UNPKG

596 kBPlain TextView Raw
1{
2 "author": {
3 "name": "Amazon Web Services",
4 "organization": true,
5 "roles": [
6 "author"
7 ],
8 "url": "https://aws.amazon.com"
9 },
10 "dependencies": {
11 "@aws-cdk/core": "1.204.0",
12 "@aws-cdk/cx-api": "1.204.0",
13 "@aws-cdk/region-info": "1.204.0",
14 "constructs": "^3.3.69"
15 },
16 "dependencyClosure": {
17 "@aws-cdk/cloud-assembly-schema": {
18 "targets": {
19 "dotnet": {
20 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
21 "namespace": "Amazon.CDK.CloudAssembly.Schema",
22 "packageId": "Amazon.CDK.CloudAssembly.Schema"
23 },
24 "java": {
25 "maven": {
26 "artifactId": "cdk-cloud-assembly-schema",
27 "groupId": "software.amazon.awscdk"
28 },
29 "package": "software.amazon.awscdk.cloudassembly.schema"
30 },
31 "js": {
32 "npm": "@aws-cdk/cloud-assembly-schema"
33 },
34 "python": {
35 "classifiers": [
36 "Framework :: AWS CDK",
37 "Framework :: AWS CDK :: 1"
38 ],
39 "distName": "aws-cdk.cloud-assembly-schema",
40 "module": "aws_cdk.cloud_assembly_schema"
41 }
42 }
43 },
44 "@aws-cdk/core": {
45 "targets": {
46 "dotnet": {
47 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
48 "namespace": "Amazon.CDK",
49 "packageId": "Amazon.CDK"
50 },
51 "java": {
52 "maven": {
53 "artifactId": "core",
54 "groupId": "software.amazon.awscdk"
55 },
56 "package": "software.amazon.awscdk.core"
57 },
58 "js": {
59 "npm": "@aws-cdk/core"
60 },
61 "python": {
62 "classifiers": [
63 "Framework :: AWS CDK",
64 "Framework :: AWS CDK :: 1"
65 ],
66 "distName": "aws-cdk.core",
67 "module": "aws_cdk.core"
68 }
69 }
70 },
71 "@aws-cdk/cx-api": {
72 "targets": {
73 "dotnet": {
74 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
75 "namespace": "Amazon.CDK.CXAPI",
76 "packageId": "Amazon.CDK.CXAPI"
77 },
78 "java": {
79 "maven": {
80 "artifactId": "cdk-cx-api",
81 "groupId": "software.amazon.awscdk"
82 },
83 "package": "software.amazon.awscdk.cxapi"
84 },
85 "js": {
86 "npm": "@aws-cdk/cx-api"
87 },
88 "python": {
89 "classifiers": [
90 "Framework :: AWS CDK",
91 "Framework :: AWS CDK :: 1"
92 ],
93 "distName": "aws-cdk.cx-api",
94 "module": "aws_cdk.cx_api"
95 }
96 }
97 },
98 "@aws-cdk/region-info": {
99 "targets": {
100 "dotnet": {
101 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
102 "namespace": "Amazon.CDK.RegionInfo",
103 "packageId": "Amazon.CDK.RegionInfo"
104 },
105 "java": {
106 "maven": {
107 "artifactId": "cdk-region-info",
108 "groupId": "software.amazon.awscdk"
109 },
110 "package": "software.amazon.awscdk.regioninfo"
111 },
112 "js": {
113 "npm": "@aws-cdk/region-info"
114 },
115 "python": {
116 "classifiers": [
117 "Framework :: AWS CDK",
118 "Framework :: AWS CDK :: 1"
119 ],
120 "distName": "aws-cdk.region-info",
121 "module": "aws_cdk.region_info"
122 }
123 }
124 },
125 "constructs": {
126 "targets": {
127 "dotnet": {
128 "namespace": "Constructs",
129 "packageId": "Constructs"
130 },
131 "go": {
132 "moduleName": "github.com/aws/constructs-go"
133 },
134 "java": {
135 "maven": {
136 "artifactId": "constructs",
137 "groupId": "software.constructs"
138 },
139 "package": "software.constructs"
140 },
141 "js": {
142 "npm": "constructs"
143 },
144 "python": {
145 "distName": "constructs",
146 "module": "constructs"
147 }
148 }
149 }
150 },
151 "description": "CDK routines for easily assigning correct and minimal IAM permissions",
152 "docs": {
153 "deprecated": "AWS CDK v1 has reached End-of-Support on 2023-06-01.\nThis package is no longer being updated, and users should migrate to AWS CDK v2.\n\nFor more information on how to migrate, see https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html",
154 "stability": "stable"
155 },
156 "homepage": "https://github.com/aws/aws-cdk",
157 "jsiiVersion": "1.84.0 (build 5404dcf)",
158 "keywords": [
159 "aws",
160 "cdk",
161 "constructs",
162 "iam"
163 ],
164 "license": "Apache-2.0",
165 "metadata": {
166 "jsii": {
167 "compiledWithDeprecationWarnings": true,
168 "pacmak": {
169 "hasDefaultInterfaces": true
170 },
171 "rosetta": {
172 "strict": true
173 }
174 }
175 },
176 "name": "@aws-cdk/aws-iam",
177 "readme": {
178 "markdown": "# AWS Identity and Access Management Construct Library\n<!--BEGIN STABILITY BANNER-->\n\n---\n\n![End-of-Support](https://img.shields.io/badge/End--of--Support-critical.svg?style=for-the-badge)\n\n> AWS CDK v1 has reached End-of-Support on 2023-06-01.\n> This package is no longer being updated, and users should migrate to AWS CDK v2.\n>\n> For more information on how to migrate, see the [_Migrating to AWS CDK v2_ guide][doc].\n>\n> [doc]: https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html\n\n---\n\n<!--END STABILITY BANNER-->\n\nDefine a role and add permissions to it. This will automatically create and\nattach an IAM policy to the role:\n\n```ts lit=test/example.role.lit.ts\n const role = new Role(this, 'MyRole', {\n assumedBy: new ServicePrincipal('sns.amazonaws.com'),\n });\n\n role.addToPolicy(new PolicyStatement({\n resources: ['*'],\n actions: ['lambda:InvokeFunction'],\n }));\n```\n\nDefine a policy and attach it to groups, users and roles. Note that it is possible to attach\nthe policy either by calling `xxx.attachInlinePolicy(policy)` or `policy.attachToXxx(xxx)`.\n\n```ts lit=test/example.attaching.lit.ts\n const user = new User(this, 'MyUser', { password: cdk.SecretValue.unsafePlainText('1234') });\n const group = new Group(this, 'MyGroup');\n\n const policy = new Policy(this, 'MyPolicy');\n policy.attachToUser(user);\n group.attachInlinePolicy(policy);\n```\n\nManaged policies can be attached using `xxx.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`:\n\n```ts lit=test/example.managedpolicy.lit.ts\nconst group = new Group(this, 'MyGroup');\ngroup.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'));\n```\n\n## Granting permissions to resources\n\nMany of the AWS CDK resources have `grant*` methods that allow you to grant other resources access to that resource. As an example, the following code gives a Lambda function write permissions (Put, Update, Delete) to a DynamoDB table.\n\n```ts\ndeclare const fn: lambda.Function;\ndeclare const table: dynamodb.Table;\n\ntable.grantWriteData(fn);\n```\n\nThe more generic `grant` method allows you to give specific permissions to a resource:\n\n```ts\ndeclare const fn: lambda.Function;\ndeclare const table: dynamodb.Table;\n\ntable.grant(fn, 'dynamodb:PutItem');\n```\n\nThe `grant*` methods accept an `IGrantable` object. This interface is implemented by IAM principlal resources (groups, users and roles) and resources that assume a role such as a Lambda function, EC2 instance or a Codebuild project.\n\nYou can find which `grant*` methods exist for a resource in the [AWS CDK API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-construct-library.html).\n\n## Roles\n\nMany AWS resources require *Roles* to operate. These Roles define the AWS API\ncalls an instance or other AWS service is allowed to make.\n\nCreating Roles and populating them with the right permissions *Statements* is\na necessary but tedious part of setting up AWS infrastructure. In order to\nhelp you focus on your business logic, CDK will take care of creating\nroles and populating them with least-privilege permissions automatically.\n\nAll constructs that require Roles will create one for you if don't specify\none at construction time. Permissions will be added to that role\nautomatically if you associate the construct with other constructs from the\nAWS Construct Library (for example, if you tell an *AWS CodePipeline* to trigger\nan *AWS Lambda Function*, the Pipeline's Role will automatically get\n`lambda:InvokeFunction` permissions on that particular Lambda Function),\nor if you explicitly grant permissions using `grant` functions (see the\nprevious section).\n\n### Opting out of automatic permissions management\n\nYou may prefer to manage a Role's permissions yourself instead of having the\nCDK automatically manage them for you. This may happen in one of the\nfollowing cases:\n\n* You don't like the permissions that CDK automatically generates and\n want to substitute your own set.\n* The least-permissions policy that the CDK generates is becoming too\n big for IAM to store, and you need to add some wildcards to keep the\n policy size down.\n\nTo prevent constructs from updating your Role's policy, pass the object\nreturned by `myRole.withoutPolicyUpdates()` instead of `myRole` itself.\n\nFor example, to have an AWS CodePipeline *not* automatically add the required\npermissions to trigger the expected targets, do the following:\n\n```ts\nconst role = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('codepipeline.amazonaws.com'),\n // custom description if desired\n description: 'This is a custom role...',\n});\n\nnew codepipeline.Pipeline(this, 'Pipeline', {\n // Give the Pipeline an immutable view of the Role\n role: role.withoutPolicyUpdates(),\n});\n\n// You now have to manage the Role policies yourself\nrole.addToPolicy(new iam.PolicyStatement({\n actions: [/* whatever actions you want */],\n resources: [/* whatever resources you intend to touch */],\n}));\n```\n\n### Using existing roles\n\nIf there are Roles in your account that have already been created which you\nwould like to use in your CDK application, you can use `Role.fromRoleArn` to\nimport them, as follows:\n\n```ts\nconst role = iam.Role.fromRoleArn(this, 'Role', 'arn:aws:iam::123456789012:role/MyExistingRole', {\n // Set 'mutable' to 'false' to use the role as-is and prevent adding new\n // policies to it. The default is 'true', which means the role may be\n // modified as part of the deployment.\n mutable: false,\n});\n```\n\n## Configuring an ExternalId\n\nIf you need to create Roles that will be assumed by third parties, it is generally a good idea to [require an `ExternalId`\nto assume them](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html). Configuring\nan `ExternalId` works like this:\n\n```ts lit=test/example.external-id.lit.ts\nconst role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.AccountPrincipal('123456789012'),\n externalIds: ['SUPPLY-ME'],\n});\n```\n\n## Principals vs Identities\n\nWhen we say *Principal*, we mean an entity you grant permissions to. This\nentity can be an AWS Service, a Role, or something more abstract such as \"all\nusers in this account\" or even \"all users in this organization\". An\n*Identity* is an IAM representing a single IAM entity that can have\na policy attached, one of `Role`, `User`, or `Group`.\n\n## IAM Principals\n\nWhen defining policy statements as part of an AssumeRole policy or as part of a\nresource policy, statements would usually refer to a specific IAM principal\nunder `Principal`.\n\nIAM principals are modeled as classes that derive from the `iam.PolicyPrincipal`\nabstract class. Principal objects include principal type (string) and value\n(array of string), optional set of conditions and the action that this principal\nrequires when it is used in an assume role policy document.\n\nTo add a principal to a policy statement you can either use the abstract\n`statement.addPrincipal`, one of the concrete `addXxxPrincipal` methods:\n\n* `addAwsPrincipal`, `addArnPrincipal` or `new ArnPrincipal(arn)` for `{ \"AWS\": arn }`\n* `addAwsAccountPrincipal` or `new AccountPrincipal(accountId)` for `{ \"AWS\": account-arn }`\n* `addServicePrincipal` or `new ServicePrincipal(service)` for `{ \"Service\": service }`\n* `addAccountRootPrincipal` or `new AccountRootPrincipal()` for `{ \"AWS\": { \"Ref: \"AWS::AccountId\" } }`\n* `addCanonicalUserPrincipal` or `new CanonicalUserPrincipal(id)` for `{ \"CanonicalUser\": id }`\n* `addFederatedPrincipal` or `new FederatedPrincipal(federated, conditions, assumeAction)` for\n `{ \"Federated\": arn }` and a set of optional conditions and the assume role action to use.\n* `addAnyPrincipal` or `new AnyPrincipal` for `{ \"AWS\": \"*\" }`\n\nIf multiple principals are added to the policy statement, they will be merged together:\n\n```ts\nconst statement = new iam.PolicyStatement();\nstatement.addServicePrincipal('cloudwatch.amazonaws.com');\nstatement.addServicePrincipal('ec2.amazonaws.com');\nstatement.addArnPrincipal('arn:aws:boom:boom');\n```\n\nWill result in:\n\n```json\n{\n \"Principal\": {\n \"Service\": [ \"cloudwatch.amazonaws.com\", \"ec2.amazonaws.com\" ],\n \"AWS\": \"arn:aws:boom:boom\"\n }\n}\n```\n\nThe `CompositePrincipal` class can also be used to define complex principals, for example:\n\n```ts\nconst role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.CompositePrincipal(\n new iam.ServicePrincipal('ec2.amazonaws.com'),\n new iam.AccountPrincipal('1818188181818187272')\n ),\n});\n```\n\nThe `PrincipalWithConditions` class can be used to add conditions to a\nprincipal, especially those that don't take a `conditions` parameter in their\nconstructor. The `principal.withConditions()` method can be used to create a\n`PrincipalWithConditions` from an existing principal, for example:\n\n```ts\nconst principal = new iam.AccountPrincipal('123456789000')\n .withConditions({ StringEquals: { foo: \"baz\" } });\n```\n\n> NOTE: If you need to define an IAM condition that uses a token (such as a\n> deploy-time attribute of another resource) in a JSON map key, use `CfnJson` to\n> render this condition. See [this test](./test/integ.condition-with-ref.ts) for\n> an example.\n\nThe `WebIdentityPrincipal` class can be used as a principal for web identities like\nCognito, Amazon, Google or Facebook, for example:\n\n```ts\nconst principal = new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com', {\n 'StringEquals': { 'cognito-identity.amazonaws.com:aud': 'us-east-2:12345678-abcd-abcd-abcd-123456' },\n 'ForAnyValue:StringLike': {'cognito-identity.amazonaws.com:amr': 'unauthenticated' },\n});\n```\n\nIf your identity provider is configured to assume a Role with [session\ntags](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html), you\nneed to call `.withSessionTags()` to add the required permissions to the Role's\npolicy document:\n\n```ts\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com', {\n 'StringEquals': {\n 'cognito-identity.amazonaws.com:aud': 'us-east-2:12345678-abcd-abcd-abcd-123456',\n },\n 'ForAnyValue:StringLike': {\n 'cognito-identity.amazonaws.com:amr': 'unauthenticated',\n },\n }).withSessionTags(),\n});\n```\n\n\n## Parsing JSON Policy Documents\n\nThe `PolicyDocument.fromJson` and `PolicyStatement.fromJson` static methods can be used to parse JSON objects. For example:\n\n```ts\nconst policyDocument = {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"FirstStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\"iam:ChangePassword\"],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"SecondStatement\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListAllMyBuckets\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"ThirdStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:List*\",\n \"s3:Get*\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::confidential-data\",\n \"arn:aws:s3:::confidential-data/*\"\n ],\n \"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": \"true\"}}\n }\n ]\n};\n\nconst customPolicyDocument = iam.PolicyDocument.fromJson(policyDocument);\n\n// You can pass this document as an initial document to a ManagedPolicy\n// or inline Policy.\nconst newManagedPolicy = new iam.ManagedPolicy(this, 'MyNewManagedPolicy', {\n document: customPolicyDocument,\n});\nconst newPolicy = new iam.Policy(this, 'MyNewPolicy', {\n document: customPolicyDocument,\n});\n```\n\n## Permissions Boundaries\n\n[Permissions\nBoundaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)\ncan be used as a mechanism to prevent privilege esclation by creating new\n`Role`s. Permissions Boundaries are a Managed Policy, attached to Roles or\nUsers, that represent the *maximum* set of permissions they can have. The\neffective set of permissions of a Role (or User) will be the intersection of\nthe Identity Policy and the Permissions Boundary attached to the Role (or\nUser). Permissions Boundaries are typically created by account\nAdministrators, and their use on newly created `Role`s will be enforced by\nIAM policies.\n\nIt is possible to attach Permissions Boundaries to all Roles created in a construct\ntree all at once:\n\n```ts\n// This imports an existing policy.\nconst boundary = iam.ManagedPolicy.fromManagedPolicyArn(this, 'Boundary', 'arn:aws:iam::123456789012:policy/boundary');\n\n// This creates a new boundary\nconst boundary2 = new iam.ManagedPolicy(this, 'Boundary2', {\n statements: [\n new iam.PolicyStatement({\n effect: iam.Effect.DENY,\n actions: ['iam:*'],\n resources: ['*'],\n }),\n ],\n});\n\n// Directly apply the boundary to a Role you create\ndeclare const role: iam.Role;\niam.PermissionsBoundary.of(role).apply(boundary);\n\n// Apply the boundary to an Role that was implicitly created for you\ndeclare const fn: lambda.Function;\niam.PermissionsBoundary.of(fn).apply(boundary);\n\n// Apply the boundary to all Roles in a stack\niam.PermissionsBoundary.of(this).apply(boundary);\n\n// Remove a Permissions Boundary that is inherited, for example from the Stack level\ndeclare const customResource: CustomResource;\niam.PermissionsBoundary.of(customResource).clear();\n```\n\n## OpenID Connect Providers\n\nOIDC identity providers are entities in IAM that describe an external identity\nprovider (IdP) service that supports the [OpenID Connect] (OIDC) standard, such\nas Google or Salesforce. You use an IAM OIDC identity provider when you want to\nestablish trust between an OIDC-compatible IdP and your AWS account. This is\nuseful when creating a mobile app or web application that requires access to AWS\nresources, but you don't want to create custom sign-in code or manage your own\nuser identities. For more information about this scenario, see [About Web\nIdentity Federation] and the relevant documentation in the [Amazon Cognito\nIdentity Pools Developer Guide].\n\n[OpenID Connect]: http://openid.net/connect\n[About Web Identity Federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html\n[Amazon Cognito Identity Pools Developer Guide]: https://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html\n\nThe following examples defines an OpenID Connect provider. Two client IDs\n(audiences) are will be able to send authentication requests to\n<https://openid/connect>.\n\n```ts\nconst provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});\n```\n\nYou can specify an optional list of `thumbprints`. If not specified, the\nthumbprint of the root certificate authority (CA) will automatically be obtained\nfrom the host as described\n[here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html).\n\nOnce you define an OpenID connect provider, you can use it with AWS services\nthat expect an IAM OIDC provider. For example, when you define an [Amazon\nCognito identity\npool](https://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html)\nyou can reference the provider's ARN as follows:\n\n```ts\nimport * as cognito from '@aws-cdk/aws-cognito';\n\ndeclare const myProvider: iam.OpenIdConnectProvider;\nnew cognito.CfnIdentityPool(this, 'IdentityPool', {\n openIdConnectProviderArns: [myProvider.openIdConnectProviderArn],\n // And the other properties for your identity pool\n allowUnauthenticatedIdentities: false,\n});\n```\n\nThe `OpenIdConnectPrincipal` class can be used as a principal used with a `OpenIdConnectProvider`, for example:\n\n```ts\nconst provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});\nconst principal = new iam.OpenIdConnectPrincipal(provider);\n```\n\n## SAML provider\n\nAn IAM SAML 2.0 identity provider is an entity in IAM that describes an external\nidentity provider (IdP) service that supports the SAML 2.0 (Security Assertion\nMarkup Language 2.0) standard. You use an IAM identity provider when you want\nto establish trust between a SAML-compatible IdP such as Shibboleth or Active\nDirectory Federation Services and AWS, so that users in your organization can\naccess AWS resources. IAM SAML identity providers are used as principals in an\nIAM trust policy.\n\n```ts\nnew iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\n```\n\nThe `SamlPrincipal` class can be used as a principal with a `SamlProvider`:\n\n```ts\nconst provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nconst principal = new iam.SamlPrincipal(provider, {\n StringEquals: {\n 'SAML:iss': 'issuer',\n },\n});\n```\n\nWhen creating a role for programmatic and AWS Management Console access, use the `SamlConsolePrincipal`\nclass:\n\n```ts\nconst provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.SamlConsolePrincipal(provider),\n});\n```\n\n## Users\n\nIAM manages users for your AWS account. To create a new user:\n\n```ts\nconst user = new iam.User(this, 'MyUser');\n```\n\nTo import an existing user by name [with path](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names):\n\n```ts\nconst user = iam.User.fromUserName(this, 'MyImportedUserByName', 'johnsmith');\n```\n\nTo import an existing user by ARN:\n\n```ts\nconst user = iam.User.fromUserArn(this, 'MyImportedUserByArn', 'arn:aws:iam::123456789012:user/johnsmith');\n```\n\nTo import an existing user by attributes:\n\n```ts\nconst user = iam.User.fromUserAttributes(this, 'MyImportedUserByAttributes', {\n userArn: 'arn:aws:iam::123456789012:user/johnsmith',\n});\n```\n\n### Access Keys\n\nThe ability for a user to make API calls via the CLI or an SDK is enabled by the user having an\naccess key pair. To create an access key:\n\n```ts\nconst user = new iam.User(this, 'MyUser');\nconst accessKey = new iam.AccessKey(this, 'MyAccessKey', { user: user });\n```\n\nYou can force CloudFormation to rotate the access key by providing a monotonically increasing `serial`\nproperty. Simply provide a higher serial value than any number used previously:\n\n```ts\nconst user = new iam.User(this, 'MyUser');\nconst accessKey = new iam.AccessKey(this, 'MyAccessKey', { user: user, serial: 1 });\n```\n\nAn access key may only be associated with a single user and cannot be \"moved\" between users. Changing\nthe user associated with an access key replaces the access key (and its ID and secret value).\n\n## Groups\n\nAn IAM user group is a collection of IAM users. User groups let you specify permissions for multiple users.\n\n```ts\nconst group = new iam.Group(this, 'MyGroup');\n```\n\nTo import an existing group by ARN:\n\n```ts\nconst group = iam.Group.fromGroupArn(this, 'MyImportedGroupByArn', 'arn:aws:iam::account-id:group/group-name');\n```\n\nTo import an existing group by name [with path](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names):\n\n```ts\nconst group = iam.Group.fromGroupName(this, 'MyImportedGroupByName', 'group-name');\n```\n\nTo add a user to a group (both for a new and imported user/group):\n\n```ts\nconst user = new iam.User(this, 'MyUser'); // or User.fromUserName(stack, 'User', 'johnsmith');\nconst group = new iam.Group(this, 'MyGroup'); // or Group.fromGroupArn(stack, 'Group', 'arn:aws:iam::account-id:group/group-name');\n\nuser.addToGroup(group);\n// or\ngroup.addUser(user);\n```\n\n## Features\n\n* Policy name uniqueness is enforced. If two policies by the same name are attached to the same\n principal, the attachment will fail.\n* Policy names are not required - the CDK logical ID will be used and ensured to be unique.\n* Policies are validated during synthesis to ensure that they have actions, and that policies\n attached to IAM principals specify relevant resources, while policies attached to resources\n specify which IAM principals they apply to.\n"
179 },
180 "repository": {
181 "directory": "packages/@aws-cdk/aws-iam",
182 "type": "git",
183 "url": "https://github.com/aws/aws-cdk.git"
184 },
185 "schema": "jsii/0.10.0",
186 "targets": {
187 "dotnet": {
188 "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
189 "namespace": "Amazon.CDK.AWS.IAM",
190 "packageId": "Amazon.CDK.AWS.IAM"
191 },
192 "java": {
193 "maven": {
194 "artifactId": "iam",
195 "groupId": "software.amazon.awscdk"
196 },
197 "package": "software.amazon.awscdk.services.iam"
198 },
199 "js": {
200 "npm": "@aws-cdk/aws-iam"
201 },
202 "python": {
203 "classifiers": [
204 "Framework :: AWS CDK",
205 "Framework :: AWS CDK :: 1"
206 ],
207 "distName": "aws-cdk.aws-iam",
208 "module": "aws_cdk.aws_iam"
209 }
210 },
211 "types": {
212 "@aws-cdk/aws-iam.AccessKey": {
213 "assembly": "@aws-cdk/aws-iam",
214 "base": "@aws-cdk/core.Resource",
215 "docs": {
216 "stability": "stable",
217 "summary": "Define a new IAM Access Key.",
218 "example": "// Creates a new IAM user, access and secret keys, and stores the secret access key in a Secret.\nconst user = new iam.User(this, 'User');\nconst accessKey = new iam.AccessKey(this, 'AccessKey', { user });\nconst secretValue = secretsmanager.SecretStringValueBeta1.fromToken(accessKey.secretAccessKey.toString());\nnew secretsmanager.Secret(this, 'Secret', {\n secretStringBeta1: secretValue,\n});",
219 "custom": {
220 "exampleMetadata": "infused"
221 }
222 },
223 "fqn": "@aws-cdk/aws-iam.AccessKey",
224 "initializer": {
225 "docs": {
226 "stability": "stable"
227 },
228 "locationInModule": {
229 "filename": "lib/access-key.ts",
230 "line": 80
231 },
232 "parameters": [
233 {
234 "name": "scope",
235 "type": {
236 "fqn": "constructs.Construct"
237 }
238 },
239 {
240 "name": "id",
241 "type": {
242 "primitive": "string"
243 }
244 },
245 {
246 "name": "props",
247 "type": {
248 "fqn": "@aws-cdk/aws-iam.AccessKeyProps"
249 }
250 }
251 ]
252 },
253 "interfaces": [
254 "@aws-cdk/aws-iam.IAccessKey"
255 ],
256 "kind": "class",
257 "locationInModule": {
258 "filename": "lib/access-key.ts",
259 "line": 76
260 },
261 "name": "AccessKey",
262 "properties": [
263 {
264 "docs": {
265 "stability": "stable",
266 "summary": "The Access Key ID."
267 },
268 "immutable": true,
269 "locationInModule": {
270 "filename": "lib/access-key.ts",
271 "line": 77
272 },
273 "name": "accessKeyId",
274 "overrides": "@aws-cdk/aws-iam.IAccessKey",
275 "type": {
276 "primitive": "string"
277 }
278 },
279 {
280 "docs": {
281 "stability": "stable",
282 "summary": "The Secret Access Key."
283 },
284 "immutable": true,
285 "locationInModule": {
286 "filename": "lib/access-key.ts",
287 "line": 78
288 },
289 "name": "secretAccessKey",
290 "overrides": "@aws-cdk/aws-iam.IAccessKey",
291 "type": {
292 "fqn": "@aws-cdk/core.SecretValue"
293 }
294 }
295 ],
296 "symbolId": "lib/access-key:AccessKey"
297 },
298 "@aws-cdk/aws-iam.AccessKeyProps": {
299 "assembly": "@aws-cdk/aws-iam",
300 "datatype": true,
301 "docs": {
302 "stability": "stable",
303 "summary": "Properties for defining an IAM access key.",
304 "example": "// Creates a new IAM user, access and secret keys, and stores the secret access key in a Secret.\nconst user = new iam.User(this, 'User');\nconst accessKey = new iam.AccessKey(this, 'AccessKey', { user });\nconst secretValue = secretsmanager.SecretStringValueBeta1.fromToken(accessKey.secretAccessKey.toString());\nnew secretsmanager.Secret(this, 'Secret', {\n secretStringBeta1: secretValue,\n});",
305 "custom": {
306 "exampleMetadata": "infused"
307 }
308 },
309 "fqn": "@aws-cdk/aws-iam.AccessKeyProps",
310 "kind": "interface",
311 "locationInModule": {
312 "filename": "lib/access-key.ts",
313 "line": 45
314 },
315 "name": "AccessKeyProps",
316 "properties": [
317 {
318 "abstract": true,
319 "docs": {
320 "remarks": "Changing this value will result in the access key being deleted and a new\naccess key (with a different ID and secret value) being assigned to the new\nuser.",
321 "stability": "stable",
322 "summary": "The IAM user this key will belong to."
323 },
324 "immutable": true,
325 "locationInModule": {
326 "filename": "lib/access-key.ts",
327 "line": 70
328 },
329 "name": "user",
330 "type": {
331 "fqn": "@aws-cdk/aws-iam.IUser"
332 }
333 },
334 {
335 "abstract": true,
336 "docs": {
337 "default": "- No serial value",
338 "remarks": "This value can only be incremented. Incrementing this\nvalue will cause CloudFormation to replace the Access Key resource.",
339 "stability": "stable",
340 "summary": "A CloudFormation-specific value that signifies the access key should be replaced/rotated."
341 },
342 "immutable": true,
343 "locationInModule": {
344 "filename": "lib/access-key.ts",
345 "line": 53
346 },
347 "name": "serial",
348 "optional": true,
349 "type": {
350 "primitive": "number"
351 }
352 },
353 {
354 "abstract": true,
355 "docs": {
356 "default": "- The access key is active",
357 "remarks": "An Active access key is allowed to be used\nto make API calls; An Inactive key cannot.",
358 "stability": "stable",
359 "summary": "The status of the access key."
360 },
361 "immutable": true,
362 "locationInModule": {
363 "filename": "lib/access-key.ts",
364 "line": 61
365 },
366 "name": "status",
367 "optional": true,
368 "type": {
369 "fqn": "@aws-cdk/aws-iam.AccessKeyStatus"
370 }
371 }
372 ],
373 "symbolId": "lib/access-key:AccessKeyProps"
374 },
375 "@aws-cdk/aws-iam.AccessKeyStatus": {
376 "assembly": "@aws-cdk/aws-iam",
377 "docs": {
378 "stability": "stable",
379 "summary": "Valid statuses for an IAM Access Key."
380 },
381 "fqn": "@aws-cdk/aws-iam.AccessKeyStatus",
382 "kind": "enum",
383 "locationInModule": {
384 "filename": "lib/access-key.ts",
385 "line": 9
386 },
387 "members": [
388 {
389 "docs": {
390 "remarks": "An active key can be used to make API calls.",
391 "stability": "stable",
392 "summary": "An active access key."
393 },
394 "name": "ACTIVE"
395 },
396 {
397 "docs": {
398 "remarks": "An inactive key cannot be used to make API calls.",
399 "stability": "stable",
400 "summary": "An inactive access key."
401 },
402 "name": "INACTIVE"
403 }
404 ],
405 "name": "AccessKeyStatus",
406 "symbolId": "lib/access-key:AccessKeyStatus"
407 },
408 "@aws-cdk/aws-iam.AccountPrincipal": {
409 "assembly": "@aws-cdk/aws-iam",
410 "base": "@aws-cdk/aws-iam.ArnPrincipal",
411 "docs": {
412 "stability": "stable",
413 "summary": "Specify AWS account ID as the principal entity in a policy to delegate authority to the account.",
414 "example": "const cluster = new neptune.DatabaseCluster(this, 'Cluster', {\n vpc,\n instanceType: neptune.InstanceType.R5_LARGE,\n iamAuthentication: true, // Optional - will be automatically set if you call grantConnect().\n});\nconst role = new iam.Role(this, 'DBRole', { assumedBy: new iam.AccountPrincipal(this.account) });\ncluster.grantConnect(role); // Grant the role connection access to the DB.",
415 "custom": {
416 "exampleMetadata": "infused"
417 }
418 },
419 "fqn": "@aws-cdk/aws-iam.AccountPrincipal",
420 "initializer": {
421 "docs": {
422 "stability": "stable"
423 },
424 "locationInModule": {
425 "filename": "lib/principals.ts",
426 "line": 453
427 },
428 "parameters": [
429 {
430 "docs": {
431 "summary": "AWS account ID (i.e. 123456789012)."
432 },
433 "name": "accountId",
434 "type": {
435 "primitive": "any"
436 }
437 }
438 ]
439 },
440 "kind": "class",
441 "locationInModule": {
442 "filename": "lib/principals.ts",
443 "line": 446
444 },
445 "methods": [
446 {
447 "docs": {
448 "stability": "stable",
449 "summary": "Returns a string representation of an object."
450 },
451 "locationInModule": {
452 "filename": "lib/principals.ts",
453 "line": 461
454 },
455 "name": "toString",
456 "overrides": "@aws-cdk/aws-iam.ArnPrincipal",
457 "returns": {
458 "type": {
459 "primitive": "string"
460 }
461 }
462 }
463 ],
464 "name": "AccountPrincipal",
465 "properties": [
466 {
467 "docs": {
468 "stability": "stable",
469 "summary": "AWS account ID (i.e. 123456789012)."
470 },
471 "immutable": true,
472 "locationInModule": {
473 "filename": "lib/principals.ts",
474 "line": 453
475 },
476 "name": "accountId",
477 "type": {
478 "primitive": "any"
479 }
480 },
481 {
482 "docs": {
483 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
484 "stability": "stable",
485 "summary": "The AWS account ID of this principal."
486 },
487 "immutable": true,
488 "locationInModule": {
489 "filename": "lib/principals.ts",
490 "line": 447
491 },
492 "name": "principalAccount",
493 "optional": true,
494 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
495 "type": {
496 "primitive": "string"
497 }
498 }
499 ],
500 "symbolId": "lib/principals:AccountPrincipal"
501 },
502 "@aws-cdk/aws-iam.AccountRootPrincipal": {
503 "assembly": "@aws-cdk/aws-iam",
504 "base": "@aws-cdk/aws-iam.AccountPrincipal",
505 "docs": {
506 "stability": "stable",
507 "summary": "Use the AWS account into which a stack is deployed as the principal entity in a policy.",
508 "example": "const bucket = new s3.Bucket(this, 'MyBucket');\nconst result = bucket.addToResourcePolicy(new iam.PolicyStatement({\n actions: ['s3:GetObject'],\n resources: [bucket.arnForObjects('file.txt')],\n principals: [new iam.AccountRootPrincipal()],\n}));",
509 "custom": {
510 "exampleMetadata": "infused"
511 }
512 },
513 "fqn": "@aws-cdk/aws-iam.AccountRootPrincipal",
514 "initializer": {
515 "docs": {
516 "stability": "stable"
517 },
518 "locationInModule": {
519 "filename": "lib/principals.ts",
520 "line": 721
521 }
522 },
523 "kind": "class",
524 "locationInModule": {
525 "filename": "lib/principals.ts",
526 "line": 720
527 },
528 "methods": [
529 {
530 "docs": {
531 "stability": "stable",
532 "summary": "Returns a string representation of an object."
533 },
534 "locationInModule": {
535 "filename": "lib/principals.ts",
536 "line": 725
537 },
538 "name": "toString",
539 "overrides": "@aws-cdk/aws-iam.AccountPrincipal",
540 "returns": {
541 "type": {
542 "primitive": "string"
543 }
544 }
545 }
546 ],
547 "name": "AccountRootPrincipal",
548 "symbolId": "lib/principals:AccountRootPrincipal"
549 },
550 "@aws-cdk/aws-iam.AddToPrincipalPolicyResult": {
551 "assembly": "@aws-cdk/aws-iam",
552 "datatype": true,
553 "docs": {
554 "stability": "stable",
555 "summary": "Result of calling `addToPrincipalPolicy`.",
556 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const dependable: cdk.IDependable;\nconst addToPrincipalPolicyResult: iam.AddToPrincipalPolicyResult = {\n statementAdded: false,\n\n // the properties below are optional\n policyDependable: dependable,\n};",
557 "custom": {
558 "exampleMetadata": "fixture=_generated"
559 }
560 },
561 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult",
562 "kind": "interface",
563 "locationInModule": {
564 "filename": "lib/principals.ts",
565 "line": 128
566 },
567 "name": "AddToPrincipalPolicyResult",
568 "properties": [
569 {
570 "abstract": true,
571 "docs": {
572 "stability": "stable",
573 "summary": "Whether the statement was added to the identity's policies."
574 },
575 "immutable": true,
576 "locationInModule": {
577 "filename": "lib/principals.ts",
578 "line": 133
579 },
580 "name": "statementAdded",
581 "type": {
582 "primitive": "boolean"
583 }
584 },
585 {
586 "abstract": true,
587 "docs": {
588 "default": "- Required if `statementAdded` is true.",
589 "stability": "stable",
590 "summary": "Dependable which allows depending on the policy change being applied."
591 },
592 "immutable": true,
593 "locationInModule": {
594 "filename": "lib/principals.ts",
595 "line": 140
596 },
597 "name": "policyDependable",
598 "optional": true,
599 "type": {
600 "fqn": "@aws-cdk/core.IDependable"
601 }
602 }
603 ],
604 "symbolId": "lib/principals:AddToPrincipalPolicyResult"
605 },
606 "@aws-cdk/aws-iam.AddToResourcePolicyResult": {
607 "assembly": "@aws-cdk/aws-iam",
608 "datatype": true,
609 "docs": {
610 "stability": "stable",
611 "summary": "Result of calling addToResourcePolicy.",
612 "example": "const bucket = s3.Bucket.fromBucketName(this, 'existingBucket', 'bucket-name');\n\n// No policy statement will be added to the resource\nconst result = bucket.addToResourcePolicy(new iam.PolicyStatement({\n actions: ['s3:GetObject'],\n resources: [bucket.arnForObjects('file.txt')],\n principals: [new iam.AccountRootPrincipal()],\n}));",
613 "custom": {
614 "exampleMetadata": "infused"
615 }
616 },
617 "fqn": "@aws-cdk/aws-iam.AddToResourcePolicyResult",
618 "kind": "interface",
619 "locationInModule": {
620 "filename": "lib/grant.ts",
621 "line": 316
622 },
623 "name": "AddToResourcePolicyResult",
624 "properties": [
625 {
626 "abstract": true,
627 "docs": {
628 "stability": "stable",
629 "summary": "Whether the statement was added."
630 },
631 "immutable": true,
632 "locationInModule": {
633 "filename": "lib/grant.ts",
634 "line": 320
635 },
636 "name": "statementAdded",
637 "type": {
638 "primitive": "boolean"
639 }
640 },
641 {
642 "abstract": true,
643 "docs": {
644 "default": "- If `statementAdded` is true, the resource object itself.\nOtherwise, no dependable.",
645 "stability": "stable",
646 "summary": "Dependable which allows depending on the policy change being applied."
647 },
648 "immutable": true,
649 "locationInModule": {
650 "filename": "lib/grant.ts",
651 "line": 328
652 },
653 "name": "policyDependable",
654 "optional": true,
655 "type": {
656 "fqn": "@aws-cdk/core.IDependable"
657 }
658 }
659 ],
660 "symbolId": "lib/grant:AddToResourcePolicyResult"
661 },
662 "@aws-cdk/aws-iam.AnyPrincipal": {
663 "assembly": "@aws-cdk/aws-iam",
664 "base": "@aws-cdk/aws-iam.ArnPrincipal",
665 "docs": {
666 "remarks": "Some services behave differently when you specify `Principal: '*'`\nor `Principal: { AWS: \"*\" }` in their resource policy.\n\n`AnyPrincipal` renders to `Principal: { AWS: \"*\" }`. This is correct\nmost of the time, but in cases where you need the other principal,\nuse `StarPrincipal` instead.",
667 "stability": "stable",
668 "summary": "A principal representing all AWS identities in all accounts.",
669 "example": "const topic = new sns.Topic(this, 'Topic');\nconst topicPolicy = new sns.TopicPolicy(this, 'TopicPolicy', {\n topics: [topic],\n});\n\ntopicPolicy.document.addStatements(new iam.PolicyStatement({\n actions: [\"sns:Subscribe\"],\n principals: [new iam.AnyPrincipal()],\n resources: [topic.topicArn],\n}));",
670 "custom": {
671 "exampleMetadata": "infused"
672 }
673 },
674 "fqn": "@aws-cdk/aws-iam.AnyPrincipal",
675 "initializer": {
676 "docs": {
677 "stability": "stable"
678 },
679 "locationInModule": {
680 "filename": "lib/principals.ts",
681 "line": 741
682 }
683 },
684 "kind": "class",
685 "locationInModule": {
686 "filename": "lib/principals.ts",
687 "line": 740
688 },
689 "methods": [
690 {
691 "docs": {
692 "stability": "stable",
693 "summary": "Returns a string representation of an object."
694 },
695 "locationInModule": {
696 "filename": "lib/principals.ts",
697 "line": 745
698 },
699 "name": "toString",
700 "overrides": "@aws-cdk/aws-iam.ArnPrincipal",
701 "returns": {
702 "type": {
703 "primitive": "string"
704 }
705 }
706 }
707 ],
708 "name": "AnyPrincipal",
709 "symbolId": "lib/principals:AnyPrincipal"
710 },
711 "@aws-cdk/aws-iam.Anyone": {
712 "assembly": "@aws-cdk/aws-iam",
713 "base": "@aws-cdk/aws-iam.AnyPrincipal",
714 "docs": {
715 "deprecated": "use `AnyPrincipal`",
716 "stability": "deprecated",
717 "summary": "A principal representing all identities in all accounts.",
718 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst anyone = new iam.Anyone();",
719 "custom": {
720 "exampleMetadata": "fixture=_generated"
721 }
722 },
723 "fqn": "@aws-cdk/aws-iam.Anyone",
724 "initializer": {
725 "docs": {
726 "stability": "stable"
727 },
728 "locationInModule": {
729 "filename": "lib/principals.ts",
730 "line": 741
731 }
732 },
733 "kind": "class",
734 "locationInModule": {
735 "filename": "lib/principals.ts",
736 "line": 754
737 },
738 "name": "Anyone",
739 "symbolId": "lib/principals:Anyone"
740 },
741 "@aws-cdk/aws-iam.ArnPrincipal": {
742 "assembly": "@aws-cdk/aws-iam",
743 "base": "@aws-cdk/aws-iam.PrincipalBase",
744 "docs": {
745 "remarks": "You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions.\nYou cannot specify IAM groups or instance profiles as principals",
746 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html",
747 "stability": "stable",
748 "summary": "Specify a principal by the Amazon Resource Name (ARN).",
749 "example": "declare const networkLoadBalancer1: elbv2.NetworkLoadBalancer;\ndeclare const networkLoadBalancer2: elbv2.NetworkLoadBalancer;\n\nnew ec2.VpcEndpointService(this, 'EndpointService', {\n vpcEndpointServiceLoadBalancers: [networkLoadBalancer1, networkLoadBalancer2],\n acceptanceRequired: true,\n allowedPrincipals: [new iam.ArnPrincipal('arn:aws:iam::123456789012:root')]\n});",
750 "custom": {
751 "exampleMetadata": "infused"
752 }
753 },
754 "fqn": "@aws-cdk/aws-iam.ArnPrincipal",
755 "initializer": {
756 "docs": {
757 "stability": "stable"
758 },
759 "locationInModule": {
760 "filename": "lib/principals.ts",
761 "line": 414
762 },
763 "parameters": [
764 {
765 "docs": {
766 "summary": "Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name)."
767 },
768 "name": "arn",
769 "type": {
770 "primitive": "string"
771 }
772 }
773 ]
774 },
775 "kind": "class",
776 "locationInModule": {
777 "filename": "lib/principals.ts",
778 "line": 409
779 },
780 "methods": [
781 {
782 "docs": {
783 "stability": "stable",
784 "summary": "Return whether or not this principal is equal to the given principal."
785 },
786 "locationInModule": {
787 "filename": "lib/principals.ts",
788 "line": 438
789 },
790 "name": "dedupeString",
791 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
792 "returns": {
793 "optional": true,
794 "type": {
795 "primitive": "string"
796 }
797 }
798 },
799 {
800 "docs": {
801 "stability": "stable",
802 "summary": "A convenience method for adding a condition that the principal is part of the specified AWS Organization."
803 },
804 "locationInModule": {
805 "filename": "lib/principals.ts",
806 "line": 430
807 },
808 "name": "inOrganization",
809 "parameters": [
810 {
811 "name": "organizationId",
812 "type": {
813 "primitive": "string"
814 }
815 }
816 ],
817 "returns": {
818 "type": {
819 "fqn": "@aws-cdk/aws-iam.PrincipalBase"
820 }
821 }
822 },
823 {
824 "docs": {
825 "stability": "stable",
826 "summary": "Returns a string representation of an object."
827 },
828 "locationInModule": {
829 "filename": "lib/principals.ts",
830 "line": 422
831 },
832 "name": "toString",
833 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
834 "returns": {
835 "type": {
836 "primitive": "string"
837 }
838 }
839 }
840 ],
841 "name": "ArnPrincipal",
842 "properties": [
843 {
844 "docs": {
845 "stability": "stable",
846 "summary": "Amazon Resource Name (ARN) of the principal entity (i.e. arn:aws:iam::123456789012:user/user-name)."
847 },
848 "immutable": true,
849 "locationInModule": {
850 "filename": "lib/principals.ts",
851 "line": 414
852 },
853 "name": "arn",
854 "type": {
855 "primitive": "string"
856 }
857 },
858 {
859 "docs": {
860 "stability": "stable",
861 "summary": "Return the policy fragment that identifies this principal in a Policy."
862 },
863 "immutable": true,
864 "locationInModule": {
865 "filename": "lib/principals.ts",
866 "line": 418
867 },
868 "name": "policyFragment",
869 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
870 "type": {
871 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
872 }
873 }
874 ],
875 "symbolId": "lib/principals:ArnPrincipal"
876 },
877 "@aws-cdk/aws-iam.CanonicalUserPrincipal": {
878 "assembly": "@aws-cdk/aws-iam",
879 "base": "@aws-cdk/aws-iam.PrincipalBase",
880 "docs": {
881 "remarks": "See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html\n\nand\n\nhttps://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html\n\nfor more details.",
882 "stability": "stable",
883 "summary": "A policy principal for canonicalUserIds - useful for S3 bucket policies that use Origin Access identities.",
884 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst canonicalUserPrincipal = new iam.CanonicalUserPrincipal('canonicalUserId');",
885 "custom": {
886 "exampleMetadata": "fixture=_generated"
887 }
888 },
889 "fqn": "@aws-cdk/aws-iam.CanonicalUserPrincipal",
890 "initializer": {
891 "docs": {
892 "stability": "stable"
893 },
894 "locationInModule": {
895 "filename": "lib/principals.ts",
896 "line": 578
897 },
898 "parameters": [
899 {
900 "docs": {
901 "remarks": "root user and IAM users for an account all see the same ID.\n(i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)",
902 "summary": "unique identifier assigned by AWS for every account."
903 },
904 "name": "canonicalUserId",
905 "type": {
906 "primitive": "string"
907 }
908 }
909 ]
910 },
911 "kind": "class",
912 "locationInModule": {
913 "filename": "lib/principals.ts",
914 "line": 571
915 },
916 "methods": [
917 {
918 "docs": {
919 "stability": "stable",
920 "summary": "Return whether or not this principal is equal to the given principal."
921 },
922 "locationInModule": {
923 "filename": "lib/principals.ts",
924 "line": 590
925 },
926 "name": "dedupeString",
927 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
928 "returns": {
929 "optional": true,
930 "type": {
931 "primitive": "string"
932 }
933 }
934 },
935 {
936 "docs": {
937 "stability": "stable",
938 "summary": "Returns a string representation of an object."
939 },
940 "locationInModule": {
941 "filename": "lib/principals.ts",
942 "line": 586
943 },
944 "name": "toString",
945 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
946 "returns": {
947 "type": {
948 "primitive": "string"
949 }
950 }
951 }
952 ],
953 "name": "CanonicalUserPrincipal",
954 "properties": [
955 {
956 "docs": {
957 "remarks": "root user and IAM users for an account all see the same ID.\n(i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)",
958 "stability": "stable",
959 "summary": "unique identifier assigned by AWS for every account."
960 },
961 "immutable": true,
962 "locationInModule": {
963 "filename": "lib/principals.ts",
964 "line": 578
965 },
966 "name": "canonicalUserId",
967 "type": {
968 "primitive": "string"
969 }
970 },
971 {
972 "docs": {
973 "stability": "stable",
974 "summary": "Return the policy fragment that identifies this principal in a Policy."
975 },
976 "immutable": true,
977 "locationInModule": {
978 "filename": "lib/principals.ts",
979 "line": 582
980 },
981 "name": "policyFragment",
982 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
983 "type": {
984 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
985 }
986 }
987 ],
988 "symbolId": "lib/principals:CanonicalUserPrincipal"
989 },
990 "@aws-cdk/aws-iam.CfnAccessKey": {
991 "assembly": "@aws-cdk/aws-iam",
992 "base": "@aws-cdk/core.CfnResource",
993 "docs": {
994 "custom": {
995 "cloudformationResource": "AWS::IAM::AccessKey",
996 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html",
997 "exampleMetadata": "fixture=_generated"
998 },
999 "remarks": "Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is `Active` .\n\nFor information about quotas on the number of keys you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .\n\n> To ensure the security of your AWS account , the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can rotate access keys by increasing the value of the `serial` property.",
1000 "stability": "external",
1001 "summary": "A CloudFormation `AWS::IAM::AccessKey`.",
1002 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnAccessKey = new iam.CfnAccessKey(this, 'MyCfnAccessKey', {\n userName: 'userName',\n\n // the properties below are optional\n serial: 123,\n status: 'status',\n});"
1003 },
1004 "fqn": "@aws-cdk/aws-iam.CfnAccessKey",
1005 "initializer": {
1006 "docs": {
1007 "stability": "external",
1008 "summary": "Create a new `AWS::IAM::AccessKey`."
1009 },
1010 "locationInModule": {
1011 "filename": "lib/iam.generated.ts",
1012 "line": 172
1013 },
1014 "parameters": [
1015 {
1016 "docs": {
1017 "summary": "- scope in which this resource is defined."
