": {
13020 "primitive": "string"
13021 }
13022 },
13023 {
13024 "docs": {
13025 "summary": "allow customizing the behavior of the returned role."
13026 },
13027 "name": "options",
13028 "optional": true,
13029 "type": {
13030 "fqn": "@aws-cdk/aws-iam.FromRoleArnOptions"
13031 }
13032 }
13033 ],
13034 "returns": {
13035 "type": {
13036 "fqn": "@aws-cdk/aws-iam.IRole"
13037 }
13038 },
13039 "static": true
13040 },
13041 {
13042 "docs": {
13043 "remarks": "The imported role is assumed to exist in the same account as the account\nthe scope's containing Stack is being deployed to.",
13044 "stability": "stable",
13045 "summary": "Import an external role by name."
13046 },
13047 "locationInModule": {
13048 "filename": "lib/role.ts",
13049 "line": 302
13050 },
13051 "name": "fromRoleName",
13052 "parameters": [
13053 {
13054 "name": "scope",
13055 "type": {
13056 "fqn": "constructs.Construct"
13057 }
13058 },
13059 {
13060 "name": "id",
13061 "type": {
13062 "primitive": "string"
13063 }
13064 },
13065 {
13066 "name": "roleName",
13067 "type": {
13068 "primitive": "string"
13069 }
13070 }
13071 ],
13072 "returns": {
13073 "type": {
13074 "fqn": "@aws-cdk/aws-iam.IRole"
13075 }
13076 },
13077 "static": true
13078 },
13079 {
13080 "docs": {
13081 "stability": "stable",
13082 "summary": "Attaches a managed policy to this role."
13083 },
13084 "locationInModule": {
13085 "filename": "lib/role.ts",
13086 "line": 452
13087 },
13088 "name": "addManagedPolicy",
13089 "overrides": "@aws-cdk/aws-iam.IIdentity",
13090 "parameters": [
13091 {
13092 "docs": {
13093 "summary": "The the managed policy to attach."
13094 },
13095 "name": "policy",
13096 "type": {
13097 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
13098 }
13099 }
13100 ]
13101 },
13102 {
13103 "docs": {
13104 "stability": "stable",
13105 "summary": "Add to the policy of this principal."
13106 },
13107 "locationInModule": {
13108 "filename": "lib/role.ts",
13109 "line": 444
13110 },
13111 "name": "addToPolicy",
13112 "overrides": "@aws-cdk/aws-iam.IPrincipal",
13113 "parameters": [
13114 {
13115 "name": "statement",
13116 "type": {
13117 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
13118 }
13119 }
13120 ],
13121 "returns": {
13122 "type": {
13123 "primitive": "boolean"
13124 }
13125 }
13126 },
13127 {
13128 "docs": {
13129 "remarks": "If there is no default policy attached to this role, it will be created.",
13130 "stability": "stable",
13131 "summary": "Adds a permission to the role's default policy document."
13132 },
13133 "locationInModule": {
13134 "filename": "lib/role.ts",
13135 "line": 429
13136 },
13137 "name": "addToPrincipalPolicy",
13138 "overrides": "@aws-cdk/aws-iam.IPrincipal",
13139 "parameters": [
13140 {
13141 "docs": {
13142 "summary": "The permission statement to add to the policy document."
13143 },
13144 "name": "statement",
13145 "type": {
13146 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
13147 }
13148 }
13149 ],
13150 "returns": {
13151 "type": {
13152 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
13153 }
13154 }
13155 },
13156 {
13157 "docs": {
13158 "stability": "stable",
13159 "summary": "Attaches a policy to this role."
13160 },
13161 "locationInModule": {
13162 "filename": "lib/role.ts",
13163 "line": 461
13164 },
13165 "name": "attachInlinePolicy",
13166 "overrides": "@aws-cdk/aws-iam.IIdentity",
13167 "parameters": [
13168 {
13169 "docs": {
13170 "summary": "The policy to attach."
13171 },
13172 "name": "policy",
13173 "type": {
13174 "fqn": "@aws-cdk/aws-iam.Policy"
13175 }
13176 }
13177 ]
13178 },
13179 {
13180 "docs": {
13181 "stability": "stable",
13182 "summary": "Grant the actions defined in actions to the identity Principal on this resource."
13183 },
13184 "locationInModule": {
13185 "filename": "lib/role.ts",
13186 "line": 469
13187 },
13188 "name": "grant",
13189 "overrides": "@aws-cdk/aws-iam.IRole",
13190 "parameters": [
13191 {
13192 "name": "grantee",
13193 "type": {
13194 "fqn": "@aws-cdk/aws-iam.IPrincipal"
13195 }
13196 },
13197 {
13198 "name": "actions",
13199 "type": {
13200 "primitive": "string"
13201 },
13202 "variadic": true
13203 }
13204 ],
13205 "returns": {
13206 "type": {
13207 "fqn": "@aws-cdk/aws-iam.Grant"
13208 }
13209 },
13210 "variadic": true
13211 },
13212 {
13213 "docs": {
13214 "stability": "stable",
13215 "summary": "Grant permissions to the given principal to assume this role."
13216 },
13217 "locationInModule": {
13218 "filename": "lib/role.ts",
13219 "line": 488
13220 },
13221 "name": "grantAssumeRole",
13222 "overrides": "@aws-cdk/aws-iam.IRole",
13223 "parameters": [
13224 {
13225 "name": "identity",
13226 "type": {
13227 "fqn": "@aws-cdk/aws-iam.IPrincipal"
13228 }
13229 }
13230 ],
13231 "returns": {
13232 "type": {
13233 "fqn": "@aws-cdk/aws-iam.Grant"
13234 }
13235 }
13236 },
13237 {
13238 "docs": {
13239 "stability": "stable",
13240 "summary": "Grant permissions to the given principal to pass this role."
13241 },
13242 "locationInModule": {
13243 "filename": "lib/role.ts",
13244 "line": 481
13245 },
13246 "name": "grantPassRole",
13247 "overrides": "@aws-cdk/aws-iam.IRole",
13248 "parameters": [
13249 {
13250 "name": "identity",
13251 "type": {
13252 "fqn": "@aws-cdk/aws-iam.IPrincipal"
13253 }
13254 }
13255 ],
13256 "returns": {
13257 "type": {
13258 "fqn": "@aws-cdk/aws-iam.Grant"
13259 }
13260 }
13261 },
13262 {
13263 "docs": {
13264 "remarks": "This method can be implemented by derived constructs in order to perform\nvalidation logic. It is called on all constructs before synthesis.",
13265 "stability": "stable",
13266 "summary": "Validate the current construct."
13267 },
13268 "locationInModule": {
13269 "filename": "lib/role.ts",
13270 "line": 510
13271 },
13272 "name": "validate",
13273 "overrides": "@aws-cdk/core.Construct",
13274 "protected": true,
13275 "returns": {
13276 "type": {
13277 "collection": {
13278 "elementtype": {
13279 "primitive": "string"
13280 },
13281 "kind": "array"
13282 }
13283 }
13284 }
13285 },
13286 {
13287 "docs": {
13288 "remarks": "Use the object returned by this method if you want this Role to be used by\na construct without it automatically updating the Role's Policies.\n\nIf you do, you are responsible for adding the correct statements to the\nRole's policies yourself.",
13289 "stability": "stable",
13290 "summary": "Return a copy of this Role object whose Policies will not be updated."
13291 },
13292 "locationInModule": {
13293 "filename": "lib/role.ts",
13294 "line": 502
13295 },
13296 "name": "withoutPolicyUpdates",
13297 "parameters": [
13298 {
13299 "name": "options",
13300 "optional": true,
13301 "type": {
13302 "fqn": "@aws-cdk/aws-iam.WithoutPolicyUpdatesOptions"
13303 }
13304 }
13305 ],
13306 "returns": {
13307 "type": {
13308 "fqn": "@aws-cdk/aws-iam.IRole"
13309 }
13310 }
13311 }
13312 ],
13313 "name": "Role",
13314 "properties": [
13315 {
13316 "docs": {
13317 "stability": "stable",
13318 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
13319 },
13320 "immutable": true,
13321 "locationInModule": {
13322 "filename": "lib/role.ts",
13323 "line": 314
13324 },
13325 "name": "assumeRoleAction",
13326 "overrides": "@aws-cdk/aws-iam.IPrincipal",
13327 "type": {
13328 "primitive": "string"
13329 }
13330 },
13331 {
13332 "docs": {
13333 "stability": "stable",
13334 "summary": "The principal to grant permissions to."
13335 },
13336 "immutable": true,
13337 "locationInModule": {
13338 "filename": "lib/role.ts",
13339 "line": 311
13340 },
13341 "name": "grantPrincipal",
13342 "overrides": "@aws-cdk/aws-iam.IGrantable",
13343 "type": {
13344 "fqn": "@aws-cdk/aws-iam.IPrincipal"
13345 }
13346 },
13347 {
13348 "docs": {
13349 "stability": "stable",
13350 "summary": "Returns the role."
13351 },
13352 "immutable": true,
13353 "locationInModule": {
13354 "filename": "lib/role.ts",
13355 "line": 342
13356 },
13357 "name": "policyFragment",
13358 "overrides": "@aws-cdk/aws-iam.IPrincipal",
13359 "type": {
13360 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
13361 }
13362 },
13363 {
13364 "docs": {
13365 "stability": "stable",
13366 "summary": "Returns the ARN of this role."
13367 },
13368 "immutable": true,
13369 "locationInModule": {
13370 "filename": "lib/role.ts",
13371 "line": 324
13372 },
13373 "name": "roleArn",
13374 "overrides": "@aws-cdk/aws-iam.IRole",
13375 "type": {
13376 "primitive": "string"
13377 }
13378 },
13379 {
13380 "docs": {
13381 "custom": {
13382 "attribute": "true"
13383 },
13384 "remarks": "For example,\nAIDAJQABLZS4A3QDU576Q.",
13385 "stability": "stable",
13386 "summary": "Returns the stable and unique string identifying the role."
13387 },
13388 "immutable": true,
13389 "locationInModule": {
13390 "filename": "lib/role.ts",
13391 "line": 332
13392 },
13393 "name": "roleId",
13394 "type": {
13395 "primitive": "string"
13396 }
13397 },
13398 {
13399 "docs": {
13400 "stability": "stable",
13401 "summary": "Returns the name of the role."
13402 },
13403 "immutable": true,
13404 "locationInModule": {
13405 "filename": "lib/role.ts",
13406 "line": 337
13407 },
13408 "name": "roleName",
13409 "overrides": "@aws-cdk/aws-iam.IRole",
13410 "type": {
13411 "primitive": "string"
13412 }
13413 },
13414 {
13415 "docs": {
13416 "stability": "stable",
13417 "summary": "The assume role policy document associated with this role."
13418 },
13419 "immutable": true,
13420 "locationInModule": {
13421 "filename": "lib/role.ts",
13422 "line": 319
13423 },
13424 "name": "assumeRolePolicy",
13425 "optional": true,
13426 "type": {
13427 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
13428 }
13429 },
13430 {
13431 "docs": {
13432 "stability": "stable",
13433 "summary": "Returns the permissions boundary attached to this role."
13434 },
13435 "immutable": true,
13436 "locationInModule": {
13437 "filename": "lib/role.ts",
13438 "line": 347
13439 },
13440 "name": "permissionsBoundary",
13441 "optional": true,
13442 "type": {
13443 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
13444 }
13445 },
13446 {
13447 "docs": {
13448 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
13449 "stability": "stable",
13450 "summary": "The AWS account ID of this principal."
13451 },
13452 "immutable": true,
13453 "locationInModule": {
13454 "filename": "lib/role.ts",
13455 "line": 312
13456 },
13457 "name": "principalAccount",
13458 "optional": true,
13459 "overrides": "@aws-cdk/aws-iam.IPrincipal",
13460 "type": {
13461 "primitive": "string"
13462 }
13463 }
13464 ],
13465 "symbolId": "lib/role:Role"
13466 },
13467 "@aws-cdk/aws-iam.RoleProps": {
13468 "assembly": "@aws-cdk/aws-iam",
13469 "datatype": true,
13470 "docs": {
13471 "stability": "stable",
13472 "summary": "Properties for defining an IAM Role.",
13473 "example": "const lambdaRole = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),\n description: 'Example role...',\n});\n\nconst stream = new kinesis.Stream(this, 'MyEncryptedStream', {\n encryption: kinesis.StreamEncryption.KMS,\n});\n\n// give lambda permissions to read stream\nstream.grantRead(lambdaRole);",
13474 "custom": {
13475 "exampleMetadata": "infused"
13476 }
13477 },
13478 "fqn": "@aws-cdk/aws-iam.RoleProps",
13479 "kind": "interface",
13480 "locationInModule": {
13481 "filename": "lib/role.ts",
13482 "line": 22
13483 },
13484 "name": "RoleProps",
13485 "properties": [
13486 {
13487 "abstract": true,
13488 "docs": {
13489 "remarks": "You can later modify the assume role policy document by accessing it via\nthe `assumeRolePolicy` property.",
13490 "stability": "stable",
13491 "summary": "The IAM principal (i.e. `new ServicePrincipal('sns.amazonaws.com')`) which can assume this role."
13492 },
13493 "immutable": true,
13494 "locationInModule": {
13495 "filename": "lib/role.ts",
13496 "line": 30
13497 },
13498 "name": "assumedBy",
13499 "type": {
13500 "fqn": "@aws-cdk/aws-iam.IPrincipal"
13501 }
13502 },
13503 {
13504 "abstract": true,
13505 "docs": {
13506 "default": "- No description.",
13507 "remarks": "It can be up to 1000 characters long.",
13508 "stability": "stable",
13509 "summary": "A description of the role."
13510 },
13511 "immutable": true,
13512 "locationInModule": {
13513 "filename": "lib/role.ts",
13514 "line": 140
13515 },
13516 "name": "description",
13517 "optional": true,
13518 "type": {
13519 "primitive": "string"
13520 }
13521 },
13522 {
13523 "abstract": true,
13524 "docs": {
13525 "default": "No external ID required",
13526 "deprecated": "see {@link externalIds}",
13527 "remarks": "If the configured and provided external IDs do not match, the\nAssumeRole operation will fail.",
13528 "stability": "deprecated",
13529 "summary": "ID that the role assumer needs to provide when assuming this role."
13530 },
13531 "immutable": true,
13532 "locationInModule": {
13533 "filename": "lib/role.ts",
13534 "line": 42
13535 },
13536 "name": "externalId",
13537 "optional": true,
13538 "type": {
13539 "primitive": "string"
13540 }
13541 },
13542 {
13543 "abstract": true,
13544 "docs": {
13545 "default": "No external ID required",
13546 "remarks": "If the configured and provided external IDs do not match, the\nAssumeRole operation will fail.",
13547 "stability": "stable",
13548 "summary": "List of IDs that the role assumer needs to provide one of when assuming this role."
13549 },
13550 "immutable": true,
13551 "locationInModule": {
13552 "filename": "lib/role.ts",
13553 "line": 52
13554 },
13555 "name": "externalIds",
13556 "optional": true,
13557 "type": {
13558 "collection": {
13559 "elementtype": {
13560 "primitive": "string"
13561 },
13562 "kind": "array"
13563 }
13564 }
13565 },
13566 {
13567 "abstract": true,
13568 "docs": {
13569 "default": "- No policy is inlined in the Role resource.",
13570 "remarks": "These policies will be\ncreated with the role, whereas those added by ``addToPolicy`` are added\nusing a separate CloudFormation resource (allowing a way around circular\ndependencies that could otherwise be introduced).",
13571 "stability": "stable",
13572 "summary": "A list of named policies to inline into this role."
13573 },
13574 "immutable": true,
13575 "locationInModule": {
13576 "filename": "lib/role.ts",
13577 "line": 72
13578 },
13579 "name": "inlinePolicies",
13580 "optional": true,
13581 "type": {
13582 "collection": {
13583 "elementtype": {
13584 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
13585 },
13586 "kind": "map"
13587 }
13588 }
13589 },
13590 {
13591 "abstract": true,
13592 "docs": {
13593 "default": "- No managed policies.",
13594 "remarks": "You can add managed policies later using\n`addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.",
13595 "stability": "stable",
13596 "summary": "A list of managed policies associated with this role."
13597 },
13598 "immutable": true,
13599 "locationInModule": {
13600 "filename": "lib/role.ts",
13601 "line": 62
13602 },
13603 "name": "managedPolicies",
13604 "optional": true,
13605 "type": {
13606 "collection": {
13607 "elementtype": {
13608 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
13609 },
13610 "kind": "array"
13611 }
13612 }
13613 },
13614 {
13615 "abstract": true,
13616 "docs": {
13617 "custom": {
13618 "link": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html"
13619 },
13620 "default": "Duration.hours(1)",
13621 "remarks": "This setting can have a value from 1 hour (3600sec) to 12 (43200sec) hours.\n\nAnyone who assumes the role from the AWS CLI or API can use the\nDurationSeconds API parameter or the duration-seconds CLI parameter to\nrequest a longer session. The MaxSessionDuration setting determines the\nmaximum duration that can be requested using the DurationSeconds\nparameter.\n\nIf users don't specify a value for the DurationSeconds parameter, their\nsecurity credentials are valid for one hour by default. This applies when\nyou use the AssumeRole* API operations or the assume-role* CLI operations\nbut does not apply when you use those operations to create a console URL.",
13622 "stability": "stable",
13623 "summary": "The maximum session duration that you want to set for the specified role."
13624 },
13625 "immutable": true,
13626 "locationInModule": {
13627 "filename": "lib/role.ts",
13628 "line": 133
13629 },
13630 "name": "maxSessionDuration",
13631 "optional": true,
13632 "type": {
13633 "fqn": "@aws-cdk/core.Duration"
13634 }
13635 },
13636 {
13637 "abstract": true,
13638 "docs": {
13639 "default": "/",
13640 "remarks": "For information about IAM paths, see\nFriendly Names and Paths in IAM User Guide.",
13641 "stability": "stable",
13642 "summary": "The path associated with this role."
13643 },
13644 "immutable": true,
13645 "locationInModule": {
13646 "filename": "lib/role.ts",
13647 "line": 80
13648 },
13649 "name": "path",
13650 "optional": true,
13651 "type": {
13652 "primitive": "string"
13653 }
13654 },
13655 {
13656 "abstract": true,
13657 "docs": {
13658 "custom": {
13659 "link": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html"
13660 },
13661 "default": "- No permissions boundary.",
13662 "remarks": "A permissions boundary is an advanced feature for using a managed policy\nto set the maximum permissions that an identity-based policy can grant to\nan IAM entity. An entity's permissions boundary allows it to perform only\nthe actions that are allowed by both its identity-based policies and its\npermissions boundaries.",
13663 "stability": "stable",
13664 "summary": "AWS supports permissions boundaries for IAM entities (users or roles)."