1018 },
1019 "name": "scope",
1020 "type": {
1021 "fqn": "@aws-cdk/core.Construct"
1022 }
1023 },
1024 {
1025 "docs": {
1026 "summary": "- scoped id of the resource."
1027 },
1028 "name": "id",
1029 "type": {
1030 "primitive": "string"
1031 }
1032 },
1033 {
1034 "docs": {
1035 "summary": "- resource properties."
1036 },
1037 "name": "props",
1038 "type": {
1039 "fqn": "@aws-cdk/aws-iam.CfnAccessKeyProps"
1040 }
1041 }
1042 ]
1043 },
1044 "interfaces": [
1045 "@aws-cdk/core.IInspectable"
1046 ],
1047 "kind": "class",
1048 "locationInModule": {
1049 "filename": "lib/iam.generated.ts",
1050 "line": 111
1051 },
1052 "methods": [
1053 {
1054 "docs": {
1055 "stability": "external",
1056 "summary": "Examines the CloudFormation resource and discloses attributes."
1057 },
1058 "locationInModule": {
1059 "filename": "lib/iam.generated.ts",
1060 "line": 188
1061 },
1062 "name": "inspect",
1063 "overrides": "@aws-cdk/core.IInspectable",
1064 "parameters": [
1065 {
1066 "docs": {
1067 "summary": "- tree inspector to collect and process attributes."
1068 },
1069 "name": "inspector",
1070 "type": {
1071 "fqn": "@aws-cdk/core.TreeInspector"
1072 }
1073 }
1074 ]
1075 },
1076 {
1077 "docs": {
1078 "stability": "external"
1079 },
1080 "locationInModule": {
1081 "filename": "lib/iam.generated.ts",
1082 "line": 201
1083 },
1084 "name": "renderProperties",
1085 "overrides": "@aws-cdk/core.CfnResource",
1086 "parameters": [
1087 {
1088 "name": "props",
1089 "type": {
1090 "collection": {
1091 "elementtype": {
1092 "primitive": "any"
1093 },
1094 "kind": "map"
1095 }
1096 }
1097 }
1098 ],
1099 "protected": true,
1100 "returns": {
1101 "type": {
1102 "collection": {
1103 "elementtype": {
1104 "primitive": "any"
1105 },
1106 "kind": "map"
1107 }
1108 }
1109 }
1110 }
1111 ],
1112 "name": "CfnAccessKey",
1113 "properties": [
1114 {
1115 "const": true,
1116 "docs": {
1117 "stability": "external",
1118 "summary": "The CloudFormation resource type name for this resource class."
1119 },
1120 "immutable": true,
1121 "locationInModule": {
1122 "filename": "lib/iam.generated.ts",
1123 "line": 115
1124 },
1125 "name": "CFN_RESOURCE_TYPE_NAME",
1126 "static": true,
1127 "type": {
1128 "primitive": "string"
1129 }
1130 },
1131 {
1132 "docs": {
1133 "custom": {
1134 "cloudformationAttribute": "SecretAccessKey"
1135 },
1136 "remarks": "For example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY.",
1137 "stability": "external",
1138 "summary": "Returns the secret access key for the specified AWS::IAM::AccessKey resource."
1139 },
1140 "immutable": true,
1141 "locationInModule": {
1142 "filename": "lib/iam.generated.ts",
1143 "line": 140
1144 },
1145 "name": "attrSecretAccessKey",
1146 "type": {
1147 "primitive": "string"
1148 }
1149 },
1150 {
1151 "docs": {
1152 "stability": "external"
1153 },
1154 "immutable": true,
1155 "locationInModule": {
1156 "filename": "lib/iam.generated.ts",
1157 "line": 193
1158 },
1159 "name": "cfnProperties",
1160 "overrides": "@aws-cdk/core.CfnResource",
1161 "protected": true,
1162 "type": {
1163 "collection": {
1164 "elementtype": {
1165 "primitive": "any"
1166 },
1167 "kind": "map"
1168 }
1169 }
1170 },
1171 {
1172 "docs": {
1173 "custom": {
1174 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-username"
1175 },
1176 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
1177 "stability": "external",
1178 "summary": "The name of the IAM user that the new key will belong to."
1179 },
1180 "locationInModule": {
1181 "filename": "lib/iam.generated.ts",
1182 "line": 149
1183 },
1184 "name": "userName",
1185 "type": {
1186 "primitive": "string"
1187 }
1188 },
1189 {
1190 "docs": {
1191 "custom": {
1192 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-serial"
1193 },
1194 "remarks": "Incrementing this value notifies CloudFormation that you want to rotate your access key. When you update your stack, CloudFormation will replace the existing access key with a new key.",
1195 "stability": "external",
1196 "summary": "This value is specific to CloudFormation and can only be *incremented* ."
1197 },
1198 "locationInModule": {
1199 "filename": "lib/iam.generated.ts",
1200 "line": 156
1201 },
1202 "name": "serial",
1203 "optional": true,
1204 "type": {
1205 "primitive": "number"
1206 }
1207 },
1208 {
1209 "docs": {
1210 "custom": {
1211 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-status"
1212 },
1213 "remarks": "`Active` means that the key is valid for API calls, while `Inactive` means it is not.",
1214 "stability": "external",
1215 "summary": "The status of the access key."
1216 },
1217 "locationInModule": {
1218 "filename": "lib/iam.generated.ts",
1219 "line": 163
1220 },
1221 "name": "status",
1222 "optional": true,
1223 "type": {
1224 "primitive": "string"
1225 }
1226 }
1227 ],
1228 "symbolId": "lib/iam.generated:CfnAccessKey"
1229 },
1230 "@aws-cdk/aws-iam.CfnAccessKeyProps": {
1231 "assembly": "@aws-cdk/aws-iam",
1232 "datatype": true,
1233 "docs": {
1234 "custom": {
1235 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html",
1236 "exampleMetadata": "fixture=_generated"
1237 },
1238 "stability": "external",
1239 "summary": "Properties for defining a `CfnAccessKey`.",
1240 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnAccessKeyProps: iam.CfnAccessKeyProps = {\n userName: 'userName',\n\n // the properties below are optional\n serial: 123,\n status: 'status',\n};"
1241 },
1242 "fqn": "@aws-cdk/aws-iam.CfnAccessKeyProps",
1243 "kind": "interface",
1244 "locationInModule": {
1245 "filename": "lib/iam.generated.ts",
1246 "line": 19
1247 },
1248 "name": "CfnAccessKeyProps",
1249 "properties": [
1250 {
1251 "abstract": true,
1252 "docs": {
1253 "custom": {
1254 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-username"
1255 },
1256 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
1257 "stability": "external",
1258 "summary": "The name of the IAM user that the new key will belong to."
1259 },
1260 "immutable": true,
1261 "locationInModule": {
1262 "filename": "lib/iam.generated.ts",
1263 "line": 28
1264 },
1265 "name": "userName",
1266 "type": {
1267 "primitive": "string"
1268 }
1269 },
1270 {
1271 "abstract": true,
1272 "docs": {
1273 "custom": {
1274 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-serial"
1275 },
1276 "remarks": "Incrementing this value notifies CloudFormation that you want to rotate your access key. When you update your stack, CloudFormation will replace the existing access key with a new key.",
1277 "stability": "external",
1278 "summary": "This value is specific to CloudFormation and can only be *incremented* ."
1279 },
1280 "immutable": true,
1281 "locationInModule": {
1282 "filename": "lib/iam.generated.ts",
1283 "line": 35
1284 },
1285 "name": "serial",
1286 "optional": true,
1287 "type": {
1288 "primitive": "number"
1289 }
1290 },
1291 {
1292 "abstract": true,
1293 "docs": {
1294 "custom": {
1295 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-status"
1296 },
1297 "remarks": "`Active` means that the key is valid for API calls, while `Inactive` means it is not.",
1298 "stability": "external",
1299 "summary": "The status of the access key."
1300 },
1301 "immutable": true,
1302 "locationInModule": {
1303 "filename": "lib/iam.generated.ts",
1304 "line": 42
1305 },
1306 "name": "status",
1307 "optional": true,
1308 "type": {
1309 "primitive": "string"
1310 }
1311 }
1312 ],
1313 "symbolId": "lib/iam.generated:CfnAccessKeyProps"
1314 },
1315 "@aws-cdk/aws-iam.CfnGroup": {
1316 "assembly": "@aws-cdk/aws-iam",
1317 "base": "@aws-cdk/core.CfnResource",
1318 "docs": {
1319 "custom": {
1320 "cloudformationResource": "AWS::IAM::Group",
1321 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html",
1322 "exampleMetadata": "fixture=_generated"
1323 },
1324 "remarks": "Creates a new group.\n\nFor information about the number of groups you can create, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
1325 "stability": "external",
1326 "summary": "A CloudFormation `AWS::IAM::Group`.",
1327 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnGroup = new iam.CfnGroup(this, 'MyCfnGroup', /* all optional props */ {\n groupName: 'groupName',\n managedPolicyArns: ['managedPolicyArns'],\n path: 'path',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n});"
1328 },
1329 "fqn": "@aws-cdk/aws-iam.CfnGroup",
1330 "initializer": {
1331 "docs": {
1332 "stability": "external",
1333 "summary": "Create a new `AWS::IAM::Group`."
1334 },
1335 "locationInModule": {
1336 "filename": "lib/iam.generated.ts",
1337 "line": 413
1338 },
1339 "parameters": [
1340 {
1341 "docs": {
1342 "summary": "- scope in which this resource is defined."
1343 },
1344 "name": "scope",
1345 "type": {
1346 "fqn": "@aws-cdk/core.Construct"
1347 }
1348 },
1349 {
1350 "docs": {
1351 "summary": "- scoped id of the resource."
1352 },
1353 "name": "id",
1354 "type": {
1355 "primitive": "string"
1356 }
1357 },
1358 {
1359 "docs": {
1360 "summary": "- resource properties."
1361 },
1362 "name": "props",
1363 "optional": true,
1364 "type": {
1365 "fqn": "@aws-cdk/aws-iam.CfnGroupProps"
1366 }
1367 }
1368 ]
1369 },
1370 "interfaces": [
1371 "@aws-cdk/core.IInspectable"
1372 ],
1373 "kind": "class",
1374 "locationInModule": {
1375 "filename": "lib/iam.generated.ts",
1376 "line": 329
1377 },
1378 "methods": [
1379 {
1380 "docs": {
1381 "stability": "external",
1382 "summary": "Examines the CloudFormation resource and discloses attributes."
1383 },
1384 "locationInModule": {
1385 "filename": "lib/iam.generated.ts",
1386 "line": 429
1387 },
1388 "name": "inspect",
1389 "overrides": "@aws-cdk/core.IInspectable",
1390 "parameters": [
1391 {
1392 "docs": {
1393 "summary": "- tree inspector to collect and process attributes."
1394 },
1395 "name": "inspector",
1396 "type": {
1397 "fqn": "@aws-cdk/core.TreeInspector"
1398 }
1399 }
1400 ]
1401 },
1402 {
1403 "docs": {
1404 "stability": "external"
1405 },
1406 "locationInModule": {
1407 "filename": "lib/iam.generated.ts",
1408 "line": 443
1409 },
1410 "name": "renderProperties",
1411 "overrides": "@aws-cdk/core.CfnResource",
1412 "parameters": [
1413 {
1414 "name": "props",
1415 "type": {
1416 "collection": {
1417 "elementtype": {
1418 "primitive": "any"
1419 },
1420 "kind": "map"
1421 }
1422 }
1423 }
1424 ],
1425 "protected": true,
1426 "returns": {
1427 "type": {
1428 "collection": {
1429 "elementtype": {
1430 "primitive": "any"
1431 },
1432 "kind": "map"
1433 }
1434 }
1435 }
1436 }
1437 ],
1438 "name": "CfnGroup",
1439 "properties": [
1440 {
1441 "const": true,
1442 "docs": {
1443 "stability": "external",
1444 "summary": "The CloudFormation resource type name for this resource class."
1445 },
1446 "immutable": true,
1447 "locationInModule": {
1448 "filename": "lib/iam.generated.ts",
1449 "line": 333
1450 },
1451 "name": "CFN_RESOURCE_TYPE_NAME",
1452 "static": true,
1453 "type": {
1454 "primitive": "string"
1455 }
1456 },
1457 {
1458 "docs": {
1459 "custom": {
1460 "cloudformationAttribute": "Arn"
1461 },
1462 "remarks": "For example: `arn:aws:iam::123456789012:group/mystack-mygroup-1DZETITOWEKVO` .",
1463 "stability": "external",
1464 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::Group` resource."
1465 },
1466 "immutable": true,
1467 "locationInModule": {
1468 "filename": "lib/iam.generated.ts",
1469 "line": 358
1470 },
1471 "name": "attrArn",
1472 "type": {
1473 "primitive": "string"
1474 }
1475 },
1476 {
1477 "docs": {
1478 "stability": "external"
1479 },
1480 "immutable": true,
1481 "locationInModule": {
1482 "filename": "lib/iam.generated.ts",
1483 "line": 434
1484 },
1485 "name": "cfnProperties",
1486 "overrides": "@aws-cdk/core.CfnResource",
1487 "protected": true,
1488 "type": {
1489 "collection": {
1490 "elementtype": {
1491 "primitive": "any"
1492 },
1493 "kind": "map"
1494 }
1495 }
1496 },
1497 {
1498 "docs": {
1499 "custom": {
1500 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-groupname"
1501 },
1502 "remarks": "The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both \"ADMINS\" and \"admins\". If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.\n\n> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
1503 "stability": "external",
1504 "summary": "The name of the group to create. Do not include the path in this value."
1505 },
1506 "locationInModule": {
1507 "filename": "lib/iam.generated.ts",
1508 "line": 373
1509 },
1510 "name": "groupName",
1511 "optional": true,
1512 "type": {
1513 "primitive": "string"
1514 }
1515 },
1516 {
1517 "docs": {
1518 "custom": {
1519 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-managepolicyarns"
1520 },
1521 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
1522 "stability": "external",
1523 "summary": "The Amazon Resource Name (ARN) of the IAM policy you want to attach."
1524 },
1525 "locationInModule": {
1526 "filename": "lib/iam.generated.ts",
1527 "line": 382
1528 },
1529 "name": "managedPolicyArns",
1530 "optional": true,
1531 "type": {
1532 "collection": {
1533 "elementtype": {
1534 "primitive": "string"
1535 },
1536 "kind": "array"
1537 }
1538 }
1539 },
1540 {
1541 "docs": {
1542 "custom": {
1543 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-path"
1544 },
1545 "remarks": "This parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
1546 "stability": "external",
1547 "summary": "The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* ."
1548 },
1549 "locationInModule": {
1550 "filename": "lib/iam.generated.ts",
1551 "line": 393
1552 },
1553 "name": "path",
1554 "optional": true,
1555 "type": {
1556 "primitive": "string"
1557 }
1558 },
1559 {
1560 "docs": {
1561 "custom": {
1562 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-policies"
1563 },
1564 "remarks": "To view AWS::IAM::Group snippets, see [Declaring an IAM Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group) .\n\n> The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.\n\nFor information about limits on the number of inline policies that you can embed in a group, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
1565 "stability": "external",
1566 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM group."
1567 },
1568 "locationInModule": {
1569 "filename": "lib/iam.generated.ts",
1570 "line": 404
1571 },
1572 "name": "policies",
1573 "optional": true,
1574 "type": {
1575 "union": {
1576 "types": [
1577 {
1578 "fqn": "@aws-cdk/core.IResolvable"
1579 },
1580 {
1581 "collection": {
1582 "elementtype": {
1583 "union": {
1584 "types": [
1585 {
1586 "fqn": "@aws-cdk/core.IResolvable"
1587 },
1588 {
1589 "fqn": "@aws-cdk/aws-iam.CfnGroup.PolicyProperty"
1590 }
1591 ]
1592 }
1593 },
1594 "kind": "array"
1595 }
1596 }
1597 ]
1598 }
1599 }
1600 }
1601 ],
1602 "symbolId": "lib/iam.generated:CfnGroup"
1603 },
1604 "@aws-cdk/aws-iam.CfnGroup.PolicyProperty": {
1605 "assembly": "@aws-cdk/aws-iam",
1606 "datatype": true,
1607 "docs": {
1608 "custom": {
1609 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html",
1610 "exampleMetadata": "fixture=_generated"
1611 },
1612 "remarks": "An attached policy is a managed policy that has been attached to a user, group, or role.\n\nFor more information about managed policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .",
1613 "stability": "external",
1614 "summary": "Contains information about an attached policy.",
1615 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst policyProperty: iam.CfnGroup.PolicyProperty = {\n policyDocument: policyDocument,\n policyName: 'policyName',\n};"
1616 },
1617 "fqn": "@aws-cdk/aws-iam.CfnGroup.PolicyProperty",
1618 "kind": "interface",
1619 "locationInModule": {
1620 "filename": "lib/iam.generated.ts",
1621 "line": 461
1622 },
1623 "name": "PolicyProperty",
1624 "namespace": "CfnGroup",
1625 "properties": [
1626 {
1627 "abstract": true,
1628 "docs": {
1629 "custom": {
1630 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument"
1631 },
1632 "stability": "external",
1633 "summary": "The policy document."
1634 },
1635 "immutable": true,
1636 "locationInModule": {
1637 "filename": "lib/iam.generated.ts",
1638 "line": 467
1639 },
1640 "name": "policyDocument",
1641 "type": {
1642 "primitive": "any"
1643 }
1644 },
1645 {
1646 "abstract": true,
1647 "docs": {
1648 "custom": {
1649 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname"
1650 },
1651 "stability": "external",
1652 "summary": "The friendly name (not ARN) identifying the policy."
1653 },
1654 "immutable": true,
1655 "locationInModule": {
1656 "filename": "lib/iam.generated.ts",
1657 "line": 473
1658 },
1659 "name": "policyName",
1660 "type": {
1661 "primitive": "string"
1662 }
1663 }
1664 ],
1665 "symbolId": "lib/iam.generated:CfnGroup.PolicyProperty"
1666 },
1667 "@aws-cdk/aws-iam.CfnGroupProps": {
1668 "assembly": "@aws-cdk/aws-iam",
1669 "datatype": true,
1670 "docs": {
1671 "custom": {
1672 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html",
1673 "exampleMetadata": "fixture=_generated"
1674 },
1675 "stability": "external",
1676 "summary": "Properties for defining a `CfnGroup`.",
1677 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnGroupProps: iam.CfnGroupProps = {\n groupName: 'groupName',\n managedPolicyArns: ['managedPolicyArns'],\n path: 'path',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n};"
1678 },
1679 "fqn": "@aws-cdk/aws-iam.CfnGroupProps",
1680 "kind": "interface",
1681 "locationInModule": {
1682 "filename": "lib/iam.generated.ts",
1683 "line": 214
1684 },
1685 "name": "CfnGroupProps",
1686 "properties": [
1687 {
1688 "abstract": true,
1689 "docs": {
1690 "custom": {
1691 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-groupname"
1692 },
1693 "remarks": "The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both \"ADMINS\" and \"admins\". If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.\n\n> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
1694 "stability": "external",
1695 "summary": "The name of the group to create. Do not include the path in this value."
1696 },
1697 "immutable": true,
1698 "locationInModule": {
1699 "filename": "lib/iam.generated.ts",
1700 "line": 229
1701 },
1702 "name": "groupName",
1703 "optional": true,
1704 "type": {
1705 "primitive": "string"
1706 }
1707 },
1708 {
1709 "abstract": true,
1710 "docs": {
1711 "custom": {
1712 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-managepolicyarns"
1713 },
1714 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
1715 "stability": "external",
1716 "summary": "The Amazon Resource Name (ARN) of the IAM policy you want to attach."
1717 },
1718 "immutable": true,
1719 "locationInModule": {
1720 "filename": "lib/iam.generated.ts",
1721 "line": 238
1722 },
1723 "name": "managedPolicyArns",
1724 "optional": true,
1725 "type": {
1726 "collection": {
1727 "elementtype": {
1728 "primitive": "string"
1729 },
1730 "kind": "array"
1731 }
1732 }
1733 },
1734 {
1735 "abstract": true,
1736 "docs": {
1737 "custom": {
1738 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-path"
1739 },
1740 "remarks": "This parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
1741 "stability": "external",
1742 "summary": "The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* ."
1743 },
1744 "immutable": true,
1745 "locationInModule": {
1746 "filename": "lib/iam.generated.ts",
1747 "line": 249
1748 },
1749 "name": "path",
1750 "optional": true,
1751 "type": {
1752 "primitive": "string"
1753 }
1754 },
1755 {
1756 "abstract": true,
1757 "docs": {
1758 "custom": {
1759 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-policies"
1760 },
1761 "remarks": "To view AWS::IAM::Group snippets, see [Declaring an IAM Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group) .\n\n> The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.\n\nFor information about limits on the number of inline policies that you can embed in a group, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
1762 "stability": "external",
1763 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM group."
1764 },
1765 "immutable": true,
1766 "locationInModule": {
1767 "filename": "lib/iam.generated.ts",
1768 "line": 260
1769 },
1770 "name": "policies",
1771 "optional": true,
1772 "type": {
1773 "union": {
1774 "types": [
1775 {
1776 "fqn": "@aws-cdk/core.IResolvable"
1777 },
1778 {
1779 "collection": {
1780 "elementtype": {
1781 "union": {
1782 "types": [
1783 {
1784 "fqn": "@aws-cdk/core.IResolvable"
1785 },
1786 {
1787 "fqn": "@aws-cdk/aws-iam.CfnGroup.PolicyProperty"
1788 }
1789 ]
1790 }
1791 },
1792 "kind": "array"
1793 }
1794 }
1795 ]
1796 }
1797 }
1798 }
1799 ],
1800 "symbolId": "lib/iam.generated:CfnGroupProps"
1801 },
1802 "@aws-cdk/aws-iam.CfnInstanceProfile": {
1803 "assembly": "@aws-cdk/aws-iam",
1804 "base": "@aws-cdk/core.CfnResource",
1805 "docs": {
1806 "custom": {
1807 "cloudformationResource": "AWS::IAM::InstanceProfile",
1808 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html",
1809 "exampleMetadata": "fixture=_generated"
1810 },
1811 "remarks": "Creates a new instance profile. For information about instance profiles, see [Using instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) .\n\nFor information about the number of instance profiles you can create, see [IAM object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .",
1812 "stability": "external",
1813 "summary": "A CloudFormation `AWS::IAM::InstanceProfile`.",
1814 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnInstanceProfile = new iam.CfnInstanceProfile(this, 'MyCfnInstanceProfile', {\n roles: ['roles'],\n\n // the properties below are optional\n instanceProfileName: 'instanceProfileName',\n path: 'path',\n});"
1815 },
1816 "fqn": "@aws-cdk/aws-iam.CfnInstanceProfile",
1817 "initializer": {
1818 "docs": {
1819 "stability": "external",
1820 "summary": "Create a new `AWS::IAM::InstanceProfile`."
1821 },
1822 "locationInModule": {
1823 "filename": "lib/iam.generated.ts",
1824 "line": 701
1825 },
1826 "parameters": [
1827 {
1828 "docs": {
1829 "summary": "- scope in which this resource is defined."
1830 },
1831 "name": "scope",
1832 "type": {
1833 "fqn": "@aws-cdk/core.Construct"
1834 }
1835 },
1836 {
1837 "docs": {
1838 "summary": "- scoped id of the resource."
1839 },
1840 "name": "id",
1841 "type": {
1842 "primitive": "string"
1843 }
1844 },
1845 {
1846 "docs": {
1847 "summary": "- resource properties."
1848 },
1849 "name": "props",
1850 "type": {
1851 "fqn": "@aws-cdk/aws-iam.CfnInstanceProfileProps"
1852 }
1853 }
1854 ]
1855 },
1856 "interfaces": [
1857 "@aws-cdk/core.IInspectable"
1858 ],
1859 "kind": "class",
1860 "locationInModule": {
1861 "filename": "lib/iam.generated.ts",
1862 "line": 632
1863 },
1864 "methods": [
1865 {
1866 "docs": {
1867 "stability": "external",
1868 "summary": "Examines the CloudFormation resource and discloses attributes."
1869 },
1870 "locationInModule": {
1871 "filename": "lib/iam.generated.ts",
1872 "line": 717
1873 },
1874 "name": "inspect",
1875 "overrides": "@aws-cdk/core.IInspectable",
1876 "parameters": [
1877 {
1878 "docs": {
1879 "summary": "- tree inspector to collect and process attributes."
1880 },
1881 "name": "inspector",
1882 "type": {
1883 "fqn": "@aws-cdk/core.TreeInspector"
1884 }
1885 }
1886 ]
1887 },
1888 {
1889 "docs": {
1890 "stability": "external"
1891 },
1892 "locationInModule": {
1893 "filename": "lib/iam.generated.ts",
1894 "line": 730
1895 },
1896 "name": "renderProperties",
1897 "overrides": "@aws-cdk/core.CfnResource",
1898 "parameters": [
1899 {
1900 "name": "props",
1901 "type": {
1902 "collection": {
1903 "elementtype": {
1904 "primitive": "any"
1905 },
1906 "kind": "map"
1907 }
1908 }
1909 }
1910 ],
1911 "protected": true,
1912 "returns": {
1913 "type": {
1914 "collection": {
1915 "elementtype": {
1916 "primitive": "any"
1917 },
1918 "kind": "map"
1919 }
1920 }
1921 }
1922 }
1923 ],
1924 "name": "CfnInstanceProfile",
1925 "properties": [
1926 {
1927 "const": true,
1928 "docs": {
1929 "stability": "external",
1930 "summary": "The CloudFormation resource type name for this resource class."
1931 },
1932 "immutable": true,
1933 "locationInModule": {
1934 "filename": "lib/iam.generated.ts",
1935 "line": 636
1936 },
1937 "name": "CFN_RESOURCE_TYPE_NAME",
1938 "static": true,
1939 "type": {
1940 "primitive": "string"
1941 }
1942 },
1943 {
1944 "docs": {
1945 "custom": {
1946 "cloudformationAttribute": "Arn"
1947 },
1948 "remarks": "`{\"Fn::GetAtt\" : [\"MyProfile\", \"Arn\"] }`\n\nThis returns a value such as `arn:aws:iam::1234567890:instance-profile/MyProfile-ASDNSDLKJ` .",
1949 "stability": "external",
1950 "summary": "Returns the Amazon Resource Name (ARN) for the instance profile. For example:."
1951 },
1952 "immutable": true,
1953 "locationInModule": {
1954 "filename": "lib/iam.generated.ts",
1955 "line": 665
1956 },
1957 "name": "attrArn",
1958 "type": {
1959 "primitive": "string"
1960 }
1961 },
1962 {
1963 "docs": {
1964 "stability": "external"
1965 },
1966 "immutable": true,
1967 "locationInModule": {
1968 "filename": "lib/iam.generated.ts",
1969 "line": 722
1970 },
1971 "name": "cfnProperties",
1972 "overrides": "@aws-cdk/core.CfnResource",
1973 "protected": true,
1974 "type": {
1975 "collection": {
1976 "elementtype": {
1977 "primitive": "any"
1978 },
1979 "kind": "map"
1980 }
1981 }
1982 },
1983 {
1984 "docs": {
1985 "custom": {
1986 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-roles"
1987 },
1988 "remarks": "Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.",
1989 "stability": "external",
1990 "summary": "The name of the role to associate with the instance profile."
1991 },
1992 "locationInModule": {
1993 "filename": "lib/iam.generated.ts",
1994 "line": 672
1995 },
1996 "name": "roles",
1997 "type": {
1998 "collection": {
1999 "elementtype": {
2000 "primitive": "string"
2001 },
2002 "kind": "array"
2003 }
2004 }
2005 },
2006 {
2007 "docs": {
2008 "custom": {
2009 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-instanceprofilename"
2010 },
2011 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2012 "stability": "external",
2013 "summary": "The name of the instance profile to create."
2014 },
2015 "locationInModule": {
2016 "filename": "lib/iam.generated.ts",
2017 "line": 681
2018 },
2019 "name": "instanceProfileName",
2020 "optional": true,
2021 "type": {
2022 "primitive": "string"
2023 }
2024 },
2025 {
2026 "docs": {
2027 "custom": {
2028 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-path"
2029 },
2030 "remarks": "For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
2031 "stability": "external",
2032 "summary": "The path to the instance profile."
2033 },
2034 "locationInModule": {
2035 "filename": "lib/iam.generated.ts",
2036 "line": 692
2037 },
2038 "name": "path",
2039 "optional": true,
2040 "type": {
2041 "primitive": "string"
2042 }
2043 }
2044 ],
2045 "symbolId": "lib/iam.generated:CfnInstanceProfile"
2046 },
2047 "@aws-cdk/aws-iam.CfnInstanceProfileProps": {
2048 "assembly": "@aws-cdk/aws-iam",
2049 "datatype": true,
2050 "docs": {
2051 "custom": {
2052 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html",
2053 "exampleMetadata": "fixture=_generated"
2054 },
2055 "stability": "external",
2056 "summary": "Properties for defining a `CfnInstanceProfile`.",
2057 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnInstanceProfileProps: iam.CfnInstanceProfileProps = {\n roles: ['roles'],\n\n // the properties below are optional\n instanceProfileName: 'instanceProfileName',\n path: 'path',\n};"
2058 },
2059 "fqn": "@aws-cdk/aws-iam.CfnInstanceProfileProps",
2060 "kind": "interface",
2061 "locationInModule": {
2062 "filename": "lib/iam.generated.ts",
2063 "line": 538
2064 },
2065 "name": "CfnInstanceProfileProps",
2066 "properties": [
2067 {
2068 "abstract": true,
2069 "docs": {
2070 "custom": {
2071 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-roles"
2072 },
2073 "remarks": "Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.",
2074 "stability": "external",
2075 "summary": "The name of the role to associate with the instance profile."
2076 },
2077 "immutable": true,
2078 "locationInModule": {
2079 "filename": "lib/iam.generated.ts",
2080 "line": 545
2081 },
2082 "name": "roles",
2083 "type": {
2084 "collection": {
2085 "elementtype": {
2086 "primitive": "string"
2087 },
2088 "kind": "array"
2089 }
2090 }
2091 },
2092 {
2093 "abstract": true,
2094 "docs": {
2095 "custom": {
2096 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-instanceprofilename"
2097 },
2098 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2099 "stability": "external",
2100 "summary": "The name of the instance profile to create."
2101 },
2102 "immutable": true,
2103 "locationInModule": {
2104 "filename": "lib/iam.generated.ts",
2105 "line": 554
2106 },
2107 "name": "instanceProfileName",
2108 "optional": true,
2109 "type": {
2110 "primitive": "string"
2111 }
2112 },
2113 {
2114 "abstract": true,
2115 "docs": {
2116 "custom": {
2117 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-path"
2118 },
2119 "remarks": "For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
2120 "stability": "external",
2121 "summary": "The path to the instance profile."
2122 },
2123 "immutable": true,
2124 "locationInModule": {
2125 "filename": "lib/iam.generated.ts",
2126 "line": 565
2127 },
2128 "name": "path",
2129 "optional": true,
2130 "type": {
2131 "primitive": "string"
2132 }
2133 }
2134 ],
2135 "symbolId": "lib/iam.generated:CfnInstanceProfileProps"
2136 },
2137 "@aws-cdk/aws-iam.CfnManagedPolicy": {
2138 "assembly": "@aws-cdk/aws-iam",
2139 "base": "@aws-cdk/core.CfnResource",
2140 "docs": {
2141 "custom": {
2142 "cloudformationResource": "AWS::IAM::ManagedPolicy",
2143 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html",
2144 "exampleMetadata": "fixture=_generated"
2145 },
2146 "remarks": "Creates a new managed policy for your AWS account .\n\nThis operation creates a policy version with a version identifier of `v1` and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide* .\n\nAs a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide* .\n\nFor more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .",
2147 "stability": "external",
2148 "summary": "A CloudFormation `AWS::IAM::ManagedPolicy`.",
2149 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnManagedPolicy = new iam.CfnManagedPolicy(this, 'MyCfnManagedPolicy', {\n policyDocument: policyDocument,\n\n // the properties below are optional\n description: 'description',\n groups: ['groups'],\n managedPolicyName: 'managedPolicyName',\n path: 'path',\n roles: ['roles'],\n users: ['users'],\n});"
2150 },
2151 "fqn": "@aws-cdk/aws-iam.CfnManagedPolicy",
2152 "initializer": {
2153 "docs": {
2154 "stability": "external",
2155 "summary": "Create a new `AWS::IAM::ManagedPolicy`."
2156 },
2157 "locationInModule": {
2158 "filename": "lib/iam.generated.ts",
2159 "line": 1032
2160 },
2161 "parameters": [
2162 {
2163 "docs": {
2164 "summary": "- scope in which this resource is defined."
2165 },
2166 "name": "scope",
2167 "type": {
2168 "fqn": "@aws-cdk/core.Construct"
2169 }
2170 },
2171 {
2172 "docs": {
2173 "summary": "- scoped id of the resource."
2174 },
2175 "name": "id",
2176 "type": {
2177 "primitive": "string"
2178 }
2179 },
2180 {
2181 "docs": {
2182 "summary": "- resource properties."
2183 },
2184 "name": "props",
2185 "type": {
2186 "fqn": "@aws-cdk/aws-iam.CfnManagedPolicyProps"
2187 }
2188 }
2189 ]
2190 },
2191 "interfaces": [
2192 "@aws-cdk/core.IInspectable"
2193 ],
2194 "kind": "class",
2195 "locationInModule": {
2196 "filename": "lib/iam.generated.ts",
2197 "line": 913
2198 },
2199 "methods": [
2200 {
2201 "docs": {
2202 "stability": "external",
2203 "summary": "Examines the CloudFormation resource and discloses attributes."
2204 },
2205 "locationInModule": {
2206 "filename": "lib/iam.generated.ts",
2207 "line": 1051
2208 },
2209 "name": "inspect",
2210 "overrides": "@aws-cdk/core.IInspectable",
2211 "parameters": [
2212 {
2213 "docs": {
2214 "summary": "- tree inspector to collect and process attributes."
2215 },
2216 "name": "inspector",
2217 "type": {
2218 "fqn": "@aws-cdk/core.TreeInspector"
2219 }
2220 }
2221 ]
2222 },
2223 {
2224 "docs": {
2225 "stability": "external"
2226 },
2227 "locationInModule": {
2228 "filename": "lib/iam.generated.ts",
2229 "line": 1068
2230 },
2231 "name": "renderProperties",
2232 "overrides": "@aws-cdk/core.CfnResource",
2233 "parameters": [
2234 {
2235 "name": "props",
2236 "type": {
2237 "collection": {
2238 "elementtype": {
2239 "primitive": "any"
2240 },
2241 "kind": "map"
2242 }
2243 }
2244 }
2245 ],
2246 "protected": true,
2247 "returns": {
2248 "type": {
2249 "collection": {
2250 "elementtype": {
2251 "primitive": "any"
2252 },
2253 "kind": "map"
2254 }
2255 }
2256 }
2257 }
2258 ],
2259 "name": "CfnManagedPolicy",
2260 "properties": [
2261 {
2262 "const": true,
2263 "docs": {
2264 "stability": "external",
2265 "summary": "The CloudFormation resource type name for this resource class."
2266 },
2267 "immutable": true,
2268 "locationInModule": {
2269 "filename": "lib/iam.generated.ts",
2270 "line": 917
2271 },
2272 "name": "CFN_RESOURCE_TYPE_NAME",
2273 "static": true,
2274 "type": {
2275 "primitive": "string"
2276 }
2277 },
2278 {
2279 "docs": {
2280 "stability": "external"
2281 },
2282 "immutable": true,
2283 "locationInModule": {
2284 "filename": "lib/iam.generated.ts",
2285 "line": 1056
2286 },
2287 "name": "cfnProperties",
2288 "overrides": "@aws-cdk/core.CfnResource",
2289 "protected": true,
2290 "type": {
2291 "collection": {
2292 "elementtype": {
2293 "primitive": "any"
2294 },
2295 "kind": "map"
2296 }
2297 }
2298 },
2299 {
2300 "docs": {
2301 "custom": {
2302 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-policydocument"
2303 },
2304 "remarks": "You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.\n\nThe maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and AWS STS character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length) .\n\nTo learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide* .\n\nThe [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
2305 "stability": "external",
2306 "summary": "The JSON policy document that you want to use as the content for the new policy."
2307 },
2308 "locationInModule": {
2309 "filename": "lib/iam.generated.ts",
2310 "line": 955
2311 },
2312 "name": "policyDocument",
2313 "type": {
2314 "primitive": "any"
2315 }
2316 },
2317 {
2318 "docs": {
2319 "custom": {
2320 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-description"
2321 },
2322 "remarks": "Typically used to store information about the permissions defined in the policy. For example, \"Grants access to production DynamoDB tables.\"\n\nThe policy description is immutable. After a value is assigned, it cannot be changed.",
2323 "stability": "external",
2324 "summary": "A friendly description of the policy."
2325 },
2326 "locationInModule": {
2327 "filename": "lib/iam.generated.ts",
2328 "line": 966
2329 },
2330 "name": "description",
2331 "optional": true,
2332 "type": {
2333 "primitive": "string"
2334 }
2335 },
2336 {
2337 "docs": {
2338 "custom": {
2339 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-groups"
2340 },
2341 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2342 "stability": "external",
2343 "summary": "The name (friendly name, not ARN) of the group to attach the policy to."
2344 },
2345 "locationInModule": {
2346 "filename": "lib/iam.generated.ts",
2347 "line": 975
2348 },
2349 "name": "groups",
2350 "optional": true,
2351 "type": {
2352 "collection": {
2353 "elementtype": {
2354 "primitive": "string"
2355 },
2356 "kind": "array"
2357 }
2358 }
2359 },
2360 {
2361 "docs": {
2362 "custom": {
2363 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-managedpolicyname"
2364 },
2365 "remarks": "> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
2366 "stability": "external",
2367 "summary": "The friendly name of the policy."
2368 },
2369 "locationInModule": {
2370 "filename": "lib/iam.generated.ts",
2371 "line": 988
2372 },
2373 "name": "managedPolicyName",
2374 "optional": true,
2375 "type": {
2376 "primitive": "string"
2377 }
2378 },
2379 {
2380 "docs": {
2381 "custom": {
2382 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-ec2-dhcpoptions-path"
2383 },
2384 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.\n\n> You cannot use an asterisk (*) in the path name.",
2385 "stability": "external",
2386 "summary": "The path for the policy."
2387 },
2388 "locationInModule": {
2389 "filename": "lib/iam.generated.ts",
2390 "line": 1003
2391 },
2392 "name": "path",
2393 "optional": true,
2394 "type": {
2395 "primitive": "string"
2396 }
2397 },
2398 {
2399 "docs": {
2400 "custom": {
2401 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-roles"
2402 },
2403 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
2404 "stability": "external",
2405 "summary": "The name (friendly name, not ARN) of the role to attach the policy to."
2406 },
2407 "locationInModule": {
2408 "filename": "lib/iam.generated.ts",
2409 "line": 1014
2410 },
2411 "name": "roles",
2412 "optional": true,
2413 "type": {
2414 "collection": {
2415 "elementtype": {
2416 "primitive": "string"
2417 },
2418 "kind": "array"
2419 }
2420 }
2421 },
2422 {
2423 "docs": {
2424 "custom": {
2425 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-users"
2426 },
2427 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2428 "stability": "external",
2429 "summary": "The name (friendly name, not ARN) of the IAM user to attach the policy to."
2430 },
2431 "locationInModule": {
2432 "filename": "lib/iam.generated.ts",
2433 "line": 1023
2434 },
2435 "name": "users",
2436 "optional": true,
2437 "type": {
2438 "collection": {
2439 "elementtype": {
2440 "primitive": "string"
2441 },
2442 "kind": "array"
2443 }
2444 }
2445 }
2446 ],
2447 "symbolId": "lib/iam.generated:CfnManagedPolicy"
2448 },
2449 "@aws-cdk/aws-iam.CfnManagedPolicyProps": {
2450 "assembly": "@aws-cdk/aws-iam",
2451 "datatype": true,
2452 "docs": {
2453 "custom": {
2454 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html",
2455 "exampleMetadata": "fixture=_generated"
2456 },
2457 "stability": "external",
2458 "summary": "Properties for defining a `CfnManagedPolicy`.",
2459 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnManagedPolicyProps: iam.CfnManagedPolicyProps = {\n policyDocument: policyDocument,\n\n // the properties below are optional\n description: 'description',\n groups: ['groups'],\n managedPolicyName: 'managedPolicyName',\n path: 'path',\n roles: ['roles'],\n users: ['users'],\n};"
2460 },
2461 "fqn": "@aws-cdk/aws-iam.CfnManagedPolicyProps",
2462 "kind": "interface",
2463 "locationInModule": {
2464 "filename": "lib/iam.generated.ts",
2465 "line": 743
2466 },
2467 "name": "CfnManagedPolicyProps",
2468 "properties": [
2469 {
2470 "abstract": true,
2471 "docs": {
2472 "custom": {
2473 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-policydocument"
2474 },
2475 "remarks": "You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.\n\nThe maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and AWS STS character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length) .\n\nTo learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide* .\n\nThe [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
2476 "stability": "external",
2477 "summary": "The JSON policy document that you want to use as the content for the new policy."
2478 },
2479 "immutable": true,
2480 "locationInModule": {
2481 "filename": "lib/iam.generated.ts",
2482 "line": 762
2483 },
2484 "name": "policyDocument",
2485 "type": {
2486 "primitive": "any"
2487 }
2488 },
2489 {
2490 "abstract": true,
2491 "docs": {
2492 "custom": {
2493 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-description"
2494 },
2495 "remarks": "Typically used to store information about the permissions defined in the policy. For example, \"Grants access to production DynamoDB tables.\"\n\nThe policy description is immutable. After a value is assigned, it cannot be changed.",
2496 "stability": "external",
2497 "summary": "A friendly description of the policy."
2498 },
2499 "immutable": true,
2500 "locationInModule": {
2501 "filename": "lib/iam.generated.ts",
2502 "line": 773
2503 },
2504 "name": "description",
2505 "optional": true,
2506 "type": {
2507 "primitive": "string"
2508 }
2509 },
2510 {
2511 "abstract": true,
2512 "docs": {
2513 "custom": {
2514 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-groups"
2515 },
2516 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2517 "stability": "external",
2518 "summary": "The name (friendly name, not ARN) of the group to attach the policy to."
2519 },
2520 "immutable": true,
2521 "locationInModule": {
2522 "filename": "lib/iam.generated.ts",
2523 "line": 782
2524 },
2525 "name": "groups",
2526 "optional": true,
2527 "type": {
2528 "collection": {
2529 "elementtype": {
2530 "primitive": "string"
2531 },
2532 "kind": "array"
2533 }
2534 }
2535 },
2536 {
2537 "abstract": true,
2538 "docs": {
2539 "custom": {
2540 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-managedpolicyname"
2541 },
2542 "remarks": "> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
2543 "stability": "external",
2544 "summary": "The friendly name of the policy."
2545 },
2546 "immutable": true,
2547 "locationInModule": {
2548 "filename": "lib/iam.generated.ts",
2549 "line": 795
2550 },
2551 "name": "managedPolicyName",
2552 "optional": true,
2553 "type": {
2554 "primitive": "string"
2555 }
2556 },
2557 {
2558 "abstract": true,
2559 "docs": {
2560 "custom": {
2561 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-ec2-dhcpoptions-path"
2562 },
2563 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.\n\n> You cannot use an asterisk (*) in the path name.",
2564 "stability": "external",
2565 "summary": "The path for the policy."
2566 },
2567 "immutable": true,
2568 "locationInModule": {
2569 "filename": "lib/iam.generated.ts",
2570 "line": 810
2571 },
2572 "name": "path",
2573 "optional": true,
2574 "type": {
2575 "primitive": "string"
2576 }
2577 },
2578 {
2579 "abstract": true,
2580 "docs": {
2581 "custom": {
2582 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-roles"
2583 },
2584 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
2585 "stability": "external",
2586 "summary": "The name (friendly name, not ARN) of the role to attach the policy to."
2587 },
2588 "immutable": true,
2589 "locationInModule": {
2590 "filename": "lib/iam.generated.ts",
2591 "line": 821
2592 },
2593 "name": "roles",
2594 "optional": true,
2595 "type": {
2596 "collection": {
2597 "elementtype": {
2598 "primitive": "string"
2599 },
2600 "kind": "array"
2601 }
2602 }
2603 },
2604 {
2605 "abstract": true,
2606 "docs": {
2607 "custom": {
2608 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-users"
2609 },
2610 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
2611 "stability": "external",
2612 "summary": "The name (friendly name, not ARN) of the IAM user to attach the policy to."
2613 },
2614 "immutable": true,
2615 "locationInModule": {
2616 "filename": "lib/iam.generated.ts",
2617 "line": 830
2618 },
2619 "name": "users",
2620 "optional": true,
2621 "type": {
2622 "collection": {
2623 "elementtype": {
2624 "primitive": "string"
2625 },
2626 "kind": "array"
2627 }
2628 }
2629 }
2630 ],
2631 "symbolId": "lib/iam.generated:CfnManagedPolicyProps"
2632 },
2633 "@aws-cdk/aws-iam.CfnOIDCProvider": {
2634 "assembly": "@aws-cdk/aws-iam",
2635 "base": "@aws-cdk/core.CfnResource",
2636 "docs": {
2637 "custom": {
2638 "cloudformationResource": "AWS::IAM::OIDCProvider",
2639 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html",
2640 "exampleMetadata": "fixture=_generated"
2641 },
2642 "remarks": "Creates or updates an IAM entity to describe an identity provider (IdP) that supports [OpenID Connect (OIDC)](https://docs.aws.amazon.com/http://openid.net/connect/) .\n\nThe OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between AWS and the OIDC provider.\n\nWhen you create the IAM OIDC provider, you specify the following:\n\n- The URL of the OIDC identity provider (IdP) to trust\n- A list of client IDs (also known as audiences) that identify the application or applications that are allowed to authenticate using the OIDC provider\n- A list of tags that are attached to the specified IAM OIDC provider\n- A list of thumbprints of one or more server certificates that the IdP uses\n\nYou get all of this information from the OIDC IdP that you want to use to access AWS .\n\nWhen you update the IAM OIDC provider, you specify the following:\n\n- The URL of the OIDC identity provider (IdP) to trust\n- A list of client IDs (also known as audiences) that replaces the existing list of client IDs associated with the OIDC IdP\n- A list of tags that replaces the existing list of tags attached to the specified IAM OIDC provider\n- A list of thumbprints that replaces the existing list of server certificates thumbprints that the IdP uses\n\n> The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is best to limit access to the [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) operation to highly privileged users.",
2643 "stability": "external",
2644 "summary": "A CloudFormation `AWS::IAM::OIDCProvider`.",
2645 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnOIDCProvider = new iam.CfnOIDCProvider(this, 'MyCfnOIDCProvider', {\n thumbprintList: ['thumbprintList'],\n\n // the properties below are optional\n clientIdList: ['clientIdList'],\n tags: [{\n key: 'key',\n value: 'value',\n }],\n url: 'url',\n});"
2646 },
2647 "fqn": "@aws-cdk/aws-iam.CfnOIDCProvider",
2648 "initializer": {
2649 "docs": {
2650 "stability": "external",
2651 "summary": "Create a new `AWS::IAM::OIDCProvider`."
2652 },
2653 "locationInModule": {
2654 "filename": "lib/iam.generated.ts",
2655 "line": 1263
2656 },
2657 "parameters": [
2658 {
2659 "docs": {
2660 "summary": "- scope in which this resource is defined."
2661 },
2662 "name": "scope",
2663 "type": {
2664 "fqn": "@aws-cdk/core.Construct"
2665 }
2666 },
2667 {
2668 "docs": {
2669 "summary": "- scoped id of the resource."
2670 },
2671 "name": "id",
2672 "type": {
2673 "primitive": "string"
2674 }
2675 },
2676 {
2677 "docs": {
2678 "summary": "- resource properties."
2679 },
2680 "name": "props",
2681 "type": {
2682 "fqn": "@aws-cdk/aws-iam.CfnOIDCProviderProps"
2683 }
2684 }
2685 ]
2686 },
2687 "interfaces": [
2688 "@aws-cdk/core.IInspectable"
2689 ],
2690 "kind": "class",
2691 "locationInModule": {
2692 "filename": "lib/iam.generated.ts",
2693 "line": 1197
2694 },
2695 "methods": [
2696 {
2697 "docs": {
2698 "stability": "external",
2699 "summary": "Examines the CloudFormation resource and discloses attributes."
2700 },
2701 "locationInModule": {
2702 "filename": "lib/iam.generated.ts",
2703 "line": 1280
2704 },
2705 "name": "inspect",
2706 "overrides": "@aws-cdk/core.IInspectable",
2707 "parameters": [
2708 {
2709 "docs": {
2710 "summary": "- tree inspector to collect and process attributes."
2711 },
2712 "name": "inspector",
2713 "type": {
2714 "fqn": "@aws-cdk/core.TreeInspector"
2715 }
2716 }
2717 ]
2718 },
2719 {
2720 "docs": {
2721 "stability": "external"
2722 },
2723 "locationInModule": {
2724 "filename": "lib/iam.generated.ts",
2725 "line": 1294
2726 },
2727 "name": "renderProperties",
2728 "overrides": "@aws-cdk/core.CfnResource",
2729 "parameters": [
2730 {
2731 "name": "props",
2732 "type": {
2733 "collection": {
2734 "elementtype": {
2735 "primitive": "any"
2736 },
2737 "kind": "map"
2738 }
2739 }
2740 }
2741 ],
2742 "protected": true,
2743 "returns": {
2744 "type": {
2745 "collection": {
2746 "elementtype": {
2747 "primitive": "any"
2748 },
2749 "kind": "map"
2750 }
2751 }
2752 }
2753 }
2754 ],
2755 "name": "CfnOIDCProvider",
2756 "properties": [
2757 {
2758 "const": true,
2759 "docs": {
2760 "stability": "external",
2761 "summary": "The CloudFormation resource type name for this resource class."