13665 },
13666 "immutable": true,
13667 "locationInModule": {
13668 "filename": "lib/role.ts",
13669 "line": 95
13670 },
13671 "name": "permissionsBoundary",
13672 "optional": true,
13673 "type": {
13674 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
13675 }
13676 },
13677 {
13678 "abstract": true,
13679 "docs": {
13680 "default": "- AWS CloudFormation generates a unique physical ID and uses that ID\nfor the role name.",
13681 "remarks": "For valid values, see the RoleName parameter for\nthe CreateRole action in the IAM API Reference.\n\nIMPORTANT: If you specify a name, you cannot perform updates that require\nreplacement of this resource. You can perform updates that require no or\nsome interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the CAPABILITY_NAMED_IAM value to\nacknowledge your template's capabilities. For more information, see\nAcknowledging IAM Resources in AWS CloudFormation Templates.",
13682 "stability": "stable",
13683 "summary": "A name for the IAM role."
13684 },
13685 "immutable": true,
13686 "locationInModule": {
13687 "filename": "lib/role.ts",
13688 "line": 112
13689 },
13690 "name": "roleName",
13691 "optional": true,
13692 "type": {
13693 "primitive": "string"
13694 }
13695 }
13696 ],
13697 "symbolId": "lib/role:RoleProps"
13698 },
13699 "@aws-cdk/aws-iam.SamlConsolePrincipal": {
13700 "assembly": "@aws-cdk/aws-iam",
13701 "base": "@aws-cdk/aws-iam.SamlPrincipal",
13702 "docs": {
13703 "stability": "stable",
13704 "summary": "Principal entity that represents a SAML federated identity provider for programmatic and AWS Management Console access.",
13705 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.SamlConsolePrincipal(provider),\n});",
13706 "custom": {
13707 "exampleMetadata": "infused"
13708 }
13709 },
13710 "fqn": "@aws-cdk/aws-iam.SamlConsolePrincipal",
13711 "initializer": {
13712 "docs": {
13713 "stability": "stable"
13714 },
13715 "locationInModule": {
13716 "filename": "lib/principals.ts",
13717 "line": 703
13718 },
13719 "parameters": [
13720 {
13721 "name": "samlProvider",
13722 "type": {
13723 "fqn": "@aws-cdk/aws-iam.ISamlProvider"
13724 }
13725 },
13726 {
13727 "name": "conditions",
13728 "optional": true,
13729 "type": {
13730 "collection": {
13731 "elementtype": {
13732 "primitive": "any"
13733 },
13734 "kind": "map"
13735 }
13736 }
13737 }
13738 ]
13739 },
13740 "kind": "class",
13741 "locationInModule": {
13742 "filename": "lib/principals.ts",
13743 "line": 702
13744 },
13745 "methods": [
13746 {
13747 "docs": {
13748 "stability": "stable",
13749 "summary": "Returns a string representation of an object."
13750 },
13751 "locationInModule": {
13752 "filename": "lib/principals.ts",
13753 "line": 712
13754 },
13755 "name": "toString",
13756 "overrides": "@aws-cdk/aws-iam.SamlPrincipal",
13757 "returns": {
13758 "type": {
13759 "primitive": "string"
13760 }
13761 }
13762 }
13763 ],
13764 "name": "SamlConsolePrincipal",
13765 "symbolId": "lib/principals:SamlConsolePrincipal"
13766 },
13767 "@aws-cdk/aws-iam.SamlMetadataDocument": {
13768 "abstract": true,
13769 "assembly": "@aws-cdk/aws-iam",
13770 "docs": {
13771 "stability": "stable",
13772 "summary": "A SAML metadata document.",
13773 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nconst principal = new iam.SamlPrincipal(provider, {\n StringEquals: {\n 'SAML:iss': 'issuer',\n },\n});",
13774 "custom": {
13775 "exampleMetadata": "infused"
13776 }
13777 },
13778 "fqn": "@aws-cdk/aws-iam.SamlMetadataDocument",
13779 "initializer": {
13780 "docs": {
13781 "stability": "stable"
13782 }
13783 },
13784 "kind": "class",
13785 "locationInModule": {
13786 "filename": "lib/saml-provider.ts",
13787 "line": 49
13788 },
13789 "methods": [
13790 {
13791 "docs": {
13792 "stability": "stable",
13793 "summary": "Create a SAML metadata document from a XML file."
13794 },
13795 "locationInModule": {
13796 "filename": "lib/saml-provider.ts",
13797 "line": 60
13798 },
13799 "name": "fromFile",
13800 "parameters": [
13801 {
13802 "name": "path",
13803 "type": {
13804 "primitive": "string"
13805 }
13806 }
13807 ],
13808 "returns": {
13809 "type": {
13810 "fqn": "@aws-cdk/aws-iam.SamlMetadataDocument"
13811 }
13812 },
13813 "static": true
13814 },
13815 {
13816 "docs": {
13817 "stability": "stable",
13818 "summary": "Create a SAML metadata document from a XML string."
13819 },
13820 "locationInModule": {
13821 "filename": "lib/saml-provider.ts",
13822 "line": 53
13823 },
13824 "name": "fromXml",
13825 "parameters": [
13826 {
13827 "name": "xml",
13828 "type": {
13829 "primitive": "string"
13830 }
13831 }
13832 ],
13833 "returns": {
13834 "type": {
13835 "fqn": "@aws-cdk/aws-iam.SamlMetadataDocument"
13836 }
13837 },
13838 "static": true
13839 }
13840 ],
13841 "name": "SamlMetadataDocument",
13842 "properties": [
13843 {
13844 "abstract": true,
13845 "docs": {
13846 "stability": "stable",
13847 "summary": "The XML content of the metadata document."
13848 },
13849 "immutable": true,
13850 "locationInModule": {
13851 "filename": "lib/saml-provider.ts",
13852 "line": 67
13853 },
13854 "name": "xml",
13855 "type": {
13856 "primitive": "string"
13857 }
13858 }
13859 ],
13860 "symbolId": "lib/saml-provider:SamlMetadataDocument"
13861 },
13862 "@aws-cdk/aws-iam.SamlPrincipal": {
13863 "assembly": "@aws-cdk/aws-iam",
13864 "base": "@aws-cdk/aws-iam.FederatedPrincipal",
13865 "docs": {
13866 "stability": "stable",
13867 "summary": "Principal entity that represents a SAML federated identity provider.",
13868 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nconst principal = new iam.SamlPrincipal(provider, {\n StringEquals: {\n 'SAML:iss': 'issuer',\n },\n});",
13869 "custom": {
13870 "exampleMetadata": "infused"
13871 }
13872 },
13873 "fqn": "@aws-cdk/aws-iam.SamlPrincipal",
13874 "initializer": {
13875 "docs": {
13876 "stability": "stable"
13877 },
13878 "locationInModule": {
13879 "filename": "lib/principals.ts",
13880 "line": 689
13881 },
13882 "parameters": [
13883 {
13884 "name": "samlProvider",
13885 "type": {
13886 "fqn": "@aws-cdk/aws-iam.ISamlProvider"
13887 }
13888 },
13889 {
13890 "name": "conditions",
13891 "type": {
13892 "collection": {
13893 "elementtype": {
13894 "primitive": "any"
13895 },
13896 "kind": "map"
13897 }
13898 }
13899 }
13900 ]
13901 },
13902 "kind": "class",
13903 "locationInModule": {
13904 "filename": "lib/principals.ts",
13905 "line": 688
13906 },
13907 "methods": [
13908 {
13909 "docs": {
13910 "stability": "stable",
13911 "summary": "Returns a string representation of an object."
13912 },
13913 "locationInModule": {
13914 "filename": "lib/principals.ts",
13915 "line": 693
13916 },
13917 "name": "toString",
13918 "overrides": "@aws-cdk/aws-iam.FederatedPrincipal",
13919 "returns": {
13920 "type": {
13921 "primitive": "string"
13922 }
13923 }
13924 }
13925 ],
13926 "name": "SamlPrincipal",
13927 "symbolId": "lib/principals:SamlPrincipal"
13928 },
13929 "@aws-cdk/aws-iam.SamlProvider": {
13930 "assembly": "@aws-cdk/aws-iam",
13931 "base": "@aws-cdk/core.Resource",
13932 "docs": {
13933 "stability": "stable",
13934 "summary": "A SAML provider.",
13935 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.SamlConsolePrincipal(provider),\n});",
13936 "custom": {
13937 "exampleMetadata": "infused"
13938 }
13939 },
13940 "fqn": "@aws-cdk/aws-iam.SamlProvider",
13941 "initializer": {
13942 "docs": {
13943 "stability": "stable"
13944 },
13945 "locationInModule": {
13946 "filename": "lib/saml-provider.ts",
13947 "line": 86
13948 },
13949 "parameters": [
13950 {
13951 "name": "scope",
13952 "type": {
13953 "fqn": "constructs.Construct"
13954 }
13955 },
13956 {
13957 "name": "id",
13958 "type": {
13959 "primitive": "string"
13960 }
13961 },
13962 {
13963 "name": "props",
13964 "type": {
13965 "fqn": "@aws-cdk/aws-iam.SamlProviderProps"
13966 }
13967 }
13968 ]
13969 },
13970 "interfaces": [
13971 "@aws-cdk/aws-iam.ISamlProvider"
13972 ],
13973 "kind": "class",
13974 "locationInModule": {
13975 "filename": "lib/saml-provider.ts",
13976 "line": 73
13977 },
13978 "methods": [
13979 {
13980 "docs": {
13981 "stability": "stable",
13982 "summary": "Import an existing provider."