2762 },
2763 "immutable": true,
2764 "locationInModule": {
2765 "filename": "lib/iam.generated.ts",
2766 "line": 1201
2767 },
2768 "name": "CFN_RESOURCE_TYPE_NAME",
2769 "static": true,
2770 "type": {
2771 "primitive": "string"
2772 }
2773 },
2774 {
2775 "docs": {
2776 "custom": {
2777 "cloudformationAttribute": "Arn"
2778 },
2779 "stability": "external",
2780 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::OIDCProvider` resource."
2781 },
2782 "immutable": true,
2783 "locationInModule": {
2784 "filename": "lib/iam.generated.ts",
2785 "line": 1226
2786 },
2787 "name": "attrArn",
2788 "type": {
2789 "primitive": "string"
2790 }
2791 },
2792 {
2793 "docs": {
2794 "stability": "external"
2795 },
2796 "immutable": true,
2797 "locationInModule": {
2798 "filename": "lib/iam.generated.ts",
2799 "line": 1285
2800 },
2801 "name": "cfnProperties",
2802 "overrides": "@aws-cdk/core.CfnResource",
2803 "protected": true,
2804 "type": {
2805 "collection": {
2806 "elementtype": {
2807 "primitive": "any"
2808 },
2809 "kind": "map"
2810 }
2811 }
2812 },
2813 {
2814 "docs": {
2815 "custom": {
2816 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-tags"
2817 },
2818 "remarks": "The returned list of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
2819 "stability": "external",
2820 "summary": "A list of tags that are attached to the specified IAM OIDC provider."
2821 },
2822 "immutable": true,
2823 "locationInModule": {
2824 "filename": "lib/iam.generated.ts",
2825 "line": 1247
2826 },
2827 "name": "tags",
2828 "type": {
2829 "fqn": "@aws-cdk/core.TagManager"
2830 }
2831 },
2832 {
2833 "docs": {
2834 "custom": {
2835 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-thumbprintlist"
2836 },
2837 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2838 "stability": "external",
2839 "summary": "A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object."
2840 },
2841 "locationInModule": {
2842 "filename": "lib/iam.generated.ts",
2843 "line": 1233
2844 },
2845 "name": "thumbprintList",
2846 "type": {
2847 "collection": {
2848 "elementtype": {
2849 "primitive": "string"
2850 },
2851 "kind": "array"
2852 }
2853 }
2854 },
2855 {
2856 "docs": {
2857 "custom": {
2858 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-clientidlist"
2859 },
2860 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2861 "stability": "external",
2862 "summary": "A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object."
2863 },
2864 "locationInModule": {
2865 "filename": "lib/iam.generated.ts",
2866 "line": 1240
2867 },
2868 "name": "clientIdList",
2869 "optional": true,
2870 "type": {
2871 "collection": {
2872 "elementtype": {
2873 "primitive": "string"
2874 },
2875 "kind": "array"
2876 }
2877 }
2878 },
2879 {
2880 "docs": {
2881 "custom": {
2882 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-url"
2883 },
2884 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2885 "stability": "external",
2886 "summary": "The URL that the IAM OIDC provider resource object is associated with."
2887 },
2888 "locationInModule": {
2889 "filename": "lib/iam.generated.ts",
2890 "line": 1254
2891 },
2892 "name": "url",
2893 "optional": true,
2894 "type": {
2895 "primitive": "string"
2896 }
2897 }
2898 ],
2899 "symbolId": "lib/iam.generated:CfnOIDCProvider"
2900 },
2901 "@aws-cdk/aws-iam.CfnOIDCProviderProps": {
2902 "assembly": "@aws-cdk/aws-iam",
2903 "datatype": true,
2904 "docs": {
2905 "custom": {
2906 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html",
2907 "exampleMetadata": "fixture=_generated"
2908 },
2909 "stability": "external",
2910 "summary": "Properties for defining a `CfnOIDCProvider`.",
2911 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnOIDCProviderProps: iam.CfnOIDCProviderProps = {\n thumbprintList: ['thumbprintList'],\n\n // the properties below are optional\n clientIdList: ['clientIdList'],\n tags: [{\n key: 'key',\n value: 'value',\n }],\n url: 'url',\n};"
2912 },
2913 "fqn": "@aws-cdk/aws-iam.CfnOIDCProviderProps",
2914 "kind": "interface",
2915 "locationInModule": {
2916 "filename": "lib/iam.generated.ts",
2917 "line": 1081
2918 },
2919 "name": "CfnOIDCProviderProps",
2920 "properties": [
2921 {
2922 "abstract": true,
2923 "docs": {
2924 "custom": {
2925 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-thumbprintlist"
2926 },
2927 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2928 "stability": "external",
2929 "summary": "A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object."
2930 },
2931 "immutable": true,
2932 "locationInModule": {
2933 "filename": "lib/iam.generated.ts",
2934 "line": 1088
2935 },
2936 "name": "thumbprintList",
2937 "type": {
2938 "collection": {
2939 "elementtype": {
2940 "primitive": "string"
2941 },
2942 "kind": "array"
2943 }
2944 }
2945 },
2946 {
2947 "abstract": true,
2948 "docs": {
2949 "custom": {
2950 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-clientidlist"
2951 },
2952 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
2953 "stability": "external",
2954 "summary": "A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object."
2955 },
2956 "immutable": true,
2957 "locationInModule": {
2958 "filename": "lib/iam.generated.ts",
2959 "line": 1095
2960 },
2961 "name": "clientIdList",
2962 "optional": true,
2963 "type": {
2964 "collection": {
2965 "elementtype": {
2966 "primitive": "string"
2967 },
2968 "kind": "array"
2969 }
2970 }
2971 },
2972 {
2973 "abstract": true,
2974 "docs": {
2975 "custom": {
2976 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-tags"
2977 },
2978 "remarks": "The returned list of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
2979 "stability": "external",
2980 "summary": "A list of tags that are attached to the specified IAM OIDC provider."
2981 },
2982 "immutable": true,
2983 "locationInModule": {
2984 "filename": "lib/iam.generated.ts",
2985 "line": 1102
2986 },
2987 "name": "tags",
2988 "optional": true,
2989 "type": {
2990 "collection": {
2991 "elementtype": {
2992 "fqn": "@aws-cdk/core.CfnTag"
2993 },
2994 "kind": "array"
2995 }
2996 }
2997 },
2998 {
2999 "abstract": true,
3000 "docs": {
3001 "custom": {
3002 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-url"
3003 },
3004 "remarks": "For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .",
3005 "stability": "external",
3006 "summary": "The URL that the IAM OIDC provider resource object is associated with."
3007 },
3008 "immutable": true,
3009 "locationInModule": {
3010 "filename": "lib/iam.generated.ts",
3011 "line": 1109
3012 },
3013 "name": "url",
3014 "optional": true,
3015 "type": {
3016 "primitive": "string"
3017 }
3018 }
3019 ],
3020 "symbolId": "lib/iam.generated:CfnOIDCProviderProps"
3021 },
3022 "@aws-cdk/aws-iam.CfnPolicy": {
3023 "assembly": "@aws-cdk/aws-iam",
3024 "base": "@aws-cdk/core.CfnResource",
3025 "docs": {
3026 "custom": {
3027 "cloudformationResource": "AWS::IAM::Policy",
3028 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html",
3029 "exampleMetadata": "fixture=_generated"
3030 },
3031 "remarks": "Adds or updates an inline policy document that is embedded in the specified IAM user, group, or role.\n\nAn IAM user can also have a managed policy attached to it. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .\n\nThe Groups, Roles, and Users properties are optional. However, you must specify at least one of these properties.\n\nFor information about policy documents see [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *IAM User Guide* .\n\nFor information about limits on the number of inline policies that you can embed in an identity, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
3032 "stability": "external",
3033 "summary": "A CloudFormation `AWS::IAM::Policy`.",
3034 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnPolicy = new iam.CfnPolicy(this, 'MyCfnPolicy', {\n policyDocument: policyDocument,\n policyName: 'policyName',\n\n // the properties below are optional\n groups: ['groups'],\n roles: ['roles'],\n users: ['users'],\n});"
3035 },
3036 "fqn": "@aws-cdk/aws-iam.CfnPolicy",
3037 "initializer": {
3038 "docs": {
3039 "stability": "external",
3040 "summary": "Create a new `AWS::IAM::Policy`."
3041 },
3042 "locationInModule": {
3043 "filename": "lib/iam.generated.ts",
3044 "line": 1525
3045 },
3046 "parameters": [
3047 {
3048 "docs": {
3049 "summary": "- scope in which this resource is defined."
3050 },
3051 "name": "scope",
3052 "type": {
3053 "fqn": "@aws-cdk/core.Construct"
3054 }
3055 },
3056 {
3057 "docs": {
3058 "summary": "- scoped id of the resource."
3059 },
3060 "name": "id",
3061 "type": {
3062 "primitive": "string"
3063 }
3064 },
3065 {
3066 "docs": {
3067 "summary": "- resource properties."
3068 },
3069 "name": "props",
3070 "type": {
3071 "fqn": "@aws-cdk/aws-iam.CfnPolicyProps"
3072 }
3073 }
3074 ]
3075 },
3076 "interfaces": [
3077 "@aws-cdk/core.IInspectable"
3078 ],
3079 "kind": "class",
3080 "locationInModule": {
3081 "filename": "lib/iam.generated.ts",
3082 "line": 1440
3083 },
3084 "methods": [
3085 {
3086 "docs": {
3087 "stability": "external",
3088 "summary": "Examines the CloudFormation resource and discloses attributes."
3089 },
3090 "locationInModule": {
3091 "filename": "lib/iam.generated.ts",
3092 "line": 1543
3093 },
3094 "name": "inspect",
3095 "overrides": "@aws-cdk/core.IInspectable",
3096 "parameters": [
3097 {
3098 "docs": {
3099 "summary": "- tree inspector to collect and process attributes."
3100 },
3101 "name": "inspector",
3102 "type": {
3103 "fqn": "@aws-cdk/core.TreeInspector"
3104 }
3105 }
3106 ]
3107 },
3108 {
3109 "docs": {
3110 "stability": "external"
3111 },
3112 "locationInModule": {
3113 "filename": "lib/iam.generated.ts",
3114 "line": 1558
3115 },
3116 "name": "renderProperties",
3117 "overrides": "@aws-cdk/core.CfnResource",
3118 "parameters": [
3119 {
3120 "name": "props",
3121 "type": {
3122 "collection": {
3123 "elementtype": {
3124 "primitive": "any"
3125 },
3126 "kind": "map"
3127 }
3128 }
3129 }
3130 ],
3131 "protected": true,
3132 "returns": {
3133 "type": {
3134 "collection": {
3135 "elementtype": {
3136 "primitive": "any"
3137 },
3138 "kind": "map"
3139 }
3140 }
3141 }
3142 }
3143 ],
3144 "name": "CfnPolicy",
3145 "properties": [
3146 {
3147 "const": true,
3148 "docs": {
3149 "stability": "external",
3150 "summary": "The CloudFormation resource type name for this resource class."
3151 },
3152 "immutable": true,
3153 "locationInModule": {
3154 "filename": "lib/iam.generated.ts",
3155 "line": 1444
3156 },
3157 "name": "CFN_RESOURCE_TYPE_NAME",
3158 "static": true,
3159 "type": {
3160 "primitive": "string"
3161 }
3162 },
3163 {
3164 "docs": {
3165 "stability": "external"
3166 },
3167 "immutable": true,
3168 "locationInModule": {
3169 "filename": "lib/iam.generated.ts",
3170 "line": 1548
3171 },
3172 "name": "cfnProperties",
3173 "overrides": "@aws-cdk/core.CfnResource",
3174 "protected": true,
3175 "type": {
3176 "collection": {
3177 "elementtype": {
3178 "primitive": "any"
3179 },
3180 "kind": "map"
3181 }
3182 }
3183 },
3184 {
3185 "docs": {
3186 "custom": {
3187 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument"
3188 },
3189 "remarks": "You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.\n\nThe [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
3190 "stability": "external",
3191 "summary": "The policy document."
3192 },
3193 "locationInModule": {
3194 "filename": "lib/iam.generated.ts",
3195 "line": 1478
3196 },
3197 "name": "policyDocument",
3198 "type": {
3199 "primitive": "any"
3200 }
3201 },
3202 {
3203 "docs": {
3204 "custom": {
3205 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policyname"
3206 },
3207 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
3208 "stability": "external",
3209 "summary": "The name of the policy document."
3210 },
3211 "locationInModule": {
3212 "filename": "lib/iam.generated.ts",
3213 "line": 1487
3214 },
3215 "name": "policyName",
3216 "type": {
3217 "primitive": "string"
3218 }
3219 },
3220 {
3221 "docs": {
3222 "custom": {
3223 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-groups"
3224 },
3225 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.",
3226 "stability": "external",
3227 "summary": "The name of the group to associate the policy with."
3228 },
3229 "locationInModule": {
3230 "filename": "lib/iam.generated.ts",
3231 "line": 1496
3232 },
3233 "name": "groups",
3234 "optional": true,
3235 "type": {
3236 "collection": {
3237 "elementtype": {
3238 "primitive": "string"
3239 },
3240 "kind": "array"
3241 }
3242 }
3243 },
3244 {
3245 "docs": {
3246 "custom": {
3247 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-roles"
3248 },
3249 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
3250 "stability": "external",
3251 "summary": "The name of the role to associate the policy with."
3252 },
3253 "locationInModule": {
3254 "filename": "lib/iam.generated.ts",
3255 "line": 1507
3256 },
3257 "name": "roles",
3258 "optional": true,
3259 "type": {
3260 "collection": {
3261 "elementtype": {
3262 "primitive": "string"
3263 },
3264 "kind": "array"
3265 }
3266 }
3267 },
3268 {
3269 "docs": {
3270 "custom": {
3271 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-users"
3272 },
3273 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
3274 "stability": "external",
3275 "summary": "The name of the user to associate the policy with."
3276 },
3277 "locationInModule": {
3278 "filename": "lib/iam.generated.ts",
3279 "line": 1516
3280 },
3281 "name": "users",
3282 "optional": true,
3283 "type": {
3284 "collection": {
3285 "elementtype": {
3286 "primitive": "string"
3287 },
3288 "kind": "array"
3289 }
3290 }
3291 }
3292 ],
3293 "symbolId": "lib/iam.generated:CfnPolicy"
3294 },
3295 "@aws-cdk/aws-iam.CfnPolicyProps": {
3296 "assembly": "@aws-cdk/aws-iam",
3297 "datatype": true,
3298 "docs": {
3299 "custom": {
3300 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html",
3301 "exampleMetadata": "fixture=_generated"
3302 },
3303 "stability": "external",
3304 "summary": "Properties for defining a `CfnPolicy`.",
3305 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnPolicyProps: iam.CfnPolicyProps = {\n policyDocument: policyDocument,\n policyName: 'policyName',\n\n // the properties below are optional\n groups: ['groups'],\n roles: ['roles'],\n users: ['users'],\n};"
3306 },
3307 "fqn": "@aws-cdk/aws-iam.CfnPolicyProps",
3308 "kind": "interface",
3309 "locationInModule": {
3310 "filename": "lib/iam.generated.ts",
3311 "line": 1307
3312 },
3313 "name": "CfnPolicyProps",
3314 "properties": [
3315 {
3316 "abstract": true,
3317 "docs": {
3318 "custom": {
3319 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument"
3320 },
3321 "remarks": "You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.\n\nThe [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
3322 "stability": "external",
3323 "summary": "The policy document."
3324 },
3325 "immutable": true,
3326 "locationInModule": {
3327 "filename": "lib/iam.generated.ts",
3328 "line": 1322
3329 },
3330 "name": "policyDocument",
3331 "type": {
3332 "primitive": "any"
3333 }
3334 },
3335 {
3336 "abstract": true,
3337 "docs": {
3338 "custom": {
3339 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policyname"
3340 },
3341 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
3342 "stability": "external",
3343 "summary": "The name of the policy document."
3344 },
3345 "immutable": true,
3346 "locationInModule": {
3347 "filename": "lib/iam.generated.ts",
3348 "line": 1331
3349 },
3350 "name": "policyName",
3351 "type": {
3352 "primitive": "string"
3353 }
3354 },
3355 {
3356 "abstract": true,
3357 "docs": {
3358 "custom": {
3359 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-groups"
3360 },
3361 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.",
3362 "stability": "external",
3363 "summary": "The name of the group to associate the policy with."
3364 },
3365 "immutable": true,
3366 "locationInModule": {
3367 "filename": "lib/iam.generated.ts",
3368 "line": 1340
3369 },
3370 "name": "groups",
3371 "optional": true,
3372 "type": {
3373 "collection": {
3374 "elementtype": {
3375 "primitive": "string"
3376 },
3377 "kind": "array"
3378 }
3379 }
3380 },
3381 {
3382 "abstract": true,
3383 "docs": {
3384 "custom": {
3385 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-roles"
3386 },
3387 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
3388 "stability": "external",
3389 "summary": "The name of the role to associate the policy with."
3390 },
3391 "immutable": true,
3392 "locationInModule": {
3393 "filename": "lib/iam.generated.ts",
3394 "line": 1351
3395 },
3396 "name": "roles",
3397 "optional": true,
3398 "type": {
3399 "collection": {
3400 "elementtype": {
3401 "primitive": "string"
3402 },
3403 "kind": "array"
3404 }
3405 }
3406 },
3407 {
3408 "abstract": true,
3409 "docs": {
3410 "custom": {
3411 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-users"
3412 },
3413 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
3414 "stability": "external",
3415 "summary": "The name of the user to associate the policy with."
3416 },
3417 "immutable": true,
3418 "locationInModule": {
3419 "filename": "lib/iam.generated.ts",
3420 "line": 1360
3421 },
3422 "name": "users",
3423 "optional": true,
3424 "type": {
3425 "collection": {
3426 "elementtype": {
3427 "primitive": "string"
3428 },
3429 "kind": "array"
3430 }
3431 }
3432 }
3433 ],
3434 "symbolId": "lib/iam.generated:CfnPolicyProps"
3435 },
3436 "@aws-cdk/aws-iam.CfnRole": {
3437 "assembly": "@aws-cdk/aws-iam",
3438 "base": "@aws-cdk/core.CfnResource",
3439 "docs": {
3440 "custom": {
3441 "cloudformationResource": "AWS::IAM::Role",
3442 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html",
3443 "exampleMetadata": "fixture=_generated"
3444 },
3445 "remarks": "Creates a new role for your AWS account . For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html) . For information about quotas for role names and the number of roles you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .",
3446 "stability": "external",
3447 "summary": "A CloudFormation `AWS::IAM::Role`.",
3448 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const assumeRolePolicyDocument: any;\ndeclare const policyDocument: any;\nconst cfnRole = new iam.CfnRole(this, 'MyCfnRole', {\n assumeRolePolicyDocument: assumeRolePolicyDocument,\n\n // the properties below are optional\n description: 'description',\n managedPolicyArns: ['managedPolicyArns'],\n maxSessionDuration: 123,\n path: 'path',\n permissionsBoundary: 'permissionsBoundary',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n roleName: 'roleName',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n});"
3449 },
3450 "fqn": "@aws-cdk/aws-iam.CfnRole",
3451 "initializer": {
3452 "docs": {
3453 "stability": "external",
3454 "summary": "Create a new `AWS::IAM::Role`."
3455 },
3456 "locationInModule": {
3457 "filename": "lib/iam.generated.ts",
3458 "line": 1882
3459 },
3460 "parameters": [
3461 {
3462 "docs": {
3463 "summary": "- scope in which this resource is defined."
3464 },
3465 "name": "scope",
3466 "type": {
3467 "fqn": "@aws-cdk/core.Construct"
3468 }
3469 },
3470 {
3471 "docs": {
3472 "summary": "- scoped id of the resource."
3473 },
3474 "name": "id",
3475 "type": {
3476 "primitive": "string"
3477 }
3478 },
3479 {
3480 "docs": {
3481 "summary": "- resource properties."
3482 },
3483 "name": "props",
3484 "type": {
3485 "fqn": "@aws-cdk/aws-iam.CfnRoleProps"
3486 }
3487 }
3488 ]
3489 },
3490 "interfaces": [
3491 "@aws-cdk/core.IInspectable"
3492 ],
3493 "kind": "class",
3494 "locationInModule": {
3495 "filename": "lib/iam.generated.ts",
3496 "line": 1743
3497 },
3498 "methods": [
3499 {
3500 "docs": {
3501 "stability": "external",
3502 "summary": "Examines the CloudFormation resource and discloses attributes."
3503 },
3504 "locationInModule": {
3505 "filename": "lib/iam.generated.ts",
3506 "line": 1905
3507 },
3508 "name": "inspect",
3509 "overrides": "@aws-cdk/core.IInspectable",
3510 "parameters": [
3511 {
3512 "docs": {
3513 "summary": "- tree inspector to collect and process attributes."
3514 },
3515 "name": "inspector",
3516 "type": {
3517 "fqn": "@aws-cdk/core.TreeInspector"
3518 }
3519 }
3520 ]
3521 },
3522 {
3523 "docs": {
3524 "stability": "external"
3525 },
3526 "locationInModule": {
3527 "filename": "lib/iam.generated.ts",
3528 "line": 1924
3529 },
3530 "name": "renderProperties",
3531 "overrides": "@aws-cdk/core.CfnResource",
3532 "parameters": [
3533 {
3534 "name": "props",
3535 "type": {
3536 "collection": {
3537 "elementtype": {
3538 "primitive": "any"
3539 },
3540 "kind": "map"
3541 }
3542 }
3543 }
3544 ],
3545 "protected": true,
3546 "returns": {
3547 "type": {
3548 "collection": {
3549 "elementtype": {
3550 "primitive": "any"
3551 },
3552 "kind": "map"
3553 }
3554 }
3555 }
3556 }
3557 ],
3558 "name": "CfnRole",
3559 "properties": [
3560 {
3561 "const": true,
3562 "docs": {
3563 "stability": "external",
3564 "summary": "The CloudFormation resource type name for this resource class."
3565 },
3566 "immutable": true,
3567 "locationInModule": {
3568 "filename": "lib/iam.generated.ts",
3569 "line": 1747
3570 },
3571 "name": "CFN_RESOURCE_TYPE_NAME",
3572 "static": true,
3573 "type": {
3574 "primitive": "string"
3575 }
3576 },
3577 {
3578 "docs": {
3579 "custom": {
3580 "cloudformationAttribute": "Arn"
3581 },
3582 "remarks": "`{\"Fn::GetAtt\" : [\"MyRole\", \"Arn\"] }`\n\nThis will return a value such as `arn:aws:iam::1234567890:role/MyRole-AJJHDSKSDF` .",
3583 "stability": "external",
3584 "summary": "Returns the Amazon Resource Name (ARN) for the role. For example:."
3585 },
3586 "immutable": true,
3587 "locationInModule": {
3588 "filename": "lib/iam.generated.ts",
3589 "line": 1776
3590 },
3591 "name": "attrArn",
3592 "type": {
3593 "primitive": "string"
3594 }
3595 },
3596 {
3597 "docs": {
3598 "custom": {
3599 "cloudformationAttribute": "RoleId"
3600 },
3601 "remarks": "For more information about IDs, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in the *IAM User Guide* .",
3602 "stability": "external",
3603 "summary": "Returns the stable and unique string identifying the role. For example, `AIDAJQABLZS4A3QDU576Q` ."
3604 },
3605 "immutable": true,
3606 "locationInModule": {
3607 "filename": "lib/iam.generated.ts",
3608 "line": 1784
3609 },
3610 "name": "attrRoleId",
3611 "type": {
3612 "primitive": "string"
3613 }
3614 },
3615 {
3616 "docs": {
3617 "stability": "external"
3618 },
3619 "immutable": true,
3620 "locationInModule": {
3621 "filename": "lib/iam.generated.ts",
3622 "line": 1910
3623 },
3624 "name": "cfnProperties",
3625 "overrides": "@aws-cdk/core.CfnResource",
3626 "protected": true,
3627 "type": {
3628 "collection": {
3629 "elementtype": {
3630 "primitive": "any"
3631 },
3632 "kind": "map"
3633 }
3634 }
3635 },
3636 {
3637 "docs": {
3638 "custom": {
3639 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-tags"
3640 },
3641 "remarks": "For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
3642 "stability": "external",
3643 "summary": "A list of tags that are attached to the role."
3644 },
3645 "immutable": true,
3646 "locationInModule": {
3647 "filename": "lib/iam.generated.ts",
3648 "line": 1873
3649 },
3650 "name": "tags",
3651 "type": {
3652 "fqn": "@aws-cdk/core.TagManager"
3653 }
3654 },
3655 {
3656 "docs": {
3657 "custom": {
3658 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-assumerolepolicydocument"
3659 },
3660 "remarks": "Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples) . For more information about the elements that you can use in an IAM policy, see [IAM Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *IAM User Guide* .",
3661 "stability": "external",
3662 "summary": "The trust policy that is associated with this role."
3663 },
3664 "locationInModule": {
3665 "filename": "lib/iam.generated.ts",
3666 "line": 1791
3667 },
3668 "name": "assumeRolePolicyDocument",
3669 "type": {
3670 "primitive": "any"
3671 }
3672 },
3673 {
3674 "docs": {
3675 "custom": {
3676 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-description"
3677 },
3678 "stability": "external",
3679 "summary": "A description of the role that you provide."
3680 },
3681 "locationInModule": {
3682 "filename": "lib/iam.generated.ts",
3683 "line": 1798
3684 },
3685 "name": "description",
3686 "optional": true,
3687 "type": {
3688 "primitive": "string"
3689 }
3690 },
3691 {
3692 "docs": {
3693 "custom": {
3694 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-managepolicyarns"
3695 },
3696 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
3697 "stability": "external",
3698 "summary": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role."
3699 },
3700 "locationInModule": {
3701 "filename": "lib/iam.generated.ts",
3702 "line": 1807
3703 },
3704 "name": "managedPolicyArns",
3705 "optional": true,
3706 "type": {
3707 "collection": {
3708 "elementtype": {
3709 "primitive": "string"
3710 },
3711 "kind": "array"
3712 }
3713 }
3714 },
3715 {
3716 "docs": {
3717 "custom": {
3718 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-maxsessionduration"
3719 },
3720 "remarks": "If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.\n\nAnyone who assumes the role from the AWS CLI or API can use the `DurationSeconds` API parameter or the `duration-seconds` AWS CLI parameter to request a longer session. The `MaxSessionDuration` setting determines the maximum duration that can be requested using the `DurationSeconds` parameter. If users don't specify a value for the `DurationSeconds` parameter, their security credentials are valid for one hour by default. This applies when you use the `AssumeRole*` API operations or the `assume-role*` AWS CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide* .",
3721 "stability": "external",
3722 "summary": "The maximum session duration (in seconds) that you want to set for the specified role."
3723 },
3724 "locationInModule": {
3725 "filename": "lib/iam.generated.ts",
3726 "line": 1816
3727 },
3728 "name": "maxSessionDuration",
3729 "optional": true,
3730 "type": {
3731 "primitive": "number"
3732 }
3733 },
3734 {
3735 "docs": {
3736 "custom": {
3737 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path"
3738 },
3739 "remarks": "This parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
3740 "stability": "external",
3741 "summary": "The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* ."
3742 },
3743 "locationInModule": {
3744 "filename": "lib/iam.generated.ts",
3745 "line": 1827
3746 },
3747 "name": "path",
3748 "optional": true,
3749 "type": {
3750 "primitive": "string"
3751 }
3752 },
3753 {
3754 "docs": {
3755 "custom": {
3756 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary"
3757 },
3758 "remarks": "For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .",
3759 "stability": "external",
3760 "summary": "The ARN of the policy used to set the permissions boundary for the role."
3761 },
3762 "locationInModule": {
3763 "filename": "lib/iam.generated.ts",
3764 "line": 1836
3765 },
3766 "name": "permissionsBoundary",
3767 "optional": true,
3768 "type": {
3769 "primitive": "string"
3770 }
3771 },
3772 {
3773 "docs": {
3774 "custom": {
3775 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-policies"
3776 },
3777 "remarks": "When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) .\n\nA role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .\n\nFor information about limits on the number of inline policies that you can embed with a role, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
3778 "stability": "external",
3779 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM role."
3780 },
3781 "locationInModule": {
3782 "filename": "lib/iam.generated.ts",
3783 "line": 1851
3784 },
3785 "name": "policies",
3786 "optional": true,
3787 "type": {
3788 "union": {
3789 "types": [
3790 {
3791 "fqn": "@aws-cdk/core.IResolvable"
3792 },
3793 {
3794 "collection": {
3795 "elementtype": {
3796 "union": {
3797 "types": [
3798 {
3799 "fqn": "@aws-cdk/core.IResolvable"
3800 },
3801 {
3802 "fqn": "@aws-cdk/aws-iam.CfnRole.PolicyProperty"
3803 }
3804 ]
3805 }
3806 },
3807 "kind": "array"
3808 }
3809 }
3810 ]
3811 }
3812 }
3813 },
3814 {
3815 "docs": {
3816 "custom": {
3817 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-rolename"
3818 },
3819 "remarks": "For valid values, see the `RoleName` parameter for the [`CreateRole`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *IAM User Guide* .\n\nThis parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both \"Role1\" and \"role1\".\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
3820 "stability": "external",
3821 "summary": "A name for the IAM role, up to 64 characters in length."
3822 },
3823 "locationInModule": {
3824 "filename": "lib/iam.generated.ts",
3825 "line": 1866
3826 },
3827 "name": "roleName",
3828 "optional": true,
3829 "type": {
3830 "primitive": "string"
3831 }
3832 }
3833 ],
3834 "symbolId": "lib/iam.generated:CfnRole"
3835 },
3836 "@aws-cdk/aws-iam.CfnRole.PolicyProperty": {
3837 "assembly": "@aws-cdk/aws-iam",
3838 "datatype": true,
3839 "docs": {
3840 "custom": {
3841 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html",
3842 "exampleMetadata": "fixture=_generated"
3843 },
3844 "remarks": "An attached policy is a managed policy that has been attached to a user, group, or role.\n\nFor more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .",
3845 "stability": "external",
3846 "summary": "Contains information about an attached policy.",
3847 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst policyProperty: iam.CfnRole.PolicyProperty = {\n policyDocument: policyDocument,\n policyName: 'policyName',\n};"
3848 },
3849 "fqn": "@aws-cdk/aws-iam.CfnRole.PolicyProperty",
3850 "kind": "interface",
3851 "locationInModule": {
3852 "filename": "lib/iam.generated.ts",
3853 "line": 1942
3854 },
3855 "name": "PolicyProperty",
3856 "namespace": "CfnRole",
3857 "properties": [
3858 {
3859 "abstract": true,
3860 "docs": {
3861 "custom": {
3862 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument"
3863 },
3864 "remarks": "For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json) .",
3865 "stability": "external",
3866 "summary": "The entire contents of the policy that defines permissions."
3867 },
3868 "immutable": true,
3869 "locationInModule": {
3870 "filename": "lib/iam.generated.ts",
3871 "line": 1948
3872 },
3873 "name": "policyDocument",
3874 "type": {
3875 "primitive": "any"
3876 }
3877 },
3878 {
3879 "abstract": true,
3880 "docs": {
3881 "custom": {
3882 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname"
3883 },
3884 "stability": "external",
3885 "summary": "The friendly name (not ARN) identifying the policy."
3886 },
3887 "immutable": true,
3888 "locationInModule": {
3889 "filename": "lib/iam.generated.ts",
3890 "line": 1954
3891 },
3892 "name": "policyName",
3893 "type": {
3894 "primitive": "string"
3895 }
3896 }
3897 ],
3898 "symbolId": "lib/iam.generated:CfnRole.PolicyProperty"
3899 },
3900 "@aws-cdk/aws-iam.CfnRoleProps": {
3901 "assembly": "@aws-cdk/aws-iam",
3902 "datatype": true,
3903 "docs": {
3904 "custom": {
3905 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html",
3906 "exampleMetadata": "fixture=_generated"
3907 },
3908 "stability": "external",
3909 "summary": "Properties for defining a `CfnRole`.",
3910 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const assumeRolePolicyDocument: any;\ndeclare const policyDocument: any;\nconst cfnRoleProps: iam.CfnRoleProps = {\n assumeRolePolicyDocument: assumeRolePolicyDocument,\n\n // the properties below are optional\n description: 'description',\n managedPolicyArns: ['managedPolicyArns'],\n maxSessionDuration: 123,\n path: 'path',\n permissionsBoundary: 'permissionsBoundary',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n roleName: 'roleName',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n};"
3911 },
3912 "fqn": "@aws-cdk/aws-iam.CfnRoleProps",
3913 "kind": "interface",
3914 "locationInModule": {
3915 "filename": "lib/iam.generated.ts",
3916 "line": 1571
3917 },
3918 "name": "CfnRoleProps",
3919 "properties": [
3920 {
3921 "abstract": true,
3922 "docs": {
3923 "custom": {
3924 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-assumerolepolicydocument"
3925 },
3926 "remarks": "Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples) . For more information about the elements that you can use in an IAM policy, see [IAM Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *IAM User Guide* .",
3927 "stability": "external",
3928 "summary": "The trust policy that is associated with this role."
3929 },
3930 "immutable": true,
3931 "locationInModule": {
3932 "filename": "lib/iam.generated.ts",
3933 "line": 1578
3934 },
3935 "name": "assumeRolePolicyDocument",
3936 "type": {
3937 "primitive": "any"
3938 }
3939 },
3940 {
3941 "abstract": true,
3942 "docs": {
3943 "custom": {
3944 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-description"
3945 },
3946 "stability": "external",
3947 "summary": "A description of the role that you provide."
3948 },
3949 "immutable": true,
3950 "locationInModule": {
3951 "filename": "lib/iam.generated.ts",
3952 "line": 1585
3953 },
3954 "name": "description",
3955 "optional": true,
3956 "type": {
3957 "primitive": "string"
3958 }
3959 },
3960 {
3961 "abstract": true,
3962 "docs": {
3963 "custom": {
3964 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-managepolicyarns"
3965 },
3966 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
3967 "stability": "external",
3968 "summary": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role."
3969 },
3970 "immutable": true,
3971 "locationInModule": {
3972 "filename": "lib/iam.generated.ts",
3973 "line": 1594
3974 },
3975 "name": "managedPolicyArns",
3976 "optional": true,
3977 "type": {
3978 "collection": {
3979 "elementtype": {
3980 "primitive": "string"
3981 },
3982 "kind": "array"
3983 }
3984 }
3985 },
3986 {
3987 "abstract": true,
3988 "docs": {
3989 "custom": {
3990 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-maxsessionduration"
3991 },
3992 "remarks": "If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.\n\nAnyone who assumes the role from the AWS CLI or API can use the `DurationSeconds` API parameter or the `duration-seconds` AWS CLI parameter to request a longer session. The `MaxSessionDuration` setting determines the maximum duration that can be requested using the `DurationSeconds` parameter. If users don't specify a value for the `DurationSeconds` parameter, their security credentials are valid for one hour by default. This applies when you use the `AssumeRole*` API operations or the `assume-role*` AWS CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide* .",
3993 "stability": "external",
3994 "summary": "The maximum session duration (in seconds) that you want to set for the specified role."
3995 },
3996 "immutable": true,
3997 "locationInModule": {
3998 "filename": "lib/iam.generated.ts",
3999 "line": 1603
4000 },
4001 "name": "maxSessionDuration",
4002 "optional": true,
4003 "type": {
4004 "primitive": "number"
4005 }
4006 },
4007 {
4008 "abstract": true,
4009 "docs": {
4010 "custom": {
4011 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path"
4012 },
4013 "remarks": "This parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
4014 "stability": "external",
4015 "summary": "The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* ."
4016 },
4017 "immutable": true,
4018 "locationInModule": {
4019 "filename": "lib/iam.generated.ts",
4020 "line": 1614
4021 },
4022 "name": "path",
4023 "optional": true,
4024 "type": {
4025 "primitive": "string"
4026 }
4027 },
4028 {
4029 "abstract": true,
4030 "docs": {
4031 "custom": {
4032 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary"
4033 },
4034 "remarks": "For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .",
4035 "stability": "external",
4036 "summary": "The ARN of the policy used to set the permissions boundary for the role."
4037 },
4038 "immutable": true,
4039 "locationInModule": {
4040 "filename": "lib/iam.generated.ts",
4041 "line": 1623
4042 },
4043 "name": "permissionsBoundary",
4044 "optional": true,
4045 "type": {
4046 "primitive": "string"
4047 }
4048 },
4049 {
4050 "abstract": true,
4051 "docs": {
4052 "custom": {
4053 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-policies"
4054 },
4055 "remarks": "When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) .\n\nA role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .\n\nFor information about limits on the number of inline policies that you can embed with a role, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .\n\n> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.",
4056 "stability": "external",
4057 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM role."
4058 },
4059 "immutable": true,
4060 "locationInModule": {
4061 "filename": "lib/iam.generated.ts",
4062 "line": 1638
4063 },
4064 "name": "policies",
4065 "optional": true,
4066 "type": {
4067 "union": {
4068 "types": [
4069 {
4070 "fqn": "@aws-cdk/core.IResolvable"
4071 },
4072 {
4073 "collection": {
4074 "elementtype": {
4075 "union": {
4076 "types": [
4077 {
4078 "fqn": "@aws-cdk/core.IResolvable"
4079 },
4080 {
4081 "fqn": "@aws-cdk/aws-iam.CfnRole.PolicyProperty"
4082 }
4083 ]
4084 }
4085 },
4086 "kind": "array"
4087 }
4088 }
4089 ]
4090 }
4091 }
4092 },
4093 {
4094 "abstract": true,
4095 "docs": {
4096 "custom": {
4097 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-rolename"
4098 },
4099 "remarks": "For valid values, see the `RoleName` parameter for the [`CreateRole`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *IAM User Guide* .\n\nThis parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both \"Role1\" and \"role1\".\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
4100 "stability": "external",
4101 "summary": "A name for the IAM role, up to 64 characters in length."
4102 },
4103 "immutable": true,
4104 "locationInModule": {
4105 "filename": "lib/iam.generated.ts",
4106 "line": 1653
4107 },
4108 "name": "roleName",
4109 "optional": true,
4110 "type": {
4111 "primitive": "string"
4112 }
4113 },
4114 {
4115 "abstract": true,
4116 "docs": {
4117 "custom": {
4118 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-tags"
4119 },
4120 "remarks": "For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
4121 "stability": "external",
4122 "summary": "A list of tags that are attached to the role."
4123 },
4124 "immutable": true,
4125 "locationInModule": {
4126 "filename": "lib/iam.generated.ts",
4127 "line": 1660
4128 },
4129 "name": "tags",
4130 "optional": true,
4131 "type": {
4132 "collection": {
4133 "elementtype": {
4134 "fqn": "@aws-cdk/core.CfnTag"
4135 },
4136 "kind": "array"
4137 }
4138 }
4139 }
4140 ],
4141 "symbolId": "lib/iam.generated:CfnRoleProps"
4142 },
4143 "@aws-cdk/aws-iam.CfnSAMLProvider": {
4144 "assembly": "@aws-cdk/aws-iam",
4145 "base": "@aws-cdk/core.CfnResource",
4146 "docs": {
4147 "custom": {
4148 "cloudformationResource": "AWS::IAM::SAMLProvider",
4149 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html",
4150 "exampleMetadata": "fixture=_generated"
4151 },
4152 "remarks": "Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.\n\nThe SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .\n\nWhen you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.\n\n> This operation requires [Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) .\n\nFor more information, see [Enabling SAML 2.0 federated users to access the AWS Management Console](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html) and [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide* .",
4153 "stability": "external",
4154 "summary": "A CloudFormation `AWS::IAM::SAMLProvider`.",
4155 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnSAMLProvider = new iam.CfnSAMLProvider(this, 'MyCfnSAMLProvider', {\n samlMetadataDocument: 'samlMetadataDocument',\n\n // the properties below are optional\n name: 'name',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n});"
4156 },
4157 "fqn": "@aws-cdk/aws-iam.CfnSAMLProvider",
4158 "initializer": {
4159 "docs": {
4160 "stability": "external",
4161 "summary": "Create a new `AWS::IAM::SAMLProvider`."
4162 },
4163 "locationInModule": {
4164 "filename": "lib/iam.generated.ts",
4165 "line": 2184
4166 },
4167 "parameters": [
4168 {
4169 "docs": {
4170 "summary": "- scope in which this resource is defined."
4171 },
4172 "name": "scope",
4173 "type": {
4174 "fqn": "@aws-cdk/core.Construct"
4175 }
4176 },
4177 {
4178 "docs": {
4179 "summary": "- scoped id of the resource."
4180 },
4181 "name": "id",
4182 "type": {
4183 "primitive": "string"
4184 }
4185 },
4186 {
4187 "docs": {
4188 "summary": "- resource properties."
4189 },
4190 "name": "props",
4191 "type": {
4192 "fqn": "@aws-cdk/aws-iam.CfnSAMLProviderProps"
4193 }
4194 }
4195 ]
4196 },
4197 "interfaces": [
4198 "@aws-cdk/core.IInspectable"
4199 ],
4200 "kind": "class",
4201 "locationInModule": {
4202 "filename": "lib/iam.generated.ts",
4203 "line": 2119
4204 },
4205 "methods": [
4206 {
4207 "docs": {
4208 "stability": "external",
4209 "summary": "Examines the CloudFormation resource and discloses attributes."
4210 },
4211 "locationInModule": {
4212 "filename": "lib/iam.generated.ts",
4213 "line": 2200
4214 },
4215 "name": "inspect",
4216 "overrides": "@aws-cdk/core.IInspectable",
4217 "parameters": [
4218 {
4219 "docs": {
4220 "summary": "- tree inspector to collect and process attributes."
4221 },
4222 "name": "inspector",
4223 "type": {
4224 "fqn": "@aws-cdk/core.TreeInspector"
4225 }
4226 }
4227 ]
4228 },
4229 {
4230 "docs": {
4231 "stability": "external"
4232 },
4233 "locationInModule": {
4234 "filename": "lib/iam.generated.ts",
4235 "line": 2213
4236 },
4237 "name": "renderProperties",
4238 "overrides": "@aws-cdk/core.CfnResource",
4239 "parameters": [
4240 {
4241 "name": "props",
4242 "type": {
4243 "collection": {
4244 "elementtype": {
4245 "primitive": "any"
4246 },
4247 "kind": "map"
4248 }
4249 }
4250 }
4251 ],
4252 "protected": true,
4253 "returns": {
4254 "type": {
4255 "collection": {
4256 "elementtype": {
4257 "primitive": "any"
4258 },
4259 "kind": "map"
4260 }
4261 }
4262 }
4263 }
4264 ],
4265 "name": "CfnSAMLProvider",
4266 "properties": [
4267 {
4268 "const": true,
4269 "docs": {
4270 "stability": "external",
4271 "summary": "The CloudFormation resource type name for this resource class."
4272 },
4273 "immutable": true,
4274 "locationInModule": {
4275 "filename": "lib/iam.generated.ts",
4276 "line": 2123
4277 },
4278 "name": "CFN_RESOURCE_TYPE_NAME",
4279 "static": true,
4280 "type": {
4281 "primitive": "string"
4282 }
4283 },
4284 {
4285 "docs": {
4286 "custom": {
4287 "cloudformationAttribute": "Arn"
4288 },
4289 "stability": "external",
4290 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::SAMLProvider` resource."
4291 },
4292 "immutable": true,
4293 "locationInModule": {
4294 "filename": "lib/iam.generated.ts",
4295 "line": 2148
4296 },
4297 "name": "attrArn",
4298 "type": {
4299 "primitive": "string"
4300 }
4301 },
4302 {
4303 "docs": {
4304 "stability": "external"
4305 },
4306 "immutable": true,
4307 "locationInModule": {
4308 "filename": "lib/iam.generated.ts",
4309 "line": 2205
4310 },
4311 "name": "cfnProperties",
4312 "overrides": "@aws-cdk/core.CfnResource",
4313 "protected": true,
4314 "type": {
4315 "collection": {
4316 "elementtype": {
4317 "primitive": "any"
4318 },
4319 "kind": "map"
4320 }
4321 }
4322 },
4323 {
4324 "docs": {
4325 "custom": {
4326 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-tags"
4327 },
4328 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
4329 "stability": "external",
4330 "summary": "A list of tags that you want to attach to the new IAM SAML provider."
4331 },
4332 "immutable": true,
4333 "locationInModule": {
4334 "filename": "lib/iam.generated.ts",
4335 "line": 2175
4336 },
4337 "name": "tags",
4338 "type": {
4339 "fqn": "@aws-cdk/core.TagManager"
4340 }
4341 },
4342 {
4343 "docs": {
4344 "custom": {
4345 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-samlmetadatadocument"
4346 },
4347 "remarks": "For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*",
4348 "stability": "external",
4349 "summary": "An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP."
4350 },
4351 "locationInModule": {
4352 "filename": "lib/iam.generated.ts",
4353 "line": 2157
4354 },
4355 "name": "samlMetadataDocument",
4356 "type": {
4357 "primitive": "string"
4358 }
4359 },
4360 {
4361 "docs": {
4362 "custom": {
4363 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-name"
4364 },
4365 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
4366 "stability": "external",
4367 "summary": "The name of the provider to create."
4368 },
4369 "locationInModule": {
4370 "filename": "lib/iam.generated.ts",
4371 "line": 2166
4372 },
4373 "name": "name",
4374 "optional": true,
4375 "type": {
4376 "primitive": "string"
4377 }
4378 }
4379 ],
4380 "symbolId": "lib/iam.generated:CfnSAMLProvider"
4381 },
4382 "@aws-cdk/aws-iam.CfnSAMLProviderProps": {
4383 "assembly": "@aws-cdk/aws-iam",
4384 "datatype": true,
4385 "docs": {
4386 "custom": {
4387 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html",
4388 "exampleMetadata": "fixture=_generated"
4389 },
4390 "stability": "external",
4391 "summary": "Properties for defining a `CfnSAMLProvider`.",
4392 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnSAMLProviderProps: iam.CfnSAMLProviderProps = {\n samlMetadataDocument: 'samlMetadataDocument',\n\n // the properties below are optional\n name: 'name',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n};"
4393 },
4394 "fqn": "@aws-cdk/aws-iam.CfnSAMLProviderProps",
4395 "kind": "interface",
4396 "locationInModule": {
4397 "filename": "lib/iam.generated.ts",
4398 "line": 2019
4399 },
4400 "name": "CfnSAMLProviderProps",
4401 "properties": [
4402 {
4403 "abstract": true,
4404 "docs": {
4405 "custom": {
4406 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-samlmetadatadocument"
4407 },
4408 "remarks": "For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*",
4409 "stability": "external",
4410 "summary": "An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP."
4411 },
4412 "immutable": true,
4413 "locationInModule": {
4414 "filename": "lib/iam.generated.ts",
4415 "line": 2028
4416 },
4417 "name": "samlMetadataDocument",
4418 "type": {
4419 "primitive": "string"
4420 }
4421 },
4422 {
4423 "abstract": true,
4424 "docs": {
4425 "custom": {
4426 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-name"
4427 },
4428 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
4429 "stability": "external",
4430 "summary": "The name of the provider to create."
4431 },
4432 "immutable": true,
4433 "locationInModule": {
4434 "filename": "lib/iam.generated.ts",
4435 "line": 2037
4436 },
4437 "name": "name",
4438 "optional": true,
4439 "type": {
4440 "primitive": "string"
4441 }
4442 },
4443 {
4444 "abstract": true,
4445 "docs": {
4446 "custom": {
4447 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-tags"
4448 },
4449 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
4450 "stability": "external",
4451 "summary": "A list of tags that you want to attach to the new IAM SAML provider."
4452 },
4453 "immutable": true,
4454 "locationInModule": {
4455 "filename": "lib/iam.generated.ts",
4456 "line": 2046
4457 },
4458 "name": "tags",
4459 "optional": true,
4460 "type": {
4461 "collection": {
4462 "elementtype": {
4463 "fqn": "@aws-cdk/core.CfnTag"
4464 },
4465 "kind": "array"
4466 }
4467 }
4468 }
4469 ],
4470 "symbolId": "lib/iam.generated:CfnSAMLProviderProps"
4471 },
4472 "@aws-cdk/aws-iam.CfnServerCertificate": {
4473 "assembly": "@aws-cdk/aws-iam",
4474 "base": "@aws-cdk/core.CfnResource",
4475 "docs": {
4476 "custom": {
4477 "cloudformationResource": "AWS::IAM::ServerCertificate",
4478 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html",
4479 "exampleMetadata": "fixture=_generated"
4480 },
4481 "remarks": "Uploads a server certificate entity for the AWS account . The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.\n\nWe recommend that you use [AWS Certificate Manager](https://docs.aws.amazon.com/acm/) to provision, manage, and deploy your server certificates. With ACM you can request a certificate, deploy it to AWS resources, and let ACM handle certificate renewals for you. Certificates provided by ACM are free. For more information about using ACM, see the [AWS Certificate Manager User Guide](https://docs.aws.amazon.com/acm/latest/userguide/) .\n\nFor more information about working with server certificates, see [Working with server certificates](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) in the *IAM User Guide* . This topic includes a list of AWS services that can use the server certificates that you manage with IAM.\n\nFor information about the number of server certificates you can upload, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .\n\n> Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET when calling `UploadServerCertificate` . For information about setting up signatures and authorization through the API, see [Signing AWS API requests](https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) in the *AWS General Reference* . For general information about using the Query API with IAM, see [Calling the API by making HTTP query requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html) in the *IAM User Guide* .",
4482 "stability": "external",
4483 "summary": "A CloudFormation `AWS::IAM::ServerCertificate`.",
4484 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnServerCertificate = new iam.CfnServerCertificate(this, 'MyCfnServerCertificate', /* all optional props */ {\n certificateBody: 'certificateBody',\n certificateChain: 'certificateChain',\n path: 'path',\n privateKey: 'privateKey',\n serverCertificateName: 'serverCertificateName',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n});"
4485 },
4486 "fqn": "@aws-cdk/aws-iam.CfnServerCertificate",
4487 "initializer": {
4488 "docs": {
4489 "stability": "external",
4490 "summary": "Create a new `AWS::IAM::ServerCertificate`."
4491 },
4492 "locationInModule": {
4493 "filename": "lib/iam.generated.ts",
4494 "line": 2453
4495 },
4496 "parameters": [
4497 {
4498 "docs": {
4499 "summary": "- scope in which this resource is defined."
4500 },
4501 "name": "scope",
4502 "type": {
4503 "fqn": "@aws-cdk/core.Construct"
4504 }
4505 },
4506 {
4507 "docs": {
4508 "summary": "- scoped id of the resource."
4509 },
4510 "name": "id",
4511 "type": {
4512 "primitive": "string"
4513 }
4514 },
4515 {
4516 "docs": {
4517 "summary": "- resource properties."
4518 },
4519 "name": "props",
4520 "optional": true,
4521 "type": {
4522 "fqn": "@aws-cdk/aws-iam.CfnServerCertificateProps"
4523 }
4524 }
4525 ]
4526 },
4527 "interfaces": [
4528 "@aws-cdk/core.IInspectable"
4529 ],
4530 "kind": "class",
4531 "locationInModule": {
4532 "filename": "lib/iam.generated.ts",
4533 "line": 2361
4534 },
4535 "methods": [
4536 {
4537 "docs": {
4538 "stability": "external",
4539 "summary": "Examines the CloudFormation resource and discloses attributes."
4540 },
4541 "locationInModule": {
4542 "filename": "lib/iam.generated.ts",
4543 "line": 2471
4544 },
4545 "name": "inspect",
4546 "overrides": "@aws-cdk/core.IInspectable",
4547 "parameters": [
4548 {
4549 "docs": {
4550 "summary": "- tree inspector to collect and process attributes."
4551 },
4552 "name": "inspector",
4553 "type": {
4554 "fqn": "@aws-cdk/core.TreeInspector"
4555 }
4556 }
4557 ]
4558 },
4559 {
4560 "docs": {
4561 "stability": "external"
4562 },
4563 "locationInModule": {
4564 "filename": "lib/iam.generated.ts",
4565 "line": 2487
4566 },
4567 "name": "renderProperties",
4568 "overrides": "@aws-cdk/core.CfnResource",
4569 "parameters": [
4570 {
4571 "name": "props",
4572 "type": {
4573 "collection": {
4574 "elementtype": {
4575 "primitive": "any"
4576 },
4577 "kind": "map"
4578 }
4579 }
4580 }
4581 ],
4582 "protected": true,
4583 "returns": {
4584 "type": {
4585 "collection": {
4586 "elementtype": {
4587 "primitive": "any"
4588 },
4589 "kind": "map"
4590 }
4591 }
4592 }
4593 }
4594 ],
4595 "name": "CfnServerCertificate",
4596 "properties": [
4597 {
4598 "const": true,
4599 "docs": {
4600 "stability": "external",
4601 "summary": "The CloudFormation resource type name for this resource class."
4602 },
4603 "immutable": true,
4604 "locationInModule": {
4605 "filename": "lib/iam.generated.ts",
4606 "line": 2365
4607 },
4608 "name": "CFN_RESOURCE_TYPE_NAME",
4609 "static": true,
4610 "type": {
4611 "primitive": "string"
4612 }
4613 },
4614 {
4615 "docs": {
4616 "custom": {
4617 "cloudformationAttribute": "Arn"
4618 },
4619 "stability": "external",
4620 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::ServerCertificate` resource."
4621 },
4622 "immutable": true,
4623 "locationInModule": {
4624 "filename": "lib/iam.generated.ts",
4625 "line": 2390
4626 },
4627 "name": "attrArn",
4628 "type": {
4629 "primitive": "string"
4630 }
4631 },
4632 {
4633 "docs": {
4634 "stability": "external"
4635 },
4636 "immutable": true,
4637 "locationInModule": {
4638 "filename": "lib/iam.generated.ts",
4639 "line": 2476
4640 },
4641 "name": "cfnProperties",
4642 "overrides": "@aws-cdk/core.CfnResource",
4643 "protected": true,
4644 "type": {
4645 "collection": {
4646 "elementtype": {
4647 "primitive": "any"
4648 },
4649 "kind": "map"
4650 }
4651 }
4652 },
4653 {
4654 "docs": {
4655 "custom": {
4656 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-tags"
4657 },
4658 "remarks": "For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
4659 "stability": "external",
4660 "summary": "A list of tags that are attached to the server certificate."
4661 },
4662 "immutable": true,
4663 "locationInModule": {
4664 "filename": "lib/iam.generated.ts",
4665 "line": 2444
4666 },
4667 "name": "tags",
4668 "type": {
4669 "fqn": "@aws-cdk/core.TagManager"
4670 }
4671 },
4672 {
4673 "docs": {
4674 "custom": {
4675 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatebody"
4676 },
4677 "stability": "external",
4678 "summary": "The contents of the public key certificate."
4679 },
4680 "locationInModule": {
4681 "filename": "lib/iam.generated.ts",
4682 "line": 2397
4683 },
4684 "name": "certificateBody",
4685 "optional": true,
4686 "type": {
4687 "primitive": "string"
4688 }
4689 },
4690 {
4691 "docs": {
4692 "custom": {
4693 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatechain"
4694 },
4695 "stability": "external",
4696 "summary": "The contents of the public key certificate chain."
4697 },
4698 "locationInModule": {
4699 "filename": "lib/iam.generated.ts",
4700 "line": 2404
4701 },
4702 "name": "certificateChain",
4703 "optional": true,
4704 "type": {
4705 "primitive": "string"
4706 }
4707 },
4708 {
4709 "docs": {
4710 "custom": {
4711 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-path"
4712 },
4713 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.\n\n> If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the `path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/` ).",
4714 "stability": "external",
4715 "summary": "The path for the server certificate."
4716 },
4717 "locationInModule": {
4718 "filename": "lib/iam.generated.ts",
4719 "line": 2415
4720 },
4721 "name": "path",
4722 "optional": true,
4723 "type": {
4724 "primitive": "string"
4725 }
4726 },
4727 {
4728 "docs": {
4729 "custom": {
4730 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-privatekey"
4731 },
4732 "remarks": "The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
4733 "stability": "external",
4734 "summary": "The contents of the private key in PEM-encoded format."
4735 },
4736 "locationInModule": {
4737 "filename": "lib/iam.generated.ts",
4738 "line": 2428
4739 },
4740 "name": "privateKey",
4741 "optional": true,
4742 "type": {
4743 "primitive": "string"
4744 }
4745 },
4746 {
4747 "docs": {
4748 "custom": {
4749 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-servercertificatename"
4750 },
4751 "remarks": "Do not include the path in this value. The name of the certificate cannot contain any spaces.\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
4752 "stability": "external",
4753 "summary": "The name for the server certificate."
4754 },
4755 "locationInModule": {
4756 "filename": "lib/iam.generated.ts",
4757 "line": 2437
4758 },
4759 "name": "serverCertificateName",
4760 "optional": true,
4761 "type": {
4762 "primitive": "string"
4763 }
4764 }
4765 ],
4766 "symbolId": "lib/iam.generated:CfnServerCertificate"
4767 },
4768 "@aws-cdk/aws-iam.CfnServerCertificateProps": {
4769 "assembly": "@aws-cdk/aws-iam",
4770 "datatype": true,
4771 "docs": {
4772 "custom": {
4773 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html",
4774 "exampleMetadata": "fixture=_generated"
4775 },
4776 "stability": "external",
4777 "summary": "Properties for defining a `CfnServerCertificate`.",
4778 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnServerCertificateProps: iam.CfnServerCertificateProps = {\n certificateBody: 'certificateBody',\n certificateChain: 'certificateChain',\n path: 'path',\n privateKey: 'privateKey',\n serverCertificateName: 'serverCertificateName',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n};"
4779 },
4780 "fqn": "@aws-cdk/aws-iam.CfnServerCertificateProps",
4781 "kind": "interface",
4782 "locationInModule": {
4783 "filename": "lib/iam.generated.ts",
4784 "line": 2226
4785 },
4786 "name": "CfnServerCertificateProps",
4787 "properties": [
4788 {
4789 "abstract": true,
4790 "docs": {
4791 "custom": {
4792 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatebody"
4793 },
4794 "stability": "external",
4795 "summary": "The contents of the public key certificate."
4796 },
4797 "immutable": true,
4798 "locationInModule": {
4799 "filename": "lib/iam.generated.ts",
4800 "line": 2233
4801 },
4802 "name": "certificateBody",
4803 "optional": true,
4804 "type": {
4805 "primitive": "string"
4806 }
4807 },
4808 {
4809 "abstract": true,
4810 "docs": {
4811 "custom": {
4812 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatechain"
4813 },
4814 "stability": "external",
4815 "summary": "The contents of the public key certificate chain."
4816 },
4817 "immutable": true,
4818 "locationInModule": {
4819 "filename": "lib/iam.generated.ts",
4820 "line": 2240
4821 },
4822 "name": "certificateChain",
4823 "optional": true,
4824 "type": {
4825 "primitive": "string"
4826 }
4827 },
4828 {
4829 "abstract": true,
4830 "docs": {
4831 "custom": {
4832 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-path"
4833 },
4834 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.\n\n> If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the `path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/` ).",
4835 "stability": "external",
4836 "summary": "The path for the server certificate."
4837 },
4838 "immutable": true,
4839 "locationInModule": {
4840 "filename": "lib/iam.generated.ts",
4841 "line": 2251
4842 },
4843 "name": "path",
4844 "optional": true,
4845 "type": {
4846 "primitive": "string"
4847 }
4848 },
4849 {
4850 "abstract": true,
4851 "docs": {
4852 "custom": {
4853 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-privatekey"
4854 },
4855 "remarks": "The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:\n\n- Any printable ASCII character ranging from the space character ( `\\ u0020` ) through the end of the ASCII character range\n- The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\\ u00FF` )\n- The special characters tab ( `\\ u0009` ), line feed ( `\\ u000A` ), and carriage return ( `\\ u000D` )",
4856 "stability": "external",
4857 "summary": "The contents of the private key in PEM-encoded format."
4858 },
4859 "immutable": true,
4860 "locationInModule": {
4861 "filename": "lib/iam.generated.ts",
4862 "line": 2264
4863 },
4864 "name": "privateKey",
4865 "optional": true,
4866 "type": {
4867 "primitive": "string"
4868 }
4869 },
4870 {
4871 "abstract": true,
4872 "docs": {
4873 "custom": {
4874 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-servercertificatename"
4875 },
4876 "remarks": "Do not include the path in this value. The name of the certificate cannot contain any spaces.\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
4877 "stability": "external",
4878 "summary": "The name for the server certificate."
4879 },
4880 "immutable": true,
4881 "locationInModule": {
4882 "filename": "lib/iam.generated.ts",
4883 "line": 2273
4884 },
4885 "name": "serverCertificateName",
4886 "optional": true,
4887 "type": {
4888 "primitive": "string"
4889 }
4890 },
4891 {
4892 "abstract": true,
4893 "docs": {
4894 "custom": {
4895 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-tags"
4896 },
4897 "remarks": "For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .",
4898 "stability": "external",
4899 "summary": "A list of tags that are attached to the server certificate."
4900 },
4901 "immutable": true,
4902 "locationInModule": {
4903 "filename": "lib/iam.generated.ts",
4904 "line": 2280
4905 },
4906 "name": "tags",
4907 "optional": true,
4908 "type": {
4909 "collection": {
4910 "elementtype": {
4911 "fqn": "@aws-cdk/core.CfnTag"
4912 },
4913 "kind": "array"
4914 }
4915 }
4916 }
4917 ],
4918 "symbolId": "lib/iam.generated:CfnServerCertificateProps"
4919 },
4920 "@aws-cdk/aws-iam.CfnServiceLinkedRole": {
4921 "assembly": "@aws-cdk/aws-iam",
4922 "base": "@aws-cdk/core.CfnResource",
4923 "docs": {
4924 "custom": {
4925 "cloudformationResource": "AWS::IAM::ServiceLinkedRole",
4926 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html",
4927 "exampleMetadata": "infused"
4928 },
4929 "remarks": "Creates an IAM role that is linked to a specific AWS service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your AWS resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed. For more information, see [Using service-linked roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) in the *IAM User Guide* .\n\nTo attach a policy to this service-linked role, you must make the request using the AWS service that depends on this role.",
4930 "stability": "external",
4931 "summary": "A CloudFormation `AWS::IAM::ServiceLinkedRole`.",
4932 "example": "const slr = new iam.CfnServiceLinkedRole(this, 'ElasticSLR', {\n awsServiceName: 'es.amazonaws.com',\n});"
4933 },
4934 "fqn": "@aws-cdk/aws-iam.CfnServiceLinkedRole",
4935 "initializer": {
4936 "docs": {
4937 "stability": "external",
4938 "summary": "Create a new `AWS::IAM::ServiceLinkedRole`."
4939 },
4940 "locationInModule": {
4941 "filename": "lib/iam.generated.ts",
4942 "line": 2649
4943 },
4944 "parameters": [
4945 {
4946 "docs": {
4947 "summary": "- scope in which this resource is defined."
4948 },
4949 "name": "scope",
4950 "type": {
4951 "fqn": "@aws-cdk/core.Construct"
4952 }
4953 },
4954 {
4955 "docs": {
4956 "summary": "- scoped id of the resource."
4957 },
4958 "name": "id",
4959 "type": {
4960 "primitive": "string"
4961 }
4962 },
4963 {
4964 "docs": {
4965 "summary": "- resource properties."
4966 },
4967 "name": "props",
4968 "type": {
4969 "fqn": "@aws-cdk/aws-iam.CfnServiceLinkedRoleProps"
4970 }
4971 }
4972 ]
4973 },
4974 "interfaces": [
4975 "@aws-cdk/core.IInspectable"
4976 ],
4977 "kind": "class",
4978 "locationInModule": {
4979 "filename": "lib/iam.generated.ts",
4980 "line": 2592
4981 },
4982 "methods": [
4983 {
4984 "docs": {
4985 "stability": "external",
4986 "summary": "Examines the CloudFormation resource and discloses attributes."
4987 },
4988 "locationInModule": {
4989 "filename": "lib/iam.generated.ts",
4990 "line": 2664
4991 },
4992 "name": "inspect",
4993 "overrides": "@aws-cdk/core.IInspectable",
4994 "parameters": [
4995 {
4996 "docs": {
4997 "summary": "- tree inspector to collect and process attributes."
4998 },
4999 "name": "inspector",
5000 "type": {
5001 "fqn": "@aws-cdk/core.TreeInspector"
5002 }
5003 }
5004 ]
5005 },
5006 {
5007 "docs": {
5008 "stability": "external"
5009 },
5010 "locationInModule": {
5011 "filename": "lib/iam.generated.ts",
5012 "line": 2677
5013 },
5014 "name": "renderProperties",
5015 "overrides": "@aws-cdk/core.CfnResource",
5016 "parameters": [
5017 {
5018 "name": "props",
5019 "type": {
5020 "collection": {
5021 "elementtype": {
5022 "primitive": "any"
5023 },
5024 "kind": "map"
5025 }
5026 }
5027 }
5028 ],
5029 "protected": true,
5030 "returns": {
5031 "type": {
5032 "collection": {
5033 "elementtype": {
5034 "primitive": "any"
5035 },
5036 "kind": "map"
5037 }
5038 }
5039 }
5040 }
5041 ],
5042 "name": "CfnServiceLinkedRole",
5043 "properties": [
5044 {
5045 "const": true,
5046 "docs": {
5047 "stability": "external",
5048 "summary": "The CloudFormation resource type name for this resource class."
5049 },
5050 "immutable": true,
5051 "locationInModule": {
5052 "filename": "lib/iam.generated.ts",
5053 "line": 2596
5054 },
5055 "name": "CFN_RESOURCE_TYPE_NAME",
5056 "static": true,
5057 "type": {
5058 "primitive": "string"
5059 }
5060 },
5061 {
5062 "docs": {
5063 "stability": "external"
5064 },
5065 "immutable": true,
5066 "locationInModule": {
5067 "filename": "lib/iam.generated.ts",
5068 "line": 2669
5069 },
5070 "name": "cfnProperties",
5071 "overrides": "@aws-cdk/core.CfnResource",
5072 "protected": true,
5073 "type": {
5074 "collection": {
5075 "elementtype": {
5076 "primitive": "any"
5077 },
5078 "kind": "map"
5079 }
5080 }
5081 },
5082 {
5083 "docs": {
5084 "custom": {
5085 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-awsservicename"
5086 },
5087 "remarks": "You use a string similar to a URL but without the http:// in front. For example: `elasticbeanstalk.amazonaws.com` .\n\nService principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the *IAM User Guide* . Look for the services that have *Yes* in the *Service-Linked Role* column. Choose the *Yes* link to view the service-linked role documentation for that service.",
5088 "stability": "external",
5089 "summary": "The service principal for the AWS service to which this role is attached."
5090 },
5091 "locationInModule": {
5092 "filename": "lib/iam.generated.ts",
5093 "line": 2624
5094 },
5095 "name": "awsServiceName",
5096 "type": {
5097 "primitive": "string"
5098 }
5099 },
5100 {
5101 "docs": {
5102 "custom": {
5103 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-customsuffix"
5104 },
5105 "remarks": "If you make multiple requests for the same service, then you must supply a different `CustomSuffix` for each request. Otherwise the request fails with a duplicate role name error. For example, you could add `-1` or `-debug` to the suffix.\n\nSome services do not support the `CustomSuffix` parameter. If you provide an optional suffix and the operation fails, try the operation again without the suffix.",
5106 "stability": "external",
5107 "summary": "A string that you provide, which is combined with the service-provided prefix to form the complete role name."
5108 },
5109 "locationInModule": {
5110 "filename": "lib/iam.generated.ts",
5111 "line": 2633
5112 },
5113 "name": "customSuffix",
5114 "optional": true,
5115 "type": {
5116 "primitive": "string"
5117 }
5118 },
5119 {
5120 "docs": {
5121 "custom": {
5122 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-description"
5123 },
5124 "stability": "external",
5125 "summary": "The description of the role."
5126 },
5127 "locationInModule": {
5128 "filename": "lib/iam.generated.ts",
5129 "line": 2640
5130 },
5131 "name": "description",
5132 "optional": true,
5133 "type": {
5134 "primitive": "string"
5135 }
5136 }
5137 ],
5138 "symbolId": "lib/iam.generated:CfnServiceLinkedRole"
5139 },
5140 "@aws-cdk/aws-iam.CfnServiceLinkedRoleProps": {
5141 "assembly": "@aws-cdk/aws-iam",
5142 "datatype": true,
5143 "docs": {
5144 "custom": {
5145 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html",
5146 "exampleMetadata": "infused"
5147 },
5148 "stability": "external",
5149 "summary": "Properties for defining a `CfnServiceLinkedRole`.",
5150 "example": "const slr = new iam.CfnServiceLinkedRole(this, 'ElasticSLR', {\n awsServiceName: 'es.amazonaws.com',\n});"
5151 },
5152 "fqn": "@aws-cdk/aws-iam.CfnServiceLinkedRoleProps",
5153 "kind": "interface",
5154 "locationInModule": {
5155 "filename": "lib/iam.generated.ts",
5156 "line": 2500
5157 },
5158 "name": "CfnServiceLinkedRoleProps",
5159 "properties": [
5160 {
5161 "abstract": true,
5162 "docs": {
5163 "custom": {
5164 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-awsservicename"
5165 },
5166 "remarks": "You use a string similar to a URL but without the http:// in front. For example: `elasticbeanstalk.amazonaws.com` .\n\nService principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the *IAM User Guide* . Look for the services that have *Yes* in the *Service-Linked Role* column. Choose the *Yes* link to view the service-linked role documentation for that service.",
5167 "stability": "external",
5168 "summary": "The service principal for the AWS service to which this role is attached."
5169 },
5170 "immutable": true,
5171 "locationInModule": {
5172 "filename": "lib/iam.generated.ts",
5173 "line": 2509
5174 },
5175 "name": "awsServiceName",
5176 "type": {
5177 "primitive": "string"
5178 }
5179 },
5180 {
5181 "abstract": true,
5182 "docs": {
5183 "custom": {
5184 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-customsuffix"
5185 },
5186 "remarks": "If you make multiple requests for the same service, then you must supply a different `CustomSuffix` for each request. Otherwise the request fails with a duplicate role name error. For example, you could add `-1` or `-debug` to the suffix.\n\nSome services do not support the `CustomSuffix` parameter. If you provide an optional suffix and the operation fails, try the operation again without the suffix.",
5187 "stability": "external",
5188 "summary": "A string that you provide, which is combined with the service-provided prefix to form the complete role name."
5189 },
5190 "immutable": true,
5191 "locationInModule": {
5192 "filename": "lib/iam.generated.ts",
5193 "line": 2518
5194 },
5195 "name": "customSuffix",
5196 "optional": true,
5197 "type": {
5198 "primitive": "string"
5199 }
5200 },
5201 {
5202 "abstract": true,
5203 "docs": {
5204 "custom": {
5205 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-description"
5206 },
5207 "stability": "external",
5208 "summary": "The description of the role."
5209 },
5210 "immutable": true,
5211 "locationInModule": {
5212 "filename": "lib/iam.generated.ts",
5213 "line": 2525
5214 },
5215 "name": "description",
5216 "optional": true,
5217 "type": {
5218 "primitive": "string"
5219 }
5220 }
5221 ],
5222 "symbolId": "lib/iam.generated:CfnServiceLinkedRoleProps"
5223 },
5224 "@aws-cdk/aws-iam.CfnUser": {
5225 "assembly": "@aws-cdk/aws-iam",
5226 "base": "@aws-cdk/core.CfnResource",
5227 "docs": {
5228 "custom": {
5229 "cloudformationResource": "AWS::IAM::User",
5230 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html",
5231 "exampleMetadata": "fixture=_generated"
5232 },
5233 "remarks": "Creates a new IAM user for your AWS account .\n\nFor information about quotas for the number of IAM users you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .",
5234 "stability": "external",
5235 "summary": "A CloudFormation `AWS::IAM::User`.",
5236 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnUser = new iam.CfnUser(this, 'MyCfnUser', /* all optional props */ {\n groups: ['groups'],\n loginProfile: {\n password: 'password',\n\n // the properties below are optional\n passwordResetRequired: false,\n },\n managedPolicyArns: ['managedPolicyArns'],\n path: 'path',\n permissionsBoundary: 'permissionsBoundary',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n tags: [{\n key: 'key',\n value: 'value',\n }],\n userName: 'userName',\n});"
5237 },
5238 "fqn": "@aws-cdk/aws-iam.CfnUser",
5239 "initializer": {
5240 "docs": {
5241 "stability": "external",
5242 "summary": "Create a new `AWS::IAM::User`."
5243 },
5244 "locationInModule": {
5245 "filename": "lib/iam.generated.ts",
5246 "line": 2977
5247 },
5248 "parameters": [
5249 {
5250 "docs": {
5251 "summary": "- scope in which this resource is defined."
5252 },
5253 "name": "scope",
5254 "type": {
5255 "fqn": "@aws-cdk/core.Construct"
5256 }
5257 },
5258 {
5259 "docs": {
5260 "summary": "- scoped id of the resource."
5261 },
5262 "name": "id",
5263 "type": {
5264 "primitive": "string"
5265 }
5266 },
5267 {
5268 "docs": {
5269 "summary": "- resource properties."
5270 },
5271 "name": "props",
5272 "optional": true,
5273 "type": {
5274 "fqn": "@aws-cdk/aws-iam.CfnUserProps"
5275 }
5276 }
5277 ]
5278 },
5279 "interfaces": [
5280 "@aws-cdk/core.IInspectable"
5281 ],
5282 "kind": "class",
5283 "locationInModule": {
5284 "filename": "lib/iam.generated.ts",
5285 "line": 2855
5286 },
5287 "methods": [
5288 {
5289 "docs": {
5290 "stability": "external",
5291 "summary": "Examines the CloudFormation resource and discloses attributes."
5292 },
5293 "locationInModule": {
5294 "filename": "lib/iam.generated.ts",
5295 "line": 2997
5296 },
5297 "name": "inspect",
5298 "overrides": "@aws-cdk/core.IInspectable",
5299 "parameters": [
5300 {
5301 "docs": {
5302 "summary": "- tree inspector to collect and process attributes."
5303 },
5304 "name": "inspector",
5305 "type": {
5306 "fqn": "@aws-cdk/core.TreeInspector"
5307 }
5308 }
5309 ]
5310 },
5311 {
5312 "docs": {
5313 "stability": "external"
5314 },
5315 "locationInModule": {
5316 "filename": "lib/iam.generated.ts",
5317 "line": 3015
5318 },
5319 "name": "renderProperties",
5320 "overrides": "@aws-cdk/core.CfnResource",
5321 "parameters": [
5322 {
5323 "name": "props",
5324 "type": {
5325 "collection": {
5326 "elementtype": {
5327 "primitive": "any"
5328 },
5329 "kind": "map"
5330 }
5331 }
5332 }
5333 ],
5334 "protected": true,
5335 "returns": {
5336 "type": {
5337 "collection": {
5338 "elementtype": {
5339 "primitive": "any"
5340 },
5341 "kind": "map"
5342 }
5343 }
5344 }
5345 }
5346 ],
5347 "name": "CfnUser",
5348 "properties": [
5349 {
5350 "const": true,
5351 "docs": {
5352 "stability": "external",
5353 "summary": "The CloudFormation resource type name for this resource class."
5354 },
5355 "immutable": true,
5356 "locationInModule": {
5357 "filename": "lib/iam.generated.ts",
5358 "line": 2859
5359 },
5360 "name": "CFN_RESOURCE_TYPE_NAME",
5361 "static": true,
5362 "type": {
5363 "primitive": "string"
5364 }
5365 },
5366 {
5367 "docs": {
5368 "custom": {
5369 "cloudformationAttribute": "Arn"
5370 },
5371 "remarks": "For example: `arn:aws:iam::123456789012:user/mystack-myuser-1CCXAFG2H2U4D` .",
5372 "stability": "external",
5373 "summary": "Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::User` resource."
5374 },
5375 "immutable": true,
5376 "locationInModule": {
5377 "filename": "lib/iam.generated.ts",
5378 "line": 2884
5379 },
5380 "name": "attrArn",
5381 "type": {
5382 "primitive": "string"
5383 }
5384 },
5385 {
5386 "docs": {
5387 "stability": "external"
5388 },
5389 "immutable": true,
5390 "locationInModule": {
5391 "filename": "lib/iam.generated.ts",
5392 "line": 3002
5393 },
5394 "name": "cfnProperties",
5395 "overrides": "@aws-cdk/core.CfnResource",
5396 "protected": true,
5397 "type": {
5398 "collection": {
5399 "elementtype": {
5400 "primitive": "any"
5401 },
5402 "kind": "map"
5403 }
5404 }
5405 },
5406 {
5407 "docs": {
5408 "custom": {
5409 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-tags"
5410 },
5411 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
5412 "stability": "external",
5413 "summary": "A list of tags that you want to attach to the new user."
5414 },
5415 "immutable": true,
5416 "locationInModule": {
5417 "filename": "lib/iam.generated.ts",
5418 "line": 2953
5419 },
5420 "name": "tags",
5421 "type": {
5422 "fqn": "@aws-cdk/core.TagManager"
5423 }
5424 },
5425 {
5426 "docs": {
5427 "custom": {
5428 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-groups"
5429 },
5430 "stability": "external",
5431 "summary": "A list of group names to which you want to add the user."
5432 },
5433 "locationInModule": {
5434 "filename": "lib/iam.generated.ts",
5435 "line": 2891
5436 },
5437 "name": "groups",
5438 "optional": true,
5439 "type": {
5440 "collection": {
5441 "elementtype": {
5442 "primitive": "string"
5443 },
5444 "kind": "array"
5445 }
5446 }
5447 },
5448 {
5449 "docs": {
5450 "custom": {
5451 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-loginprofile"
5452 },
5453 "remarks": "A password allows an IAM user to access AWS services through the AWS Management Console .\n\nYou can use the AWS CLI , the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the AWS Management Console .\n\nFor more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .",
5454 "stability": "external",
5455 "summary": "Creates a password for the specified IAM user."
5456 },
5457 "locationInModule": {
5458 "filename": "lib/iam.generated.ts",
5459 "line": 2902
5460 },
5461 "name": "loginProfile",
5462 "optional": true,
5463 "type": {
5464 "union": {
5465 "types": [
5466 {
5467 "fqn": "@aws-cdk/core.IResolvable"
5468 },
5469 {
5470 "fqn": "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty"
5471 }
5472 ]
5473 }
5474 }
5475 },
5476 {
5477 "docs": {
5478 "custom": {
5479 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-managepolicyarns"
5480 },
5481 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
5482 "stability": "external",
5483 "summary": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user."
5484 },
5485 "locationInModule": {
5486 "filename": "lib/iam.generated.ts",
5487 "line": 2911
5488 },
5489 "name": "managedPolicyArns",
5490 "optional": true,
5491 "type": {
5492 "collection": {
5493 "elementtype": {
5494 "primitive": "string"
5495 },
5496 "kind": "array"
5497 }
5498 }
5499 },
5500 {
5501 "docs": {
5502 "custom": {
5503 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-path"
5504 },
5505 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
5506 "stability": "external",
5507 "summary": "The path for the user name."
5508 },
5509 "locationInModule": {
5510 "filename": "lib/iam.generated.ts",
5511 "line": 2922
5512 },
5513 "name": "path",
5514 "optional": true,
5515 "type": {
5516 "primitive": "string"
5517 }
5518 },
5519 {
5520 "docs": {
5521 "custom": {
5522 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-permissionsboundary"
5523 },
5524 "remarks": "A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .\n\nFor more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide* .",
5525 "stability": "external",
5526 "summary": "The ARN of the managed policy that is used to set the permissions boundary for the user."
5527 },
5528 "locationInModule": {
5529 "filename": "lib/iam.generated.ts",
5530 "line": 2933
5531 },
5532 "name": "permissionsBoundary",
5533 "optional": true,
5534 "type": {
5535 "primitive": "string"
5536 }
5537 },
5538 {
5539 "docs": {
5540 "custom": {
5541 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-policies"
5542 },
5543 "remarks": "To view AWS::IAM::User snippets, see [Declaring an IAM User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user) .\n\n> The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.\n\nFor information about limits on the number of inline policies that you can embed in a user, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
5544 "stability": "external",
5545 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM user."
5546 },
5547 "locationInModule": {
5548 "filename": "lib/iam.generated.ts",
5549 "line": 2944
5550 },
5551 "name": "policies",
5552 "optional": true,
5553 "type": {
5554 "union": {
5555 "types": [
5556 {
5557 "fqn": "@aws-cdk/core.IResolvable"
5558 },
5559 {
5560 "collection": {
5561 "elementtype": {
5562 "union": {
5563 "types": [
5564 {
5565 "fqn": "@aws-cdk/core.IResolvable"
5566 },
5567 {
5568 "fqn": "@aws-cdk/aws-iam.CfnUser.PolicyProperty"
5569 }
5570 ]
5571 }
5572 },
5573 "kind": "array"
5574 }
5575 }
5576 ]
5577 }
5578 }
5579 },
5580 {
5581 "docs": {
5582 "custom": {
5583 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-username"
5584 },
5585 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both \"John\" and \"john\".\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
5586 "stability": "external",
5587 "summary": "The name of the user to create. Do not include the path in this value."
5588 },
5589 "locationInModule": {
5590 "filename": "lib/iam.generated.ts",
5591 "line": 2968
5592 },
5593 "name": "userName",
5594 "optional": true,
5595 "type": {
5596 "primitive": "string"
5597 }
5598 }
5599 ],
5600 "symbolId": "lib/iam.generated:CfnUser"
5601 },
5602 "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty": {
5603 "assembly": "@aws-cdk/aws-iam",
5604 "datatype": true,
5605 "docs": {
5606 "custom": {
5607 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html",
5608 "exampleMetadata": "fixture=_generated"
5609 },
5610 "remarks": "For more information about managing passwords, see [Managing Passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .",
5611 "stability": "external",
5612 "summary": "Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console .",
5613 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst loginProfileProperty: iam.CfnUser.LoginProfileProperty = {\n password: 'password',\n\n // the properties below are optional\n passwordResetRequired: false,\n};"
5614 },
5615 "fqn": "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty",
5616 "kind": "interface",
5617 "locationInModule": {
5618 "filename": "lib/iam.generated.ts",
5619 "line": 3029
5620 },
5621 "name": "LoginProfileProperty",
5622 "namespace": "CfnUser",
5623 "properties": [
5624 {
5625 "abstract": true,
5626 "docs": {
5627 "custom": {
5628 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html#cfn-iam-user-loginprofile-password"
5629 },
5630 "stability": "external",
5631 "summary": "The user's password."
5632 },
5633 "immutable": true,
5634 "locationInModule": {
5635 "filename": "lib/iam.generated.ts",
5636 "line": 3035
5637 },
5638 "name": "password",
5639 "type": {
5640 "primitive": "string"
5641 }
5642 },
5643 {
5644 "abstract": true,
5645 "docs": {
5646 "custom": {
5647 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html#cfn-iam-user-loginprofile-passwordresetrequired"
5648 },
5649 "stability": "external",
5650 "summary": "Specifies whether the user is required to set a new password on next sign-in."
5651 },
5652 "immutable": true,
5653 "locationInModule": {
5654 "filename": "lib/iam.generated.ts",
5655 "line": 3041
5656 },
5657 "name": "passwordResetRequired",
5658 "optional": true,
5659 "type": {
5660 "union": {
5661 "types": [
5662 {
5663 "primitive": "boolean"
5664 },
5665 {
5666 "fqn": "@aws-cdk/core.IResolvable"
5667 }
5668 ]
5669 }
5670 }
5671 }
5672 ],
5673 "symbolId": "lib/iam.generated:CfnUser.LoginProfileProperty"
5674 },
5675 "@aws-cdk/aws-iam.CfnUser.PolicyProperty": {
5676 "assembly": "@aws-cdk/aws-iam",
5677 "datatype": true,
5678 "docs": {
5679 "custom": {
5680 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html",
5681 "exampleMetadata": "fixture=_generated"
5682 },
5683 "remarks": "An attached policy is a managed policy that has been attached to a user, group, or role.\n\nFor more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .",
5684 "stability": "external",
5685 "summary": "Contains information about an attached policy.",
5686 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst policyProperty: iam.CfnUser.PolicyProperty = {\n policyDocument: policyDocument,\n policyName: 'policyName',\n};"
5687 },
5688 "fqn": "@aws-cdk/aws-iam.CfnUser.PolicyProperty",
5689 "kind": "interface",
5690 "locationInModule": {
5691 "filename": "lib/iam.generated.ts",
5692 "line": 3110
5693 },
5694 "name": "PolicyProperty",
5695 "namespace": "CfnUser",
5696 "properties": [
5697 {
5698 "abstract": true,
5699 "docs": {
5700 "custom": {
5701 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument"
5702 },
5703 "remarks": "For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json) .",
5704 "stability": "external",
5705 "summary": "The entire contents of the policy that defines permissions."
5706 },
5707 "immutable": true,
5708 "locationInModule": {
5709 "filename": "lib/iam.generated.ts",
5710 "line": 3116
5711 },
5712 "name": "policyDocument",
5713 "type": {
5714 "primitive": "any"
5715 }
5716 },
5717 {
5718 "abstract": true,
5719 "docs": {
5720 "custom": {
5721 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname"
5722 },
5723 "stability": "external",
5724 "summary": "The friendly name (not ARN) identifying the policy."
5725 },
5726 "immutable": true,
5727 "locationInModule": {
5728 "filename": "lib/iam.generated.ts",
5729 "line": 3122
5730 },
5731 "name": "policyName",
5732 "type": {
5733 "primitive": "string"
5734 }
5735 }
5736 ],
5737 "symbolId": "lib/iam.generated:CfnUser.PolicyProperty"
5738 },
5739 "@aws-cdk/aws-iam.CfnUserProps": {
5740 "assembly": "@aws-cdk/aws-iam",
5741 "datatype": true,
5742 "docs": {
5743 "custom": {
5744 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html",
5745 "exampleMetadata": "fixture=_generated"
5746 },
5747 "stability": "external",
5748 "summary": "Properties for defining a `CfnUser`.",
5749 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const policyDocument: any;\nconst cfnUserProps: iam.CfnUserProps = {\n groups: ['groups'],\n loginProfile: {\n password: 'password',\n\n // the properties below are optional\n passwordResetRequired: false,\n },\n managedPolicyArns: ['managedPolicyArns'],\n path: 'path',\n permissionsBoundary: 'permissionsBoundary',\n policies: [{\n policyDocument: policyDocument,\n policyName: 'policyName',\n }],\n tags: [{\n key: 'key',\n value: 'value',\n }],\n userName: 'userName',\n};"
5750 },
5751 "fqn": "@aws-cdk/aws-iam.CfnUserProps",
5752 "kind": "interface",
5753 "locationInModule": {
5754 "filename": "lib/iam.generated.ts",
5755 "line": 2690
5756 },
5757 "name": "CfnUserProps",
5758 "properties": [
5759 {
5760 "abstract": true,
5761 "docs": {
5762 "custom": {
5763 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-groups"
5764 },
5765 "stability": "external",
5766 "summary": "A list of group names to which you want to add the user."
5767 },
5768 "immutable": true,
5769 "locationInModule": {
5770 "filename": "lib/iam.generated.ts",
5771 "line": 2697
5772 },
5773 "name": "groups",
5774 "optional": true,
5775 "type": {
5776 "collection": {
5777 "elementtype": {
5778 "primitive": "string"
5779 },
5780 "kind": "array"
5781 }
5782 }
5783 },
5784 {
5785 "abstract": true,
5786 "docs": {
5787 "custom": {
5788 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-loginprofile"
5789 },
5790 "remarks": "A password allows an IAM user to access AWS services through the AWS Management Console .\n\nYou can use the AWS CLI , the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the AWS Management Console .\n\nFor more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .",
5791 "stability": "external",
5792 "summary": "Creates a password for the specified IAM user."
5793 },
5794 "immutable": true,
5795 "locationInModule": {
5796 "filename": "lib/iam.generated.ts",
5797 "line": 2708
5798 },
5799 "name": "loginProfile",
5800 "optional": true,
5801 "type": {
5802 "union": {
5803 "types": [
5804 {
5805 "fqn": "@aws-cdk/core.IResolvable"
5806 },
5807 {
5808 "fqn": "@aws-cdk/aws-iam.CfnUser.LoginProfileProperty"
5809 }
5810 ]
5811 }
5812 }
5813 },
5814 {
5815 "abstract": true,
5816 "docs": {
5817 "custom": {
5818 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-managepolicyarns"
5819 },
5820 "remarks": "For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .",
5821 "stability": "external",
5822 "summary": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user."
5823 },
5824 "immutable": true,
5825 "locationInModule": {
5826 "filename": "lib/iam.generated.ts",
5827 "line": 2717
5828 },
5829 "name": "managedPolicyArns",
5830 "optional": true,
5831 "type": {
5832 "collection": {
5833 "elementtype": {
5834 "primitive": "string"
5835 },
5836 "kind": "array"
5837 }
5838 }
5839 },
5840 {
5841 "abstract": true,
5842 "docs": {
5843 "custom": {
5844 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-path"
5845 },
5846 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
5847 "stability": "external",
5848 "summary": "The path for the user name."
5849 },
5850 "immutable": true,
5851 "locationInModule": {
5852 "filename": "lib/iam.generated.ts",
5853 "line": 2728
5854 },
5855 "name": "path",
5856 "optional": true,
5857 "type": {
5858 "primitive": "string"
5859 }
5860 },
5861 {
5862 "abstract": true,
5863 "docs": {
5864 "custom": {
5865 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-permissionsboundary"
5866 },
5867 "remarks": "A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .\n\nFor more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide* .",
5868 "stability": "external",
5869 "summary": "The ARN of the managed policy that is used to set the permissions boundary for the user."
5870 },
5871 "immutable": true,
5872 "locationInModule": {
5873 "filename": "lib/iam.generated.ts",
5874 "line": 2739
5875 },
5876 "name": "permissionsBoundary",
5877 "optional": true,
5878 "type": {
5879 "primitive": "string"
5880 }
5881 },
5882 {
5883 "abstract": true,
5884 "docs": {
5885 "custom": {
5886 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-policies"
5887 },
5888 "remarks": "To view AWS::IAM::User snippets, see [Declaring an IAM User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user) .\n\n> The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.\n\nFor information about limits on the number of inline policies that you can embed in a user, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .",
5889 "stability": "external",
5890 "summary": "Adds or updates an inline policy document that is embedded in the specified IAM user."
5891 },
5892 "immutable": true,
5893 "locationInModule": {
5894 "filename": "lib/iam.generated.ts",
5895 "line": 2750
5896 },
5897 "name": "policies",
5898 "optional": true,
5899 "type": {
5900 "union": {
5901 "types": [
5902 {
5903 "fqn": "@aws-cdk/core.IResolvable"
5904 },
5905 {
5906 "collection": {
5907 "elementtype": {
5908 "union": {
5909 "types": [
5910 {
5911 "fqn": "@aws-cdk/core.IResolvable"
5912 },
5913 {
5914 "fqn": "@aws-cdk/aws-iam.CfnUser.PolicyProperty"
5915 }
5916 ]
5917 }
5918 },
5919 "kind": "array"
5920 }
5921 }
5922 ]
5923 }
5924 }
5925 },
5926 {
5927 "abstract": true,
5928 "docs": {
5929 "custom": {
5930 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-tags"
5931 },
5932 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
5933 "stability": "external",
5934 "summary": "A list of tags that you want to attach to the new user."
5935 },
5936 "immutable": true,
5937 "locationInModule": {
5938 "filename": "lib/iam.generated.ts",
5939 "line": 2759
5940 },
5941 "name": "tags",
5942 "optional": true,
5943 "type": {
5944 "collection": {
5945 "elementtype": {
5946 "fqn": "@aws-cdk/core.CfnTag"
5947 },
5948 "kind": "array"
5949 }
5950 }
5951 },
5952 {
5953 "abstract": true,
5954 "docs": {
5955 "custom": {
5956 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-username"
5957 },
5958 "remarks": "This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both \"John\" and \"john\".\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.\n\nIf you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .\n\n> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}` .",
5959 "stability": "external",
5960 "summary": "The name of the user to create. Do not include the path in this value."
5961 },
5962 "immutable": true,
5963 "locationInModule": {
5964 "filename": "lib/iam.generated.ts",
5965 "line": 2774
5966 },
5967 "name": "userName",
5968 "optional": true,
5969 "type": {
5970 "primitive": "string"
5971 }
5972 }
5973 ],
5974 "symbolId": "lib/iam.generated:CfnUserProps"
5975 },
5976 "@aws-cdk/aws-iam.CfnUserToGroupAddition": {
5977 "assembly": "@aws-cdk/aws-iam",
5978 "base": "@aws-cdk/core.CfnResource",
5979 "docs": {
5980 "custom": {
5981 "cloudformationResource": "AWS::IAM::UserToGroupAddition",
5982 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html",
5983 "exampleMetadata": "fixture=_generated"
5984 },
5985 "remarks": "Adds the specified user to the specified group.",
5986 "stability": "external",
5987 "summary": "A CloudFormation `AWS::IAM::UserToGroupAddition`.",
5988 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnUserToGroupAddition = new iam.CfnUserToGroupAddition(this, 'MyCfnUserToGroupAddition', {\n groupName: 'groupName',\n users: ['users'],\n});"
5989 },
5990 "fqn": "@aws-cdk/aws-iam.CfnUserToGroupAddition",
5991 "initializer": {
5992 "docs": {
5993 "stability": "external",
5994 "summary": "Create a new `AWS::IAM::UserToGroupAddition`."
5995 },
5996 "locationInModule": {
5997 "filename": "lib/iam.generated.ts",
5998 "line": 3314
5999 },
6000 "parameters": [
6001 {
6002 "docs": {
6003 "summary": "- scope in which this resource is defined."
6004 },
6005 "name": "scope",
6006 "type": {
6007 "fqn": "@aws-cdk/core.Construct"
6008 }
6009 },
6010 {
6011 "docs": {
6012 "summary": "- scoped id of the resource."
6013 },
6014 "name": "id",
6015 "type": {
6016 "primitive": "string"
6017 }
6018 },
6019 {
6020 "docs": {
6021 "summary": "- resource properties."
6022 },
6023 "name": "props",
6024 "type": {
6025 "fqn": "@aws-cdk/aws-iam.CfnUserToGroupAdditionProps"
6026 }
6027 }
6028 ]
6029 },
6030 "interfaces": [
6031 "@aws-cdk/core.IInspectable"
6032 ],
6033 "kind": "class",
6034 "locationInModule": {
6035 "filename": "lib/iam.generated.ts",
6036 "line": 3266
6037 },
6038 "methods": [
6039 {
6040 "docs": {
6041 "stability": "external",
6042 "summary": "Examines the CloudFormation resource and discloses attributes."
6043 },
6044 "locationInModule": {
6045 "filename": "lib/iam.generated.ts",
6046 "line": 3329
6047 },
6048 "name": "inspect",
6049 "overrides": "@aws-cdk/core.IInspectable",
6050 "parameters": [
6051 {
6052 "docs": {
6053 "summary": "- tree inspector to collect and process attributes."
6054 },
6055 "name": "inspector",
6056 "type": {
6057 "fqn": "@aws-cdk/core.TreeInspector"
6058 }
6059 }
6060 ]
6061 },
6062 {
6063 "docs": {
6064 "stability": "external"
6065 },
6066 "locationInModule": {
6067 "filename": "lib/iam.generated.ts",
6068 "line": 3341
6069 },
6070 "name": "renderProperties",
6071 "overrides": "@aws-cdk/core.CfnResource",
6072 "parameters": [
6073 {
6074 "name": "props",
6075 "type": {
6076 "collection": {
6077 "elementtype": {
6078 "primitive": "any"
6079 },
6080 "kind": "map"
6081 }
6082 }
6083 }
6084 ],
6085 "protected": true,
6086 "returns": {
6087 "type": {
6088 "collection": {
6089 "elementtype": {
6090 "primitive": "any"
6091 },
6092 "kind": "map"
6093 }
6094 }
6095 }
6096 }
6097 ],
6098 "name": "CfnUserToGroupAddition",
6099 "properties": [
6100 {
6101 "const": true,
6102 "docs": {
6103 "stability": "external",
6104 "summary": "The CloudFormation resource type name for this resource class."
6105 },
6106 "immutable": true,
6107 "locationInModule": {
6108 "filename": "lib/iam.generated.ts",
6109 "line": 3270
6110 },
6111 "name": "CFN_RESOURCE_TYPE_NAME",
6112 "static": true,
6113 "type": {
6114 "primitive": "string"
6115 }
6116 },
6117 {
6118 "docs": {
6119 "stability": "external"
6120 },
6121 "immutable": true,
6122 "locationInModule": {
6123 "filename": "lib/iam.generated.ts",
6124 "line": 3334
6125 },
6126 "name": "cfnProperties",
6127 "overrides": "@aws-cdk/core.CfnResource",
6128 "protected": true,
6129 "type": {
6130 "collection": {
6131 "elementtype": {
6132 "primitive": "any"
6133 },
6134 "kind": "map"
6135 }
6136 }
6137 },
6138 {
6139 "docs": {
6140 "custom": {
6141 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-groupname"
6142 },
6143 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
6144 "stability": "external",
6145 "summary": "The name of the group to update."
6146 },
6147 "locationInModule": {
6148 "filename": "lib/iam.generated.ts",
6149 "line": 3298
6150 },
6151 "name": "groupName",
6152 "type": {
6153 "primitive": "string"
6154 }
6155 },
6156 {
6157 "docs": {
6158 "custom": {
6159 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-users"
6160 },
6161 "stability": "external",
6162 "summary": "A list of the names of the users that you want to add to the group."
6163 },
6164 "locationInModule": {
6165 "filename": "lib/iam.generated.ts",
6166 "line": 3305
6167 },
6168 "name": "users",
6169 "type": {
6170 "collection": {
6171 "elementtype": {
6172 "primitive": "string"
6173 },
6174 "kind": "array"
6175 }
6176 }
6177 }
6178 ],
6179 "symbolId": "lib/iam.generated:CfnUserToGroupAddition"
6180 },
6181 "@aws-cdk/aws-iam.CfnUserToGroupAdditionProps": {
6182 "assembly": "@aws-cdk/aws-iam",
6183 "datatype": true,
6184 "docs": {
6185 "custom": {
6186 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html",
6187 "exampleMetadata": "fixture=_generated"
6188 },
6189 "stability": "external",
6190 "summary": "Properties for defining a `CfnUserToGroupAddition`.",
6191 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnUserToGroupAdditionProps: iam.CfnUserToGroupAdditionProps = {\n groupName: 'groupName',\n users: ['users'],\n};"
6192 },
6193 "fqn": "@aws-cdk/aws-iam.CfnUserToGroupAdditionProps",
6194 "kind": "interface",
6195 "locationInModule": {
6196 "filename": "lib/iam.generated.ts",
6197 "line": 3187
6198 },
6199 "name": "CfnUserToGroupAdditionProps",
6200 "properties": [
6201 {
6202 "abstract": true,
6203 "docs": {
6204 "custom": {
6205 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-groupname"
6206 },
6207 "remarks": "This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
6208 "stability": "external",
6209 "summary": "The name of the group to update."