13983 },
13984 "locationInModule": {
13985 "filename": "lib/saml-provider.ts",
13986 "line": 77
13987 },
13988 "name": "fromSamlProviderArn",
13989 "parameters": [
13990 {
13991 "name": "scope",
13992 "type": {
13993 "fqn": "constructs.Construct"
13994 }
13995 },
13996 {
13997 "name": "id",
13998 "type": {
13999 "primitive": "string"
14000 }
14001 },
14002 {
14003 "name": "samlProviderArn",
14004 "type": {
14005 "primitive": "string"
14006 }
14007 }
14008 ],
14009 "returns": {
14010 "type": {
14011 "fqn": "@aws-cdk/aws-iam.ISamlProvider"
14012 }
14013 },
14014 "static": true
14015 }
14016 ],
14017 "name": "SamlProvider",
14018 "properties": [
14019 {
14020 "docs": {
14021 "stability": "stable",
14022 "summary": "The Amazon Resource Name (ARN) of the provider."
14023 },
14024 "immutable": true,
14025 "locationInModule": {
14026 "filename": "lib/saml-provider.ts",
14027 "line": 84
14028 },
14029 "name": "samlProviderArn",
14030 "overrides": "@aws-cdk/aws-iam.ISamlProvider",
14031 "type": {
14032 "primitive": "string"
14033 }
14034 }
14035 ],
14036 "symbolId": "lib/saml-provider:SamlProvider"
14037 },
14038 "@aws-cdk/aws-iam.SamlProviderProps": {
14039 "assembly": "@aws-cdk/aws-iam",
14040 "datatype": true,
14041 "docs": {
14042 "stability": "stable",
14043 "summary": "Properties for a SAML provider.",
14044 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.SamlConsolePrincipal(provider),\n});",
14045 "custom": {
14046 "exampleMetadata": "infused"
14047 }
14048 },
14049 "fqn": "@aws-cdk/aws-iam.SamlProviderProps",
14050 "kind": "interface",
14051 "locationInModule": {
14052 "filename": "lib/saml-provider.ts",
14053 "line": 21
14054 },
14055 "name": "SamlProviderProps",
14056 "properties": [
14057 {
14058 "abstract": true,
14059 "docs": {
14060 "stability": "stable",
14061 "summary": "An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP."
14062 },
14063 "immutable": true,
14064 "locationInModule": {
14065 "filename": "lib/saml-provider.ts",
14066 "line": 43
14067 },
14068 "name": "metadataDocument",
14069 "type": {
14070 "fqn": "@aws-cdk/aws-iam.SamlMetadataDocument"
14071 }
14072 },
14073 {
14074 "abstract": true,
14075 "docs": {
14076 "default": "- a CloudFormation generated name",
14077 "remarks": "This parameter allows a string of characters consisting of upper and\nlowercase alphanumeric characters with no spaces. You can also include\nany of the following characters: _+=,.@-\n\nLength must be between 1 and 128 characters.",
14078 "stability": "stable",
14079 "summary": "The name of the provider to create."
14080 },
14081 "immutable": true,
14082 "locationInModule": {
14083 "filename": "lib/saml-provider.ts",
14084 "line": 33
14085 },
14086 "name": "name",
14087 "optional": true,
14088 "type": {
14089 "primitive": "string"
14090 }
14091 }
14092 ],
14093 "symbolId": "lib/saml-provider:SamlProviderProps"
14094 },
14095 "@aws-cdk/aws-iam.ServicePrincipal": {
14096 "assembly": "@aws-cdk/aws-iam",
14097 "base": "@aws-cdk/aws-iam.PrincipalBase",
14098 "docs": {
14099 "stability": "stable",
14100 "summary": "An IAM principal that represents an AWS service (i.e. sqs.amazonaws.com).",
14101 "example": "const lambdaRole = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),\n description: 'Example role...',\n});\n\nconst stream = new kinesis.Stream(this, 'MyEncryptedStream', {\n encryption: kinesis.StreamEncryption.KMS,\n});\n\n// give lambda permissions to read stream\nstream.grantRead(lambdaRole);",
14102 "custom": {
14103 "exampleMetadata": "infused"
14104 }
14105 },
14106 "fqn": "@aws-cdk/aws-iam.ServicePrincipal",
14107 "initializer": {
14108 "docs": {
14109 "stability": "stable"
14110 },
14111 "locationInModule": {
14112 "filename": "lib/principals.ts",
14113 "line": 509
14114 },
14115 "parameters": [
14116 {
14117 "docs": {
14118 "summary": "AWS service (i.e. sqs.amazonaws.com)."
14119 },
14120 "name": "service",
14121 "type": {
14122 "primitive": "string"
14123 }
14124 },
14125 {
14126 "name": "opts",
14127 "optional": true,
14128 "type": {
14129 "fqn": "@aws-cdk/aws-iam.ServicePrincipalOpts"
14130 }
14131 }
14132 ]
14133 },
14134 "kind": "class",
14135 "locationInModule": {
14136 "filename": "lib/principals.ts",
14137 "line": 489
14138 },
14139 "methods": [
14140 {
14141 "docs": {
14142 "example": "const principalName = iam.ServicePrincipal.servicePrincipalName('ec2.amazonaws.com');",
14143 "remarks": "For example, for Chinese regions this may (depending on whether that's necessary\nfor the given service principal) append `.cn` to the name.\n\nThe `region-info` module is used to obtain this information.",
14144 "stability": "stable",
14145 "summary": "Translate the given service principal name based on the region it's used in."
14146 },
14147 "locationInModule": {
14148 "filename": "lib/principals.ts",
14149 "line": 501
14150 },
14151 "name": "servicePrincipalName",
14152 "parameters": [
14153 {
14154 "name": "service",
14155 "type": {
14156 "primitive": "string"
14157 }
14158 }
14159 ],
14160 "returns": {
14161 "type": {
14162 "primitive": "string"
14163 }
14164 },
14165 "static": true
14166 },
14167 {
14168 "docs": {
14169 "stability": "stable",
14170 "summary": "Return whether or not this principal is equal to the given principal."
14171 },
14172 "locationInModule": {
14173 "filename": "lib/principals.ts",
14174 "line": 525
14175 },
14176 "name": "dedupeString",
14177 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14178 "returns": {
14179 "optional": true,
14180 "type": {
14181 "primitive": "string"
14182 }
14183 }
14184 },
14185 {
14186 "docs": {
14187 "stability": "stable",
14188 "summary": "Returns a string representation of an object."
14189 },
14190 "locationInModule": {
14191 "filename": "lib/principals.ts",
14192 "line": 521
14193 },
14194 "name": "toString",
14195 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14196 "returns": {
14197 "type": {
14198 "primitive": "string"
14199 }
14200 }
14201 }
14202 ],
14203 "name": "ServicePrincipal",
14204 "properties": [
14205 {
14206 "docs": {
14207 "stability": "stable",
14208 "summary": "Return the policy fragment that identifies this principal in a Policy."
14209 },
14210 "immutable": true,
14211 "locationInModule": {
14212 "filename": "lib/principals.ts",
14213 "line": 513
14214 },
14215 "name": "policyFragment",
14216 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14217 "type": {
14218 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
14219 }
14220 },
14221 {
14222 "docs": {
14223 "stability": "stable",
14224 "summary": "AWS service (i.e. sqs.amazonaws.com)."
14225 },
14226 "immutable": true,
14227 "locationInModule": {
14228 "filename": "lib/principals.ts",
14229 "line": 509
14230 },
14231 "name": "service",
14232 "type": {
14233 "primitive": "string"
14234 }
14235 }
14236 ],
14237 "symbolId": "lib/principals:ServicePrincipal"
14238 },
14239 "@aws-cdk/aws-iam.ServicePrincipalOpts": {
14240 "assembly": "@aws-cdk/aws-iam",
14241 "datatype": true,
14242 "docs": {
14243 "stability": "stable",
14244 "summary": "Options for a service principal.",
14245 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const conditions: any;\nconst servicePrincipalOpts: iam.ServicePrincipalOpts = {\n conditions: {\n conditionsKey: conditions,\n },\n region: 'region',\n};",
14246 "custom": {
14247 "exampleMetadata": "fixture=_generated"
14248 }
14249 },
14250 "fqn": "@aws-cdk/aws-iam.ServicePrincipalOpts",
14251 "kind": "interface",
14252 "locationInModule": {
14253 "filename": "lib/principals.ts",
14254 "line": 469
14255 },
14256 "name": "ServicePrincipalOpts",
14257 "properties": [
14258 {
14259 "abstract": true,
14260 "docs": {
14261 "default": "- No conditions",
14262 "stability": "stable",
14263 "summary": "Additional conditions to add to the Service Principal."