6210 },
6211 "immutable": true,
6212 "locationInModule": {
6213 "filename": "lib/iam.generated.ts",
6214 "line": 3196
6215 },
6216 "name": "groupName",
6217 "type": {
6218 "primitive": "string"
6219 }
6220 },
6221 {
6222 "abstract": true,
6223 "docs": {
6224 "custom": {
6225 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-users"
6226 },
6227 "stability": "external",
6228 "summary": "A list of the names of the users that you want to add to the group."
6229 },
6230 "immutable": true,
6231 "locationInModule": {
6232 "filename": "lib/iam.generated.ts",
6233 "line": 3203
6234 },
6235 "name": "users",
6236 "type": {
6237 "collection": {
6238 "elementtype": {
6239 "primitive": "string"
6240 },
6241 "kind": "array"
6242 }
6243 }
6244 }
6245 ],
6246 "symbolId": "lib/iam.generated:CfnUserToGroupAdditionProps"
6247 },
6248 "@aws-cdk/aws-iam.CfnVirtualMFADevice": {
6249 "assembly": "@aws-cdk/aws-iam",
6250 "base": "@aws-cdk/core.CfnResource",
6251 "docs": {
6252 "custom": {
6253 "cloudformationResource": "AWS::IAM::VirtualMFADevice",
6254 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html",
6255 "exampleMetadata": "fixture=_generated"
6256 },
6257 "remarks": "Creates a new virtual MFA device for the AWS account . After creating the virtual MFA, use [EnableMFADevice](https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html) to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, see [Using a virtual MFA device](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) in the *IAM User Guide* .\n\nFor information about the maximum number of MFA devices you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .\n\n> The seed information contained in the QR code and the Base32 string should be treated like any other secret access information. In other words, protect the seed information as you would your AWS access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.",
6258 "stability": "external",
6259 "summary": "A CloudFormation `AWS::IAM::VirtualMFADevice`.",
6260 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnVirtualMFADevice = new iam.CfnVirtualMFADevice(this, 'MyCfnVirtualMFADevice', {\n users: ['users'],\n\n // the properties below are optional\n path: 'path',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n virtualMfaDeviceName: 'virtualMfaDeviceName',\n});"
6261 },
6262 "fqn": "@aws-cdk/aws-iam.CfnVirtualMFADevice",
6263 "initializer": {
6264 "docs": {
6265 "stability": "external",
6266 "summary": "Create a new `AWS::IAM::VirtualMFADevice`."
6267 },
6268 "locationInModule": {
6269 "filename": "lib/iam.generated.ts",
6270 "line": 3536
6271 },
6272 "parameters": [
6273 {
6274 "docs": {
6275 "summary": "- scope in which this resource is defined."
6276 },
6277 "name": "scope",
6278 "type": {
6279 "fqn": "@aws-cdk/core.Construct"
6280 }
6281 },
6282 {
6283 "docs": {
6284 "summary": "- scoped id of the resource."
6285 },
6286 "name": "id",
6287 "type": {
6288 "primitive": "string"
6289 }
6290 },
6291 {
6292 "docs": {
6293 "summary": "- resource properties."
6294 },
6295 "name": "props",
6296 "type": {
6297 "fqn": "@aws-cdk/aws-iam.CfnVirtualMFADeviceProps"
6298 }
6299 }
6300 ]
6301 },
6302 "interfaces": [
6303 "@aws-cdk/core.IInspectable"
6304 ],
6305 "kind": "class",
6306 "locationInModule": {
6307 "filename": "lib/iam.generated.ts",
6308 "line": 3462
6309 },
6310 "methods": [
6311 {
6312 "docs": {
6313 "stability": "external",
6314 "summary": "Examines the CloudFormation resource and discloses attributes."
6315 },
6316 "locationInModule": {
6317 "filename": "lib/iam.generated.ts",
6318 "line": 3553
6319 },
6320 "name": "inspect",
6321 "overrides": "@aws-cdk/core.IInspectable",
6322 "parameters": [
6323 {
6324 "docs": {
6325 "summary": "- tree inspector to collect and process attributes."
6326 },
6327 "name": "inspector",
6328 "type": {
6329 "fqn": "@aws-cdk/core.TreeInspector"
6330 }
6331 }
6332 ]
6333 },
6334 {
6335 "docs": {
6336 "stability": "external"
6337 },
6338 "locationInModule": {
6339 "filename": "lib/iam.generated.ts",
6340 "line": 3567
6341 },
6342 "name": "renderProperties",
6343 "overrides": "@aws-cdk/core.CfnResource",
6344 "parameters": [
6345 {
6346 "name": "props",
6347 "type": {
6348 "collection": {
6349 "elementtype": {
6350 "primitive": "any"
6351 },
6352 "kind": "map"
6353 }
6354 }
6355 }
6356 ],
6357 "protected": true,
6358 "returns": {
6359 "type": {
6360 "collection": {
6361 "elementtype": {
6362 "primitive": "any"
6363 },
6364 "kind": "map"
6365 }
6366 }
6367 }
6368 }
6369 ],
6370 "name": "CfnVirtualMFADevice",
6371 "properties": [
6372 {
6373 "const": true,
6374 "docs": {
6375 "stability": "external",
6376 "summary": "The CloudFormation resource type name for this resource class."
6377 },
6378 "immutable": true,
6379 "locationInModule": {
6380 "filename": "lib/iam.generated.ts",
6381 "line": 3466
6382 },
6383 "name": "CFN_RESOURCE_TYPE_NAME",
6384 "static": true,
6385 "type": {
6386 "primitive": "string"
6387 }
6388 },
6389 {
6390 "docs": {
6391 "custom": {
6392 "cloudformationAttribute": "SerialNumber"
6393 },
6394 "stability": "external",
6395 "summary": "Returns the serial number for the specified `AWS::IAM::VirtualMFADevice` resource."
6396 },
6397 "immutable": true,
6398 "locationInModule": {
6399 "filename": "lib/iam.generated.ts",
6400 "line": 3491
6401 },
6402 "name": "attrSerialNumber",
6403 "type": {
6404 "primitive": "string"
6405 }
6406 },
6407 {
6408 "docs": {
6409 "stability": "external"
6410 },
6411 "immutable": true,
6412 "locationInModule": {
6413 "filename": "lib/iam.generated.ts",
6414 "line": 3558
6415 },
6416 "name": "cfnProperties",
6417 "overrides": "@aws-cdk/core.CfnResource",
6418 "protected": true,
6419 "type": {
6420 "collection": {
6421 "elementtype": {
6422 "primitive": "any"
6423 },
6424 "kind": "map"
6425 }
6426 }
6427 },
6428 {
6429 "docs": {
6430 "custom": {
6431 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-tags"
6432 },
6433 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
6434 "stability": "external",
6435 "summary": "A list of tags that you want to attach to the new IAM virtual MFA device."
6436 },
6437 "immutable": true,
6438 "locationInModule": {
6439 "filename": "lib/iam.generated.ts",
6440 "line": 3518
6441 },
6442 "name": "tags",
6443 "type": {
6444 "fqn": "@aws-cdk/core.TagManager"
6445 }
6446 },
6447 {
6448 "docs": {
6449 "custom": {
6450 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-users"
6451 },
6452 "stability": "external",
6453 "summary": "The IAM user associated with this virtual MFA device."
6454 },
6455 "locationInModule": {
6456 "filename": "lib/iam.generated.ts",
6457 "line": 3498
6458 },
6459 "name": "users",
6460 "type": {
6461 "collection": {
6462 "elementtype": {
6463 "primitive": "string"
6464 },
6465 "kind": "array"
6466 }
6467 }
6468 },
6469 {
6470 "docs": {
6471 "custom": {
6472 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-path"
6473 },
6474 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
6475 "stability": "external",
6476 "summary": "The path for the virtual MFA device."
6477 },
6478 "locationInModule": {
6479 "filename": "lib/iam.generated.ts",
6480 "line": 3509
6481 },
6482 "name": "path",
6483 "optional": true,
6484 "type": {
6485 "primitive": "string"
6486 }
6487 },
6488 {
6489 "docs": {
6490 "custom": {
6491 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-virtualmfadevicename"
6492 },
6493 "remarks": "Use with path to uniquely identify a virtual MFA device.\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
6494 "stability": "external",
6495 "summary": "The name of the virtual MFA device, which must be unique."
6496 },
6497 "locationInModule": {
6498 "filename": "lib/iam.generated.ts",
6499 "line": 3527
6500 },
6501 "name": "virtualMfaDeviceName",
6502 "optional": true,
6503 "type": {
6504 "primitive": "string"
6505 }
6506 }
6507 ],
6508 "symbolId": "lib/iam.generated:CfnVirtualMFADevice"
6509 },
6510 "@aws-cdk/aws-iam.CfnVirtualMFADeviceProps": {
6511 "assembly": "@aws-cdk/aws-iam",
6512 "datatype": true,
6513 "docs": {
6514 "custom": {
6515 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html",
6516 "exampleMetadata": "fixture=_generated"
6517 },
6518 "stability": "external",
6519 "summary": "Properties for defining a `CfnVirtualMFADevice`.",
6520 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst cfnVirtualMFADeviceProps: iam.CfnVirtualMFADeviceProps = {\n users: ['users'],\n\n // the properties below are optional\n path: 'path',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n virtualMfaDeviceName: 'virtualMfaDeviceName',\n};"
6521 },
6522 "fqn": "@aws-cdk/aws-iam.CfnVirtualMFADeviceProps",
6523 "kind": "interface",
6524 "locationInModule": {
6525 "filename": "lib/iam.generated.ts",
6526 "line": 3354
6527 },
6528 "name": "CfnVirtualMFADeviceProps",
6529 "properties": [
6530 {
6531 "abstract": true,
6532 "docs": {
6533 "custom": {
6534 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-users"
6535 },
6536 "stability": "external",
6537 "summary": "The IAM user associated with this virtual MFA device."
6538 },
6539 "immutable": true,
6540 "locationInModule": {
6541 "filename": "lib/iam.generated.ts",
6542 "line": 3361
6543 },
6544 "name": "users",
6545 "type": {
6546 "collection": {
6547 "elementtype": {
6548 "primitive": "string"
6549 },
6550 "kind": "array"
6551 }
6552 }
6553 },
6554 {
6555 "abstract": true,
6556 "docs": {
6557 "custom": {
6558 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-path"
6559 },
6560 "remarks": "For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .\n\nThis parameter is optional. If it is not included, it defaults to a slash (/).\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\\ u0021` ) through the DEL character ( `\\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.",
6561 "stability": "external",
6562 "summary": "The path for the virtual MFA device."
6563 },
6564 "immutable": true,
6565 "locationInModule": {
6566 "filename": "lib/iam.generated.ts",
6567 "line": 3372
6568 },
6569 "name": "path",
6570 "optional": true,
6571 "type": {
6572 "primitive": "string"
6573 }
6574 },
6575 {
6576 "abstract": true,
6577 "docs": {
6578 "custom": {
6579 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-tags"
6580 },
6581 "remarks": "Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .\n\n> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.",
6582 "stability": "external",
6583 "summary": "A list of tags that you want to attach to the new IAM virtual MFA device."
6584 },
6585 "immutable": true,
6586 "locationInModule": {
6587 "filename": "lib/iam.generated.ts",
6588 "line": 3381
6589 },
6590 "name": "tags",
6591 "optional": true,
6592 "type": {
6593 "collection": {
6594 "elementtype": {
6595 "fqn": "@aws-cdk/core.CfnTag"
6596 },
6597 "kind": "array"
6598 }
6599 }
6600 },
6601 {
6602 "abstract": true,
6603 "docs": {
6604 "custom": {
6605 "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-virtualmfadevicename"
6606 },
6607 "remarks": "Use with path to uniquely identify a virtual MFA device.\n\nThis parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-",
6608 "stability": "external",
6609 "summary": "The name of the virtual MFA device, which must be unique."
6610 },
6611 "immutable": true,
6612 "locationInModule": {
6613 "filename": "lib/iam.generated.ts",
6614 "line": 3390
6615 },
6616 "name": "virtualMfaDeviceName",
6617 "optional": true,
6618 "type": {
6619 "primitive": "string"
6620 }
6621 }
6622 ],
6623 "symbolId": "lib/iam.generated:CfnVirtualMFADeviceProps"
6624 },
6625 "@aws-cdk/aws-iam.CommonGrantOptions": {
6626 "assembly": "@aws-cdk/aws-iam",
6627 "datatype": true,
6628 "docs": {
6629 "stability": "stable",
6630 "summary": "Basic options for a grant operation.",
6631 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const grantable: iam.IGrantable;\nconst commonGrantOptions: iam.CommonGrantOptions = {\n actions: ['actions'],\n grantee: grantable,\n resourceArns: ['resourceArns'],\n};",
6632 "custom": {
6633 "exampleMetadata": "fixture=_generated"
6634 }
6635 },
6636 "fqn": "@aws-cdk/aws-iam.CommonGrantOptions",
6637 "kind": "interface",
6638 "locationInModule": {
6639 "filename": "lib/grant.ts",
6640 "line": 9
6641 },
6642 "name": "CommonGrantOptions",
6643 "properties": [
6644 {
6645 "abstract": true,
6646 "docs": {
6647 "stability": "stable",
6648 "summary": "The actions to grant."
6649 },
6650 "immutable": true,
6651 "locationInModule": {
6652 "filename": "lib/grant.ts",
6653 "line": 20
6654 },
6655 "name": "actions",
6656 "type": {
6657 "collection": {
6658 "elementtype": {
6659 "primitive": "string"
6660 },
6661 "kind": "array"
6662 }
6663 }
6664 },
6665 {
6666 "abstract": true,
6667 "docs": {
6668 "default": "if principal is undefined, no work is done.",
6669 "stability": "stable",
6670 "summary": "The principal to grant to."
6671 },
6672 "immutable": true,
6673 "locationInModule": {
6674 "filename": "lib/grant.ts",
6675 "line": 15
6676 },
6677 "name": "grantee",
6678 "type": {
6679 "fqn": "@aws-cdk/aws-iam.IGrantable"
6680 }
6681 },
6682 {
6683 "abstract": true,
6684 "docs": {
6685 "stability": "stable",
6686 "summary": "The resource ARNs to grant to."
6687 },
6688 "immutable": true,
6689 "locationInModule": {
6690 "filename": "lib/grant.ts",
6691 "line": 25
6692 },
6693 "name": "resourceArns",
6694 "type": {
6695 "collection": {
6696 "elementtype": {
6697 "primitive": "string"
6698 },
6699 "kind": "array"
6700 }
6701 }
6702 }
6703 ],
6704 "symbolId": "lib/grant:CommonGrantOptions"
6705 },
6706 "@aws-cdk/aws-iam.ComparablePrincipal": {
6707 "assembly": "@aws-cdk/aws-iam",
6708 "docs": {
6709 "stability": "stable",
6710 "summary": "Helper class for working with `IComparablePrincipal`s.",
6711 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst comparablePrincipal = new iam.ComparablePrincipal();",
6712 "custom": {
6713 "exampleMetadata": "fixture=_generated"
6714 }
6715 },
6716 "fqn": "@aws-cdk/aws-iam.ComparablePrincipal",
6717 "initializer": {
6718 "docs": {
6719 "stability": "stable"
6720 }
6721 },
6722 "kind": "class",
6723 "locationInModule": {
6724 "filename": "lib/principals.ts",
6725 "line": 90
6726 },
6727 "methods": [
6728 {
6729 "docs": {
6730 "stability": "stable",
6731 "summary": "Return the dedupeString of the given principal, if available."
6732 },
6733 "locationInModule": {
6734 "filename": "lib/principals.ts",
6735 "line": 101
6736 },
6737 "name": "dedupeStringFor",
6738 "parameters": [
6739 {
6740 "name": "x",
6741 "type": {
6742 "fqn": "@aws-cdk/aws-iam.IPrincipal"
6743 }
6744 }
6745 ],
6746 "returns": {
6747 "optional": true,
6748 "type": {
6749 "primitive": "string"
6750 }
6751 },
6752 "static": true
6753 },
6754 {
6755 "docs": {
6756 "stability": "stable",
6757 "summary": "Whether or not the given principal is a comparable principal."
6758 },
6759 "locationInModule": {
6760 "filename": "lib/principals.ts",
6761 "line": 94
6762 },
6763 "name": "isComparablePrincipal",
6764 "parameters": [
6765 {
6766 "name": "x",
6767 "type": {
6768 "fqn": "@aws-cdk/aws-iam.IPrincipal"
6769 }
6770 }
6771 ],
6772 "returns": {
6773 "type": {
6774 "primitive": "boolean"
6775 }
6776 },
6777 "static": true
6778 }
6779 ],
6780 "name": "ComparablePrincipal",
6781 "symbolId": "lib/principals:ComparablePrincipal"
6782 },
6783 "@aws-cdk/aws-iam.CompositeDependable": {
6784 "assembly": "@aws-cdk/aws-iam",
6785 "docs": {
6786 "remarks": "Not as simple as eagerly getting the dependency roots from the\ninner dependables, as they may be mutable so we need to defer\nthe query.",
6787 "stability": "stable",
6788 "summary": "Composite dependable.",
6789 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const dependable: cdk.IDependable;\nconst compositeDependable = new iam.CompositeDependable(dependable);",
6790 "custom": {
6791 "exampleMetadata": "fixture=_generated"
6792 }
6793 },
6794 "fqn": "@aws-cdk/aws-iam.CompositeDependable",
6795 "initializer": {
6796 "docs": {
6797 "stability": "stable"
6798 },
6799 "locationInModule": {
6800 "filename": "lib/grant.ts",
6801 "line": 339
6802 },
6803 "parameters": [
6804 {
6805 "name": "dependables",
6806 "type": {
6807 "fqn": "@aws-cdk/core.IDependable"
6808 },
6809 "variadic": true
6810 }
6811 ],
6812 "variadic": true
6813 },
6814 "interfaces": [
6815 "@aws-cdk/core.IDependable"
6816 ],
6817 "kind": "class",
6818 "locationInModule": {
6819 "filename": "lib/grant.ts",
6820 "line": 338
6821 },
6822 "name": "CompositeDependable",
6823 "symbolId": "lib/grant:CompositeDependable"
6824 },
6825 "@aws-cdk/aws-iam.CompositePrincipal": {
6826 "assembly": "@aws-cdk/aws-iam",
6827 "base": "@aws-cdk/aws-iam.PrincipalBase",
6828 "docs": {
6829 "remarks": "A composite principal cannot\nhave conditions. i.e. multiple ServicePrincipals that form a composite principal",
6830 "stability": "stable",
6831 "summary": "Represents a principal that has multiple types of principals.",
6832 "example": "const role = new iam.Role(this, 'MyRole', {\n assumedBy: new iam.CompositePrincipal(\n new iam.ServicePrincipal('ec2.amazonaws.com'),\n new iam.AccountPrincipal('1818188181818187272')\n ),\n});",
6833 "custom": {
6834 "exampleMetadata": "infused"
6835 }
6836 },
6837 "fqn": "@aws-cdk/aws-iam.CompositePrincipal",
6838 "initializer": {
6839 "docs": {
6840 "stability": "stable"
6841 },
6842 "locationInModule": {
6843 "filename": "lib/principals.ts",
6844 "line": 788
6845 },
6846 "parameters": [
6847 {
6848 "name": "principals",
6849 "type": {
6850 "fqn": "@aws-cdk/aws-iam.IPrincipal"
6851 },
6852 "variadic": true
6853 }
6854 ],
6855 "variadic": true
6856 },
6857 "kind": "class",
6858 "locationInModule": {
6859 "filename": "lib/principals.ts",
6860 "line": 784
6861 },
6862 "methods": [
6863 {
6864 "docs": {
6865 "remarks": "Composite principals cannot have\nconditions.",
6866 "stability": "stable",
6867 "summary": "Adds IAM principals to the composite principal."
6868 },
6869 "locationInModule": {
6870 "filename": "lib/principals.ts",
6871 "line": 803
6872 },
6873 "name": "addPrincipals",
6874 "parameters": [
6875 {
6876 "docs": {
6877 "summary": "IAM principals that will be added to the composite principal."
6878 },
6879 "name": "principals",
6880 "type": {
6881 "fqn": "@aws-cdk/aws-iam.IPrincipal"
6882 },
6883 "variadic": true
6884 }
6885 ],
6886 "returns": {
6887 "type": {
6888 "fqn": "@aws-cdk/aws-iam.CompositePrincipal"
6889 }
6890 },
6891 "variadic": true
6892 },
6893 {
6894 "docs": {
6895 "remarks": "Add the statements to the AssumeRolePolicyDocument necessary to give this principal\npermissions to assume the given role.",
6896 "stability": "stable",
6897 "summary": "Add the princpial to the AssumeRolePolicyDocument."
6898 },
6899 "locationInModule": {
6900 "filename": "lib/principals.ts",
6901 "line": 808
6902 },
6903 "name": "addToAssumeRolePolicy",
6904 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6905 "parameters": [
6906 {
6907 "name": "doc",
6908 "type": {
6909 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
6910 }
6911 }
6912 ]
6913 },
6914 {
6915 "docs": {
6916 "stability": "stable",
6917 "summary": "Return whether or not this principal is equal to the given principal."
6918 },
6919 "locationInModule": {
6920 "filename": "lib/principals.ts",
6921 "line": 839
6922 },
6923 "name": "dedupeString",
6924 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6925 "returns": {
6926 "optional": true,
6927 "type": {
6928 "primitive": "string"
6929 }
6930 }
6931 },
6932 {
6933 "docs": {
6934 "stability": "stable",
6935 "summary": "Returns a string representation of an object."
6936 },
6937 "locationInModule": {
6938 "filename": "lib/principals.ts",
6939 "line": 835
6940 },
6941 "name": "toString",
6942 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6943 "returns": {
6944 "type": {
6945 "primitive": "string"
6946 }
6947 }
6948 }
6949 ],
6950 "name": "CompositePrincipal",
6951 "properties": [
6952 {
6953 "docs": {
6954 "stability": "stable",
6955 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
6956 },
6957 "immutable": true,
6958 "locationInModule": {
6959 "filename": "lib/principals.ts",
6960 "line": 785
6961 },
6962 "name": "assumeRoleAction",
6963 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6964 "type": {
6965 "primitive": "string"
6966 }
6967 },
6968 {
6969 "docs": {
6970 "stability": "stable",
6971 "summary": "Return the policy fragment that identifies this principal in a Policy."
6972 },
6973 "immutable": true,
6974 "locationInModule": {
6975 "filename": "lib/principals.ts",
6976 "line": 814
6977 },
6978 "name": "policyFragment",
6979 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
6980 "type": {
6981 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
6982 }
6983 }
6984 ],
6985 "symbolId": "lib/principals:CompositePrincipal"
6986 },
6987 "@aws-cdk/aws-iam.Effect": {
6988 "assembly": "@aws-cdk/aws-iam",
6989 "docs": {
6990 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_effect.html",
6991 "stability": "stable",
6992 "summary": "The Effect element of an IAM policy.",
6993 "example": "declare const books: apigateway.Resource;\ndeclare const iamUser: iam.User;\n\nconst getBooks = books.addMethod('GET', new apigateway.HttpIntegration('http://amazon.com'), {\n authorizationType: apigateway.AuthorizationType.IAM\n});\n\niamUser.attachInlinePolicy(new iam.Policy(this, 'AllowBooks', {\n statements: [\n new iam.PolicyStatement({\n actions: [ 'execute-api:Invoke' ],\n effect: iam.Effect.ALLOW,\n resources: [ getBooks.methodArn ]\n })\n ]\n}))",
6994 "custom": {
6995 "exampleMetadata": "infused"
6996 }
6997 },
6998 "fqn": "@aws-cdk/aws-iam.Effect",
6999 "kind": "enum",
7000 "locationInModule": {
7001 "filename": "lib/policy-statement.ts",
7002 "line": 587
7003 },
7004 "members": [
7005 {
7006 "docs": {
7007 "remarks": "By default, access to resources are denied.",
7008 "stability": "stable",
7009 "summary": "Allows access to a resource in an IAM policy statement."
7010 },
7011 "name": "ALLOW"
7012 },
7013 {
7014 "docs": {
7015 "remarks": "By default, all requests are denied implicitly.",
7016 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html",
7017 "stability": "stable",
7018 "summary": "Explicitly deny access to a resource."
7019 },
7020 "name": "DENY"
7021 }
7022 ],
7023 "name": "Effect",
7024 "symbolId": "lib/policy-statement:Effect"
7025 },
7026 "@aws-cdk/aws-iam.FederatedPrincipal": {
7027 "assembly": "@aws-cdk/aws-iam",
7028 "base": "@aws-cdk/aws-iam.PrincipalBase",
7029 "docs": {
7030 "remarks": "Additional condition keys are available when the temporary security credentials are used to make a request.\nYou can use these keys to write policies that limit the access of federated users.",
7031 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif",
7032 "stability": "stable",
7033 "summary": "Principal entity that represents a federated identity provider such as Amazon Cognito, that can be used to provide temporary security credentials to users who have been authenticated.",
7034 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const conditions: any;\nconst federatedPrincipal = new iam.FederatedPrincipal('federated', {\n conditionsKey: conditions,\n}, /* all optional props */ 'assumeRoleAction');",
7035 "custom": {
7036 "exampleMetadata": "fixture=_generated"
7037 }
7038 },
7039 "fqn": "@aws-cdk/aws-iam.FederatedPrincipal",
7040 "initializer": {
7041 "docs": {
7042 "stability": "stable"
7043 },
7044 "locationInModule": {
7045 "filename": "lib/principals.ts",
7046 "line": 613
7047 },
7048 "parameters": [
7049 {
7050 "docs": {
7051 "summary": "federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito)."
7052 },
7053 "name": "federated",
7054 "type": {
7055 "primitive": "string"
7056 }
7057 },
7058 {
7059 "docs": {
7060 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
7061 "summary": "The conditions under which the policy is in effect."
7062 },
7063 "name": "conditions",
7064 "type": {
7065 "collection": {
7066 "elementtype": {
7067 "primitive": "any"
7068 },
7069 "kind": "map"
7070 }
7071 }
7072 },
7073 {
7074 "name": "assumeRoleAction",
7075 "optional": true,
7076 "type": {
7077 "primitive": "string"
7078 }
7079 }
7080 ]
7081 },
7082 "kind": "class",
7083 "locationInModule": {
7084 "filename": "lib/principals.ts",
7085 "line": 603
7086 },
7087 "methods": [
7088 {
7089 "docs": {
7090 "stability": "stable",
7091 "summary": "Return whether or not this principal is equal to the given principal."
7092 },
7093 "locationInModule": {
7094 "filename": "lib/principals.ts",
7095 "line": 630
7096 },
7097 "name": "dedupeString",
7098 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
7099 "returns": {
7100 "optional": true,
7101 "type": {
7102 "primitive": "string"
7103 }
7104 }
7105 },
7106 {
7107 "docs": {
7108 "stability": "stable",
7109 "summary": "Returns a string representation of an object."
7110 },
7111 "locationInModule": {
7112 "filename": "lib/principals.ts",
7113 "line": 626
7114 },
7115 "name": "toString",
7116 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
7117 "returns": {
7118 "type": {
7119 "primitive": "string"
7120 }
7121 }
7122 }
7123 ],
7124 "name": "FederatedPrincipal",
7125 "properties": [
7126 {
7127 "docs": {
7128 "stability": "stable",
7129 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
7130 },
7131 "immutable": true,
7132 "locationInModule": {
7133 "filename": "lib/principals.ts",
7134 "line": 604
7135 },
7136 "name": "assumeRoleAction",
7137 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
7138 "type": {
7139 "primitive": "string"
7140 }
7141 },
7142 {
7143 "docs": {
7144 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
7145 "stability": "stable",
7146 "summary": "The conditions under which the policy is in effect."
7147 },
7148 "immutable": true,
7149 "locationInModule": {
7150 "filename": "lib/principals.ts",
7151 "line": 615
7152 },
7153 "name": "conditions",
7154 "type": {
7155 "collection": {
7156 "elementtype": {
7157 "primitive": "any"
7158 },
7159 "kind": "map"
7160 }
7161 }
7162 },
7163 {
7164 "docs": {
7165 "stability": "stable",
7166 "summary": "federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito)."
7167 },
7168 "immutable": true,
7169 "locationInModule": {
7170 "filename": "lib/principals.ts",
7171 "line": 614
7172 },
7173 "name": "federated",
7174 "type": {
7175 "primitive": "string"
7176 }
7177 },
7178 {
7179 "docs": {
7180 "stability": "stable",
7181 "summary": "Return the policy fragment that identifies this principal in a Policy."
7182 },
7183 "immutable": true,
7184 "locationInModule": {
7185 "filename": "lib/principals.ts",
7186 "line": 622
7187 },
7188 "name": "policyFragment",
7189 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
7190 "type": {
7191 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
7192 }
7193 }
7194 ],
7195 "symbolId": "lib/principals:FederatedPrincipal"
7196 },
7197 "@aws-cdk/aws-iam.FromRoleArnOptions": {
7198 "assembly": "@aws-cdk/aws-iam",
7199 "datatype": true,
7200 "docs": {
7201 "stability": "stable",
7202 "summary": "Options allowing customizing the behavior of {@link Role.fromRoleArn}.",
7203 "example": "const role = iam.Role.fromRoleArn(this, 'Role', 'arn:aws:iam::123456789012:role/MyExistingRole', {\n // Set 'mutable' to 'false' to use the role as-is and prevent adding new\n // policies to it. The default is 'true', which means the role may be\n // modified as part of the deployment.\n mutable: false,\n});",
7204 "custom": {
7205 "exampleMetadata": "infused"
7206 }
7207 },
7208 "fqn": "@aws-cdk/aws-iam.FromRoleArnOptions",
7209 "kind": "interface",
7210 "locationInModule": {
7211 "filename": "lib/role.ts",
7212 "line": 146
7213 },
7214 "name": "FromRoleArnOptions",
7215 "properties": [
7216 {
7217 "abstract": true,
7218 "docs": {
7219 "default": "false",
7220 "remarks": "If this is `false` or not specified, grant permissions added to this role are ignored.\nIt is your own responsibility to make sure the role has the required permissions.\n\nIf this is `true`, any grant permissions will be added to the resource instead.",
7221 "stability": "stable",
7222 "summary": "For immutable roles: add grants to resources instead of dropping them."
7223 },
7224 "immutable": true,
7225 "locationInModule": {
7226 "filename": "lib/role.ts",
7227 "line": 164
7228 },
7229 "name": "addGrantsToResources",
7230 "optional": true,
7231 "type": {
7232 "primitive": "boolean"
7233 }
7234 },
7235 {
7236 "abstract": true,
7237 "docs": {
7238 "default": "true",
7239 "stability": "stable",
7240 "summary": "Whether the imported role can be modified by attaching policy resources to it."
7241 },
7242 "immutable": true,
7243 "locationInModule": {
7244 "filename": "lib/role.ts",
7245 "line": 152
7246 },
7247 "name": "mutable",
7248 "optional": true,
7249 "type": {
7250 "primitive": "boolean"
7251 }
7252 }
7253 ],
7254 "symbolId": "lib/role:FromRoleArnOptions"
7255 },
7256 "@aws-cdk/aws-iam.Grant": {
7257 "assembly": "@aws-cdk/aws-iam",
7258 "docs": {
7259 "remarks": "This class is not instantiable by consumers on purpose, so that they will be\nrequired to call the Grant factory functions.",
7260 "stability": "stable",
7261 "summary": "Result of a grant() operation.",
7262 "example": "declare const instance: ec2.Instance;\ndeclare const volume: ec2.Volume;\n\nconst attachGrant = volume.grantAttachVolumeByResourceTag(instance.grantPrincipal, [instance]);\nconst detachGrant = volume.grantDetachVolumeByResourceTag(instance.grantPrincipal, [instance]);",
7263 "custom": {
7264 "exampleMetadata": "infused"
7265 }
7266 },
7267 "fqn": "@aws-cdk/aws-iam.Grant",
7268 "interfaces": [
7269 "@aws-cdk/core.IDependable"
7270 ],
7271 "kind": "class",
7272 "locationInModule": {
7273 "filename": "lib/grant.ts",
7274 "line": 99
7275 },
7276 "methods": [
7277 {
7278 "docs": {
7279 "remarks": "Absence of a principal leads to a warning, but failing to add\nthe permissions to a present principal is not an error.",
7280 "stability": "stable",
7281 "summary": "Try to grant the given permissions to the given principal."
7282 },
7283 "locationInModule": {
7284 "filename": "lib/grant.ts",
7285 "line": 158
7286 },
7287 "name": "addToPrincipal",
7288 "parameters": [
7289 {
7290 "name": "options",
7291 "type": {
7292 "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalOptions"
7293 }
7294 }
7295 ],
7296 "returns": {
7297 "type": {
7298 "fqn": "@aws-cdk/aws-iam.Grant"
7299 }
7300 },
7301 "static": true
7302 },
7303 {
7304 "docs": {
7305 "remarks": "As long as any principal is given, granting on the principal may fail (in\ncase of a non-identity principal), but granting on the resource will\nnever fail.\n\nStatement will be the resource statement.",
7306 "stability": "stable",
7307 "summary": "Add a grant both on the principal and on the resource."
7308 },
7309 "locationInModule": {
7310 "filename": "lib/grant.ts",
7311 "line": 185
7312 },
7313 "name": "addToPrincipalAndResource",
7314 "parameters": [
7315 {
7316 "name": "options",
7317 "type": {
7318 "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalAndResourceOptions"
7319 }
7320 }
7321 ],
7322 "returns": {
7323 "type": {
7324 "fqn": "@aws-cdk/aws-iam.Grant"
7325 }
7326 },
7327 "static": true
7328 },
7329 {
7330 "docs": {
7331 "remarks": "The permissions will be added to the principal policy primarily, falling\nback to the resource policy if necessary. The permissions must be granted\nsomewhere.\n\n- Trying to grant permissions to a principal that does not admit adding to\n the principal policy while not providing a resource with a resource policy\n is an error.\n- Trying to grant permissions to an absent principal (possible in the\n case of imported resources) leads to a warning being added to the\n resource construct.",
7332 "stability": "stable",
7333 "summary": "Grant the given permissions to the principal."
7334 },
7335 "locationInModule": {
7336 "filename": "lib/grant.ts",
7337 "line": 114
7338 },
7339 "name": "addToPrincipalOrResource",
7340 "parameters": [
7341 {
7342 "name": "options",
7343 "type": {
7344 "fqn": "@aws-cdk/aws-iam.GrantWithResourceOptions"
7345 }
7346 }
7347 ],
7348 "returns": {
7349 "type": {
7350 "fqn": "@aws-cdk/aws-iam.Grant"
7351 }
7352 },
7353 "static": true
7354 },
7355 {
7356 "docs": {
7357 "remarks": "This can be used for e.g. imported resources where you may not be able to modify\nthe resource's policy or some underlying policy which you don't know about.",
7358 "stability": "stable",
7359 "summary": "Returns a \"no-op\" `Grant` object which represents a \"dropped grant\"."
7360 },
7361 "locationInModule": {
7362 "filename": "lib/grant.ts",
7363 "line": 217
7364 },
7365 "name": "drop",
7366 "parameters": [
7367 {
7368 "docs": {
7369 "summary": "The intended grantee."
7370 },
7371 "name": "grantee",
7372 "type": {
7373 "fqn": "@aws-cdk/aws-iam.IGrantable"
7374 }
7375 },
7376 {
7377 "docs": {
7378 "summary": "The user's intent (will be ignored at the moment)."
7379 },
7380 "name": "_intent",
7381 "type": {
7382 "primitive": "string"
7383 }
7384 }
7385 ],
7386 "returns": {
7387 "type": {
7388 "fqn": "@aws-cdk/aws-iam.Grant"
7389 }
7390 },
7391 "static": true
7392 },
7393 {
7394 "docs": {
7395 "remarks": "The same as construct.node.addDependency(grant), but slightly nicer to read.",
7396 "stability": "stable",
7397 "summary": "Make sure this grant is applied before the given constructs are deployed."
7398 },
7399 "locationInModule": {
7400 "filename": "lib/grant.ts",
7401 "line": 279
7402 },
7403 "name": "applyBefore",
7404 "parameters": [
7405 {
7406 "name": "constructs",
7407 "type": {
7408 "fqn": "@aws-cdk/core.IConstruct"
7409 },
7410 "variadic": true
7411 }
7412 ],
7413 "variadic": true
7414 },
7415 {
7416 "docs": {
7417 "stability": "stable",
7418 "summary": "Throw an error if this grant wasn't successful."
7419 },
7420 "locationInModule": {
7421 "filename": "lib/grant.ts",
7422 "line": 267
7423 },
7424 "name": "assertSuccess"
7425 }
7426 ],
7427 "name": "Grant",
7428 "properties": [
7429 {
7430 "docs": {
7431 "stability": "stable",
7432 "summary": "Whether the grant operation was successful."
7433 },
7434 "immutable": true,
7435 "locationInModule": {
7436 "filename": "lib/grant.ts",
7437 "line": 260
7438 },
7439 "name": "success",
7440 "type": {
7441 "primitive": "boolean"
7442 }
7443 },
7444 {
7445 "docs": {
7446 "remarks": "Can be accessed to (e.g.) add additional conditions to the statement.",
7447 "stability": "stable",
7448 "summary": "The statement that was added to the principal's policy."
7449 },
7450 "immutable": true,
7451 "locationInModule": {
7452 "filename": "lib/grant.ts",
7453 "line": 228
7454 },
7455 "name": "principalStatement",
7456 "optional": true,
7457 "type": {
7458 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
7459 }
7460 },
7461 {
7462 "docs": {
7463 "remarks": "Can be accessed to (e.g.) add additional conditions to the statement.",
7464 "stability": "stable",
7465 "summary": "The statement that was added to the resource policy."
7466 },
7467 "immutable": true,
7468 "locationInModule": {
7469 "filename": "lib/grant.ts",
7470 "line": 235
7471 },
7472 "name": "resourceStatement",
7473 "optional": true,
7474 "type": {
7475 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
7476 }
7477 }
7478 ],
7479 "symbolId": "lib/grant:Grant"
7480 },
7481 "@aws-cdk/aws-iam.GrantOnPrincipalAndResourceOptions": {
7482 "assembly": "@aws-cdk/aws-iam",
7483 "datatype": true,
7484 "docs": {
7485 "stability": "stable",
7486 "summary": "Options for a grant operation to both identity and resource.",
7487 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const grantable: iam.IGrantable;\ndeclare const principal: iam.IPrincipal;\ndeclare const resourceWithPolicy: iam.IResourceWithPolicy;\nconst grantOnPrincipalAndResourceOptions: iam.GrantOnPrincipalAndResourceOptions = {\n actions: ['actions'],\n grantee: grantable,\n resource: resourceWithPolicy,\n resourceArns: ['resourceArns'],\n\n // the properties below are optional\n resourcePolicyPrincipal: principal,\n resourceSelfArns: ['resourceSelfArns'],\n};",
7488 "custom": {
7489 "exampleMetadata": "fixture=_generated"
7490 }
7491 },
7492 "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalAndResourceOptions",
7493 "interfaces": [
7494 "@aws-cdk/aws-iam.CommonGrantOptions"
7495 ],
7496 "kind": "interface",
7497 "locationInModule": {
7498 "filename": "lib/grant.ts",
7499 "line": 68
7500 },
7501 "name": "GrantOnPrincipalAndResourceOptions",
7502 "properties": [
7503 {
7504 "abstract": true,
7505 "docs": {
7506 "remarks": "The statement will always be added to the resource policy.",
7507 "stability": "stable",
7508 "summary": "The resource with a resource policy."
7509 },
7510 "immutable": true,
7511 "locationInModule": {
7512 "filename": "lib/grant.ts",
7513 "line": 74
7514 },
7515 "name": "resource",
7516 "type": {
7517 "fqn": "@aws-cdk/aws-iam.IResourceWithPolicy"
7518 }
7519 },
7520 {
7521 "abstract": true,
7522 "docs": {
7523 "default": "- the principal of the grantee will be used",
7524 "stability": "stable",
7525 "summary": "The principal to use in the statement for the resource policy."
7526 },
7527 "immutable": true,
7528 "locationInModule": {
7529 "filename": "lib/grant.ts",
7530 "line": 90
7531 },
7532 "name": "resourcePolicyPrincipal",
7533 "optional": true,
7534 "type": {
7535 "fqn": "@aws-cdk/aws-iam.IPrincipal"
7536 }
7537 },
7538 {
7539 "abstract": true,
7540 "docs": {
7541 "default": "Same as regular resource ARNs",
7542 "remarks": "(Depending on the resource type, this needs to be '*' in a resource policy).",
7543 "stability": "stable",
7544 "summary": "When referring to the resource in a resource policy, use this as ARN."
7545 },
7546 "immutable": true,
7547 "locationInModule": {
7548 "filename": "lib/grant.ts",
7549 "line": 83
7550 },
7551 "name": "resourceSelfArns",
7552 "optional": true,
7553 "type": {
7554 "collection": {
7555 "elementtype": {
7556 "primitive": "string"
7557 },
7558 "kind": "array"
7559 }
7560 }
7561 }
7562 ],
7563 "symbolId": "lib/grant:GrantOnPrincipalAndResourceOptions"
7564 },
7565 "@aws-cdk/aws-iam.GrantOnPrincipalOptions": {
7566 "assembly": "@aws-cdk/aws-iam",
7567 "datatype": true,
7568 "docs": {
7569 "stability": "stable",
7570 "summary": "Options for a grant operation that only applies to principals.",
7571 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const construct: cdk.Construct;\ndeclare const grantable: iam.IGrantable;\nconst grantOnPrincipalOptions: iam.GrantOnPrincipalOptions = {\n actions: ['actions'],\n grantee: grantable,\n resourceArns: ['resourceArns'],\n\n // the properties below are optional\n scope: construct,\n};",
7572 "custom": {
7573 "exampleMetadata": "fixture=_generated"
7574 }
7575 },
7576 "fqn": "@aws-cdk/aws-iam.GrantOnPrincipalOptions",
7577 "interfaces": [
7578 "@aws-cdk/aws-iam.CommonGrantOptions"
7579 ],
7580 "kind": "interface",
7581 "locationInModule": {
7582 "filename": "lib/grant.ts",
7583 "line": 55
7584 },
7585 "name": "GrantOnPrincipalOptions",
7586 "properties": [
7587 {
7588 "abstract": true,
7589 "docs": {
7590 "default": "- the construct in which this construct is defined",
7591 "stability": "stable",
7592 "summary": "Construct to report warnings on in case grant could not be registered."
7593 },
7594 "immutable": true,
7595 "locationInModule": {
7596 "filename": "lib/grant.ts",
7597 "line": 61
7598 },
7599 "name": "scope",
7600 "optional": true,
7601 "type": {
7602 "fqn": "@aws-cdk/core.IConstruct"
7603 }
7604 }
7605 ],
7606 "symbolId": "lib/grant:GrantOnPrincipalOptions"
7607 },
7608 "@aws-cdk/aws-iam.GrantWithResourceOptions": {
7609 "assembly": "@aws-cdk/aws-iam",
7610 "datatype": true,
7611 "docs": {
7612 "stability": "stable",
7613 "summary": "Options for a grant operation.",
7614 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const grantable: iam.IGrantable;\ndeclare const resourceWithPolicy: iam.IResourceWithPolicy;\nconst grantWithResourceOptions: iam.GrantWithResourceOptions = {\n actions: ['actions'],\n grantee: grantable,\n resource: resourceWithPolicy,\n resourceArns: ['resourceArns'],\n\n // the properties below are optional\n resourceSelfArns: ['resourceSelfArns'],\n};",
7615 "custom": {
7616 "exampleMetadata": "fixture=_generated"
7617 }
7618 },
7619 "fqn": "@aws-cdk/aws-iam.GrantWithResourceOptions",
7620 "interfaces": [
7621 "@aws-cdk/aws-iam.CommonGrantOptions"
7622 ],
7623 "kind": "interface",
7624 "locationInModule": {
7625 "filename": "lib/grant.ts",
7626 "line": 32
7627 },
7628 "name": "GrantWithResourceOptions",
7629 "properties": [
7630 {
7631 "abstract": true,
7632 "docs": {
7633 "remarks": "The statement will be added to the resource policy if it couldn't be\nadded to the principal policy.",
7634 "stability": "stable",
7635 "summary": "The resource with a resource policy."
7636 },
7637 "immutable": true,
7638 "locationInModule": {
7639 "filename": "lib/grant.ts",
7640 "line": 39
7641 },
7642 "name": "resource",
7643 "type": {
7644 "fqn": "@aws-cdk/aws-iam.IResourceWithPolicy"
7645 }
7646 },
7647 {
7648 "abstract": true,
7649 "docs": {
7650 "default": "Same as regular resource ARNs",
7651 "remarks": "(Depending on the resource type, this needs to be '*' in a resource policy).",
7652 "stability": "stable",
7653 "summary": "When referring to the resource in a resource policy, use this as ARN."
7654 },
7655 "immutable": true,
7656 "locationInModule": {
7657 "filename": "lib/grant.ts",
7658 "line": 48
7659 },
7660 "name": "resourceSelfArns",
7661 "optional": true,
7662 "type": {
7663 "collection": {
7664 "elementtype": {
7665 "primitive": "string"
7666 },
7667 "kind": "array"
7668 }
7669 }
7670 }
7671 ],
7672 "symbolId": "lib/grant:GrantWithResourceOptions"
7673 },
7674 "@aws-cdk/aws-iam.Group": {
7675 "assembly": "@aws-cdk/aws-iam",
7676 "base": "@aws-cdk/core.Resource",
7677 "docs": {
7678 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html",
7679 "stability": "stable",
7680 "summary": "An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users.",
7681 "example": "const user = new iam.User(this, 'MyUser'); // or User.fromUserName(stack, 'User', 'johnsmith');\nconst group = new iam.Group(this, 'MyGroup'); // or Group.fromGroupArn(stack, 'Group', 'arn:aws:iam::account-id:group/group-name');\n\nuser.addToGroup(group);\n// or\ngroup.addUser(user);",
7682 "custom": {
7683 "exampleMetadata": "infused"
7684 }
7685 },
7686 "fqn": "@aws-cdk/aws-iam.Group",
7687 "initializer": {
7688 "docs": {
7689 "stability": "stable"
7690 },
7691 "locationInModule": {
7692 "filename": "lib/group.ts",
7693 "line": 182
7694 },
7695 "parameters": [
7696 {
7697 "name": "scope",
7698 "type": {
7699 "fqn": "constructs.Construct"
7700 }
7701 },
7702 {
7703 "name": "id",
7704 "type": {
7705 "primitive": "string"
7706 }
7707 },
7708 {
7709 "name": "props",
7710 "optional": true,
7711 "type": {
7712 "fqn": "@aws-cdk/aws-iam.GroupProps"
7713 }
7714 }
7715 ]
7716 },
7717 "interfaces": [
7718 "@aws-cdk/aws-iam.IGroup"
7719 ],
7720 "kind": "class",
7721 "locationInModule": {
7722 "filename": "lib/group.ts",
7723 "line": 130
7724 },
7725 "methods": [
7726 {
7727 "docs": {
7728 "remarks": "If the imported Group ARN is a Token (such as a\n`CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced\ngroup has a `path` (like `arn:...:group/AdminGroup/NetworkAdmin`), the\n`groupName` property will not resolve to the correct value. Instead it\nwill resolve to the first path component. We unfortunately cannot express\nthe correct calculation of the full path name as a CloudFormation\nexpression. In this scenario the Group ARN should be supplied without the\n`path` in order to resolve the correct group resource.",
7729 "stability": "stable",
7730 "summary": "Import an external group by ARN."
7731 },
7732 "locationInModule": {
7733 "filename": "lib/group.ts",
7734 "line": 147
7735 },
7736 "name": "fromGroupArn",
7737 "parameters": [
7738 {
7739 "docs": {
7740 "summary": "construct scope."
7741 },
7742 "name": "scope",
7743 "type": {
7744 "fqn": "constructs.Construct"
7745 }
7746 },
7747 {
7748 "docs": {
7749 "summary": "construct id."
7750 },
7751 "name": "id",
7752 "type": {
7753 "primitive": "string"
7754 }
7755 },
7756 {
7757 "docs": {
7758 "summary": "the ARN of the group to import (e.g. `arn:aws:iam::account-id:group/group-name`)."
7759 },
7760 "name": "groupArn",
7761 "type": {
7762 "primitive": "string"
7763 }
7764 }
7765 ],
7766 "returns": {
7767 "type": {
7768 "fqn": "@aws-cdk/aws-iam.IGroup"
7769 }
7770 },
7771 "static": true
7772 },
7773 {
7774 "docs": {
7775 "remarks": "This method has same caveats of `fromGroupArn`",
7776 "stability": "stable",
7777 "summary": "Import an existing group by given name (with path)."
7778 },
7779 "locationInModule": {
7780 "filename": "lib/group.ts",
7781 "line": 167
7782 },
7783 "name": "fromGroupName",
7784 "parameters": [
7785 {
7786 "docs": {
7787 "summary": "construct scope."
7788 },
7789 "name": "scope",
7790 "type": {
7791 "fqn": "constructs.Construct"
7792 }
7793 },
7794 {
7795 "docs": {
7796 "summary": "construct id."
7797 },
7798 "name": "id",
7799 "type": {
7800 "primitive": "string"
7801 }
7802 },
7803 {
7804 "docs": {
7805 "summary": "the groupName (path included) of the existing group to import."
7806 },
7807 "name": "groupName",
7808 "type": {
7809 "primitive": "string"
7810 }
7811 }
7812 ],
7813 "returns": {
7814 "type": {
7815 "fqn": "@aws-cdk/aws-iam.IGroup"
7816 }
7817 },
7818 "static": true
7819 },
7820 {
7821 "docs": {
7822 "stability": "stable",
7823 "summary": "Attaches a managed policy to this group."
7824 },
7825 "locationInModule": {
7826 "filename": "lib/group.ts",
7827 "line": 209
7828 },
7829 "name": "addManagedPolicy",
7830 "overrides": "@aws-cdk/aws-iam.IIdentity",
7831 "parameters": [
7832 {
7833 "docs": {
7834 "summary": "The managed policy to attach."
7835 },
7836 "name": "policy",
7837 "type": {
7838 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
7839 }
7840 }
7841 ]
7842 },
7843 {
7844 "docs": {
7845 "stability": "stable",
7846 "summary": "Add to the policy of this principal."
7847 },
7848 "locationInModule": {
7849 "filename": "lib/group.ts",
7850 "line": 119
7851 },
7852 "name": "addToPolicy",
7853 "overrides": "@aws-cdk/aws-iam.IPrincipal",
7854 "parameters": [
7855 {
7856 "name": "statement",
7857 "type": {
7858 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
7859 }
7860 }
7861 ],
7862 "returns": {
7863 "type": {
7864 "primitive": "boolean"
7865 }
7866 }
7867 },
7868 {
7869 "docs": {
7870 "stability": "stable",
7871 "summary": "Adds an IAM statement to the default policy."
7872 },
7873 "locationInModule": {
7874 "filename": "lib/group.ts",
7875 "line": 109
7876 },
7877 "name": "addToPrincipalPolicy",
7878 "overrides": "@aws-cdk/aws-iam.IPrincipal",
7879 "parameters": [
7880 {
7881 "name": "statement",
7882 "type": {
7883 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
7884 }
7885 }
7886 ],
7887 "returns": {
7888 "type": {
7889 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
7890 }
7891 }
7892 },
7893 {
7894 "docs": {
7895 "stability": "stable",
7896 "summary": "Adds a user to this group."
7897 },
7898 "locationInModule": {
7899 "filename": "lib/group.ts",
7900 "line": 102
7901 },
7902 "name": "addUser",
7903 "parameters": [
7904 {
7905 "name": "user",
7906 "type": {
7907 "fqn": "@aws-cdk/aws-iam.IUser"
7908 }
7909 }
7910 ]
7911 },
7912 {
7913 "docs": {
7914 "stability": "stable",
7915 "summary": "Attaches a policy to this group."
7916 },
7917 "locationInModule": {
7918 "filename": "lib/group.ts",
7919 "line": 90
7920 },
7921 "name": "attachInlinePolicy",
7922 "overrides": "@aws-cdk/aws-iam.IIdentity",
7923 "parameters": [
7924 {
7925 "docs": {
7926 "summary": "The policy to attach."
7927 },
7928 "name": "policy",
7929 "type": {
7930 "fqn": "@aws-cdk/aws-iam.Policy"
7931 }
7932 }
7933 ]
7934 }
7935 ],
7936 "name": "Group",
7937 "properties": [
7938 {
7939 "docs": {
7940 "stability": "stable",
7941 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
7942 },
7943 "immutable": true,
7944 "locationInModule": {
7945 "filename": "lib/group.ts",
7946 "line": 77
7947 },
7948 "name": "assumeRoleAction",
7949 "overrides": "@aws-cdk/aws-iam.IPrincipal",
7950 "type": {
7951 "primitive": "string"
7952 }
7953 },
7954 {
7955 "docs": {
7956 "stability": "stable",
7957 "summary": "The principal to grant permissions to."
7958 },
7959 "immutable": true,
7960 "locationInModule": {
7961 "filename": "lib/group.ts",
7962 "line": 75
7963 },
7964 "name": "grantPrincipal",
7965 "overrides": "@aws-cdk/aws-iam.IGrantable",
7966 "type": {
7967 "fqn": "@aws-cdk/aws-iam.IPrincipal"
7968 }
7969 },
7970 {
7971 "docs": {
7972 "stability": "stable",
7973 "summary": "Returns the IAM Group ARN."
7974 },
7975 "immutable": true,
7976 "locationInModule": {
7977 "filename": "lib/group.ts",
7978 "line": 178
7979 },
7980 "name": "groupArn",
7981 "overrides": "@aws-cdk/aws-iam.IGroup",
7982 "type": {
7983 "primitive": "string"
7984 }
7985 },
7986 {
7987 "docs": {
7988 "stability": "stable",
7989 "summary": "Returns the IAM Group Name."
7990 },
7991 "immutable": true,
7992 "locationInModule": {
7993 "filename": "lib/group.ts",
7994 "line": 177
7995 },
7996 "name": "groupName",
7997 "overrides": "@aws-cdk/aws-iam.IGroup",
7998 "type": {
7999 "primitive": "string"
8000 }
8001 },
8002 {
8003 "docs": {
8004 "stability": "stable",
8005 "summary": "Return the policy fragment that identifies this principal in a Policy."
8006 },
8007 "immutable": true,
8008 "locationInModule": {
8009 "filename": "lib/group.ts",
8010 "line": 82
8011 },
8012 "name": "policyFragment",
8013 "overrides": "@aws-cdk/aws-iam.IPrincipal",
8014 "type": {
8015 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
8016 }
8017 },
8018 {
8019 "docs": {
8020 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
8021 "stability": "stable",
8022 "summary": "The AWS account ID of this principal."
8023 },
8024 "immutable": true,
8025 "locationInModule": {
8026 "filename": "lib/group.ts",
8027 "line": 76
8028 },
8029 "name": "principalAccount",
8030 "optional": true,
8031 "overrides": "@aws-cdk/aws-iam.IPrincipal",
8032 "type": {
8033 "primitive": "string"
8034 }
8035 }
8036 ],
8037 "symbolId": "lib/group:Group"
8038 },
8039 "@aws-cdk/aws-iam.GroupProps": {
8040 "assembly": "@aws-cdk/aws-iam",
8041 "datatype": true,
8042 "docs": {
8043 "stability": "stable",
8044 "summary": "Properties for defining an IAM group.",
8045 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const managedPolicy: iam.ManagedPolicy;\nconst groupProps: iam.GroupProps = {\n groupName: 'groupName',\n managedPolicies: [managedPolicy],\n path: 'path',\n};",
8046 "custom": {
8047 "exampleMetadata": "fixture=_generated"
8048 }
8049 },
8050 "fqn": "@aws-cdk/aws-iam.GroupProps",
8051 "kind": "interface",
8052 "locationInModule": {
8053 "filename": "lib/group.ts",
8054 "line": 36
8055 },
8056 "name": "GroupProps",
8057 "properties": [
8058 {
8059 "abstract": true,
8060 "docs": {
8061 "default": "Generated by CloudFormation (recommended)",
8062 "remarks": "For valid values, see the GroupName parameter\nfor the CreateGroup action in the IAM API Reference. If you don't specify\na name, AWS CloudFormation generates a unique physical ID and uses that\nID for the group name.\n\nIf you specify a name, you must specify the CAPABILITY_NAMED_IAM value to\nacknowledge your template's capabilities. For more information, see\nAcknowledging IAM Resources in AWS CloudFormation Templates.",
8063 "stability": "stable",
8064 "summary": "A name for the IAM group."
8065 },
8066 "immutable": true,
8067 "locationInModule": {
8068 "filename": "lib/group.ts",
8069 "line": 49
8070 },
8071 "name": "groupName",
8072 "optional": true,
8073 "type": {
8074 "primitive": "string"
8075 }
8076 },
8077 {
8078 "abstract": true,
8079 "docs": {
8080 "default": "- No managed policies.",
8081 "remarks": "You can add managed policies later using\n`addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.",
8082 "stability": "stable",
8083 "summary": "A list of managed policies associated with this role."
8084 },
8085 "immutable": true,
8086 "locationInModule": {
8087 "filename": "lib/group.ts",
8088 "line": 59
8089 },
8090 "name": "managedPolicies",
8091 "optional": true,
8092 "type": {
8093 "collection": {
8094 "elementtype": {
8095 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
8096 },
8097 "kind": "array"
8098 }
8099 }
8100 },
8101 {
8102 "abstract": true,
8103 "docs": {
8104 "default": "/",
8105 "remarks": "For more information about paths, see [IAM\nIdentifiers](http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html)\nin the IAM User Guide.",
8106 "stability": "stable",
8107 "summary": "The path to the group."
8108 },
8109 "immutable": true,
8110 "locationInModule": {
8111 "filename": "lib/group.ts",
8112 "line": 68
8113 },
8114 "name": "path",
8115 "optional": true,
8116 "type": {
8117 "primitive": "string"
8118 }
8119 }
8120 ],
8121 "symbolId": "lib/group:GroupProps"
8122 },
8123 "@aws-cdk/aws-iam.IAccessKey": {
8124 "assembly": "@aws-cdk/aws-iam",
8125 "docs": {
8126 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html",
8127 "stability": "stable",
8128 "summary": "Represents an IAM Access Key."
8129 },
8130 "fqn": "@aws-cdk/aws-iam.IAccessKey",
8131 "interfaces": [
8132 "@aws-cdk/core.IResource"
8133 ],
8134 "kind": "interface",
8135 "locationInModule": {
8136 "filename": "lib/access-key.ts",
8137 "line": 26
8138 },
8139 "name": "IAccessKey",
8140 "properties": [
8141 {
8142 "abstract": true,
8143 "docs": {
8144 "custom": {
8145 "attribute": "true"
8146 },
8147 "stability": "stable",
8148 "summary": "The Access Key ID."
8149 },
8150 "immutable": true,
8151 "locationInModule": {
8152 "filename": "lib/access-key.ts",
8153 "line": 32
8154 },
8155 "name": "accessKeyId",
8156 "type": {
8157 "primitive": "string"
8158 }
8159 },
8160 {
8161 "abstract": true,
8162 "docs": {
8163 "custom": {
8164 "attribute": "true"
8165 },
8166 "stability": "stable",
8167 "summary": "The Secret Access Key."
8168 },
8169 "immutable": true,
8170 "locationInModule": {
8171 "filename": "lib/access-key.ts",
8172 "line": 39
8173 },
8174 "name": "secretAccessKey",
8175 "type": {
8176 "fqn": "@aws-cdk/core.SecretValue"
8177 }
8178 }
8179 ],
8180 "symbolId": "lib/access-key:IAccessKey"
8181 },
8182 "@aws-cdk/aws-iam.IAssumeRolePrincipal": {
8183 "assembly": "@aws-cdk/aws-iam",
8184 "docs": {
8185 "remarks": "More complex types of identity providers need more control over Role's policy documents\nthan simply `{ Effect: 'Allow', Action: 'AssumeRole', Principal: <Whatever> }`.\n\nIf that control is necessary, they can implement `IAssumeRolePrincipal` to get full\naccess to a Role's AssumeRolePolicyDocument.",
8186 "stability": "stable",
8187 "summary": "A type of principal that has more control over its own representation in AssumeRolePolicyDocuments."
8188 },
8189 "fqn": "@aws-cdk/aws-iam.IAssumeRolePrincipal",
8190 "interfaces": [
8191 "@aws-cdk/aws-iam.IPrincipal"
8192 ],
8193 "kind": "interface",
8194 "locationInModule": {
8195 "filename": "lib/principals.ts",
8196 "line": 115
8197 },
8198 "methods": [
8199 {
8200 "abstract": true,
8201 "docs": {
8202 "remarks": "Add the statements to the AssumeRolePolicyDocument necessary to give this principal\npermissions to assume the given role.",
8203 "stability": "stable",
8204 "summary": "Add the princpial to the AssumeRolePolicyDocument."
8205 },
8206 "locationInModule": {
8207 "filename": "lib/principals.ts",
8208 "line": 122
8209 },
8210 "name": "addToAssumeRolePolicy",
8211 "parameters": [
8212 {
8213 "name": "document",
8214 "type": {
8215 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
8216 }
8217 }
8218 ]
8219 }
8220 ],
8221 "name": "IAssumeRolePrincipal",
8222 "symbolId": "lib/principals:IAssumeRolePrincipal"
8223 },
8224 "@aws-cdk/aws-iam.IComparablePrincipal": {
8225 "assembly": "@aws-cdk/aws-iam",
8226 "docs": {
8227 "remarks": "This only needs to be implemented for principals that could potentially be value-equal.\nIdentity-equal principals will be handled correctly by default.",
8228 "stability": "stable",
8229 "summary": "Interface for principals that can be compared."
8230 },
8231 "fqn": "@aws-cdk/aws-iam.IComparablePrincipal",
8232 "interfaces": [
8233 "@aws-cdk/aws-iam.IPrincipal"
8234 ],
8235 "kind": "interface",
8236 "locationInModule": {
8237 "filename": "lib/principals.ts",
8238 "line": 79
8239 },
8240 "methods": [
8241 {
8242 "abstract": true,
8243 "docs": {
8244 "stability": "stable",
8245 "summary": "Return a string format of this principal which should be identical if the two principals are the same."
8246 },
8247 "locationInModule": {
8248 "filename": "lib/principals.ts",
8249 "line": 84
8250 },
8251 "name": "dedupeString",
8252 "returns": {
8253 "optional": true,
8254 "type": {
8255 "primitive": "string"
8256 }
8257 }
8258 }
8259 ],
8260 "name": "IComparablePrincipal",
8261 "symbolId": "lib/principals:IComparablePrincipal"
8262 },
8263 "@aws-cdk/aws-iam.IGrantable": {
8264 "assembly": "@aws-cdk/aws-iam",
8265 "docs": {
8266 "stability": "stable",
8267 "summary": "Any object that has an associated principal that a permission can be granted to."
8268 },
8269 "fqn": "@aws-cdk/aws-iam.IGrantable",
8270 "kind": "interface",
8271 "locationInModule": {
8272 "filename": "lib/principals.ts",
8273 "line": 13
8274 },
8275 "name": "IGrantable",
8276 "properties": [
8277 {
8278 "abstract": true,
8279 "docs": {
8280 "stability": "stable",
8281 "summary": "The principal to grant permissions to."
8282 },
8283 "immutable": true,
8284 "locationInModule": {
8285 "filename": "lib/principals.ts",
8286 "line": 17
8287 },
8288 "name": "grantPrincipal",
8289 "type": {
8290 "fqn": "@aws-cdk/aws-iam.IPrincipal"
8291 }
8292 }
8293 ],
8294 "symbolId": "lib/principals:IGrantable"
8295 },
8296 "@aws-cdk/aws-iam.IGroup": {
8297 "assembly": "@aws-cdk/aws-iam",
8298 "docs": {
8299 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html",
8300 "stability": "stable",
8301 "summary": "Represents an IAM Group."
8302 },
8303 "fqn": "@aws-cdk/aws-iam.IGroup",
8304 "interfaces": [
8305 "@aws-cdk/aws-iam.IIdentity"
8306 ],
8307 "kind": "interface",
8308 "locationInModule": {
8309 "filename": "lib/group.ts",
8310 "line": 17
8311 },
8312 "name": "IGroup",
8313 "properties": [
8314 {
8315 "abstract": true,
8316 "docs": {
8317 "custom": {
8318 "attribute": "true"
8319 },
8320 "stability": "stable",
8321 "summary": "Returns the IAM Group ARN."
8322 },
8323 "immutable": true,
8324 "locationInModule": {
8325 "filename": "lib/group.ts",
8326 "line": 30
8327 },
8328 "name": "groupArn",
8329 "type": {
8330 "primitive": "string"
8331 }
8332 },
8333 {
8334 "abstract": true,
8335 "docs": {
8336 "custom": {
8337 "attribute": "true"
8338 },
8339 "stability": "stable",
8340 "summary": "Returns the IAM Group Name."
8341 },
8342 "immutable": true,
8343 "locationInModule": {
8344 "filename": "lib/group.ts",
8345 "line": 23
8346 },
8347 "name": "groupName",
8348 "type": {
8349 "primitive": "string"
8350 }
8351 }
8352 ],
8353 "symbolId": "lib/group:IGroup"
8354 },
8355 "@aws-cdk/aws-iam.IIdentity": {
8356 "assembly": "@aws-cdk/aws-iam",
8357 "docs": {
8358 "stability": "stable",
8359 "summary": "A construct that represents an IAM principal, such as a user, group or role."
8360 },
8361 "fqn": "@aws-cdk/aws-iam.IIdentity",
8362 "interfaces": [
8363 "@aws-cdk/aws-iam.IPrincipal",
8364 "@aws-cdk/core.IResource"
8365 ],
8366 "kind": "interface",
8367 "locationInModule": {
8368 "filename": "lib/identity-base.ts",
8369 "line": 9
8370 },
8371 "methods": [
8372 {
8373 "abstract": true,
8374 "docs": {
8375 "stability": "stable",
8376 "summary": "Attaches a managed policy to this principal."
8377 },
8378 "locationInModule": {
8379 "filename": "lib/identity-base.ts",
8380 "line": 21
8381 },
8382 "name": "addManagedPolicy",
8383 "parameters": [
8384 {
8385 "docs": {
8386 "summary": "The managed policy."
8387 },
8388 "name": "policy",
8389 "type": {
8390 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
8391 }
8392 }
8393 ]
8394 },
8395 {
8396 "abstract": true,
8397 "docs": {
8398 "remarks": "This is the same as calling `policy.addToXxx(principal)`.",
8399 "stability": "stable",
8400 "summary": "Attaches an inline policy to this principal."
8401 },
8402 "locationInModule": {
8403 "filename": "lib/identity-base.ts",
8404 "line": 15
8405 },
8406 "name": "attachInlinePolicy",
8407 "parameters": [
8408 {
8409 "docs": {
8410 "summary": "The policy resource to attach to this principal [disable-awslint:ref-via-interface]."
8411 },
8412 "name": "policy",
8413 "type": {
8414 "fqn": "@aws-cdk/aws-iam.Policy"
8415 }
8416 }
8417 ]
8418 }
8419 ],
8420 "name": "IIdentity",
8421 "symbolId": "lib/identity-base:IIdentity"
8422 },
8423 "@aws-cdk/aws-iam.IManagedPolicy": {
8424 "assembly": "@aws-cdk/aws-iam",
8425 "docs": {
8426 "stability": "stable",
8427 "summary": "A managed policy."
8428 },
8429 "fqn": "@aws-cdk/aws-iam.IManagedPolicy",
8430 "kind": "interface",
8431 "locationInModule": {
8432 "filename": "lib/managed-policy.ts",
8433 "line": 14
8434 },
8435 "name": "IManagedPolicy",
8436 "properties": [
8437 {
8438 "abstract": true,
8439 "docs": {
8440 "custom": {
8441 "attribute": "true"
8442 },
8443 "stability": "stable",
8444 "summary": "The ARN of the managed policy."
8445 },
8446 "immutable": true,
8447 "locationInModule": {
8448 "filename": "lib/managed-policy.ts",
8449 "line": 19
8450 },
8451 "name": "managedPolicyArn",
8452 "type": {
8453 "primitive": "string"
8454 }
8455 }
8456 ],
8457 "symbolId": "lib/managed-policy:IManagedPolicy"
8458 },
8459 "@aws-cdk/aws-iam.IOpenIdConnectProvider": {
8460 "assembly": "@aws-cdk/aws-iam",
8461 "docs": {
8462 "stability": "stable",
8463 "summary": "Represents an IAM OpenID Connect provider."
8464 },
8465 "fqn": "@aws-cdk/aws-iam.IOpenIdConnectProvider",
8466 "interfaces": [
8467 "@aws-cdk/core.IResource"
8468 ],
8469 "kind": "interface",
8470 "locationInModule": {
8471 "filename": "lib/oidc-provider.ts",
8472 "line": 19
8473 },
8474 "name": "IOpenIdConnectProvider",
8475 "properties": [
8476 {
8477 "abstract": true,
8478 "docs": {
8479 "stability": "stable",
8480 "summary": "The Amazon Resource Name (ARN) of the IAM OpenID Connect provider."
8481 },
8482 "immutable": true,
8483 "locationInModule": {
8484 "filename": "lib/oidc-provider.ts",
8485 "line": 23
8486 },
8487 "name": "openIdConnectProviderArn",
8488 "type": {
8489 "primitive": "string"
8490 }
8491 },
8492 {
8493 "abstract": true,
8494 "docs": {
8495 "stability": "stable",
8496 "summary": "The issuer for OIDC Provider."
8497 },
8498 "immutable": true,
8499 "locationInModule": {
8500 "filename": "lib/oidc-provider.ts",
8501 "line": 28
8502 },
8503 "name": "openIdConnectProviderIssuer",
8504 "type": {
8505 "primitive": "string"
8506 }
8507 }
8508 ],
8509 "symbolId": "lib/oidc-provider:IOpenIdConnectProvider"
8510 },
8511 "@aws-cdk/aws-iam.IPolicy": {
8512 "assembly": "@aws-cdk/aws-iam",
8513 "docs": {
8514 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage.html",
8515 "stability": "stable",
8516 "summary": "Represents an IAM Policy."
8517 },
8518 "fqn": "@aws-cdk/aws-iam.IPolicy",
8519 "interfaces": [
8520 "@aws-cdk/core.IResource"
8521 ],
8522 "kind": "interface",
8523 "locationInModule": {
8524 "filename": "lib/policy.ts",
8525 "line": 16
8526 },
8527 "name": "IPolicy",
8528 "properties": [
8529 {
8530 "abstract": true,
8531 "docs": {
8532 "custom": {
8533 "attribute": "true"
8534 },
8535 "stability": "stable",
8536 "summary": "The name of this policy."
8537 },
8538 "immutable": true,
8539 "locationInModule": {
8540 "filename": "lib/policy.ts",
8541 "line": 22
8542 },
8543 "name": "policyName",
8544 "type": {
8545 "primitive": "string"
8546 }
8547 }
8548 ],
8549 "symbolId": "lib/policy:IPolicy"
8550 },
8551 "@aws-cdk/aws-iam.IPrincipal": {
8552 "assembly": "@aws-cdk/aws-iam",
8553 "docs": {
8554 "remarks": "An IPrincipal describes a logical entity that can perform AWS API calls\nagainst sets of resources, optionally under certain conditions.\n\nExamples of simple principals are IAM objects that you create, such\nas Users or Roles.\n\nAn example of a more complex principals is a `ServicePrincipal` (such as\n`new ServicePrincipal(\"sns.amazonaws.com\")`, which represents the Simple\nNotifications Service).\n\nA single logical Principal may also map to a set of physical principals.\nFor example, `new OrganizationPrincipal('o-1234')` represents all\nidentities that are part of the given AWS Organization.",
8555 "stability": "stable",
8556 "summary": "Represents a logical IAM principal."
8557 },
8558 "fqn": "@aws-cdk/aws-iam.IPrincipal",
8559 "interfaces": [
8560 "@aws-cdk/aws-iam.IGrantable"
8561 ],
8562 "kind": "interface",
8563 "locationInModule": {
8564 "filename": "lib/principals.ts",
8565 "line": 37
8566 },
8567 "methods": [
8568 {
8569 "abstract": true,
8570 "docs": {
8571 "deprecated": "Use `addToPrincipalPolicy` instead.",
8572 "returns": "true if the statement was added, false if the principal in\nquestion does not have a policy document to add the statement to.",
8573 "stability": "deprecated",
8574 "summary": "Add to the policy of this principal."
8575 },
8576 "locationInModule": {
8577 "filename": "lib/principals.ts",
8578 "line": 65
8579 },
8580 "name": "addToPolicy",
8581 "parameters": [
8582 {
8583 "name": "statement",
8584 "type": {
8585 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
8586 }
8587 }
8588 ],
8589 "returns": {
8590 "type": {
8591 "primitive": "boolean"
8592 }
8593 }
8594 },
8595 {
8596 "abstract": true,
8597 "docs": {
8598 "stability": "stable",
8599 "summary": "Add to the policy of this principal."
8600 },
8601 "locationInModule": {
8602 "filename": "lib/principals.ts",
8603 "line": 70
8604 },
8605 "name": "addToPrincipalPolicy",
8606 "parameters": [
8607 {
8608 "name": "statement",
8609 "type": {
8610 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
8611 }
8612 }
8613 ],
8614 "returns": {
8615 "type": {
8616 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
8617 }
8618 }
8619 }
8620 ],
8621 "name": "IPrincipal",
8622 "properties": [
8623 {
8624 "abstract": true,
8625 "docs": {
8626 "stability": "stable",
8627 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
8628 },
8629 "immutable": true,
8630 "locationInModule": {
8631 "filename": "lib/principals.ts",
8632 "line": 41
8633 },
8634 "name": "assumeRoleAction",
8635 "type": {
8636 "primitive": "string"
8637 }
8638 },
8639 {
8640 "abstract": true,
8641 "docs": {
8642 "stability": "stable",
8643 "summary": "Return the policy fragment that identifies this principal in a Policy."
8644 },
8645 "immutable": true,
8646 "locationInModule": {
8647 "filename": "lib/principals.ts",
8648 "line": 46
8649 },
8650 "name": "policyFragment",
8651 "type": {
8652 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
8653 }
8654 },
8655 {
8656 "abstract": true,
8657 "docs": {
8658 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
8659 "stability": "stable",
8660 "summary": "The AWS account ID of this principal."
8661 },
8662 "immutable": true,
8663 "locationInModule": {
8664 "filename": "lib/principals.ts",
8665 "line": 55
8666 },
8667 "name": "principalAccount",
8668 "optional": true,
8669 "type": {
8670 "primitive": "string"
8671 }
8672 }
8673 ],
8674 "symbolId": "lib/principals:IPrincipal"
8675 },
8676 "@aws-cdk/aws-iam.IResourceWithPolicy": {
8677 "assembly": "@aws-cdk/aws-iam",
8678 "docs": {
8679 "stability": "stable",
8680 "summary": "A resource with a resource policy that can be added to."
8681 },
8682 "fqn": "@aws-cdk/aws-iam.IResourceWithPolicy",
8683 "interfaces": [
8684 "@aws-cdk/core.IResource"
8685 ],
8686 "kind": "interface",
8687 "locationInModule": {
8688 "filename": "lib/grant.ts",
8689 "line": 306
8690 },
8691 "methods": [
8692 {
8693 "abstract": true,
8694 "docs": {
8695 "stability": "stable",
8696 "summary": "Add a statement to the resource's resource policy."
8697 },
8698 "locationInModule": {
8699 "filename": "lib/grant.ts",
8700 "line": 310
8701 },
8702 "name": "addToResourcePolicy",
8703 "parameters": [
8704 {
8705 "name": "statement",
8706 "type": {
8707 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
8708 }
8709 }
8710 ],
8711 "returns": {
8712 "type": {
8713 "fqn": "@aws-cdk/aws-iam.AddToResourcePolicyResult"
8714 }
8715 }
8716 }
8717 ],
8718 "name": "IResourceWithPolicy",
8719 "symbolId": "lib/grant:IResourceWithPolicy"
8720 },
8721 "@aws-cdk/aws-iam.IRole": {
8722 "assembly": "@aws-cdk/aws-iam",
8723 "docs": {
8724 "stability": "stable",
8725 "summary": "A Role object."
8726 },
8727 "fqn": "@aws-cdk/aws-iam.IRole",
8728 "interfaces": [
8729 "@aws-cdk/aws-iam.IIdentity"
8730 ],
8731 "kind": "interface",
8732 "locationInModule": {
8733 "filename": "lib/role.ts",
8734 "line": 573
8735 },
8736 "methods": [
8737 {
8738 "abstract": true,
8739 "docs": {
8740 "stability": "stable",
8741 "summary": "Grant the actions defined in actions to the identity Principal on this resource."
8742 },
8743 "locationInModule": {
8744 "filename": "lib/role.ts",
8745 "line": 591
8746 },
8747 "name": "grant",
8748 "parameters": [
8749 {
8750 "name": "grantee",
8751 "type": {
8752 "fqn": "@aws-cdk/aws-iam.IPrincipal"
8753 }
8754 },
8755 {
8756 "name": "actions",
8757 "type": {
8758 "primitive": "string"
8759 },
8760 "variadic": true
8761 }
8762 ],
8763 "returns": {
8764 "type": {
8765 "fqn": "@aws-cdk/aws-iam.Grant"
8766 }
8767 },
8768 "variadic": true
8769 },
8770 {
8771 "abstract": true,
8772 "docs": {
8773 "stability": "stable",
8774 "summary": "Grant permissions to the given principal to assume this role."
8775 },
8776 "locationInModule": {
8777 "filename": "lib/role.ts",
8778 "line": 601
8779 },
8780 "name": "grantAssumeRole",
8781 "parameters": [
8782 {
8783 "name": "grantee",
8784 "type": {
8785 "fqn": "@aws-cdk/aws-iam.IPrincipal"
8786 }
8787 }
8788 ],
8789 "returns": {
8790 "type": {
8791 "fqn": "@aws-cdk/aws-iam.Grant"
8792 }
8793 }
8794 },
8795 {
8796 "abstract": true,
8797 "docs": {
8798 "stability": "stable",
8799 "summary": "Grant permissions to the given principal to pass this role."
8800 },
8801 "locationInModule": {
8802 "filename": "lib/role.ts",
8803 "line": 596
8804 },
8805 "name": "grantPassRole",
8806 "parameters": [
8807 {
8808 "name": "grantee",
8809 "type": {
8810 "fqn": "@aws-cdk/aws-iam.IPrincipal"
8811 }
8812 }
8813 ],
8814 "returns": {
8815 "type": {
8816 "fqn": "@aws-cdk/aws-iam.Grant"
8817 }
8818 }
8819 }
8820 ],
8821 "name": "IRole",
8822 "properties": [
8823 {
8824 "abstract": true,
8825 "docs": {
8826 "custom": {
8827 "attribute": "true"
8828 },
8829 "stability": "stable",
8830 "summary": "Returns the ARN of this role."
8831 },
8832 "immutable": true,
8833 "locationInModule": {
8834 "filename": "lib/role.ts",
8835 "line": 579
8836 },
8837 "name": "roleArn",
8838 "type": {
8839 "primitive": "string"
8840 }
8841 },
8842 {
8843 "abstract": true,
8844 "docs": {
8845 "custom": {
8846 "attribute": "true"
8847 },
8848 "stability": "stable",
8849 "summary": "Returns the name of this role."
8850 },
8851 "immutable": true,
8852 "locationInModule": {
8853 "filename": "lib/role.ts",
8854 "line": 586
8855 },
8856 "name": "roleName",
8857 "type": {
8858 "primitive": "string"
8859 }
8860 }
8861 ],
8862 "symbolId": "lib/role:IRole"
8863 },
8864 "@aws-cdk/aws-iam.ISamlProvider": {
8865 "assembly": "@aws-cdk/aws-iam",
8866 "docs": {
8867 "stability": "stable",
8868 "summary": "A SAML provider."
8869 },
8870 "fqn": "@aws-cdk/aws-iam.ISamlProvider",
8871 "interfaces": [
8872 "@aws-cdk/core.IResource"
8873 ],
8874 "kind": "interface",
8875 "locationInModule": {
8876 "filename": "lib/saml-provider.ts",
8877 "line": 9
8878 },
8879 "name": "ISamlProvider",
8880 "properties": [
8881 {
8882 "abstract": true,
8883 "docs": {
8884 "custom": {
8885 "attribute": "true"
8886 },
8887 "stability": "stable",
8888 "summary": "The Amazon Resource Name (ARN) of the provider."
8889 },
8890 "immutable": true,
8891 "locationInModule": {
8892 "filename": "lib/saml-provider.ts",
8893 "line": 15
8894 },
8895 "name": "samlProviderArn",
8896 "type": {
8897 "primitive": "string"
8898 }
8899 }
8900 ],
8901 "symbolId": "lib/saml-provider:ISamlProvider"
8902 },
8903 "@aws-cdk/aws-iam.IUser": {
8904 "assembly": "@aws-cdk/aws-iam",
8905 "docs": {
8906 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html",
8907 "stability": "stable",
8908 "summary": "Represents an IAM user."
8909 },
8910 "fqn": "@aws-cdk/aws-iam.IUser",
8911 "interfaces": [
8912 "@aws-cdk/aws-iam.IIdentity"
8913 ],
8914 "kind": "interface",
8915 "locationInModule": {
8916 "filename": "lib/user.ts",
8917 "line": 17
8918 },
8919 "methods": [
8920 {
8921 "abstract": true,
8922 "docs": {
8923 "stability": "stable",
8924 "summary": "Adds this user to a group."
8925 },
8926 "locationInModule": {
8927 "filename": "lib/user.ts",
8928 "line": 33
8929 },
8930 "name": "addToGroup",
8931 "parameters": [
8932 {
8933 "name": "group",
8934 "type": {
8935 "fqn": "@aws-cdk/aws-iam.IGroup"
8936 }
8937 }
8938 ]
8939 }
8940 ],
8941 "name": "IUser",
8942 "properties": [
8943 {
8944 "abstract": true,
8945 "docs": {
8946 "custom": {
8947 "attribute": "true"
8948 },
8949 "stability": "stable",
8950 "summary": "The user's ARN."
8951 },
8952 "immutable": true,
8953 "locationInModule": {
8954 "filename": "lib/user.ts",
8955 "line": 28
8956 },
8957 "name": "userArn",
8958 "type": {
8959 "primitive": "string"
8960 }
8961 },
8962 {
8963 "abstract": true,
8964 "docs": {
8965 "custom": {
8966 "attribute": "true"
8967 },
8968 "stability": "stable",
8969 "summary": "The user's name."
8970 },
8971 "immutable": true,
8972 "locationInModule": {
8973 "filename": "lib/user.ts",
8974 "line": 22
8975 },
8976 "name": "userName",
8977 "type": {
8978 "primitive": "string"
8979 }
8980 }
8981 ],
8982 "symbolId": "lib/user:IUser"
8983 },
8984 "@aws-cdk/aws-iam.LazyRole": {
8985 "assembly": "@aws-cdk/aws-iam",
8986 "base": "@aws-cdk/core.Resource",
8987 "docs": {
8988 "custom": {
8989 "resource": "AWS::IAM::Role",
8990 "exampleMetadata": "fixture=_generated"
8991 },
8992 "remarks": "This construct can be used to simplify logic in other constructs\nwhich need to create a role but only if certain configurations occur\n(such as when AutoScaling is configured). The role can be configured in one\nplace, but if it never gets used it doesn't get instantiated and will\nnot be synthesized or deployed.",
8993 "stability": "stable",
8994 "summary": "An IAM role that only gets attached to the construct tree once it gets used, not before.",
8995 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const managedPolicy: iam.ManagedPolicy;\ndeclare const policyDocument: iam.PolicyDocument;\ndeclare const principal: iam.IPrincipal;\nconst lazyRole = new iam.LazyRole(this, 'MyLazyRole', {\n assumedBy: principal,\n\n // the properties below are optional\n description: 'description',\n externalId: 'externalId',\n externalIds: ['externalIds'],\n inlinePolicies: {\n inlinePoliciesKey: policyDocument,\n },\n managedPolicies: [managedPolicy],\n maxSessionDuration: cdk.Duration.minutes(30),\n path: 'path',\n permissionsBoundary: managedPolicy,\n roleName: 'roleName',\n});"
8996 },
8997 "fqn": "@aws-cdk/aws-iam.LazyRole",
8998 "initializer": {
8999 "docs": {
9000 "stability": "stable"
9001 },
9002 "locationInModule": {
9003 "filename": "lib/lazy-role.ts",
9004 "line": 38
9005 },
9006 "parameters": [
9007 {
9008 "name": "scope",
9009 "type": {
9010 "fqn": "constructs.Construct"
9011 }
9012 },
9013 {
9014 "name": "id",
9015 "type": {
9016 "primitive": "string"
9017 }
9018 },
9019 {
9020 "name": "props",
9021 "type": {
9022 "fqn": "@aws-cdk/aws-iam.LazyRoleProps"
9023 }
9024 }
9025 ]
9026 },
9027 "interfaces": [
9028 "@aws-cdk/aws-iam.IRole"
9029 ],
9030 "kind": "class",
9031 "locationInModule": {
9032 "filename": "lib/lazy-role.ts",
9033 "line": 28
9034 },
9035 "methods": [
9036 {
9037 "docs": {
9038 "stability": "stable",
9039 "summary": "Attaches a managed policy to this role."
9040 },
9041 "locationInModule": {
9042 "filename": "lib/lazy-role.ts",
9043 "line": 76
9044 },
9045 "name": "addManagedPolicy",
9046 "overrides": "@aws-cdk/aws-iam.IIdentity",
9047 "parameters": [
9048 {
9049 "docs": {
9050 "summary": "The managed policy to attach."
9051 },
9052 "name": "policy",
9053 "type": {
9054 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
9055 }
9056 }
9057 ]
9058 },
9059 {
9060 "docs": {
9061 "stability": "stable",
9062 "summary": "Add to the policy of this principal."
9063 },
9064 "locationInModule": {
9065 "filename": "lib/lazy-role.ts",
9066 "line": 56
9067 },
9068 "name": "addToPolicy",
9069 "overrides": "@aws-cdk/aws-iam.IPrincipal",
9070 "parameters": [
9071 {
9072 "name": "statement",
9073 "type": {
9074 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
9075 }
9076 }
9077 ],
9078 "returns": {
9079 "type": {
9080 "primitive": "boolean"
9081 }
9082 }
9083 },
9084 {
9085 "docs": {
9086 "remarks": "If there is no default policy attached to this role, it will be created.",
9087 "stability": "stable",
9088 "summary": "Adds a permission to the role's default policy document."
9089 },
9090 "locationInModule": {
9091 "filename": "lib/lazy-role.ts",
9092 "line": 47
9093 },
9094 "name": "addToPrincipalPolicy",
9095 "overrides": "@aws-cdk/aws-iam.IPrincipal",
9096 "parameters": [
9097 {
9098 "docs": {
9099 "summary": "The permission statement to add to the policy document."
9100 },
9101 "name": "statement",
9102 "type": {
9103 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
9104 }
9105 }
9106 ],
9107 "returns": {
9108 "type": {
9109 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
9110 }
9111 }
9112 },
9113 {
9114 "docs": {
9115 "stability": "stable",
9116 "summary": "Attaches a policy to this role."
9117 },
9118 "locationInModule": {
9119 "filename": "lib/lazy-role.ts",
9120 "line": 64
9121 },
9122 "name": "attachInlinePolicy",
9123 "overrides": "@aws-cdk/aws-iam.IIdentity",
9124 "parameters": [
9125 {
9126 "docs": {
9127 "summary": "The policy to attach."
9128 },
9129 "name": "policy",
9130 "type": {
9131 "fqn": "@aws-cdk/aws-iam.Policy"
9132 }
9133 }
9134 ]
9135 },
9136 {
9137 "docs": {
9138 "stability": "stable",
9139 "summary": "Grant the actions defined in actions to the identity Principal on this resource."
9140 },
9141 "locationInModule": {
9142 "filename": "lib/lazy-role.ts",
9143 "line": 111
9144 },
9145 "name": "grant",
9146 "overrides": "@aws-cdk/aws-iam.IRole",
9147 "parameters": [
9148 {
9149 "name": "identity",
9150 "type": {
9151 "fqn": "@aws-cdk/aws-iam.IPrincipal"
9152 }
9153 },
9154 {
9155 "name": "actions",
9156 "type": {
9157 "primitive": "string"
9158 },
9159 "variadic": true
9160 }
9161 ],
9162 "returns": {
9163 "type": {
9164 "fqn": "@aws-cdk/aws-iam.Grant"
9165 }
9166 },
9167 "variadic": true
9168 },
9169 {
9170 "docs": {
9171 "stability": "stable",
9172 "summary": "Grant permissions to the given principal to assume this role."
9173 },
9174 "locationInModule": {
9175 "filename": "lib/lazy-role.ts",
9176 "line": 125
9177 },
9178 "name": "grantAssumeRole",
9179 "overrides": "@aws-cdk/aws-iam.IRole",
9180 "parameters": [
9181 {
9182 "name": "identity",
9183 "type": {
9184 "fqn": "@aws-cdk/aws-iam.IPrincipal"
9185 }
9186 }
9187 ],
9188 "returns": {
9189 "type": {
9190 "fqn": "@aws-cdk/aws-iam.Grant"
9191 }
9192 }
9193 },
9194 {
9195 "docs": {
9196 "stability": "stable",
9197 "summary": "Grant permissions to the given principal to pass this role."
9198 },
9199 "locationInModule": {
9200 "filename": "lib/lazy-role.ts",
9201 "line": 118
9202 },
9203 "name": "grantPassRole",
9204 "overrides": "@aws-cdk/aws-iam.IRole",
9205 "parameters": [
9206 {
9207 "name": "identity",
9208 "type": {
9209 "fqn": "@aws-cdk/aws-iam.IPrincipal"
9210 }
9211 }
9212 ],
9213 "returns": {
9214 "type": {
9215 "fqn": "@aws-cdk/aws-iam.Grant"
9216 }
9217 }
9218 }
9219 ],
9220 "name": "LazyRole",
9221 "properties": [
9222 {
9223 "docs": {
9224 "stability": "stable",
9225 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
9226 },
9227 "immutable": true,
9228 "locationInModule": {
9229 "filename": "lib/lazy-role.ts",
9230 "line": 31
9231 },
9232 "name": "assumeRoleAction",
9233 "overrides": "@aws-cdk/aws-iam.IPrincipal",
9234 "type": {
9235 "primitive": "string"
9236 }
9237 },
9238 {
9239 "docs": {
9240 "stability": "stable",
9241 "summary": "The principal to grant permissions to."
9242 },
9243 "immutable": true,
9244 "locationInModule": {
9245 "filename": "lib/lazy-role.ts",
9246 "line": 29
9247 },
9248 "name": "grantPrincipal",
9249 "overrides": "@aws-cdk/aws-iam.IGrantable",
9250 "type": {
9251 "fqn": "@aws-cdk/aws-iam.IPrincipal"
9252 }
9253 },
9254 {
9255 "docs": {
9256 "stability": "stable",
9257 "summary": "Return the policy fragment that identifies this principal in a Policy."
9258 },
9259 "immutable": true,
9260 "locationInModule": {
9261 "filename": "lib/lazy-role.ts",
9262 "line": 104
9263 },
9264 "name": "policyFragment",
9265 "overrides": "@aws-cdk/aws-iam.IPrincipal",
9266 "type": {
9267 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
9268 }
9269 },
9270 {
9271 "docs": {
9272 "stability": "stable",
9273 "summary": "Returns the ARN of this role."
9274 },
9275 "immutable": true,
9276 "locationInModule": {
9277 "filename": "lib/lazy-role.ts",
9278 "line": 87
9279 },
9280 "name": "roleArn",
9281 "overrides": "@aws-cdk/aws-iam.IRole",
9282 "type": {
9283 "primitive": "string"
9284 }
9285 },
9286 {
9287 "docs": {
9288 "custom": {
9289 "attribute": "true"
9290 },
9291 "stability": "stable",
9292 "summary": "Returns the stable and unique string identifying the role (i.e. AIDAJQABLZS4A3QDU576Q)."
9293 },
9294 "immutable": true,
9295 "locationInModule": {
9296 "filename": "lib/lazy-role.ts",
9297 "line": 96
9298 },
9299 "name": "roleId",
9300 "type": {
9301 "primitive": "string"
9302 }
9303 },
9304 {
9305 "docs": {
9306 "stability": "stable",
9307 "summary": "Returns the name of this role."
9308 },
9309 "immutable": true,
9310 "locationInModule": {
9311 "filename": "lib/lazy-role.ts",
9312 "line": 100
9313 },
9314 "name": "roleName",
9315 "overrides": "@aws-cdk/aws-iam.IRole",
9316 "type": {
9317 "primitive": "string"
9318 }
9319 },
9320 {
9321 "docs": {
9322 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
9323 "stability": "stable",
9324 "summary": "The AWS account ID of this principal."
9325 },
9326 "immutable": true,
9327 "locationInModule": {
9328 "filename": "lib/lazy-role.ts",
9329 "line": 30
9330 },
9331 "name": "principalAccount",
9332 "optional": true,
9333 "overrides": "@aws-cdk/aws-iam.IPrincipal",
9334 "type": {
9335 "primitive": "string"
9336 }
9337 }
9338 ],
9339 "symbolId": "lib/lazy-role:LazyRole"
9340 },
9341 "@aws-cdk/aws-iam.LazyRoleProps": {
9342 "assembly": "@aws-cdk/aws-iam",
9343 "datatype": true,
9344 "docs": {
9345 "stability": "stable",
9346 "summary": "Properties for defining a LazyRole.",
9347 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const managedPolicy: iam.ManagedPolicy;\ndeclare const policyDocument: iam.PolicyDocument;\ndeclare const principal: iam.IPrincipal;\nconst lazyRoleProps: iam.LazyRoleProps = {\n assumedBy: principal,\n\n // the properties below are optional\n description: 'description',\n externalId: 'externalId',\n externalIds: ['externalIds'],\n inlinePolicies: {\n inlinePoliciesKey: policyDocument,\n },\n managedPolicies: [managedPolicy],\n maxSessionDuration: cdk.Duration.minutes(30),\n path: 'path',\n permissionsBoundary: managedPolicy,\n roleName: 'roleName',\n};",
9348 "custom": {
9349 "exampleMetadata": "fixture=_generated"
9350 }
9351 },
9352 "fqn": "@aws-cdk/aws-iam.LazyRoleProps",
9353 "interfaces": [
9354 "@aws-cdk/aws-iam.RoleProps"
9355 ],
9356 "kind": "interface",
9357 "locationInModule": {
9358 "filename": "lib/lazy-role.ts",
9359 "line": 13
9360 },
9361 "name": "LazyRoleProps",
9362 "symbolId": "lib/lazy-role:LazyRoleProps"
9363 },
9364 "@aws-cdk/aws-iam.ManagedPolicy": {
9365 "assembly": "@aws-cdk/aws-iam",
9366 "base": "@aws-cdk/core.Resource",
9367 "docs": {
9368 "stability": "stable",
9369 "summary": "Managed policy.",
9370 "example": "const myRole = new iam.Role(this, 'My Role', {\n assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),\n});\n\nconst fn = new lambda.Function(this, 'MyFunction', {\n runtime: lambda.Runtime.NODEJS_16_X,\n handler: 'index.handler',\n code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')),\n role: myRole, // user-provided role\n});\n\nmyRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName(\"service-role/AWSLambdaBasicExecutionRole\"));\nmyRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName(\"service-role/AWSLambdaVPCAccessExecutionRole\")); // only required if your function lives in a VPC",
9371 "custom": {
9372 "exampleMetadata": "infused"
9373 }
9374 },
9375 "fqn": "@aws-cdk/aws-iam.ManagedPolicy",
9376 "initializer": {
9377 "docs": {
9378 "stability": "stable"
9379 },
9380 "locationInModule": {
9381 "filename": "lib/managed-policy.ts",
9382 "line": 208
9383 },
9384 "parameters": [
9385 {
9386 "name": "scope",
9387 "type": {
9388 "fqn": "constructs.Construct"
9389 }
9390 },
9391 {
9392 "name": "id",
9393 "type": {
9394 "primitive": "string"
9395 }
9396 },
9397 {
9398 "name": "props",
9399 "optional": true,
9400 "type": {
9401 "fqn": "@aws-cdk/aws-iam.ManagedPolicyProps"
9402 }
9403 }
9404 ]
9405 },
9406 "interfaces": [
9407 "@aws-cdk/aws-iam.IManagedPolicy"
9408 ],
9409 "kind": "class",
9410 "locationInModule": {
9411 "filename": "lib/managed-policy.ts",
9412 "line": 102
9413 },
9414 "methods": [
9415 {
9416 "docs": {
9417 "remarks": "For this managed policy, you only need to know the name to be able to use it.\n\nSome managed policy names start with \"service-role/\", some start with\n\"job-function/\", and some don't start with anything. Include the\nprefix when constructing this object.",
9418 "stability": "stable",
9419 "summary": "Import a managed policy from one of the policies that AWS manages."
9420 },
9421 "locationInModule": {
9422 "filename": "lib/managed-policy.ts",
9423 "line": 157
9424 },
9425 "name": "fromAwsManagedPolicyName",
9426 "parameters": [
9427 {
9428 "name": "managedPolicyName",
9429 "type": {
9430 "primitive": "string"
9431 }
9432 }
9433 ],
9434 "returns": {
9435 "type": {
9436 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
9437 }
9438 },
9439 "static": true
9440 },
9441 {
9442 "docs": {
9443 "remarks": "For this managed policy, you only need to know the ARN to be able to use it.\nThis can be useful if you got the ARN from a CloudFormation Export.\n\nIf the imported Managed Policy ARN is a Token (such as a\n`CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced\nmanaged policy has a `path` (like `arn:...:policy/AdminPolicy/AdminAllow`), the\n`managedPolicyName` property will not resolve to the correct value. Instead it\nwill resolve to the first path component. We unfortunately cannot express\nthe correct calculation of the full path name as a CloudFormation\nexpression. In this scenario the Managed Policy ARN should be supplied without the\n`path` in order to resolve the correct managed policy resource.",
9444 "stability": "stable",
9445 "summary": "Import an external managed policy by ARN."