14264 },
14265 "immutable": true,
14266 "locationInModule": {
14267 "filename": "lib/principals.ts",
14268 "line": 483
14269 },
14270 "name": "conditions",
14271 "optional": true,
14272 "type": {
14273 "collection": {
14274 "elementtype": {
14275 "primitive": "any"
14276 },
14277 "kind": "map"
14278 }
14279 }
14280 },
14281 {
14282 "abstract": true,
14283 "docs": {
14284 "default": "- the current Stack's region.",
14285 "deprecated": "You should not need to set this. The stack's region is always correct.",
14286 "stability": "deprecated",
14287 "summary": "The region in which the service is operating."
14288 },
14289 "immutable": true,
14290 "locationInModule": {
14291 "filename": "lib/principals.ts",
14292 "line": 476
14293 },
14294 "name": "region",
14295 "optional": true,
14296 "type": {
14297 "primitive": "string"
14298 }
14299 }
14300 ],
14301 "symbolId": "lib/principals:ServicePrincipalOpts"
14302 },
14303 "@aws-cdk/aws-iam.SessionTagsPrincipal": {
14304 "assembly": "@aws-cdk/aws-iam",
14305 "base": "@aws-cdk/aws-iam.PrincipalBase",
14306 "docs": {
14307 "remarks": "For more information on session tags, see:\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html",
14308 "stability": "stable",
14309 "summary": "Enables session tags on role assumptions from a principal.",
14310 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const principal: iam.IPrincipal;\nconst sessionTagsPrincipal = new iam.SessionTagsPrincipal(principal);",
14311 "custom": {
14312 "exampleMetadata": "fixture=_generated"
14313 }
14314 },
14315 "fqn": "@aws-cdk/aws-iam.SessionTagsPrincipal",
14316 "initializer": {
14317 "docs": {
14318 "stability": "stable"
14319 },
14320 "locationInModule": {
14321 "filename": "lib/principals.ts",
14322 "line": 350
14323 },
14324 "parameters": [
14325 {
14326 "name": "principal",
14327 "type": {
14328 "fqn": "@aws-cdk/aws-iam.IPrincipal"
14329 }
14330 }
14331 ]
14332 },
14333 "kind": "class",
14334 "locationInModule": {
14335 "filename": "lib/principals.ts",
14336 "line": 349
14337 },
14338 "methods": [
14339 {
14340 "docs": {
14341 "remarks": "Add the statements to the AssumeRolePolicyDocument necessary to give this principal\npermissions to assume the given role.",
14342 "stability": "stable",
14343 "summary": "Add the princpial to the AssumeRolePolicyDocument."
14344 },
14345 "locationInModule": {
14346 "filename": "lib/principals.ts",
14347 "line": 354
14348 },
14349 "name": "addToAssumeRolePolicy",
14350 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14351 "parameters": [
14352 {
14353 "name": "doc",
14354 "type": {
14355 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
14356 }
14357 }
14358 ]
14359 },
14360 {
14361 "docs": {
14362 "stability": "stable",
14363 "summary": "Add to the policy of this principal."
14364 },
14365 "locationInModule": {
14366 "filename": "lib/principals.ts",
14367 "line": 235
14368 },
14369 "name": "addToPolicy",
14370 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14371 "parameters": [
14372 {
14373 "name": "statement",
14374 "type": {
14375 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
14376 }
14377 }
14378 ],
14379 "returns": {
14380 "type": {
14381 "primitive": "boolean"
14382 }
14383 }
14384 },
14385 {
14386 "docs": {
14387 "stability": "stable",
14388 "summary": "Add to the policy of this principal."
14389 },
14390 "locationInModule": {
14391 "filename": "lib/principals.ts",
14392 "line": 238
14393 },
14394 "name": "addToPrincipalPolicy",
14395 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14396 "parameters": [
14397 {
14398 "name": "statement",
14399 "type": {
14400 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
14401 }
14402 }
14403 ],
14404 "returns": {
14405 "type": {
14406 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
14407 }
14408 }
14409 },
14410 {
14411 "docs": {
14412 "stability": "stable",
14413 "summary": "Append the given string to the wrapped principal's dedupe string (if available)."
14414 },
14415 "locationInModule": {
14416 "filename": "lib/principals.ts",
14417 "line": 245
14418 },
14419 "name": "appendDedupe",
14420 "parameters": [
14421 {
14422 "name": "append",
14423 "type": {
14424 "primitive": "string"
14425 }
14426 }
14427 ],
14428 "protected": true,
14429 "returns": {
14430 "optional": true,
14431 "type": {
14432 "primitive": "string"
14433 }
14434 }
14435 },
14436 {
14437 "docs": {
14438 "stability": "stable",
14439 "summary": "Return whether or not this principal is equal to the given principal."
14440 },
14441 "locationInModule": {
14442 "filename": "lib/principals.ts",
14443 "line": 366
14444 },
14445 "name": "dedupeString",
14446 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14447 "returns": {
14448 "optional": true,
14449 "type": {
14450 "primitive": "string"
14451 }
14452 }
14453 }
14454 ],
14455 "name": "SessionTagsPrincipal",
14456 "properties": [
14457 {
14458 "docs": {
14459 "stability": "stable",
14460 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
14461 },
14462 "immutable": true,
14463 "locationInModule": {
14464 "filename": "lib/principals.ts",
14465 "line": 226
14466 },
14467 "name": "assumeRoleAction",
14468 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14469 "type": {
14470 "primitive": "string"
14471 }
14472 },
14473 {
14474 "docs": {
14475 "stability": "stable",
14476 "summary": "Return the policy fragment that identifies this principal in a Policy."
14477 },
14478 "immutable": true,
14479 "locationInModule": {
14480 "filename": "lib/principals.ts",
14481 "line": 233
14482 },
14483 "name": "policyFragment",
14484 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14485 "type": {
14486 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
14487 }
14488 },
14489 {
14490 "docs": {
14491 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
14492 "stability": "stable",
14493 "summary": "The AWS account ID of this principal."
14494 },
14495 "immutable": true,
14496 "locationInModule": {
14497 "filename": "lib/principals.ts",
14498 "line": 227
14499 },
14500 "name": "principalAccount",
14501 "optional": true,
14502 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14503 "type": {
14504 "primitive": "string"
14505 }
14506 }
14507 ],
14508 "symbolId": "lib/principals:SessionTagsPrincipal"
14509 },
14510 "@aws-cdk/aws-iam.StarPrincipal": {
14511 "assembly": "@aws-cdk/aws-iam",
14512 "base": "@aws-cdk/aws-iam.PrincipalBase",
14513 "docs": {
14514 "remarks": "Some services behave differently when you specify `Principal: \"*\"`\nor `Principal: { AWS: \"*\" }` in their resource policy.\n\n`StarPrincipal` renders to `Principal: *`. Most of the time, you\nshould use `AnyPrincipal` instead.",
14515 "stability": "stable",
14516 "summary": "A principal that uses a literal '*' in the IAM JSON language.",
14517 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst starPrincipal = new iam.StarPrincipal();",
14518 "custom": {
14519 "exampleMetadata": "fixture=_generated"
14520 }
14521 },
14522 "fqn": "@aws-cdk/aws-iam.StarPrincipal",
14523 "initializer": {
14524 "docs": {
14525 "stability": "stable"
14526 }
14527 },
14528 "kind": "class",
14529 "locationInModule": {
14530 "filename": "lib/principals.ts",
14531 "line": 765
14532 },
14533 "methods": [
14534 {
14535 "docs": {
14536 "stability": "stable",
14537 "summary": "Return whether or not this principal is equal to the given principal."
14538 },
14539 "locationInModule": {
14540 "filename": "lib/principals.ts",
14541 "line": 775
14542 },
14543 "name": "dedupeString",
14544 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14545 "returns": {
14546 "optional": true,
14547 "type": {
14548 "primitive": "string"
14549 }
14550 }
14551 },
14552 {
14553 "docs": {
14554 "stability": "stable",
14555 "summary": "Returns a string representation of an object."
14556 },
14557 "locationInModule": {
14558 "filename": "lib/principals.ts",
14559 "line": 771
14560 },
14561 "name": "toString",
14562 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14563 "returns": {
14564 "type": {
14565 "primitive": "string"
14566 }
14567 }
14568 }
14569 ],
14570 "name": "StarPrincipal",
14571 "properties": [
14572 {
14573 "docs": {
14574 "stability": "stable",
14575 "summary": "Return the policy fragment that identifies this principal in a Policy."
14576 },
14577 "immutable": true,
14578 "locationInModule": {
14579 "filename": "lib/principals.ts",
14580 "line": 766
14581 },
14582 "name": "policyFragment",
14583 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14584 "type": {
14585 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
14586 }
14587 }
14588 ],
14589 "symbolId": "lib/principals:StarPrincipal"
14590 },
14591 "@aws-cdk/aws-iam.UnknownPrincipal": {
14592 "assembly": "@aws-cdk/aws-iam",
14593 "docs": {
14594 "remarks": "Some resources have roles associated with them which they assume, such as\nLambda Functions, CodeBuild projects, StepFunctions machines, etc.\n\nWhen those resources are imported, their actual roles are not always\nimported with them. When that happens, we use an instance of this class\ninstead, which will add user warnings when statements are attempted to be\nadded to it.",
14595 "stability": "stable",
14596 "summary": "A principal for use in resources that need to have a role but it's unknown.",
14597 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as constructs from 'constructs';\n\ndeclare const construct: constructs.Construct;\nconst unknownPrincipal = new iam.UnknownPrincipal({\n resource: construct,\n});",
14598 "custom": {
14599 "exampleMetadata": "fixture=_generated"
14600 }
14601 },
14602 "fqn": "@aws-cdk/aws-iam.UnknownPrincipal",
14603 "initializer": {
14604 "docs": {
14605 "stability": "stable"
14606 },
14607 "locationInModule": {
14608 "filename": "lib/unknown-principal.ts",
14609 "line": 32
14610 },
14611 "parameters": [
14612 {
14613 "name": "props",
14614 "type": {
14615 "fqn": "@aws-cdk/aws-iam.UnknownPrincipalProps"
14616 }
14617 }
14618 ]
14619 },
14620 "interfaces": [
14621 "@aws-cdk/aws-iam.IPrincipal"
14622 ],
14623 "kind": "class",
14624 "locationInModule": {
14625 "filename": "lib/unknown-principal.ts",
14626 "line": 27
14627 },
14628 "methods": [
14629 {
14630 "docs": {
14631 "stability": "stable",
14632 "summary": "Add to the policy of this principal."