9446 },
9447 "locationInModule": {
9448 "filename": "lib/managed-policy.ts",
9449 "line": 141
9450 },
9451 "name": "fromManagedPolicyArn",
9452 "parameters": [
9453 {
9454 "docs": {
9455 "summary": "construct scope."
9456 },
9457 "name": "scope",
9458 "type": {
9459 "fqn": "constructs.Construct"
9460 }
9461 },
9462 {
9463 "docs": {
9464 "summary": "construct id."
9465 },
9466 "name": "id",
9467 "type": {
9468 "primitive": "string"
9469 }
9470 },
9471 {
9472 "docs": {
9473 "summary": "the ARN of the managed policy to import."
9474 },
9475 "name": "managedPolicyArn",
9476 "type": {
9477 "primitive": "string"
9478 }
9479 }
9480 ],
9481 "returns": {
9482 "type": {
9483 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
9484 }
9485 },
9486 "static": true
9487 },
9488 {
9489 "docs": {
9490 "remarks": "For this managed policy, you only need to know the name to be able to use it.",
9491 "stability": "stable",
9492 "summary": "Import a customer managed policy from the managedPolicyName."
9493 },
9494 "locationInModule": {
9495 "filename": "lib/managed-policy.ts",
9496 "line": 109
9497 },
9498 "name": "fromManagedPolicyName",
9499 "parameters": [
9500 {
9501 "name": "scope",
9502 "type": {
9503 "fqn": "constructs.Construct"
9504 }
9505 },
9506 {
9507 "name": "id",
9508 "type": {
9509 "primitive": "string"
9510 }
9511 },
9512 {
9513 "name": "managedPolicyName",
9514 "type": {
9515 "primitive": "string"
9516 }
9517 }
9518 ],
9519 "returns": {
9520 "type": {
9521 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
9522 }
9523 },
9524 "static": true
9525 },
9526 {
9527 "docs": {
9528 "stability": "stable",
9529 "summary": "Adds a statement to the policy document."
9530 },
9531 "locationInModule": {
9532 "filename": "lib/managed-policy.ts",
9533 "line": 259
9534 },
9535 "name": "addStatements",
9536 "parameters": [
9537 {
9538 "name": "statement",
9539 "type": {
9540 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
9541 },
9542 "variadic": true
9543 }
9544 ],
9545 "variadic": true
9546 },
9547 {
9548 "docs": {
9549 "stability": "stable",
9550 "summary": "Attaches this policy to a group."
9551 },
9552 "locationInModule": {
9553 "filename": "lib/managed-policy.ts",
9554 "line": 282
9555 },
9556 "name": "attachToGroup",
9557 "parameters": [
9558 {
9559 "name": "group",
9560 "type": {
9561 "fqn": "@aws-cdk/aws-iam.IGroup"
9562 }
9563 }
9564 ]
9565 },
9566 {
9567 "docs": {
9568 "stability": "stable",
9569 "summary": "Attaches this policy to a role."
9570 },
9571 "locationInModule": {
9572 "filename": "lib/managed-policy.ts",
9573 "line": 274
9574 },
9575 "name": "attachToRole",
9576 "parameters": [
9577 {
9578 "name": "role",
9579 "type": {
9580 "fqn": "@aws-cdk/aws-iam.IRole"
9581 }
9582 }
9583 ]
9584 },
9585 {
9586 "docs": {
9587 "stability": "stable",
9588 "summary": "Attaches this policy to a user."
9589 },
9590 "locationInModule": {
9591 "filename": "lib/managed-policy.ts",
9592 "line": 266
9593 },
9594 "name": "attachToUser",
9595 "parameters": [
9596 {
9597 "name": "user",
9598 "type": {
9599 "fqn": "@aws-cdk/aws-iam.IUser"
9600 }
9601 }
9602 ]
9603 },
9604 {
9605 "docs": {
9606 "remarks": "This method can be implemented by derived constructs in order to perform\nvalidation logic. It is called on all constructs before synthesis.",
9607 "stability": "stable",
9608 "summary": "Validate the current construct."
9609 },
9610 "locationInModule": {
9611 "filename": "lib/managed-policy.ts",
9612 "line": 287
9613 },
9614 "name": "validate",
9615 "overrides": "@aws-cdk/core.Construct",
9616 "protected": true,
9617 "returns": {
9618 "type": {
9619 "collection": {
9620 "elementtype": {
9621 "primitive": "string"
9622 },
9623 "kind": "array"
9624 }
9625 }
9626 }
9627 }
9628 ],
9629 "name": "ManagedPolicy",
9630 "properties": [
9631 {
9632 "docs": {
9633 "custom": {
9634 "attribute": "true"
9635 },
9636 "stability": "stable",
9637 "summary": "The description of this policy."
9638 },
9639 "immutable": true,
9640 "locationInModule": {
9641 "filename": "lib/managed-policy.ts",
9642 "line": 195
9643 },
9644 "name": "description",
9645 "type": {
9646 "primitive": "string"
9647 }
9648 },
9649 {
9650 "docs": {
9651 "stability": "stable",
9652 "summary": "The policy document."
9653 },
9654 "immutable": true,
9655 "locationInModule": {
9656 "filename": "lib/managed-policy.ts",
9657 "line": 181
9658 },
9659 "name": "document",
9660 "type": {
9661 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
9662 }
9663 },
9664 {
9665 "docs": {
9666 "custom": {
9667 "attribute": "true"
9668 },
9669 "stability": "stable",
9670 "summary": "Returns the ARN of this managed policy."
9671 },
9672 "immutable": true,
9673 "locationInModule": {
9674 "filename": "lib/managed-policy.ts",
9675 "line": 176
9676 },
9677 "name": "managedPolicyArn",
9678 "overrides": "@aws-cdk/aws-iam.IManagedPolicy",
9679 "type": {
9680 "primitive": "string"
9681 }
9682 },
9683 {
9684 "docs": {
9685 "custom": {
9686 "attribute": "true"
9687 },
9688 "stability": "stable",
9689 "summary": "The name of this policy."
9690 },
9691 "immutable": true,
9692 "locationInModule": {
9693 "filename": "lib/managed-policy.ts",
9694 "line": 188
9695 },
9696 "name": "managedPolicyName",
9697 "type": {
9698 "primitive": "string"
9699 }
9700 },
9701 {
9702 "docs": {
9703 "custom": {
9704 "attribute": "true"
9705 },
9706 "stability": "stable",
9707 "summary": "The path of this policy."
9708 },
9709 "immutable": true,
9710 "locationInModule": {
9711 "filename": "lib/managed-policy.ts",
9712 "line": 202
9713 },
9714 "name": "path",
9715 "type": {
9716 "primitive": "string"
9717 }
9718 }
9719 ],
9720 "symbolId": "lib/managed-policy:ManagedPolicy"
9721 },
9722 "@aws-cdk/aws-iam.ManagedPolicyProps": {
9723 "assembly": "@aws-cdk/aws-iam",
9724 "datatype": true,
9725 "docs": {
9726 "stability": "stable",
9727 "summary": "Properties for defining an IAM managed policy.",
9728 "example": "const policyDocument = {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"FirstStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\"iam:ChangePassword\"],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"SecondStatement\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListAllMyBuckets\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"ThirdStatement\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:List*\",\n \"s3:Get*\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::confidential-data\",\n \"arn:aws:s3:::confidential-data/*\"\n ],\n \"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": \"true\"}}\n }\n ]\n};\n\nconst customPolicyDocument = iam.PolicyDocument.fromJson(policyDocument);\n\n// You can pass this document as an initial document to a ManagedPolicy\n// or inline Policy.\nconst newManagedPolicy = new iam.ManagedPolicy(this, 'MyNewManagedPolicy', {\n document: customPolicyDocument,\n});\nconst newPolicy = new iam.Policy(this, 'MyNewPolicy', {\n document: customPolicyDocument,\n});",
9729 "custom": {
9730 "exampleMetadata": "infused"
9731 }
9732 },
9733 "fqn": "@aws-cdk/aws-iam.ManagedPolicyProps",
9734 "kind": "interface",
9735 "locationInModule": {
9736 "filename": "lib/managed-policy.ts",
9737 "line": 25
9738 },
9739 "name": "ManagedPolicyProps",
9740 "properties": [
9741 {
9742 "abstract": true,
9743 "docs": {
9744 "default": "- empty",
9745 "remarks": "Typically used to store information about the\npermissions defined in the policy. For example, \"Grants access to production DynamoDB tables.\"\nThe policy description is immutable. After a value is assigned, it cannot be changed.",
9746 "stability": "stable",
9747 "summary": "A description of the managed policy."
9748 },
9749 "immutable": true,
9750 "locationInModule": {
9751 "filename": "lib/managed-policy.ts",
9752 "line": 42
9753 },
9754 "name": "description",
9755 "optional": true,
9756 "type": {
9757 "primitive": "string"
9758 }
9759 },
9760 {
9761 "abstract": true,
9762 "docs": {
9763 "default": "- An empty policy.",
9764 "remarks": "If omited, any\n`PolicyStatement` provided in the `statements` property will be applied\nagainst the empty default `PolicyDocument`.",
9765 "stability": "stable",
9766 "summary": "Initial PolicyDocument to use for this ManagedPolicy."
9767 },
9768 "immutable": true,
9769 "locationInModule": {
9770 "filename": "lib/managed-policy.ts",
9771 "line": 95
9772 },
9773 "name": "document",
9774 "optional": true,
9775 "type": {
9776 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
9777 }
9778 },
9779 {
9780 "abstract": true,
9781 "docs": {
9782 "default": "- No groups.",
9783 "remarks": "You can also use `attachToGroup(group)` to attach this policy to a group.",
9784 "stability": "stable",
9785 "summary": "Groups to attach this policy to."
9786 },
9787 "immutable": true,
9788 "locationInModule": {
9789 "filename": "lib/managed-policy.ts",
9790 "line": 78
9791 },
9792 "name": "groups",
9793 "optional": true,
9794 "type": {
9795 "collection": {
9796 "elementtype": {
9797 "fqn": "@aws-cdk/aws-iam.IGroup"
9798 },
9799 "kind": "array"
9800 }
9801 }
9802 },
9803 {
9804 "abstract": true,
9805 "docs": {
9806 "default": "- A name is automatically generated.",
9807 "remarks": "If you specify multiple policies for an entity,\nspecify unique names. For example, if you specify a list of policies for\nan IAM role, each policy must have a unique name.",
9808 "stability": "stable",
9809 "summary": "The name of the managed policy."
9810 },
9811 "immutable": true,
9812 "locationInModule": {
9813 "filename": "lib/managed-policy.ts",
9814 "line": 33
9815 },
9816 "name": "managedPolicyName",
9817 "optional": true,
9818 "type": {
9819 "primitive": "string"
9820 }
9821 },
9822 {
9823 "abstract": true,
9824 "docs": {
9825 "default": "- \"/\"",
9826 "remarks": "This parameter allows (through its regex pattern) a string of characters\nconsisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes.\nIn addition, it can contain any ASCII character from the ! (\\u0021) through the DEL character (\\u007F),\nincluding most punctuation characters, digits, and upper and lowercased letters.\n\nFor more information about paths, see IAM Identifiers in the IAM User Guide.",
9827 "stability": "stable",
9828 "summary": "The path for the policy."
9829 },
9830 "immutable": true,
9831 "locationInModule": {
9832 "filename": "lib/managed-policy.ts",
9833 "line": 54
9834 },
9835 "name": "path",
9836 "optional": true,
9837 "type": {
9838 "primitive": "string"
9839 }
9840 },
9841 {
9842 "abstract": true,
9843 "docs": {
9844 "default": "- No roles.",
9845 "remarks": "You can also use `attachToRole(role)` to attach this policy to a role.",
9846 "stability": "stable",
9847 "summary": "Roles to attach this policy to."
9848 },
9849 "immutable": true,
9850 "locationInModule": {
9851 "filename": "lib/managed-policy.ts",
9852 "line": 70
9853 },
9854 "name": "roles",
9855 "optional": true,
9856 "type": {
9857 "collection": {
9858 "elementtype": {
9859 "fqn": "@aws-cdk/aws-iam.IRole"
9860 },
9861 "kind": "array"
9862 }
9863 }
9864 },
9865 {
9866 "abstract": true,
9867 "docs": {
9868 "default": "- No statements.",
9869 "remarks": "You can also use `addPermission(statement)` to add permissions later.",
9870 "stability": "stable",
9871 "summary": "Initial set of permissions to add to this policy document."
9872 },
9873 "immutable": true,
9874 "locationInModule": {
9875 "filename": "lib/managed-policy.ts",
9876 "line": 86
9877 },
9878 "name": "statements",
9879 "optional": true,
9880 "type": {
9881 "collection": {
9882 "elementtype": {
9883 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
9884 },
9885 "kind": "array"
9886 }
9887 }
9888 },
9889 {
9890 "abstract": true,
9891 "docs": {
9892 "default": "- No users.",
9893 "remarks": "You can also use `attachToUser(user)` to attach this policy to a user.",
9894 "stability": "stable",
9895 "summary": "Users to attach this policy to."
9896 },
9897 "immutable": true,
9898 "locationInModule": {
9899 "filename": "lib/managed-policy.ts",
9900 "line": 62
9901 },
9902 "name": "users",
9903 "optional": true,
9904 "type": {
9905 "collection": {
9906 "elementtype": {
9907 "fqn": "@aws-cdk/aws-iam.IUser"
9908 },
9909 "kind": "array"
9910 }
9911 }
9912 }
9913 ],
9914 "symbolId": "lib/managed-policy:ManagedPolicyProps"
9915 },
9916 "@aws-cdk/aws-iam.OpenIdConnectPrincipal": {
9917 "assembly": "@aws-cdk/aws-iam",
9918 "base": "@aws-cdk/aws-iam.WebIdentityPrincipal",
9919 "docs": {
9920 "stability": "stable",
9921 "summary": "A principal that represents a federated identity provider as from a OpenID Connect provider.",
9922 "example": "const provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});\nconst principal = new iam.OpenIdConnectPrincipal(provider);",
9923 "custom": {
9924 "exampleMetadata": "infused"
9925 }
9926 },
9927 "fqn": "@aws-cdk/aws-iam.OpenIdConnectPrincipal",
9928 "initializer": {
9929 "docs": {
9930 "stability": "stable"
9931 },
9932 "locationInModule": {
9933 "filename": "lib/principals.ts",
9934 "line": 672
9935 },
9936 "parameters": [
9937 {
9938 "docs": {
9939 "summary": "OpenID Connect provider."
9940 },
9941 "name": "openIdConnectProvider",
9942 "type": {
9943 "fqn": "@aws-cdk/aws-iam.IOpenIdConnectProvider"
9944 }
9945 },
9946 {
9947 "docs": {
9948 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
9949 "summary": "The conditions under which the policy is in effect."
9950 },
9951 "name": "conditions",
9952 "optional": true,
9953 "type": {
9954 "collection": {
9955 "elementtype": {
9956 "primitive": "any"
9957 },
9958 "kind": "map"
9959 }
9960 }
9961 }
9962 ]
9963 },
9964 "kind": "class",
9965 "locationInModule": {
9966 "filename": "lib/principals.ts",
9967 "line": 664
9968 },
9969 "methods": [
9970 {
9971 "docs": {
9972 "stability": "stable",
9973 "summary": "Returns a string representation of an object."
9974 },
9975 "locationInModule": {
9976 "filename": "lib/principals.ts",
9977 "line": 680
9978 },
9979 "name": "toString",
9980 "overrides": "@aws-cdk/aws-iam.WebIdentityPrincipal",
9981 "returns": {
9982 "type": {
9983 "primitive": "string"
9984 }
9985 }
9986 }
9987 ],
9988 "name": "OpenIdConnectPrincipal",
9989 "properties": [
9990 {
9991 "docs": {
9992 "stability": "stable",
9993 "summary": "Return the policy fragment that identifies this principal in a Policy."
9994 },
9995 "immutable": true,
9996 "locationInModule": {
9997 "filename": "lib/principals.ts",
9998 "line": 676
9999 },
10000 "name": "policyFragment",
10001 "overrides": "@aws-cdk/aws-iam.WebIdentityPrincipal",
10002 "type": {
10003 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
10004 }
10005 }
10006 ],
10007 "symbolId": "lib/principals:OpenIdConnectPrincipal"
10008 },
10009 "@aws-cdk/aws-iam.OpenIdConnectProvider": {
10010 "assembly": "@aws-cdk/aws-iam",
10011 "base": "@aws-cdk/core.Resource",
10012 "docs": {
10013 "custom": {
10014 "resource": "AWS::CloudFormation::CustomResource",
10015 "exampleMetadata": "infused"
10016 },
10017 "remarks": "You use an IAM OIDC identity provider\nwhen you want to establish trust between an OIDC-compatible IdP and your AWS\naccount. This is useful when creating a mobile app or web application that\nrequires access to AWS resources, but you don't want to create custom sign-in\ncode or manage your own user identities.",
10018 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html",
10019 "stability": "stable",
10020 "summary": "IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce.",
10021 "example": "const provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});"
10022 },
10023 "fqn": "@aws-cdk/aws-iam.OpenIdConnectProvider",
10024 "initializer": {
10025 "docs": {
10026 "stability": "stable",
10027 "summary": "Defines an OpenID Connect provider."
10028 },
10029 "locationInModule": {
10030 "filename": "lib/oidc-provider.ts",
10031 "line": 140
10032 },
10033 "parameters": [
10034 {
10035 "docs": {
10036 "summary": "The definition scope."
10037 },
10038 "name": "scope",
10039 "type": {
10040 "fqn": "constructs.Construct"
10041 }
10042 },
10043 {
10044 "docs": {
10045 "summary": "Construct ID."
10046 },
10047 "name": "id",
10048 "type": {
10049 "primitive": "string"
10050 }
10051 },
10052 {
10053 "docs": {
10054 "summary": "Initialization properties."
10055 },
10056 "name": "props",
10057 "type": {
10058 "fqn": "@aws-cdk/aws-iam.OpenIdConnectProviderProps"
10059 }
10060 }
10061 ]
10062 },
10063 "interfaces": [
10064 "@aws-cdk/aws-iam.IOpenIdConnectProvider"
10065 ],
10066 "kind": "class",
10067 "locationInModule": {
10068 "filename": "lib/oidc-provider.ts",
10069 "line": 104
10070 },
10071 "methods": [
10072 {
10073 "docs": {
10074 "stability": "stable",
10075 "summary": "Imports an Open ID connect provider from an ARN."
10076 },
10077 "locationInModule": {
10078 "filename": "lib/oidc-provider.ts",
10079 "line": 111
10080 },
10081 "name": "fromOpenIdConnectProviderArn",
10082 "parameters": [
10083 {
10084 "docs": {
10085 "summary": "The definition scope."
10086 },
10087 "name": "scope",
10088 "type": {
10089 "fqn": "constructs.Construct"
10090 }
10091 },
10092 {
10093 "docs": {
10094 "summary": "ID of the construct."
10095 },
10096 "name": "id",
10097 "type": {
10098 "primitive": "string"
10099 }
10100 },
10101 {
10102 "docs": {
10103 "summary": "the ARN to import."
10104 },
10105 "name": "openIdConnectProviderArn",
10106 "type": {
10107 "primitive": "string"
10108 }
10109 }
10110 ],
10111 "returns": {
10112 "type": {
10113 "fqn": "@aws-cdk/aws-iam.IOpenIdConnectProvider"
10114 }
10115 },
10116 "static": true
10117 }
10118 ],
10119 "name": "OpenIdConnectProvider",
10120 "properties": [
10121 {
10122 "docs": {
10123 "stability": "stable",
10124 "summary": "The Amazon Resource Name (ARN) of the IAM OpenID Connect provider."
10125 },
10126 "immutable": true,
10127 "locationInModule": {
10128 "filename": "lib/oidc-provider.ts",
10129 "line": 125
10130 },
10131 "name": "openIdConnectProviderArn",
10132 "overrides": "@aws-cdk/aws-iam.IOpenIdConnectProvider",
10133 "type": {
10134 "primitive": "string"
10135 }
10136 },
10137 {
10138 "docs": {
10139 "stability": "stable",
10140 "summary": "The issuer for OIDC Provider."
10141 },
10142 "immutable": true,
10143 "locationInModule": {
10144 "filename": "lib/oidc-provider.ts",
10145 "line": 127
10146 },
10147 "name": "openIdConnectProviderIssuer",
10148 "overrides": "@aws-cdk/aws-iam.IOpenIdConnectProvider",
10149 "type": {
10150 "primitive": "string"
10151 }
10152 },
10153 {
10154 "docs": {
10155 "stability": "stable",
10156 "summary": "The thumbprints configured for this provider."
10157 },
10158 "immutable": true,
10159 "locationInModule": {
10160 "filename": "lib/oidc-provider.ts",
10161 "line": 132
10162 },
10163 "name": "openIdConnectProviderthumbprints",
10164 "type": {
10165 "primitive": "string"
10166 }
10167 }
10168 ],
10169 "symbolId": "lib/oidc-provider:OpenIdConnectProvider"
10170 },
10171 "@aws-cdk/aws-iam.OpenIdConnectProviderProps": {
10172 "assembly": "@aws-cdk/aws-iam",
10173 "datatype": true,
10174 "docs": {
10175 "stability": "stable",
10176 "summary": "Initialization properties for `OpenIdConnectProvider`.",
10177 "example": "const provider = new iam.OpenIdConnectProvider(this, 'MyProvider', {\n url: 'https://openid/connect',\n clientIds: [ 'myclient1', 'myclient2' ],\n});",
10178 "custom": {
10179 "exampleMetadata": "infused"
10180 }
10181 },
10182 "fqn": "@aws-cdk/aws-iam.OpenIdConnectProviderProps",
10183 "kind": "interface",
10184 "locationInModule": {
10185 "filename": "lib/oidc-provider.ts",
10186 "line": 34
10187 },
10188 "name": "OpenIdConnectProviderProps",
10189 "properties": [
10190 {
10191 "abstract": true,
10192 "docs": {
10193 "remarks": "The URL must begin with https:// and\nshould correspond to the iss claim in the provider's OpenID Connect ID\ntokens. Per the OIDC standard, path components are allowed but query\nparameters are not. Typically the URL consists of only a hostname, like\nhttps://server.example.org or https://example.com.\n\nYou cannot register the same provider multiple times in a single AWS\naccount. If you try to submit a URL that has already been used for an\nOpenID Connect provider in the AWS account, you will get an error.",
10194 "stability": "stable",
10195 "summary": "The URL of the identity provider."
10196 },
10197 "immutable": true,
10198 "locationInModule": {
10199 "filename": "lib/oidc-provider.ts",
10200 "line": 46
10201 },
10202 "name": "url",
10203 "type": {
10204 "primitive": "string"
10205 }
10206 },
10207 {
10208 "abstract": true,
10209 "docs": {
10210 "default": "- no clients are allowed",
10211 "remarks": "When a mobile or web app\nregisters with an OpenID Connect provider, they establish a value that\nidentifies the application. (This is the value that's sent as the client_id\nparameter on OAuth requests.)\n\nYou can register multiple client IDs with the same provider. For example,\nyou might have multiple applications that use the same OIDC provider. You\ncannot register more than 100 client IDs with a single IAM OIDC provider.\n\nClient IDs are up to 255 characters long.",
10212 "stability": "stable",
10213 "summary": "A list of client IDs (also known as audiences)."
10214 },
10215 "immutable": true,
10216 "locationInModule": {
10217 "filename": "lib/oidc-provider.ts",
10218 "line": 62
10219 },
10220 "name": "clientIds",
10221 "optional": true,
10222 "type": {
10223 "collection": {
10224 "elementtype": {
10225 "primitive": "string"
10226 },
10227 "kind": "array"
10228 }
10229 }
10230 },
10231 {
10232 "abstract": true,
10233 "docs": {
10234 "default": "- If no thumbprints are specified (an empty array or `undefined`),\nthe thumbprint of the root certificate authority will be obtained from the\nprovider's server as described in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html",
10235 "remarks": "Typically this list includes only one entry. However, IAM lets you have up\nto five thumbprints for an OIDC provider. This lets you maintain multiple\nthumbprints if the identity provider is rotating certificates.\n\nThe server certificate thumbprint is the hex-encoded SHA-1 hash value of\nthe X.509 certificate used by the domain where the OpenID Connect provider\nmakes its keys available. It is always a 40-character string.\n\nYou must provide at least one thumbprint when creating an IAM OIDC\nprovider. For example, assume that the OIDC provider is server.example.com\nand the provider stores its keys at\nhttps://keys.server.example.com/openid-connect. In that case, the\nthumbprint string would be the hex-encoded SHA-1 hash value of the\ncertificate used by https://keys.server.example.com.",
10236 "stability": "stable",
10237 "summary": "A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificates."
10238 },
10239 "immutable": true,
10240 "locationInModule": {
10241 "filename": "lib/oidc-provider.ts",
10242 "line": 87
10243 },
10244 "name": "thumbprints",
10245 "optional": true,
10246 "type": {
10247 "collection": {
10248 "elementtype": {
10249 "primitive": "string"
10250 },
10251 "kind": "array"
10252 }
10253 }
10254 }
10255 ],
10256 "symbolId": "lib/oidc-provider:OpenIdConnectProviderProps"
10257 },
10258 "@aws-cdk/aws-iam.OrganizationPrincipal": {
10259 "assembly": "@aws-cdk/aws-iam",
10260 "base": "@aws-cdk/aws-iam.PrincipalBase",
10261 "docs": {
10262 "stability": "stable",
10263 "summary": "A principal that represents an AWS Organization.",
10264 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst organizationPrincipal = new iam.OrganizationPrincipal('organizationId');",
10265 "custom": {
10266 "exampleMetadata": "fixture=_generated"
10267 }
10268 },
10269 "fqn": "@aws-cdk/aws-iam.OrganizationPrincipal",
10270 "initializer": {
10271 "docs": {
10272 "stability": "stable"
10273 },
10274 "locationInModule": {
10275 "filename": "lib/principals.ts",
10276 "line": 538
10277 },
10278 "parameters": [
10279 {
10280 "docs": {
10281 "summary": "The unique identifier (ID) of an organization (i.e. o-12345abcde)."
10282 },
10283 "name": "organizationId",
10284 "type": {
10285 "primitive": "string"
10286 }
10287 }
10288 ]
10289 },
10290 "kind": "class",
10291 "locationInModule": {
10292 "filename": "lib/principals.ts",
10293 "line": 533
10294 },
10295 "methods": [
10296 {
10297 "docs": {
10298 "stability": "stable",
10299 "summary": "Return whether or not this principal is equal to the given principal."
10300 },
10301 "locationInModule": {
10302 "filename": "lib/principals.ts",
10303 "line": 553
10304 },
10305 "name": "dedupeString",
10306 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
10307 "returns": {
10308 "optional": true,
10309 "type": {
10310 "primitive": "string"
10311 }
10312 }
10313 },
10314 {
10315 "docs": {
10316 "stability": "stable",
10317 "summary": "Returns a string representation of an object."
10318 },
10319 "locationInModule": {
10320 "filename": "lib/principals.ts",
10321 "line": 549
10322 },
10323 "name": "toString",
10324 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
10325 "returns": {
10326 "type": {
10327 "primitive": "string"
10328 }
10329 }
10330 }
10331 ],
10332 "name": "OrganizationPrincipal",
10333 "properties": [
10334 {
10335 "docs": {
10336 "stability": "stable",
10337 "summary": "The unique identifier (ID) of an organization (i.e. o-12345abcde)."
10338 },
10339 "immutable": true,
10340 "locationInModule": {
10341 "filename": "lib/principals.ts",
10342 "line": 538
10343 },
10344 "name": "organizationId",
10345 "type": {
10346 "primitive": "string"
10347 }
10348 },
10349 {
10350 "docs": {
10351 "stability": "stable",
10352 "summary": "Return the policy fragment that identifies this principal in a Policy."
10353 },
10354 "immutable": true,
10355 "locationInModule": {
10356 "filename": "lib/principals.ts",
10357 "line": 542
10358 },
10359 "name": "policyFragment",
10360 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
10361 "type": {
10362 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
10363 }
10364 }
10365 ],
10366 "symbolId": "lib/principals:OrganizationPrincipal"
10367 },
10368 "@aws-cdk/aws-iam.PermissionsBoundary": {
10369 "assembly": "@aws-cdk/aws-iam",
10370 "docs": {
10371 "remarks": "```ts\nconst policy = iam.ManagedPolicy.fromAwsManagedPolicyName('ReadOnlyAccess');\niam.PermissionsBoundary.of(this).apply(policy);\n```",
10372 "stability": "stable",
10373 "summary": "Modify the Permissions Boundaries of Users and Roles in a construct tree.",
10374 "example": "declare const project: codebuild.Project;\niam.PermissionsBoundary.of(project).apply(new codebuild.UntrustedCodeBoundaryPolicy(this, 'Boundary'));",
10375 "custom": {
10376 "exampleMetadata": "infused"
10377 }
10378 },
10379 "fqn": "@aws-cdk/aws-iam.PermissionsBoundary",
10380 "kind": "class",
10381 "locationInModule": {
10382 "filename": "lib/permissions-boundary.ts",
10383 "line": 14
10384 },
10385 "methods": [
10386 {
10387 "docs": {
10388 "stability": "stable",
10389 "summary": "Access the Permissions Boundaries of a construct tree."
10390 },
10391 "locationInModule": {
10392 "filename": "lib/permissions-boundary.ts",
10393 "line": 18
10394 },
10395 "name": "of",
10396 "parameters": [
10397 {
10398 "name": "scope",
10399 "type": {
10400 "fqn": "constructs.IConstruct"
10401 }
10402 }
10403 ],
10404 "returns": {
10405 "type": {
10406 "fqn": "@aws-cdk/aws-iam.PermissionsBoundary"
10407 }
10408 },
10409 "static": true
10410 },
10411 {
10412 "docs": {
10413 "remarks": "Will override any Permissions Boundaries configured previously; in case\na Permission Boundary is applied in multiple scopes, the Boundary applied\nclosest to the Role wins.",
10414 "stability": "stable",
10415 "summary": "Apply the given policy as Permissions Boundary to all Roles and Users in the scope."
10416 },
10417 "locationInModule": {
10418 "filename": "lib/permissions-boundary.ts",
10419 "line": 33
10420 },
10421 "name": "apply",
10422 "parameters": [
10423 {
10424 "name": "boundaryPolicy",
10425 "type": {
10426 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
10427 }
10428 }
10429 ]
10430 },
10431 {
10432 "docs": {
10433 "stability": "stable",
10434 "summary": "Remove previously applied Permissions Boundaries."
10435 },
10436 "locationInModule": {
10437 "filename": "lib/permissions-boundary.ts",
10438 "line": 49
10439 },
10440 "name": "clear"
10441 }
10442 ],
10443 "name": "PermissionsBoundary",
10444 "symbolId": "lib/permissions-boundary:PermissionsBoundary"
10445 },
10446 "@aws-cdk/aws-iam.Policy": {
10447 "assembly": "@aws-cdk/aws-iam",
10448 "base": "@aws-cdk/core.Resource",
10449 "docs": {
10450 "remarks": "For more information about IAM policies, see [Overview of IAM\nPolicies](http://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html)\nin the IAM User Guide guide.",
10451 "stability": "stable",
10452 "summary": "The AWS::IAM::Policy resource associates an IAM policy with IAM users, roles, or groups.",
10453 "example": "declare const postAuthFn: lambda.Function;\n\nconst userpool = new cognito.UserPool(this, 'myuserpool', {\n lambdaTriggers: {\n postAuthentication: postAuthFn,\n },\n});\n\n// provide permissions to describe the user pool scoped to the ARN the user pool\npostAuthFn.role?.attachInlinePolicy(new iam.Policy(this, 'userpool-policy', {\n statements: [new iam.PolicyStatement({\n actions: ['cognito-idp:DescribeUserPool'],\n resources: [userpool.userPoolArn],\n })],\n}));",
10454 "custom": {
10455 "exampleMetadata": "infused"
10456 }
10457 },
10458 "fqn": "@aws-cdk/aws-iam.Policy",
10459 "initializer": {
10460 "docs": {
10461 "stability": "stable"
10462 },
10463 "locationInModule": {
10464 "filename": "lib/policy.ts",
10465 "line": 128
10466 },
10467 "parameters": [
10468 {
10469 "name": "scope",
10470 "type": {
10471 "fqn": "constructs.Construct"
10472 }
10473 },
10474 {
10475 "name": "id",
10476 "type": {
10477 "primitive": "string"
10478 }
10479 },
10480 {
10481 "name": "props",
10482 "optional": true,
10483 "type": {
10484 "fqn": "@aws-cdk/aws-iam.PolicyProps"
10485 }
10486 }
10487 ]
10488 },
10489 "interfaces": [
10490 "@aws-cdk/aws-iam.IPolicy"
10491 ],
10492 "kind": "class",
10493 "locationInModule": {
10494 "filename": "lib/policy.ts",
10495 "line": 103
10496 },
10497 "methods": [
10498 {
10499 "docs": {
10500 "stability": "stable",
10501 "summary": "Import a policy in this app based on its name."
10502 },
10503 "locationInModule": {
10504 "filename": "lib/policy.ts",
10505 "line": 108
10506 },
10507 "name": "fromPolicyName",
10508 "parameters": [
10509 {
10510 "name": "scope",
10511 "type": {
10512 "fqn": "constructs.Construct"
10513 }
10514 },
10515 {
10516 "name": "id",
10517 "type": {
10518 "primitive": "string"
10519 }
10520 },
10521 {
10522 "name": "policyName",
10523 "type": {
10524 "primitive": "string"
10525 }
10526 }
10527 ],
10528 "returns": {
10529 "type": {
10530 "fqn": "@aws-cdk/aws-iam.IPolicy"
10531 }
10532 },
10533 "static": true
10534 },
10535 {
10536 "docs": {
10537 "stability": "stable",
10538 "summary": "Adds a statement to the policy document."
10539 },
10540 "locationInModule": {
10541 "filename": "lib/policy.ts",
10542 "line": 185
10543 },
10544 "name": "addStatements",
10545 "parameters": [
10546 {
10547 "name": "statement",
10548 "type": {
10549 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
10550 },
10551 "variadic": true
10552 }
10553 ],
10554 "variadic": true
10555 },
10556 {
10557 "docs": {
10558 "stability": "stable",
10559 "summary": "Attaches this policy to a group."
10560 },
10561 "locationInModule": {
10562 "filename": "lib/policy.ts",
10563 "line": 210
10564 },
10565 "name": "attachToGroup",
10566 "parameters": [
10567 {
10568 "name": "group",
10569 "type": {
10570 "fqn": "@aws-cdk/aws-iam.IGroup"
10571 }
10572 }
10573 ]
10574 },
10575 {
10576 "docs": {
10577 "stability": "stable",
10578 "summary": "Attaches this policy to a role."
10579 },
10580 "locationInModule": {
10581 "filename": "lib/policy.ts",
10582 "line": 201
10583 },
10584 "name": "attachToRole",
10585 "parameters": [
10586 {
10587 "name": "role",
10588 "type": {
10589 "fqn": "@aws-cdk/aws-iam.IRole"
10590 }
10591 }
10592 ]
10593 },
10594 {
10595 "docs": {
10596 "stability": "stable",
10597 "summary": "Attaches this policy to a user."
10598 },
10599 "locationInModule": {
10600 "filename": "lib/policy.ts",
10601 "line": 192
10602 },
10603 "name": "attachToUser",
10604 "parameters": [
10605 {
10606 "name": "user",
10607 "type": {
10608 "fqn": "@aws-cdk/aws-iam.IUser"
10609 }
10610 }
10611 ]
10612 },
10613 {
10614 "docs": {
10615 "remarks": "This method can be implemented by derived constructs in order to perform\nvalidation logic. It is called on all constructs before synthesis.",
10616 "stability": "stable",
10617 "summary": "Validate the current construct."
10618 },
10619 "locationInModule": {
10620 "filename": "lib/policy.ts",
10621 "line": 226
10622 },
10623 "name": "validate",
10624 "overrides": "@aws-cdk/core.Construct",
10625 "protected": true,
10626 "returns": {
10627 "type": {
10628 "collection": {
10629 "elementtype": {
10630 "primitive": "string"
10631 },
10632 "kind": "array"
10633 }
10634 }
10635 }
10636 }
10637 ],
10638 "name": "Policy",
10639 "properties": [
10640 {
10641 "docs": {
10642 "stability": "stable",
10643 "summary": "The policy document."
10644 },
10645 "immutable": true,
10646 "locationInModule": {
10647 "filename": "lib/policy.ts",
10648 "line": 119
10649 },
10650 "name": "document",
10651 "type": {
10652 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
10653 }
10654 },
10655 {
10656 "docs": {
10657 "custom": {
10658 "attribute": "true"
10659 },
10660 "stability": "stable",
10661 "summary": "The name of this policy."
10662 },
10663 "immutable": true,
10664 "locationInModule": {
10665 "filename": "lib/policy.ts",
10666 "line": 221
10667 },
10668 "name": "policyName",
10669 "overrides": "@aws-cdk/aws-iam.IPolicy",
10670 "type": {
10671 "primitive": "string"
10672 }
10673 }
10674 ],
10675 "symbolId": "lib/policy:Policy"
10676 },
10677 "@aws-cdk/aws-iam.PolicyDocument": {
10678 "assembly": "@aws-cdk/aws-iam",
10679 "docs": {
10680 "stability": "stable",
10681 "summary": "A PolicyDocument is a collection of statements.",
10682 "example": "const myTrustedAdminRole = iam.Role.fromRoleArn(this, 'TrustedRole', 'arn:aws:iam:....');\n// Creates a limited admin policy and assigns to the account root.\nconst myCustomPolicy = new iam.PolicyDocument({\n statements: [new iam.PolicyStatement({\n actions: [\n 'kms:Create*',\n 'kms:Describe*',\n 'kms:Enable*',\n 'kms:List*',\n 'kms:Put*',\n ],\n principals: [new iam.AccountRootPrincipal()],\n resources: ['*'],\n })],\n});\nconst key = new kms.Key(this, 'MyKey', {\n policy: myCustomPolicy,\n});",
10683 "custom": {
10684 "exampleMetadata": "infused"
10685 }
10686 },
10687 "fqn": "@aws-cdk/aws-iam.PolicyDocument",
10688 "initializer": {
10689 "docs": {
10690 "stability": "stable"
10691 },
10692 "locationInModule": {
10693 "filename": "lib/policy-document.ts",
10694 "line": 70
10695 },
10696 "parameters": [
10697 {
10698 "name": "props",
10699 "optional": true,
10700 "type": {
10701 "fqn": "@aws-cdk/aws-iam.PolicyDocumentProps"
10702 }
10703 }
10704 ]
10705 },
10706 "interfaces": [
10707 "@aws-cdk/core.IResolvable"
10708 ],
10709 "kind": "class",
10710 "locationInModule": {
10711 "filename": "lib/policy-document.ts",
10712 "line": 48
10713 },
10714 "methods": [
10715 {
10716 "docs": {
10717 "remarks": "This will accept an object created from the `.toJSON()` call",
10718 "stability": "stable",
10719 "summary": "Creates a new PolicyDocument based on the object provided."
10720 },
10721 "locationInModule": {
10722 "filename": "lib/policy-document.ts",
10723 "line": 55
10724 },
10725 "name": "fromJson",
10726 "parameters": [
10727 {
10728 "docs": {
10729 "summary": "the PolicyDocument in object form."
10730 },
10731 "name": "obj",
10732 "type": {
10733 "primitive": "any"
10734 }
10735 }
10736 ],
10737 "returns": {
10738 "type": {
10739 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
10740 }
10741 },
10742 "static": true
10743 },
10744 {
10745 "docs": {
10746 "stability": "stable",
10747 "summary": "Adds a statement to the policy document."
10748 },
10749 "locationInModule": {
10750 "filename": "lib/policy-document.ts",
10751 "line": 115
10752 },
10753 "name": "addStatements",
10754 "parameters": [
10755 {
10756 "docs": {
10757 "summary": "the statement to add."
10758 },
10759 "name": "statement",
10760 "type": {
10761 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
10762 },
10763 "variadic": true
10764 }
10765 ],
10766 "variadic": true
10767 },
10768 {
10769 "docs": {
10770 "stability": "stable",
10771 "summary": "Produce the Token's value at resolution time."
10772 },
10773 "locationInModule": {
10774 "filename": "lib/policy-document.ts",
10775 "line": 78
10776 },
10777 "name": "resolve",
10778 "overrides": "@aws-cdk/core.IResolvable",
10779 "parameters": [
10780 {
10781 "name": "context",
10782 "type": {
10783 "fqn": "@aws-cdk/core.IResolveContext"
10784 }
10785 }
10786 ],
10787 "returns": {
10788 "type": {
10789 "primitive": "any"
10790 }
10791 }
10792 },
10793 {
10794 "docs": {
10795 "remarks": "Used when JSON.stringify() is called",
10796 "stability": "stable",
10797 "summary": "JSON-ify the document."
10798 },
10799 "locationInModule": {
10800 "filename": "lib/policy-document.ts",
10801 "line": 133
10802 },
10803 "name": "toJSON",
10804 "returns": {
10805 "type": {
10806 "primitive": "any"
10807 }
10808 }
10809 },
10810 {
10811 "docs": {
10812 "stability": "stable",
10813 "summary": "Encode the policy document as a string."
10814 },
10815 "locationInModule": {
10816 "filename": "lib/policy-document.ts",
10817 "line": 122
10818 },
10819 "name": "toString",
10820 "overrides": "@aws-cdk/core.IResolvable",
10821 "returns": {
10822 "type": {
10823 "primitive": "string"
10824 }
10825 }
10826 },
10827 {
10828 "docs": {
10829 "returns": "An array of validation error messages, or an empty array if the document is valid.",
10830 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json",
10831 "stability": "stable",
10832 "summary": "Validate that all policy statements in the policy document satisfies the requirements for any policy."
10833 },
10834 "locationInModule": {
10835 "filename": "lib/policy-document.ts",
10836 "line": 145
10837 },
10838 "name": "validateForAnyPolicy",
10839 "returns": {
10840 "type": {
10841 "collection": {
10842 "elementtype": {
10843 "primitive": "string"
10844 },
10845 "kind": "array"
10846 }
10847 }
10848 }
10849 },
10850 {
10851 "docs": {
10852 "returns": "An array of validation error messages, or an empty array if the document is valid.",
10853 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json",
10854 "stability": "stable",
10855 "summary": "Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy."
10856 },
10857 "locationInModule": {
10858 "filename": "lib/policy-document.ts",
10859 "line": 177
10860 },
10861 "name": "validateForIdentityPolicy",
10862 "returns": {
10863 "type": {
10864 "collection": {
10865 "elementtype": {
10866 "primitive": "string"
10867 },
10868 "kind": "array"
10869 }
10870 }
10871 }
10872 },
10873 {
10874 "docs": {
10875 "returns": "An array of validation error messages, or an empty array if the document is valid.",
10876 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json",
10877 "stability": "stable",
10878 "summary": "Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy."
10879 },
10880 "locationInModule": {
10881 "filename": "lib/policy-document.ts",
10882 "line": 161
10883 },
10884 "name": "validateForResourcePolicy",
10885 "returns": {
10886 "type": {
10887 "collection": {
10888 "elementtype": {
10889 "primitive": "string"
10890 },
10891 "kind": "array"
10892 }
10893 }
10894 }
10895 }
10896 ],
10897 "name": "PolicyDocument",
10898 "properties": [
10899 {
10900 "docs": {
10901 "remarks": "This may return an array with a single informational element indicating how\nto get this property populated, if it was skipped for performance reasons.",
10902 "stability": "stable",
10903 "summary": "The creation stack of this resolvable which will be appended to errors thrown during resolution."
10904 },
10905 "immutable": true,
10906 "locationInModule": {
10907 "filename": "lib/policy-document.ts",
10908 "line": 65
10909 },
10910 "name": "creationStack",
10911 "overrides": "@aws-cdk/core.IResolvable",
10912 "type": {
10913 "collection": {
10914 "elementtype": {
10915 "primitive": "string"
10916 },
10917 "kind": "array"
10918 }
10919 }
10920 },
10921 {
10922 "docs": {
10923 "stability": "stable",
10924 "summary": "Whether the policy document contains any statements."
10925 },
10926 "immutable": true,
10927 "locationInModule": {
10928 "filename": "lib/policy-document.ts",
10929 "line": 98
10930 },
10931 "name": "isEmpty",
10932 "type": {
10933 "primitive": "boolean"
10934 }
10935 },
10936 {
10937 "docs": {
10938 "remarks": "Can be used, for example, to generate unique \"sid\"s within the policy.",
10939 "stability": "stable",
10940 "summary": "The number of statements already added to this policy."
10941 },
10942 "immutable": true,
10943 "locationInModule": {
10944 "filename": "lib/policy-document.ts",
10945 "line": 106
10946 },
10947 "name": "statementCount",
10948 "type": {
10949 "primitive": "number"
10950 }
10951 }
10952 ],
10953 "symbolId": "lib/policy-document:PolicyDocument"
10954 },
10955 "@aws-cdk/aws-iam.PolicyDocumentProps": {
10956 "assembly": "@aws-cdk/aws-iam",
10957 "datatype": true,
10958 "docs": {
10959 "stability": "stable",
10960 "summary": "Properties for a new PolicyDocument.",
10961 "example": "const myTrustedAdminRole = iam.Role.fromRoleArn(this, 'TrustedRole', 'arn:aws:iam:....');\n// Creates a limited admin policy and assigns to the account root.\nconst myCustomPolicy = new iam.PolicyDocument({\n statements: [new iam.PolicyStatement({\n actions: [\n 'kms:Create*',\n 'kms:Describe*',\n 'kms:Enable*',\n 'kms:List*',\n 'kms:Put*',\n ],\n principals: [new iam.AccountRootPrincipal()],\n resources: ['*'],\n })],\n});\nconst key = new kms.Key(this, 'MyKey', {\n policy: myCustomPolicy,\n});",
10962 "custom": {
10963 "exampleMetadata": "infused"
10964 }
10965 },
10966 "fqn": "@aws-cdk/aws-iam.PolicyDocumentProps",
10967 "kind": "interface",
10968 "locationInModule": {
10969 "filename": "lib/policy-document.ts",
10970 "line": 11
10971 },
10972 "name": "PolicyDocumentProps",
10973 "properties": [
10974 {
10975 "abstract": true,
10976 "docs": {
10977 "default": "false",
10978 "stability": "stable",
10979 "summary": "Automatically assign Statement Ids to all statements."
10980 },
10981 "immutable": true,
10982 "locationInModule": {
10983 "filename": "lib/policy-document.ts",
10984 "line": 17
10985 },
10986 "name": "assignSids",
10987 "optional": true,
10988 "type": {
10989 "primitive": "boolean"
10990 }
10991 },
10992 {
10993 "abstract": true,
10994 "docs": {
10995 "default": "- false, unless the feature flag `@aws-cdk/aws-iam:minimizePolicies` is set",
10996 "remarks": "To avoid overrunning the maximum policy size, combine statements if they produce\nthe same result. Merging happens according to the following rules:\n\n- The Effect of both statements is the same\n- Neither of the statements have a 'Sid'\n- Combine Principals if the rest of the statement is exactly the same.\n- Combine Resources if the rest of the statement is exactly the same.\n- Combine Actions if the rest of the statement is exactly the same.\n- We will never combine NotPrincipals, NotResources or NotActions, because doing\n so would change the meaning of the policy document.",
10997 "stability": "stable",
10998 "summary": "Try to minimize the policy by merging statements."
10999 },
11000 "immutable": true,
11001 "locationInModule": {
11002 "filename": "lib/policy-document.ts",
11003 "line": 42
11004 },
11005 "name": "minimize",
11006 "optional": true,
11007 "type": {
11008 "primitive": "boolean"
11009 }
11010 },
11011 {
11012 "abstract": true,
11013 "docs": {
11014 "default": "- No statements",
11015 "stability": "stable",
11016 "summary": "Initial statements to add to the policy document."
11017 },
11018 "immutable": true,
11019 "locationInModule": {
11020 "filename": "lib/policy-document.ts",
11021 "line": 24
11022 },
11023 "name": "statements",
11024 "optional": true,
11025 "type": {
11026 "collection": {
11027 "elementtype": {
11028 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
11029 },
11030 "kind": "array"
11031 }
11032 }
11033 }
11034 ],
11035 "symbolId": "lib/policy-document:PolicyDocumentProps"
11036 },
11037 "@aws-cdk/aws-iam.PolicyProps": {
11038 "assembly": "@aws-cdk/aws-iam",
11039 "datatype": true,
11040 "docs": {
11041 "stability": "stable",
11042 "summary": "Properties for defining an IAM inline policy document.",
11043 "example": "declare const postAuthFn: lambda.Function;\n\nconst userpool = new cognito.UserPool(this, 'myuserpool', {\n lambdaTriggers: {\n postAuthentication: postAuthFn,\n },\n});\n\n// provide permissions to describe the user pool scoped to the ARN the user pool\npostAuthFn.role?.attachInlinePolicy(new iam.Policy(this, 'userpool-policy', {\n statements: [new iam.PolicyStatement({\n actions: ['cognito-idp:DescribeUserPool'],\n resources: [userpool.userPoolArn],\n })],\n}));",
11044 "custom": {
11045 "exampleMetadata": "infused"
11046 }
11047 },
11048 "fqn": "@aws-cdk/aws-iam.PolicyProps",
11049 "kind": "interface",
11050 "locationInModule": {
11051 "filename": "lib/policy.ts",
11052 "line": 28
11053 },
11054 "name": "PolicyProps",
11055 "properties": [
11056 {
11057 "abstract": true,
11058 "docs": {
11059 "default": "- An empty policy.",
11060 "remarks": "If omited, any\n`PolicyStatement` provided in the `statements` property will be applied\nagainst the empty default `PolicyDocument`.",
11061 "stability": "stable",
11062 "summary": "Initial PolicyDocument to use for this Policy."