14633 },
14634 "locationInModule": {
14635 "filename": "lib/unknown-principal.ts",
14636 "line": 49
14637 },
14638 "name": "addToPolicy",
14639 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14640 "parameters": [
14641 {
14642 "name": "statement",
14643 "type": {
14644 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
14645 }
14646 }
14647 ],
14648 "returns": {
14649 "type": {
14650 "primitive": "boolean"
14651 }
14652 }
14653 },
14654 {
14655 "docs": {
14656 "stability": "stable",
14657 "summary": "Add to the policy of this principal."
14658 },
14659 "locationInModule": {
14660 "filename": "lib/unknown-principal.ts",
14661 "line": 41
14662 },
14663 "name": "addToPrincipalPolicy",
14664 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14665 "parameters": [
14666 {
14667 "name": "statement",
14668 "type": {
14669 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
14670 }
14671 }
14672 ],
14673 "returns": {
14674 "type": {
14675 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
14676 }
14677 }
14678 }
14679 ],
14680 "name": "UnknownPrincipal",
14681 "properties": [
14682 {
14683 "docs": {
14684 "stability": "stable",
14685 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
14686 },
14687 "immutable": true,
14688 "locationInModule": {
14689 "filename": "lib/unknown-principal.ts",
14690 "line": 28
14691 },
14692 "name": "assumeRoleAction",
14693 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14694 "type": {
14695 "primitive": "string"
14696 }
14697 },
14698 {
14699 "docs": {
14700 "stability": "stable",
14701 "summary": "The principal to grant permissions to."
14702 },
14703 "immutable": true,
14704 "locationInModule": {
14705 "filename": "lib/unknown-principal.ts",
14706 "line": 29
14707 },
14708 "name": "grantPrincipal",
14709 "overrides": "@aws-cdk/aws-iam.IGrantable",
14710 "type": {
14711 "fqn": "@aws-cdk/aws-iam.IPrincipal"
14712 }
14713 },
14714 {
14715 "docs": {
14716 "stability": "stable",
14717 "summary": "Return the policy fragment that identifies this principal in a Policy."
14718 },
14719 "immutable": true,
14720 "locationInModule": {
14721 "filename": "lib/unknown-principal.ts",
14722 "line": 37
14723 },
14724 "name": "policyFragment",
14725 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14726 "type": {
14727 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
14728 }
14729 }
14730 ],
14731 "symbolId": "lib/unknown-principal:UnknownPrincipal"
14732 },
14733 "@aws-cdk/aws-iam.UnknownPrincipalProps": {
14734 "assembly": "@aws-cdk/aws-iam",
14735 "datatype": true,
14736 "docs": {
14737 "stability": "stable",
14738 "summary": "Properties for an UnknownPrincipal.",
14739 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as constructs from 'constructs';\n\ndeclare const construct: constructs.Construct;\nconst unknownPrincipalProps: iam.UnknownPrincipalProps = {\n resource: construct,\n};",
14740 "custom": {
14741 "exampleMetadata": "fixture=_generated"
14742 }
14743 },
14744 "fqn": "@aws-cdk/aws-iam.UnknownPrincipalProps",
14745 "kind": "interface",
14746 "locationInModule": {
14747 "filename": "lib/unknown-principal.ts",
14748 "line": 9
14749 },
14750 "name": "UnknownPrincipalProps",
14751 "properties": [
14752 {
14753 "abstract": true,
14754 "docs": {
14755 "stability": "stable",
14756 "summary": "The resource the role proxy is for."
14757 },
14758 "immutable": true,
14759 "locationInModule": {
14760 "filename": "lib/unknown-principal.ts",
14761 "line": 13
14762 },
14763 "name": "resource",
14764 "type": {
14765 "fqn": "constructs.IConstruct"
14766 }
14767 }
14768 ],
14769 "symbolId": "lib/unknown-principal:UnknownPrincipalProps"
14770 },
14771 "@aws-cdk/aws-iam.User": {
14772 "assembly": "@aws-cdk/aws-iam",
14773 "base": "@aws-cdk/core.Resource",
14774 "docs": {
14775 "stability": "stable",
14776 "summary": "Define a new IAM user.",
14777 "example": "const user = new iam.User(this, 'MyUser'); // or User.fromUserName(stack, 'User', 'johnsmith');\nconst group = new iam.Group(this, 'MyGroup'); // or Group.fromGroupArn(stack, 'Group', 'arn:aws:iam::account-id:group/group-name');\n\nuser.addToGroup(group);\n// or\ngroup.addUser(user);",
14778 "custom": {
14779 "exampleMetadata": "infused"
14780 }
14781 },
14782 "fqn": "@aws-cdk/aws-iam.User",
14783 "initializer": {
14784 "docs": {
14785 "stability": "stable"
14786 },
14787 "locationInModule": {
14788 "filename": "lib/user.ts",
14789 "line": 257
14790 },
14791 "parameters": [
14792 {
14793 "name": "scope",
14794 "type": {
14795 "fqn": "constructs.Construct"
14796 }
14797 },
14798 {
14799 "name": "id",
14800 "type": {
14801 "primitive": "string"
14802 }
14803 },
14804 {
14805 "name": "props",
14806 "optional": true,
14807 "type": {
14808 "fqn": "@aws-cdk/aws-iam.UserProps"
14809 }
14810 }
14811 ]
14812 },
14813 "interfaces": [
14814 "@aws-cdk/aws-iam.IIdentity",
14815 "@aws-cdk/aws-iam.IUser"
14816 ],
14817 "kind": "class",
14818 "locationInModule": {
14819 "filename": "lib/user.ts",
14820 "line": 137
14821 },
14822 "methods": [
14823 {
14824 "docs": {
14825 "remarks": "If the ARN comes from a Token, the User cannot have a path; if so, any attempt\nto reference its username will fail.",
14826 "stability": "stable",
14827 "summary": "Import an existing user given a user ARN."
14828 },
14829 "locationInModule": {
14830 "filename": "lib/user.ts",
14831 "line": 166
14832 },
14833 "name": "fromUserArn",
14834 "parameters": [
14835 {
14836 "docs": {
14837 "summary": "construct scope."
14838 },
14839 "name": "scope",
14840 "type": {
14841 "fqn": "constructs.Construct"
14842 }
14843 },
14844 {
14845 "docs": {
14846 "summary": "construct id."
14847 },
14848 "name": "id",
14849 "type": {
14850 "primitive": "string"
14851 }
14852 },
14853 {
14854 "docs": {
14855 "summary": "the ARN of an existing user to import."
14856 },
14857 "name": "userArn",
14858 "type": {
14859 "primitive": "string"
14860 }
14861 }
14862 ],
14863 "returns": {
14864 "type": {
14865 "fqn": "@aws-cdk/aws-iam.IUser"
14866 }
14867 },
14868 "static": true
14869 },
14870 {
14871 "docs": {
14872 "remarks": "If the ARN comes from a Token, the User cannot have a path; if so, any attempt\nto reference its username will fail.",
14873 "stability": "stable",
14874 "summary": "Import an existing user given user attributes."
14875 },
14876 "locationInModule": {
14877 "filename": "lib/user.ts",
14878 "line": 180
14879 },
14880 "name": "fromUserAttributes",
14881 "parameters": [
14882 {
14883 "docs": {
14884 "summary": "construct scope."
14885 },
14886 "name": "scope",
14887 "type": {
14888 "fqn": "constructs.Construct"
14889 }
14890 },
14891 {
14892 "docs": {
14893 "summary": "construct id."
14894 },
14895 "name": "id",
14896 "type": {
14897 "primitive": "string"
14898 }
14899 },
14900 {
14901 "docs": {
14902 "summary": "the attributes of the user to import."
14903 },
14904 "name": "attrs",
14905 "type": {
14906 "fqn": "@aws-cdk/aws-iam.UserAttributes"
14907 }
14908 }
14909 ],
14910 "returns": {
14911 "type": {
14912 "fqn": "@aws-cdk/aws-iam.IUser"
14913 }
14914 },
14915 "static": true
14916 },
14917 {
14918 "docs": {
14919 "stability": "stable",
14920 "summary": "Import an existing user given a username."
14921 },
14922 "locationInModule": {
14923 "filename": "lib/user.ts",
14924 "line": 145
14925 },
14926 "name": "fromUserName",
14927 "parameters": [
14928 {
14929 "docs": {
14930 "summary": "construct scope."
14931 },
14932 "name": "scope",
14933 "type": {
14934 "fqn": "constructs.Construct"
14935 }
14936 },
14937 {
14938 "docs": {
14939 "summary": "construct id."
14940 },
14941 "name": "id",
14942 "type": {
14943 "primitive": "string"
14944 }
14945 },
14946 {
14947 "docs": {
14948 "summary": "the username of the existing user to import."
14949 },
14950 "name": "userName",
14951 "type": {
14952 "primitive": "string"
14953 }
14954 }
14955 ],
14956 "returns": {
14957 "type": {
14958 "fqn": "@aws-cdk/aws-iam.IUser"
14959 }
14960 },
14961 "static": true
14962 },
14963 {
14964 "docs": {
14965 "stability": "stable",
14966 "summary": "Attaches a managed policy to the user."
14967 },
14968 "locationInModule": {
14969 "filename": "lib/user.ts",
14970 "line": 301
14971 },
14972 "name": "addManagedPolicy",
14973 "overrides": "@aws-cdk/aws-iam.IIdentity",
14974 "parameters": [
14975 {
14976 "docs": {
14977 "summary": "The managed policy to attach."
14978 },
14979 "name": "policy",
14980 "type": {
14981 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
14982 }
14983 }
14984 ]
14985 },
14986 {
14987 "docs": {
14988 "stability": "stable",
14989 "summary": "Adds this user to a group."
14990 },
14991 "locationInModule": {
14992 "filename": "lib/user.ts",
14993 "line": 293
14994 },
14995 "name": "addToGroup",
14996 "overrides": "@aws-cdk/aws-iam.IUser",
14997 "parameters": [
14998 {
14999 "name": "group",
15000 "type": {
15001 "fqn": "@aws-cdk/aws-iam.IGroup"
15002 }
15003 }
15004 ]
15005 },
15006 {
15007 "docs": {
15008 "stability": "stable",
15009 "summary": "Add to the policy of this principal."
15010 },
15011 "locationInModule": {
15012 "filename": "lib/user.ts",
15013 "line": 329
15014 },
15015 "name": "addToPolicy",
15016 "overrides": "@aws-cdk/aws-iam.IPrincipal",
15017 "parameters": [
15018 {
15019 "name": "statement",
15020 "type": {
15021 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
15022 }
15023 }
15024 ],
15025 "returns": {
15026 "type": {
15027 "primitive": "boolean"
15028 }
15029 }
15030 },
15031 {
15032 "docs": {
15033 "returns": "true",
15034 "stability": "stable",
15035 "summary": "Adds an IAM statement to the default policy."
15036 },
15037 "locationInModule": {
15038 "filename": "lib/user.ts",
15039 "line": 319
15040 },
15041 "name": "addToPrincipalPolicy",
15042 "overrides": "@aws-cdk/aws-iam.IPrincipal",
15043 "parameters": [
15044 {
15045 "name": "statement",
15046 "type": {
15047 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
15048 }
15049 }
15050 ],
15051 "returns": {
15052 "type": {
15053 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
15054 }
15055 }
15056 },
15057 {
15058 "docs": {
15059 "stability": "stable",
15060 "summary": "Attaches a policy to this user."
15061 },
15062 "locationInModule": {
15063 "filename": "lib/user.ts",
15064 "line": 309
15065 },
15066 "name": "attachInlinePolicy",
15067 "overrides": "@aws-cdk/aws-iam.IIdentity",
15068 "parameters": [
15069 {
15070 "name": "policy",
15071 "type": {
15072 "fqn": "@aws-cdk/aws-iam.Policy"
15073 }
15074 }
15075 ]
15076 }
15077 ],
15078 "name": "User",
15079 "properties": [
15080 {
15081 "docs": {
15082 "stability": "stable",
15083 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
15084 },
15085 "immutable": true,
15086 "locationInModule": {
15087 "filename": "lib/user.ts",
15088 "line": 231
15089 },
15090 "name": "assumeRoleAction",
15091 "overrides": "@aws-cdk/aws-iam.IPrincipal",
15092 "type": {
15093 "primitive": "string"
15094 }
15095 },
15096 {
15097 "docs": {
15098 "stability": "stable",
15099 "summary": "The principal to grant permissions to."
15100 },
15101 "immutable": true,
15102 "locationInModule": {
15103 "filename": "lib/user.ts",
15104 "line": 229
15105 },
15106 "name": "grantPrincipal",
15107 "overrides": "@aws-cdk/aws-iam.IGrantable",
15108 "type": {
15109 "fqn": "@aws-cdk/aws-iam.IPrincipal"
15110 }
15111 },
15112 {
15113 "docs": {
15114 "stability": "stable",
15115 "summary": "Return the policy fragment that identifies this principal in a Policy."
15116 },
15117 "immutable": true,
15118 "locationInModule": {
15119 "filename": "lib/user.ts",
15120 "line": 250
15121 },
15122 "name": "policyFragment",
15123 "overrides": "@aws-cdk/aws-iam.IPrincipal",
15124 "type": {
15125 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
15126 }
15127 },
15128 {
15129 "docs": {
15130 "custom": {
15131 "attribute": "true"
15132 },
15133 "stability": "stable",
15134 "summary": "An attribute that represents the user's ARN."
15135 },
15136 "immutable": true,
15137 "locationInModule": {
15138 "filename": "lib/user.ts",
15139 "line": 243
15140 },
15141 "name": "userArn",
15142 "overrides": "@aws-cdk/aws-iam.IUser",
15143 "type": {
15144 "primitive": "string"
15145 }
15146 },
15147 {
15148 "docs": {
15149 "custom": {
15150 "attribute": "true"
15151 },
15152 "stability": "stable",
15153 "summary": "An attribute that represents the user name."
15154 },
15155 "immutable": true,
15156 "locationInModule": {
15157 "filename": "lib/user.ts",
15158 "line": 237
15159 },
15160 "name": "userName",
15161 "overrides": "@aws-cdk/aws-iam.IUser",
15162 "type": {
15163 "primitive": "string"
15164 }
15165 },
15166 {
15167 "docs": {
15168 "stability": "stable",
15169 "summary": "Returns the permissions boundary attached to this user."
15170 },
15171 "immutable": true,
15172 "locationInModule": {
15173 "filename": "lib/user.ts",
15174 "line": 248
15175 },
15176 "name": "permissionsBoundary",
15177 "optional": true,
15178 "type": {
15179 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
15180 }
15181 },
15182 {
15183 "docs": {
15184 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
15185 "stability": "stable",
15186 "summary": "The AWS account ID of this principal."
15187 },
15188 "immutable": true,
15189 "locationInModule": {
15190 "filename": "lib/user.ts",
15191 "line": 230
15192 },
15193 "name": "principalAccount",
15194 "optional": true,
15195 "overrides": "@aws-cdk/aws-iam.IPrincipal",
15196 "type": {
15197 "primitive": "string"
15198 }
15199 }
15200 ],
15201 "symbolId": "lib/user:User"
15202 },
15203 "@aws-cdk/aws-iam.UserAttributes": {
15204 "assembly": "@aws-cdk/aws-iam",
15205 "datatype": true,
15206 "docs": {
15207 "stability": "stable",
15208 "summary": "Represents a user defined outside of this stack.",
15209 "example": "const user = iam.User.fromUserAttributes(this, 'MyImportedUserByAttributes', {\n userArn: 'arn:aws:iam::123456789012:user/johnsmith',\n});",
15210 "custom": {
15211 "exampleMetadata": "infused"
15212 }
15213 },
15214 "fqn": "@aws-cdk/aws-iam.UserAttributes",
15215 "kind": "interface",
15216 "locationInModule": {
15217 "filename": "lib/user.ts",
15218 "line": 125
15219 },
15220 "name": "UserAttributes",
15221 "properties": [
15222 {
15223 "abstract": true,
15224 "docs": {
15225 "remarks": "Format: arn:<partition>:iam::<account-id>:user/<user-name-with-path>",
15226 "stability": "stable",
15227 "summary": "The ARN of the user."
15228 },
15229 "immutable": true,
15230 "locationInModule": {
15231 "filename": "lib/user.ts",
15232 "line": 131
15233 },
15234 "name": "userArn",
15235 "type": {
15236 "primitive": "string"
15237 }
15238 }
15239 ],
15240 "symbolId": "lib/user:UserAttributes"
15241 },
15242 "@aws-cdk/aws-iam.UserProps": {
15243 "assembly": "@aws-cdk/aws-iam",
15244 "datatype": true,
15245 "docs": {
15246 "stability": "stable",
15247 "summary": "Properties for defining an IAM user.",
15248 "example": " const user = new User(this, 'MyUser', { password: cdk.SecretValue.unsafePlainText('1234') });\n const group = new Group(this, 'MyGroup');\n\n const policy = new Policy(this, 'MyPolicy');\n policy.attachToUser(user);\n group.attachInlinePolicy(policy);",
15249 "custom": {
15250 "exampleMetadata": "lit=test/example.attaching.lit.ts infused"
15251 }
15252 },
15253 "fqn": "@aws-cdk/aws-iam.UserProps",
15254 "kind": "interface",
15255 "locationInModule": {
15256 "filename": "lib/user.ts",
15257 "line": 39
15258 },
15259 "name": "UserProps",
15260 "properties": [
15261 {
15262 "abstract": true,
15263 "docs": {
15264 "default": "- No groups.",
15265 "remarks": "You can also use `addToGroup` to add this\nuser to a group.",
15266 "stability": "stable",
15267 "summary": "Groups to add this user to."
15268 },
15269 "immutable": true,
15270 "locationInModule": {
15271 "filename": "lib/user.ts",
15272 "line": 46
15273 },
15274 "name": "groups",
15275 "optional": true,
15276 "type": {
15277 "collection": {
15278 "elementtype": {
15279 "fqn": "@aws-cdk/aws-iam.IGroup"
15280 },
15281 "kind": "array"
15282 }
15283 }
15284 },
15285 {
15286 "abstract": true,
15287 "docs": {
15288 "default": "- No managed policies.",
15289 "remarks": "You can add managed policies later using\n`addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.",
15290 "stability": "stable",
15291 "summary": "A list of managed policies associated with this role."
15292 },
15293 "immutable": true,
15294 "locationInModule": {
15295 "filename": "lib/user.ts",
15296 "line": 56
15297 },
15298 "name": "managedPolicies",
15299 "optional": true,
15300 "type": {
15301 "collection": {
15302 "elementtype": {
15303 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
15304 },
15305 "kind": "array"
15306 }
15307 }
15308 },
15309 {
15310 "abstract": true,
15311 "docs": {
15312 "default": "- User won't be able to access the management console without a password.",
15313 "remarks": "You can use `SecretValue.unsafePlainText` to specify a password in plain text or\nuse `secretsmanager.Secret.fromSecretAttributes` to reference a secret in\nSecrets Manager.",
15314 "stability": "stable",
15315 "summary": "The password for the user. This is required so the user can access the AWS Management Console."
15316 },
15317 "immutable": true,
15318 "locationInModule": {
15319 "filename": "lib/user.ts",
15320 "line": 109
15321 },
15322 "name": "password",
15323 "optional": true,
15324 "type": {
15325 "fqn": "@aws-cdk/core.SecretValue"
15326 }
15327 },
15328 {
15329 "abstract": true,
15330 "docs": {
15331 "default": "false",
15332 "remarks": "If this is set to 'true', you must also specify \"initialPassword\".",
15333 "stability": "stable",
15334 "summary": "Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console."
15335 },
15336 "immutable": true,
15337 "locationInModule": {
15338 "filename": "lib/user.ts",
15339 "line": 119
15340 },
15341 "name": "passwordResetRequired",
15342 "optional": true,
15343 "type": {
15344 "primitive": "boolean"
15345 }
15346 },
15347 {
15348 "abstract": true,
15349 "docs": {
15350 "default": "/",
15351 "remarks": "For more information about paths, see IAM\nIdentifiers in the IAM User Guide.",
15352 "stability": "stable",
15353 "summary": "The path for the user name."
15354 },
15355 "immutable": true,
15356 "locationInModule": {
15357 "filename": "lib/user.ts",
15358 "line": 64
15359 },
15360 "name": "path",
15361 "optional": true,
15362 "type": {
15363 "primitive": "string"
15364 }
15365 },
15366 {
15367 "abstract": true,
15368 "docs": {
15369 "custom": {
15370 "link": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html"
15371 },
15372 "default": "- No permissions boundary.",
15373 "remarks": "A permissions boundary is an advanced feature for using a managed policy\nto set the maximum permissions that an identity-based policy can grant to\nan IAM entity. An entity's permissions boundary allows it to perform only\nthe actions that are allowed by both its identity-based policies and its\npermissions boundaries.",
15374 "stability": "stable",
15375 "summary": "AWS supports permissions boundaries for IAM entities (users or roles)."
15376 },
15377 "immutable": true,
15378 "locationInModule": {
15379 "filename": "lib/user.ts",
15380 "line": 79
15381 },
15382 "name": "permissionsBoundary",
15383 "optional": true,
15384 "type": {
15385 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
15386 }
15387 },
15388 {
15389 "abstract": true,
15390 "docs": {
15391 "default": "- Generated by CloudFormation (recommended)",
15392 "remarks": "For valid values, see the UserName parameter for\nthe CreateUser action in the IAM API Reference. If you don't specify a\nname, AWS CloudFormation generates a unique physical ID and uses that ID\nfor the user name.\n\nIf you specify a name, you cannot perform updates that require\nreplacement of this resource. You can perform updates that require no or\nsome interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the CAPABILITY_NAMED_IAM value to\nacknowledge your template's capabilities. For more information, see\nAcknowledging IAM Resources in AWS CloudFormation Templates.",
15393 "stability": "stable",
15394 "summary": "A name for the IAM user."
15395 },
15396 "immutable": true,
15397 "locationInModule": {
15398 "filename": "lib/user.ts",
15399 "line": 97
15400 },
15401 "name": "userName",
15402 "optional": true,
15403 "type": {
15404 "primitive": "string"
15405 }
15406 }
15407 ],
15408 "symbolId": "lib/user:UserProps"
15409 },
15410 "@aws-cdk/aws-iam.WebIdentityPrincipal": {
15411 "assembly": "@aws-cdk/aws-iam",
15412 "base": "@aws-cdk/aws-iam.FederatedPrincipal",
15413 "docs": {
15414 "stability": "stable",
15415 "summary": "A principal that represents a federated identity provider as Web Identity such as Cognito, Amazon, Facebook, Google, etc.",
15416 "example": "const principal = new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com', {\n 'StringEquals': { 'cognito-identity.amazonaws.com:aud': 'us-east-2:12345678-abcd-abcd-abcd-123456' },\n 'ForAnyValue:StringLike': {'cognito-identity.amazonaws.com:amr': 'unauthenticated' },\n});",
15417 "custom": {
15418 "exampleMetadata": "infused"
15419 }
15420 },
15421 "fqn": "@aws-cdk/aws-iam.WebIdentityPrincipal",
15422 "initializer": {
15423 "docs": {
15424 "stability": "stable"
15425 },
15426 "locationInModule": {
15427 "filename": "lib/principals.ts",
15428 "line": 648
15429 },
15430 "parameters": [
15431 {
15432 "docs": {
15433 "summary": "identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito)."
15434 },
15435 "name": "identityProvider",
15436 "type": {
15437 "primitive": "string"
15438 }
15439 },
15440 {
15441 "docs": {
15442 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
15443 "summary": "The conditions under which the policy is in effect."
15444 },
15445 "name": "conditions",
15446 "optional": true,
15447 "type": {
15448 "collection": {
15449 "elementtype": {
15450 "primitive": "any"
15451 },
15452 "kind": "map"
15453 }
15454 }
15455 }
15456 ]
15457 },
15458 "kind": "class",
15459 "locationInModule": {
15460 "filename": "lib/principals.ts",
15461 "line": 639
15462 },
15463 "methods": [
15464 {
15465 "docs": {
15466 "stability": "stable",
15467 "summary": "Returns a string representation of an object."
15468 },
15469 "locationInModule": {
15470 "filename": "lib/principals.ts",
15471 "line": 656
15472 },
15473 "name": "toString",
15474 "overrides": "@aws-cdk/aws-iam.FederatedPrincipal",
15475 "returns": {
15476 "type": {
15477 "primitive": "string"
15478 }
15479 }
15480 }
15481 ],
15482 "name": "WebIdentityPrincipal",
15483 "properties": [
15484 {
15485 "docs": {
15486 "stability": "stable",
15487 "summary": "Return the policy fragment that identifies this principal in a Policy."
15488 },
15489 "immutable": true,
15490 "locationInModule": {
15491 "filename": "lib/principals.ts",
15492 "line": 652
15493 },
15494 "name": "policyFragment",
15495 "overrides": "@aws-cdk/aws-iam.FederatedPrincipal",
15496 "type": {
15497 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
15498 }
15499 }
15500 ],
15501 "symbolId": "lib/principals:WebIdentityPrincipal"
15502 },
15503 "@aws-cdk/aws-iam.WithoutPolicyUpdatesOptions": {
15504 "assembly": "@aws-cdk/aws-iam",
15505 "datatype": true,
15506 "docs": {
15507 "stability": "stable",
15508 "summary": "Options for the `withoutPolicyUpdates()` modifier of a Role.",
15509 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst withoutPolicyUpdatesOptions: iam.WithoutPolicyUpdatesOptions = {\n addGrantsToResources: false,\n};",
15510 "custom": {
15511 "exampleMetadata": "fixture=_generated"
15512 }
15513 },
15514 "fqn": "@aws-cdk/aws-iam.WithoutPolicyUpdatesOptions",
15515 "kind": "interface",
15516 "locationInModule": {
15517 "filename": "lib/role.ts",
15518 "line": 651
15519 },
15520 "name": "WithoutPolicyUpdatesOptions",
15521 "properties": [
15522 {
15523 "abstract": true,
15524 "docs": {
15525 "default": "false",
15526 "remarks": "If this is `false` or not specified, grant permissions added to this role are ignored.\nIt is your own responsibility to make sure the role has the required permissions.\n\nIf this is `true`, any grant permissions will be added to the resource instead.",
15527 "stability": "stable",
15528 "summary": "Add grants to resources instead of dropping them."
15529 },
15530 "immutable": true,
15531 "locationInModule": {
15532 "filename": "lib/role.ts",
15533 "line": 662
15534 },
15535 "name": "addGrantsToResources",
15536 "optional": true,
15537 "type": {
15538 "primitive": "boolean"
15539 }
15540 }
15541 ],
15542 "symbolId": "lib/role:WithoutPolicyUpdatesOptions"
15543 }
15544 },
15545 "version": "1.190.0",
15546 "fingerprint": "**********"
15547}
\No newline at end of file