11063 },
11064 "immutable": true,
11065 "locationInModule": {
11066 "filename": "lib/policy.ts",
11067 "line": 94
11068 },
11069 "name": "document",
11070 "optional": true,
11071 "type": {
11072 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
11073 }
11074 },
11075 {
11076 "abstract": true,
11077 "docs": {
11078 "default": "false",
11079 "remarks": "Unless set to `true`, this `Policy` construct will not materialize to an\n`AWS::IAM::Policy` CloudFormation resource in case it would have no effect\n(for example, if it remains unattached to an IAM identity or if it has no\nstatements). This is generally desired behavior, since it prevents\ncreating invalid--and hence undeployable--CloudFormation templates.\n\nIn cases where you know the policy must be created and it is actually\nan error if no statements have been added to it, you can set this to `true`.",
11080 "stability": "stable",
11081 "summary": "Force creation of an `AWS::IAM::Policy`."
11082 },
11083 "immutable": true,
11084 "locationInModule": {
11085 "filename": "lib/policy.ts",
11086 "line": 85
11087 },
11088 "name": "force",
11089 "optional": true,
11090 "type": {
11091 "primitive": "boolean"
11092 }
11093 },
11094 {
11095 "abstract": true,
11096 "docs": {
11097 "default": "- No groups.",
11098 "remarks": "You can also use `attachToGroup(group)` to attach this policy to a group.",
11099 "stability": "stable",
11100 "summary": "Groups to attach this policy to."
11101 },
11102 "immutable": true,
11103 "locationInModule": {
11104 "filename": "lib/policy.ts",
11105 "line": 61
11106 },
11107 "name": "groups",
11108 "optional": true,
11109 "type": {
11110 "collection": {
11111 "elementtype": {
11112 "fqn": "@aws-cdk/aws-iam.IGroup"
11113 },
11114 "kind": "array"
11115 }
11116 }
11117 },
11118 {
11119 "abstract": true,
11120 "docs": {
11121 "default": "- Uses the logical ID of the policy resource, which is ensured\nto be unique within the stack.",
11122 "remarks": "If you specify multiple policies for an entity,\nspecify unique names. For example, if you specify a list of policies for\nan IAM role, each policy must have a unique name.",
11123 "stability": "stable",
11124 "summary": "The name of the policy."
11125 },
11126 "immutable": true,
11127 "locationInModule": {
11128 "filename": "lib/policy.ts",
11129 "line": 37
11130 },
11131 "name": "policyName",
11132 "optional": true,
11133 "type": {
11134 "primitive": "string"
11135 }
11136 },
11137 {
11138 "abstract": true,
11139 "docs": {
11140 "default": "- No roles.",
11141 "remarks": "You can also use `attachToRole(role)` to attach this policy to a role.",
11142 "stability": "stable",
11143 "summary": "Roles to attach this policy to."
11144 },
11145 "immutable": true,
11146 "locationInModule": {
11147 "filename": "lib/policy.ts",
11148 "line": 53
11149 },
11150 "name": "roles",
11151 "optional": true,
11152 "type": {
11153 "collection": {
11154 "elementtype": {
11155 "fqn": "@aws-cdk/aws-iam.IRole"
11156 },
11157 "kind": "array"
11158 }
11159 }
11160 },
11161 {
11162 "abstract": true,
11163 "docs": {
11164 "default": "- No statements.",
11165 "remarks": "You can also use `addStatements(...statement)` to add permissions later.",
11166 "stability": "stable",
11167 "summary": "Initial set of permissions to add to this policy document."
11168 },
11169 "immutable": true,
11170 "locationInModule": {
11171 "filename": "lib/policy.ts",
11172 "line": 69
11173 },
11174 "name": "statements",
11175 "optional": true,
11176 "type": {
11177 "collection": {
11178 "elementtype": {
11179 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
11180 },
11181 "kind": "array"
11182 }
11183 }
11184 },
11185 {
11186 "abstract": true,
11187 "docs": {
11188 "default": "- No users.",
11189 "remarks": "You can also use `attachToUser(user)` to attach this policy to a user.",
11190 "stability": "stable",
11191 "summary": "Users to attach this policy to."
11192 },
11193 "immutable": true,
11194 "locationInModule": {
11195 "filename": "lib/policy.ts",
11196 "line": 45
11197 },
11198 "name": "users",
11199 "optional": true,
11200 "type": {
11201 "collection": {
11202 "elementtype": {
11203 "fqn": "@aws-cdk/aws-iam.IUser"
11204 },
11205 "kind": "array"
11206 }
11207 }
11208 }
11209 ],
11210 "symbolId": "lib/policy:PolicyProps"
11211 },
11212 "@aws-cdk/aws-iam.PolicyStatement": {
11213 "assembly": "@aws-cdk/aws-iam",
11214 "docs": {
11215 "stability": "stable",
11216 "summary": "Represents a statement in an IAM policy document.",
11217 "example": " // Add gateway endpoints when creating the VPC\n const vpc = new ec2.Vpc(this, 'MyVpc', {\n gatewayEndpoints: {\n S3: {\n service: ec2.GatewayVpcEndpointAwsService.S3,\n },\n },\n });\n\n // Alternatively gateway endpoints can be added on the VPC\n const dynamoDbEndpoint = vpc.addGatewayEndpoint('DynamoDbEndpoint', {\n service: ec2.GatewayVpcEndpointAwsService.DYNAMODB,\n });\n\n // This allows to customize the endpoint policy\n dynamoDbEndpoint.addToPolicy(\n new iam.PolicyStatement({ // Restrict to listing and describing tables\n principals: [new iam.AnyPrincipal()],\n actions: ['dynamodb:DescribeTable', 'dynamodb:ListTables'],\n resources: ['*'],\n }));\n\n // Add an interface endpoint\n vpc.addInterfaceEndpoint('EcrDockerEndpoint', {\n service: ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER,\n\n // Uncomment the following to allow more fine-grained control over\n // who can access the endpoint via the '.connections' object.\n // open: false\n });",
11218 "custom": {
11219 "exampleMetadata": "lit=test/integ.vpc-endpoint.lit.ts infused"
11220 }
11221 },
11222 "fqn": "@aws-cdk/aws-iam.PolicyStatement",
11223 "initializer": {
11224 "docs": {
11225 "stability": "stable"
11226 },
11227 "locationInModule": {
11228 "filename": "lib/policy-statement.ts",
11229 "line": 95
11230 },
11231 "parameters": [
11232 {
11233 "name": "props",
11234 "optional": true,
11235 "type": {
11236 "fqn": "@aws-cdk/aws-iam.PolicyStatementProps"
11237 }
11238 }
11239 ]
11240 },
11241 "kind": "class",
11242 "locationInModule": {
11243 "filename": "lib/policy-statement.ts",
11244 "line": 43
11245 },
11246 "methods": [
11247 {
11248 "docs": {
11249 "remarks": "This will accept an object created from the `.toJSON()` call",
11250 "stability": "stable",
11251 "summary": "Creates a new PolicyStatement based on the object provided."
11252 },
11253 "locationInModule": {
11254 "filename": "lib/policy-statement.ts",
11255 "line": 50
11256 },
11257 "name": "fromJson",
11258 "parameters": [
11259 {
11260 "docs": {
11261 "summary": "the PolicyStatement in object form."
11262 },
11263 "name": "obj",
11264 "type": {
11265 "primitive": "any"
11266 }
11267 }
11268 ],
11269 "returns": {
11270 "type": {
11271 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
11272 }
11273 },
11274 "static": true
11275 },
11276 {
11277 "docs": {
11278 "remarks": "This method can only be called once: subsequent calls will overwrite earlier calls.",
11279 "stability": "stable",
11280 "summary": "Add a condition that limits to a given account."
11281 },
11282 "locationInModule": {
11283 "filename": "lib/policy-statement.ts",
11284 "line": 367
11285 },
11286 "name": "addAccountCondition",
11287 "parameters": [
11288 {
11289 "name": "accountId",
11290 "type": {
11291 "primitive": "string"
11292 }
11293 }
11294 ]
11295 },
11296 {
11297 "docs": {
11298 "stability": "stable",
11299 "summary": "Adds an AWS account root user principal to this policy statement."
11300 },
11301 "locationInModule": {
11302 "filename": "lib/policy-statement.ts",
11303 "line": 250
11304 },
11305 "name": "addAccountRootPrincipal"
11306 },
11307 {
11308 "docs": {
11309 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html",
11310 "stability": "stable",
11311 "summary": "Specify allowed actions into the \"Action\" section of the policy statement."
11312 },
11313 "locationInModule": {
11314 "filename": "lib/policy-statement.ts",
11315 "line": 129
11316 },
11317 "name": "addActions",
11318 "parameters": [
11319 {
11320 "docs": {
11321 "summary": "actions that will be allowed."
11322 },
11323 "name": "actions",
11324 "type": {
11325 "primitive": "string"
11326 },
11327 "variadic": true
11328 }
11329 ],
11330 "variadic": true
11331 },
11332 {
11333 "docs": {
11334 "stability": "stable",
11335 "summary": "Adds a ``\"*\"`` resource to this statement."
11336 },
11337 "locationInModule": {
11338 "filename": "lib/policy-statement.ts",
11339 "line": 307
11340 },
11341 "name": "addAllResources"
11342 },
11343 {
11344 "docs": {
11345 "stability": "stable",
11346 "summary": "Adds all identities in all accounts (\"*\") to this policy statement."
11347 },
11348 "locationInModule": {
11349 "filename": "lib/policy-statement.ts",
11350 "line": 266
11351 },
11352 "name": "addAnyPrincipal"
11353 },
11354 {
11355 "docs": {
11356 "remarks": "You cannot specify IAM groups and instance profiles as principals.",
11357 "stability": "stable",
11358 "summary": "Specify a principal using the ARN identifier of the principal."
11359 },
11360 "locationInModule": {
11361 "filename": "lib/policy-statement.ts",
11362 "line": 222
11363 },
11364 "name": "addArnPrincipal",
11365 "parameters": [
11366 {
11367 "docs": {
11368 "summary": "ARN identifier of AWS account, IAM user, or IAM role (i.e. arn:aws:iam::123456789012:user/user-name)."
11369 },
11370 "name": "arn",
11371 "type": {
11372 "primitive": "string"
11373 }
11374 }
11375 ]
11376 },
11377 {
11378 "docs": {
11379 "stability": "stable",
11380 "summary": "Specify AWS account ID as the principal entity to the \"Principal\" section of a policy statement."
11381 },
11382 "locationInModule": {
11383 "filename": "lib/policy-statement.ts",
11384 "line": 212
11385 },
11386 "name": "addAwsAccountPrincipal",
11387 "parameters": [
11388 {
11389 "name": "accountId",
11390 "type": {
11391 "primitive": "string"
11392 }
11393 }
11394 ]
11395 },
11396 {
11397 "docs": {
11398 "stability": "stable",
11399 "summary": "Adds a canonical user ID principal to this policy document."
11400 },
11401 "locationInModule": {
11402 "filename": "lib/policy-statement.ts",
11403 "line": 259
11404 },
11405 "name": "addCanonicalUserPrincipal",
11406 "parameters": [
11407 {
11408 "docs": {
11409 "summary": "unique identifier assigned by AWS for every account."
11410 },
11411 "name": "canonicalUserId",
11412 "type": {
11413 "primitive": "string"
11414 }
11415 }
11416 ]
11417 },
11418 {
11419 "docs": {
11420 "remarks": "If multiple calls are made to add a condition with the same operator and field, only\nthe last one wins. For example:\n\n```ts\ndeclare const stmt: iam.PolicyStatement;\n\nstmt.addCondition('StringEquals', { 'aws:SomeField': '1' });\nstmt.addCondition('StringEquals', { 'aws:SomeField': '2' });\n```\n\nWill end up with the single condition `StringEquals: { 'aws:SomeField': '2' }`.\n\nIf you meant to add a condition to say that the field can be *either* `1` or `2`, write\nthis:\n\n```ts\ndeclare const stmt: iam.PolicyStatement;\n\nstmt.addCondition('StringEquals', { 'aws:SomeField': ['1', '2'] });\n```",
11421 "stability": "stable",
11422 "summary": "Add a condition to the Policy."
11423 },
11424 "locationInModule": {
11425 "filename": "lib/policy-statement.ts",
11426 "line": 346
11427 },
11428 "name": "addCondition",
11429 "parameters": [
11430 {
11431 "name": "key",
11432 "type": {
11433 "primitive": "string"
11434 }
11435 },
11436 {
11437 "name": "value",
11438 "type": {
11439 "primitive": "any"
11440 }
11441 }
11442 ]
11443 },
11444 {
11445 "docs": {
11446 "remarks": "See the `addCondition` function for a caveat on calling this method multiple times.",
11447 "stability": "stable",
11448 "summary": "Add multiple conditions to the Policy."
11449 },
11450 "locationInModule": {
11451 "filename": "lib/policy-statement.ts",
11452 "line": 356
11453 },
11454 "name": "addConditions",
11455 "parameters": [
11456 {
11457 "name": "conditions",
11458 "type": {
11459 "collection": {
11460 "elementtype": {
11461 "primitive": "any"
11462 },
11463 "kind": "map"
11464 }
11465 }
11466 }
11467 ]
11468 },
11469 {
11470 "docs": {
11471 "stability": "stable",
11472 "summary": "Adds a federated identity provider such as Amazon Cognito to this policy statement."
11473 },
11474 "locationInModule": {
11475 "filename": "lib/policy-statement.ts",
11476 "line": 243
11477 },
11478 "name": "addFederatedPrincipal",
11479 "parameters": [
11480 {
11481 "docs": {
11482 "summary": "federated identity provider (i.e. 'cognito-identity.amazonaws.com')."
11483 },
11484 "name": "federated",
11485 "type": {
11486 "primitive": "any"
11487 }
11488 },
11489 {
11490 "docs": {
11491 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
11492 "summary": "The conditions under which the policy is in effect."
11493 },
11494 "name": "conditions",
11495 "type": {
11496 "collection": {
11497 "elementtype": {
11498 "primitive": "any"
11499 },
11500 "kind": "map"
11501 }
11502 }
11503 }
11504 ]
11505 },
11506 {
11507 "docs": {
11508 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html",
11509 "stability": "stable",
11510 "summary": "Explicitly allow all actions except the specified list of actions into the \"NotAction\" section of the policy document."
11511 },
11512 "locationInModule": {
11513 "filename": "lib/policy-statement.ts",
11514 "line": 144
11515 },
11516 "name": "addNotActions",
11517 "parameters": [
11518 {
11519 "docs": {
11520 "remarks": "All other actions will be permitted.",
11521 "summary": "actions that will be denied."
11522 },
11523 "name": "notActions",
11524 "type": {
11525 "primitive": "string"
11526 },
11527 "variadic": true
11528 }
11529 ],
11530 "variadic": true
11531 },
11532 {
11533 "docs": {
11534 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html",
11535 "stability": "stable",
11536 "summary": "Specify principals that is not allowed or denied access to the \"NotPrincipal\" section of a policy statement."
11537 },
11538 "locationInModule": {
11539 "filename": "lib/policy-statement.ts",
11540 "line": 190
11541 },
11542 "name": "addNotPrincipals",
11543 "parameters": [
11544 {
11545 "docs": {
11546 "summary": "IAM principals that will be denied access."
11547 },
11548 "name": "notPrincipals",
11549 "type": {
11550 "fqn": "@aws-cdk/aws-iam.IPrincipal"
11551 },
11552 "variadic": true
11553 }
11554 ],
11555 "variadic": true
11556 },
11557 {
11558 "docs": {
11559 "remarks": "All resources except the specified list will be matched.",
11560 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html",
11561 "stability": "stable",
11562 "summary": "Specify resources that this policy statement will not apply to in the \"NotResource\" section of this policy statement."
11563 },
11564 "locationInModule": {
11565 "filename": "lib/policy-statement.ts",
11566 "line": 297
11567 },
11568 "name": "addNotResources",
11569 "parameters": [
11570 {
11571 "docs": {
11572 "summary": "Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to."
11573 },
11574 "name": "arns",
11575 "type": {
11576 "primitive": "string"
11577 },
11578 "variadic": true
11579 }
11580 ],
11581 "variadic": true
11582 },
11583 {
11584 "docs": {
11585 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html",
11586 "stability": "stable",
11587 "summary": "Adds principals to the \"Principal\" section of a policy statement."
11588 },
11589 "locationInModule": {
11590 "filename": "lib/policy-statement.ts",
11591 "line": 169
11592 },
11593 "name": "addPrincipals",
11594 "parameters": [
11595 {
11596 "docs": {
11597 "summary": "IAM principals that will be added."
11598 },
11599 "name": "principals",
11600 "type": {
11601 "fqn": "@aws-cdk/aws-iam.IPrincipal"
11602 },
11603 "variadic": true
11604 }
11605 ],
11606 "variadic": true
11607 },
11608 {
11609 "docs": {
11610 "see": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html",
11611 "stability": "stable",
11612 "summary": "Specify resources that this policy statement applies into the \"Resource\" section of this policy statement."
11613 },
11614 "locationInModule": {
11615 "filename": "lib/policy-statement.ts",
11616 "line": 282
11617 },
11618 "name": "addResources",
11619 "parameters": [
11620 {
11621 "docs": {
11622 "summary": "Amazon Resource Names (ARNs) of the resources that this policy statement applies to."
11623 },
11624 "name": "arns",
11625 "type": {
11626 "primitive": "string"
11627 },
11628 "variadic": true
11629 }
11630 ],
11631 "variadic": true
11632 },
11633 {
11634 "docs": {
11635 "stability": "stable",
11636 "summary": "Adds a service principal to this policy statement."
11637 },
11638 "locationInModule": {
11639 "filename": "lib/policy-statement.ts",
11640 "line": 232
11641 },
11642 "name": "addServicePrincipal",
11643 "parameters": [
11644 {
11645 "docs": {
11646 "summary": "the service name for which a service principal is requested (e.g: `s3.amazonaws.com`)."
11647 },
11648 "name": "service",
11649 "type": {
11650 "primitive": "string"
11651 }
11652 },
11653 {
11654 "docs": {
11655 "summary": "options for adding the service principal (such as specifying a principal in a different region)."
11656 },
11657 "name": "opts",
11658 "optional": true,
11659 "type": {
11660 "fqn": "@aws-cdk/aws-iam.ServicePrincipalOpts"
11661 }
11662 }
11663 ]
11664 },
11665 {
11666 "docs": {
11667 "stability": "stable",
11668 "summary": "Create a new `PolicyStatement` with the same exact properties as this one, except for the overrides."
11669 },
11670 "locationInModule": {
11671 "filename": "lib/policy-statement.ts",
11672 "line": 375
11673 },
11674 "name": "copy",
11675 "parameters": [
11676 {
11677 "name": "overrides",
11678 "optional": true,
11679 "type": {
11680 "fqn": "@aws-cdk/aws-iam.PolicyStatementProps"
11681 }
11682 }
11683 ],
11684 "returns": {
11685 "type": {
11686 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
11687 }
11688 }
11689 },
11690 {
11691 "docs": {
11692 "remarks": "Used when JSON.stringify() is called",
11693 "stability": "stable",
11694 "summary": "JSON-ify the statement."
11695 },
11696 "locationInModule": {
11697 "filename": "lib/policy-statement.ts",
11698 "line": 425
11699 },
11700 "name": "toJSON",
11701 "returns": {
11702 "type": {
11703 "primitive": "any"
11704 }
11705 }
11706 },
11707 {
11708 "docs": {
11709 "remarks": "Used when JSON.stringify() is called",
11710 "stability": "stable",
11711 "summary": "JSON-ify the policy statement."
11712 },
11713 "locationInModule": {
11714 "filename": "lib/policy-statement.ts",
11715 "line": 397
11716 },
11717 "name": "toStatementJson",
11718 "returns": {
11719 "type": {
11720 "primitive": "any"
11721 }
11722 }
11723 },
11724 {
11725 "docs": {
11726 "stability": "stable",
11727 "summary": "String representation of this policy statement."
11728 },
11729 "locationInModule": {
11730 "filename": "lib/policy-statement.ts",
11731 "line": 414
11732 },
11733 "name": "toString",
11734 "returns": {
11735 "type": {
11736 "primitive": "string"
11737 }
11738 }
11739 },
11740 {
11741 "docs": {
11742 "returns": "An array of validation error messages, or an empty array if the statement is valid.",
11743 "stability": "stable",
11744 "summary": "Validate that the policy statement satisfies base requirements for a policy."
11745 },
11746 "locationInModule": {
11747 "filename": "lib/policy-statement.ts",
11748 "line": 461
11749 },
11750 "name": "validateForAnyPolicy",
11751 "returns": {
11752 "type": {
11753 "collection": {
11754 "elementtype": {
11755 "primitive": "string"
11756 },
11757 "kind": "array"
11758 }
11759 }
11760 }
11761 },
11762 {
11763 "docs": {
11764 "returns": "An array of validation error messages, or an empty array if the statement is valid.",
11765 "stability": "stable",
11766 "summary": "Validate that the policy statement satisfies all requirements for an identity-based policy."
11767 },
11768 "locationInModule": {
11769 "filename": "lib/policy-statement.ts",
11770 "line": 487
11771 },
11772 "name": "validateForIdentityPolicy",
11773 "returns": {
11774 "type": {
11775 "collection": {
11776 "elementtype": {
11777 "primitive": "string"
11778 },
11779 "kind": "array"
11780 }
11781 }
11782 }
11783 },
11784 {
11785 "docs": {
11786 "returns": "An array of validation error messages, or an empty array if the statement is valid.",
11787 "stability": "stable",
11788 "summary": "Validate that the policy statement satisfies all requirements for a resource-based policy."
11789 },
11790 "locationInModule": {
11791 "filename": "lib/policy-statement.ts",
11792 "line": 474
11793 },
11794 "name": "validateForResourcePolicy",
11795 "returns": {
11796 "type": {
11797 "collection": {
11798 "elementtype": {
11799 "primitive": "string"
11800 },
11801 "kind": "array"
11802 }
11803 }
11804 }
11805 }
11806 ],
11807 "name": "PolicyStatement",
11808 "properties": [
11809 {
11810 "docs": {
11811 "stability": "stable",
11812 "summary": "The Actions added to this statement."
11813 },
11814 "immutable": true,
11815 "locationInModule": {
11816 "filename": "lib/policy-statement.ts",
11817 "line": 501
11818 },
11819 "name": "actions",
11820 "type": {
11821 "collection": {
11822 "elementtype": {
11823 "primitive": "string"
11824 },
11825 "kind": "array"
11826 }
11827 }
11828 },
11829 {
11830 "docs": {
11831 "stability": "stable",
11832 "summary": "The conditions added to this statement."
11833 },
11834 "immutable": true,
11835 "locationInModule": {
11836 "filename": "lib/policy-statement.ts",
11837 "line": 543
11838 },
11839 "name": "conditions",
11840 "type": {
11841 "primitive": "any"
11842 }
11843 },
11844 {
11845 "docs": {
11846 "stability": "stable",
11847 "summary": "Indicates if this permission has a \"Principal\" section."
11848 },
11849 "immutable": true,
11850 "locationInModule": {
11851 "filename": "lib/policy-statement.ts",
11852 "line": 158
11853 },
11854 "name": "hasPrincipal",
11855 "type": {
11856 "primitive": "boolean"
11857 }
11858 },
11859 {
11860 "docs": {
11861 "stability": "stable",
11862 "summary": "Indicates if this permission has at least one resource associated with it."
11863 },
11864 "immutable": true,
11865 "locationInModule": {
11866 "filename": "lib/policy-statement.ts",
11867 "line": 314
11868 },
11869 "name": "hasResource",
11870 "type": {
11871 "primitive": "boolean"
11872 }
11873 },
11874 {
11875 "docs": {
11876 "stability": "stable",
11877 "summary": "The NotActions added to this statement."
11878 },
11879 "immutable": true,
11880 "locationInModule": {
11881 "filename": "lib/policy-statement.ts",
11882 "line": 508
11883 },
11884 "name": "notActions",
11885 "type": {
11886 "collection": {
11887 "elementtype": {
11888 "primitive": "string"
11889 },
11890 "kind": "array"
11891 }
11892 }
11893 },
11894 {
11895 "docs": {
11896 "stability": "stable",
11897 "summary": "The NotPrincipals added to this statement."
11898 },
11899 "immutable": true,
11900 "locationInModule": {
11901 "filename": "lib/policy-statement.ts",
11902 "line": 522
11903 },
11904 "name": "notPrincipals",
11905 "type": {
11906 "collection": {
11907 "elementtype": {
11908 "fqn": "@aws-cdk/aws-iam.IPrincipal"
11909 },
11910 "kind": "array"
11911 }
11912 }
11913 },
11914 {
11915 "docs": {
11916 "stability": "stable",
11917 "summary": "The NotResources added to this statement."
11918 },
11919 "immutable": true,
11920 "locationInModule": {
11921 "filename": "lib/policy-statement.ts",
11922 "line": 536
11923 },
11924 "name": "notResources",
11925 "type": {
11926 "collection": {
11927 "elementtype": {
11928 "primitive": "string"
11929 },
11930 "kind": "array"
11931 }
11932 }
11933 },
11934 {
11935 "docs": {
11936 "stability": "stable",
11937 "summary": "The Principals added to this statement."
11938 },
11939 "immutable": true,
11940 "locationInModule": {
11941 "filename": "lib/policy-statement.ts",
11942 "line": 515
11943 },
11944 "name": "principals",
11945 "type": {
11946 "collection": {
11947 "elementtype": {
11948 "fqn": "@aws-cdk/aws-iam.IPrincipal"
11949 },
11950 "kind": "array"
11951 }
11952 }
11953 },
11954 {
11955 "docs": {
11956 "stability": "stable",
11957 "summary": "The Resources added to this statement."
11958 },
11959 "immutable": true,
11960 "locationInModule": {
11961 "filename": "lib/policy-statement.ts",
11962 "line": 529
11963 },
11964 "name": "resources",
11965 "type": {
11966 "collection": {
11967 "elementtype": {
11968 "primitive": "string"
11969 },
11970 "kind": "array"
11971 }
11972 }
11973 },
11974 {
11975 "docs": {
11976 "stability": "stable",
11977 "summary": "Whether to allow or deny the actions in this statement."
11978 },
11979 "locationInModule": {
11980 "filename": "lib/policy-statement.ts",
11981 "line": 80
11982 },
11983 "name": "effect",
11984 "type": {
11985 "fqn": "@aws-cdk/aws-iam.Effect"
11986 }
11987 },
11988 {
11989 "docs": {
11990 "stability": "stable",
11991 "summary": "Statement ID for this statement."
11992 },
11993 "locationInModule": {
11994 "filename": "lib/policy-statement.ts",
11995 "line": 75
11996 },
11997 "name": "sid",
11998 "optional": true,
11999 "type": {
12000 "primitive": "string"
12001 }
12002 }
12003 ],
12004 "symbolId": "lib/policy-statement:PolicyStatement"
12005 },
12006 "@aws-cdk/aws-iam.PolicyStatementProps": {
12007 "assembly": "@aws-cdk/aws-iam",
12008 "datatype": true,
12009 "docs": {
12010 "stability": "stable",
12011 "summary": "Interface for creating a policy statement.",
12012 "example": " // Add gateway endpoints when creating the VPC\n const vpc = new ec2.Vpc(this, 'MyVpc', {\n gatewayEndpoints: {\n S3: {\n service: ec2.GatewayVpcEndpointAwsService.S3,\n },\n },\n });\n\n // Alternatively gateway endpoints can be added on the VPC\n const dynamoDbEndpoint = vpc.addGatewayEndpoint('DynamoDbEndpoint', {\n service: ec2.GatewayVpcEndpointAwsService.DYNAMODB,\n });\n\n // This allows to customize the endpoint policy\n dynamoDbEndpoint.addToPolicy(\n new iam.PolicyStatement({ // Restrict to listing and describing tables\n principals: [new iam.AnyPrincipal()],\n actions: ['dynamodb:DescribeTable', 'dynamodb:ListTables'],\n resources: ['*'],\n }));\n\n // Add an interface endpoint\n vpc.addInterfaceEndpoint('EcrDockerEndpoint', {\n service: ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER,\n\n // Uncomment the following to allow more fine-grained control over\n // who can access the endpoint via the '.connections' object.\n // open: false\n });",
12013 "custom": {
12014 "exampleMetadata": "lit=test/integ.vpc-endpoint.lit.ts infused"
12015 }
12016 },
12017 "fqn": "@aws-cdk/aws-iam.PolicyStatementProps",
12018 "kind": "interface",
12019 "locationInModule": {
12020 "filename": "lib/policy-statement.ts",
12021 "line": 634
12022 },
12023 "name": "PolicyStatementProps",
12024 "properties": [
12025 {
12026 "abstract": true,
12027 "docs": {
12028 "default": "- no actions",
12029 "stability": "stable",
12030 "summary": "List of actions to add to the statement."
12031 },
12032 "immutable": true,
12033 "locationInModule": {
12034 "filename": "lib/policy-statement.ts",
12035 "line": 651
12036 },
12037 "name": "actions",
12038 "optional": true,
12039 "type": {
12040 "collection": {
12041 "elementtype": {
12042 "primitive": "string"
12043 },
12044 "kind": "array"
12045 }
12046 }
12047 },
12048 {
12049 "abstract": true,
12050 "docs": {
12051 "default": "- no condition",
12052 "stability": "stable",
12053 "summary": "Conditions to add to the statement."
12054 },
12055 "immutable": true,
12056 "locationInModule": {
12057 "filename": "lib/policy-statement.ts",
12058 "line": 693
12059 },
12060 "name": "conditions",
12061 "optional": true,
12062 "type": {
12063 "collection": {
12064 "elementtype": {
12065 "primitive": "any"
12066 },
12067 "kind": "map"
12068 }
12069 }
12070 },
12071 {
12072 "abstract": true,
12073 "docs": {
12074 "default": "Effect.ALLOW",
12075 "stability": "stable",
12076 "summary": "Whether to allow or deny the actions in this statement."
12077 },
12078 "immutable": true,
12079 "locationInModule": {
12080 "filename": "lib/policy-statement.ts",
12081 "line": 700
12082 },
12083 "name": "effect",
12084 "optional": true,
12085 "type": {
12086 "fqn": "@aws-cdk/aws-iam.Effect"
12087 }
12088 },
12089 {
12090 "abstract": true,
12091 "docs": {
12092 "default": "- no not-actions",
12093 "stability": "stable",
12094 "summary": "List of not actions to add to the statement."
12095 },
12096 "immutable": true,
12097 "locationInModule": {
12098 "filename": "lib/policy-statement.ts",
12099 "line": 658
12100 },
12101 "name": "notActions",
12102 "optional": true,
12103 "type": {
12104 "collection": {
12105 "elementtype": {
12106 "primitive": "string"
12107 },
12108 "kind": "array"
12109 }
12110 }
12111 },
12112 {
12113 "abstract": true,
12114 "docs": {
12115 "default": "- no not principals",
12116 "stability": "stable",
12117 "summary": "List of not principals to add to the statement."
12118 },
12119 "immutable": true,
12120 "locationInModule": {
12121 "filename": "lib/policy-statement.ts",
12122 "line": 672
12123 },
12124 "name": "notPrincipals",
12125 "optional": true,
12126 "type": {
12127 "collection": {
12128 "elementtype": {
12129 "fqn": "@aws-cdk/aws-iam.IPrincipal"
12130 },
12131 "kind": "array"
12132 }
12133 }
12134 },
12135 {
12136 "abstract": true,
12137 "docs": {
12138 "default": "- no not-resources",
12139 "stability": "stable",
12140 "summary": "NotResource ARNs to add to the statement."
12141 },
12142 "immutable": true,
12143 "locationInModule": {
12144 "filename": "lib/policy-statement.ts",
12145 "line": 686
12146 },
12147 "name": "notResources",
12148 "optional": true,
12149 "type": {
12150 "collection": {
12151 "elementtype": {
12152 "primitive": "string"
12153 },
12154 "kind": "array"
12155 }
12156 }
12157 },
12158 {
12159 "abstract": true,
12160 "docs": {
12161 "default": "- no principals",
12162 "stability": "stable",
12163 "summary": "List of principals to add to the statement."
12164 },
12165 "immutable": true,
12166 "locationInModule": {
12167 "filename": "lib/policy-statement.ts",
12168 "line": 665
12169 },
12170 "name": "principals",
12171 "optional": true,
12172 "type": {
12173 "collection": {
12174 "elementtype": {
12175 "fqn": "@aws-cdk/aws-iam.IPrincipal"
12176 },
12177 "kind": "array"
12178 }
12179 }
12180 },
12181 {
12182 "abstract": true,
12183 "docs": {
12184 "default": "- no resources",
12185 "stability": "stable",
12186 "summary": "Resource ARNs to add to the statement."
12187 },
12188 "immutable": true,
12189 "locationInModule": {
12190 "filename": "lib/policy-statement.ts",
12191 "line": 679
12192 },
12193 "name": "resources",
12194 "optional": true,
12195 "type": {
12196 "collection": {
12197 "elementtype": {
12198 "primitive": "string"
12199 },
12200 "kind": "array"
12201 }
12202 }
12203 },
12204 {
12205 "abstract": true,
12206 "docs": {
12207 "default": "- no sid",
12208 "remarks": "You can assign a Sid value to each statement in a\nstatement array. In services that let you specify an ID element, such as\nSQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In\nIAM, the Sid value must be unique within a JSON policy.",
12209 "stability": "stable",
12210 "summary": "The Sid (statement ID) is an optional identifier that you provide for the policy statement."
12211 },
12212 "immutable": true,
12213 "locationInModule": {
12214 "filename": "lib/policy-statement.ts",
12215 "line": 644
12216 },
12217 "name": "sid",
12218 "optional": true,
12219 "type": {
12220 "primitive": "string"
12221 }
12222 }
12223 ],
12224 "symbolId": "lib/policy-statement:PolicyStatementProps"
12225 },
12226 "@aws-cdk/aws-iam.PrincipalBase": {
12227 "abstract": true,
12228 "assembly": "@aws-cdk/aws-iam",
12229 "docs": {
12230 "stability": "stable",
12231 "summary": "Base class for policy principals.",
12232 "example": "const tagParam = new CfnParameter(this, 'TagName');\n\nconst stringEquals = new CfnJson(this, 'ConditionJson', {\n value: {\n [`aws:PrincipalTag/${tagParam.valueAsString}`]: true,\n },\n});\n\nconst principal = new iam.AccountRootPrincipal().withConditions({\n StringEquals: stringEquals,\n});\n\nnew iam.Role(this, 'MyRole', { assumedBy: principal });",
12233 "custom": {
12234 "exampleMetadata": "infused"
12235 }
12236 },
12237 "fqn": "@aws-cdk/aws-iam.PrincipalBase",
12238 "initializer": {
12239 "docs": {
12240 "stability": "stable"
12241 }
12242 },
12243 "interfaces": [
12244 "@aws-cdk/aws-iam.IAssumeRolePrincipal",
12245 "@aws-cdk/aws-iam.IComparablePrincipal"
12246 ],
12247 "kind": "class",
12248 "locationInModule": {
12249 "filename": "lib/principals.ts",
12250 "line": 146
12251 },
12252 "methods": [
12253 {
12254 "docs": {
12255 "remarks": "Add the statements to the AssumeRolePolicyDocument necessary to give this principal\npermissions to assume the given role.",
12256 "stability": "stable",
12257 "summary": "Add the princpial to the AssumeRolePolicyDocument."
12258 },
12259 "locationInModule": {
12260 "filename": "lib/principals.ts",
12261 "line": 170
12262 },
12263 "name": "addToAssumeRolePolicy",
12264 "overrides": "@aws-cdk/aws-iam.IAssumeRolePrincipal",
12265 "parameters": [
12266 {
12267 "name": "document",
12268 "type": {
12269 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
12270 }
12271 }
12272 ]
12273 },
12274 {
12275 "docs": {
12276 "stability": "stable",
12277 "summary": "Add to the policy of this principal."
12278 },
12279 "locationInModule": {
12280 "filename": "lib/principals.ts",
12281 "line": 160
12282 },
12283 "name": "addToPolicy",
12284 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12285 "parameters": [
12286 {
12287 "name": "statement",
12288 "type": {
12289 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
12290 }
12291 }
12292 ],
12293 "returns": {
12294 "type": {
12295 "primitive": "boolean"
12296 }
12297 }
12298 },
12299 {
12300 "docs": {
12301 "stability": "stable",
12302 "summary": "Add to the policy of this principal."
12303 },
12304 "locationInModule": {
12305 "filename": "lib/principals.ts",
12306 "line": 164
12307 },
12308 "name": "addToPrincipalPolicy",
12309 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12310 "parameters": [
12311 {
12312 "name": "_statement",
12313 "type": {
12314 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
12315 }
12316 }
12317 ],
12318 "returns": {
12319 "type": {
12320 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
12321 }
12322 }
12323 },
12324 {
12325 "abstract": true,
12326 "docs": {
12327 "stability": "stable",
12328 "summary": "Return whether or not this principal is equal to the given principal."
12329 },
12330 "locationInModule": {
12331 "filename": "lib/principals.ts",
12332 "line": 219
12333 },
12334 "name": "dedupeString",
12335 "overrides": "@aws-cdk/aws-iam.IComparablePrincipal",
12336 "returns": {
12337 "optional": true,
12338 "type": {
12339 "primitive": "string"
12340 }
12341 }
12342 },
12343 {
12344 "docs": {
12345 "remarks": "Used when JSON.stringify() is called",
12346 "stability": "stable",
12347 "summary": "JSON-ify the principal."
12348 },
12349 "locationInModule": {
12350 "filename": "lib/principals.ts",
12351 "line": 189
12352 },
12353 "name": "toJSON",
12354 "returns": {
12355 "type": {
12356 "collection": {
12357 "elementtype": {
12358 "collection": {
12359 "elementtype": {
12360 "primitive": "string"
12361 },
12362 "kind": "array"
12363 }
12364 },
12365 "kind": "map"
12366 }
12367 }
12368 }
12369 },
12370 {
12371 "docs": {
12372 "stability": "stable",
12373 "summary": "Returns a string representation of an object."
12374 },
12375 "locationInModule": {
12376 "filename": "lib/principals.ts",
12377 "line": 178
12378 },
12379 "name": "toString",
12380 "returns": {
12381 "type": {
12382 "primitive": "string"
12383 }
12384 }
12385 },
12386 {
12387 "docs": {
12388 "remarks": "When there is a value for the same operator and key in both the principal and the\nconditions parameter, the value from the conditions parameter will be used.",
12389 "returns": "a new PrincipalWithConditions object.",
12390 "stability": "stable",
12391 "summary": "Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added."
12392 },
12393 "locationInModule": {
12394 "filename": "lib/principals.ts",
12395 "line": 203
12396 },
12397 "name": "withConditions",
12398 "parameters": [
12399 {
12400 "name": "conditions",
12401 "type": {
12402 "collection": {
12403 "elementtype": {
12404 "primitive": "any"
12405 },
12406 "kind": "map"
12407 }
12408 }
12409 }
12410 ],
12411 "returns": {
12412 "type": {
12413 "fqn": "@aws-cdk/aws-iam.PrincipalBase"
12414 }
12415 }
12416 },
12417 {
12418 "docs": {
12419 "returns": "a new SessionTagsPrincipal object.",
12420 "stability": "stable",
12421 "summary": "Returns a new principal using this principal as the base, with session tags enabled."
12422 },
12423 "locationInModule": {
12424 "filename": "lib/principals.ts",
12425 "line": 212
12426 },
12427 "name": "withSessionTags",
12428 "returns": {
12429 "type": {
12430 "fqn": "@aws-cdk/aws-iam.PrincipalBase"
12431 }
12432 }
12433 }
12434 ],
12435 "name": "PrincipalBase",
12436 "properties": [
12437 {
12438 "docs": {
12439 "stability": "stable",
12440 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
12441 },
12442 "immutable": true,
12443 "locationInModule": {
12444 "filename": "lib/principals.ts",
12445 "line": 158
12446 },
12447 "name": "assumeRoleAction",
12448 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12449 "type": {
12450 "primitive": "string"
12451 }
12452 },
12453 {
12454 "docs": {
12455 "stability": "stable",
12456 "summary": "The principal to grant permissions to."
12457 },
12458 "immutable": true,
12459 "locationInModule": {
12460 "filename": "lib/principals.ts",
12461 "line": 147
12462 },
12463 "name": "grantPrincipal",
12464 "overrides": "@aws-cdk/aws-iam.IGrantable",
12465 "type": {
12466 "fqn": "@aws-cdk/aws-iam.IPrincipal"
12467 }
12468 },
12469 {
12470 "abstract": true,
12471 "docs": {
12472 "stability": "stable",
12473 "summary": "Return the policy fragment that identifies this principal in a Policy."
12474 },
12475 "immutable": true,
12476 "locationInModule": {
12477 "filename": "lib/principals.ts",
12478 "line": 153
12479 },
12480 "name": "policyFragment",
12481 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12482 "type": {
12483 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
12484 }
12485 },
12486 {
12487 "docs": {
12488 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
12489 "stability": "stable",
12490 "summary": "The AWS account ID of this principal."
12491 },
12492 "immutable": true,
12493 "locationInModule": {
12494 "filename": "lib/principals.ts",
12495 "line": 148
12496 },
12497 "name": "principalAccount",
12498 "optional": true,
12499 "overrides": "@aws-cdk/aws-iam.IPrincipal",
12500 "type": {
12501 "primitive": "string"
12502 }
12503 }
12504 ],
12505 "symbolId": "lib/principals:PrincipalBase"
12506 },
12507 "@aws-cdk/aws-iam.PrincipalPolicyFragment": {
12508 "assembly": "@aws-cdk/aws-iam",
12509 "docs": {
12510 "remarks": "This consists of the JSON used in the \"Principal\" field, and optionally a\nset of \"Condition\"s that need to be applied to the policy.\n\nGenerally, a principal looks like:\n\n { '<TYPE>': ['ID', 'ID', ...] }\n\nAnd this is also the type of the field `principalJson`. However, there is a\nspecial type of principal that is just the string '*', which is treated\ndifferently by some services. To represent that principal, `principalJson`\nshould contain `{ 'LiteralString': ['*'] }`.",
12511 "stability": "stable",
12512 "summary": "A collection of the fields in a PolicyStatement that can be used to identify a principal.",
12513 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const conditions: any;\nconst principalPolicyFragment = new iam.PrincipalPolicyFragment({\n principalJsonKey: ['principalJson'],\n}, /* all optional props */ {\n conditionsKey: conditions,\n});",
12514 "custom": {
12515 "exampleMetadata": "fixture=_generated"
12516 }
12517 },
12518 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment",
12519 "initializer": {
12520 "docs": {
12521 "stability": "stable"
12522 },
12523 "locationInModule": {
12524 "filename": "lib/principals.ts",
12525 "line": 392
12526 },
12527 "parameters": [
12528 {
12529 "docs": {
12530 "summary": "JSON of the \"Principal\" section in a policy statement."
12531 },
12532 "name": "principalJson",
12533 "type": {
12534 "collection": {
12535 "elementtype": {
12536 "collection": {
12537 "elementtype": {
12538 "primitive": "string"
12539 },
12540 "kind": "array"
12541 }
12542 },
12543 "kind": "map"
12544 }
12545 }
12546 },
12547 {
12548 "docs": {
12549 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).\nconditions that need to be applied to this policy",
12550 "summary": "The conditions under which the policy is in effect."
12551 },
12552 "name": "conditions",
12553 "optional": true,
12554 "type": {
12555 "collection": {
12556 "elementtype": {
12557 "primitive": "any"
12558 },
12559 "kind": "map"
12560 }
12561 }
12562 }
12563 ]
12564 },
12565 "kind": "class",
12566 "locationInModule": {
12567 "filename": "lib/principals.ts",
12568 "line": 386
12569 },
12570 "name": "PrincipalPolicyFragment",
12571 "properties": [
12572 {
12573 "docs": {
12574 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).\nconditions that need to be applied to this policy",
12575 "stability": "stable",
12576 "summary": "The conditions under which the policy is in effect."
12577 },
12578 "immutable": true,
12579 "locationInModule": {
12580 "filename": "lib/principals.ts",
12581 "line": 398
12582 },
12583 "name": "conditions",
12584 "type": {
12585 "collection": {
12586 "elementtype": {
12587 "primitive": "any"
12588 },
12589 "kind": "map"
12590 }
12591 }
12592 },
12593 {
12594 "docs": {
12595 "stability": "stable",
12596 "summary": "JSON of the \"Principal\" section in a policy statement."
12597 },
12598 "immutable": true,
12599 "locationInModule": {
12600 "filename": "lib/principals.ts",
12601 "line": 393
12602 },
12603 "name": "principalJson",
12604 "type": {
12605 "collection": {
12606 "elementtype": {
12607 "collection": {
12608 "elementtype": {
12609 "primitive": "string"
12610 },
12611 "kind": "array"
12612 }
12613 },
12614 "kind": "map"
12615 }
12616 }
12617 }
12618 ],
12619 "symbolId": "lib/principals:PrincipalPolicyFragment"
12620 },
12621 "@aws-cdk/aws-iam.PrincipalWithConditions": {
12622 "assembly": "@aws-cdk/aws-iam",
12623 "base": "@aws-cdk/aws-iam.PrincipalBase",
12624 "docs": {
12625 "remarks": "For more information about conditions, see:\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html",
12626 "stability": "stable",
12627 "summary": "An IAM principal with additional conditions specifying when the policy is in effect.",
12628 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const conditions: any;\ndeclare const principal: iam.IPrincipal;\nconst principalWithConditions = new iam.PrincipalWithConditions(principal, {\n conditionsKey: conditions,\n});",
12629 "custom": {
12630 "exampleMetadata": "fixture=_generated"
12631 }
12632 },
12633 "fqn": "@aws-cdk/aws-iam.PrincipalWithConditions",
12634 "initializer": {
12635 "docs": {
12636 "stability": "stable"
12637 },
12638 "locationInModule": {
12639 "filename": "lib/principals.ts",
12640 "line": 260
12641 },
12642 "parameters": [
12643 {
12644 "name": "principal",
12645 "type": {
12646 "fqn": "@aws-cdk/aws-iam.IPrincipal"
12647 }
12648 },
12649 {
12650 "name": "conditions",
12651 "type": {
12652 "collection": {
12653 "elementtype": {
12654 "primitive": "any"
12655 },
12656 "kind": "map"
12657 }
12658 }
12659 }
12660 ]
12661 },
12662 "kind": "class",
12663 "locationInModule": {
12664 "filename": "lib/principals.ts",
12665 "line": 257
12666 },
12667 "methods": [
12668 {
12669 "docs": {
12670 "stability": "stable",
12671 "summary": "Add a condition to the principal."
12672 },
12673 "locationInModule": {
12674 "filename": "lib/principals.ts",
12675 "line": 268
12676 },
12677 "name": "addCondition",
12678 "parameters": [
12679 {
12680 "name": "key",
12681 "type": {
12682 "primitive": "string"
12683 }
12684 },
12685 {
12686 "name": "value",
12687 "type": {
12688 "primitive": "any"
12689 }
12690 }
12691 ]
12692 },
12693 {
12694 "docs": {
12695 "remarks": "Values from the conditions parameter will overwrite existing values with the same operator\nand key.",
12696 "stability": "stable",
12697 "summary": "Adds multiple conditions to the principal."
12698 },
12699 "locationInModule": {
12700 "filename": "lib/principals.ts",
12701 "line": 279
12702 },
12703 "name": "addConditions",
12704 "parameters": [
12705 {
12706 "name": "conditions",
12707 "type": {
12708 "collection": {
12709 "elementtype": {
12710 "primitive": "any"
12711 },
12712 "kind": "map"
12713 }
12714 }
12715 }
12716 ]
12717 },
12718 {
12719 "docs": {
12720 "stability": "stable",
12721 "summary": "Add to the policy of this principal."
12722 },
12723 "locationInModule": {
12724 "filename": "lib/principals.ts",
12725 "line": 235
12726 },
12727 "name": "addToPolicy",
12728 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12729 "parameters": [
12730 {
12731 "name": "statement",
12732 "type": {
12733 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
12734 }
12735 }
12736 ],
12737 "returns": {
12738 "type": {
12739 "primitive": "boolean"
12740 }
12741 }
12742 },
12743 {
12744 "docs": {
12745 "stability": "stable",
12746 "summary": "Add to the policy of this principal."
12747 },
12748 "locationInModule": {
12749 "filename": "lib/principals.ts",
12750 "line": 238
12751 },
12752 "name": "addToPrincipalPolicy",
12753 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12754 "parameters": [
12755 {
12756 "name": "statement",
12757 "type": {
12758 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
12759 }
12760 }
12761 ],
12762 "returns": {
12763 "type": {
12764 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
12765 }
12766 }
12767 },
12768 {
12769 "docs": {
12770 "stability": "stable",
12771 "summary": "Append the given string to the wrapped principal's dedupe string (if available)."
12772 },
12773 "locationInModule": {
12774 "filename": "lib/principals.ts",
12775 "line": 245
12776 },
12777 "name": "appendDedupe",
12778 "parameters": [
12779 {
12780 "name": "append",
12781 "type": {
12782 "primitive": "string"
12783 }
12784 }
12785 ],
12786 "protected": true,
12787 "returns": {
12788 "optional": true,
12789 "type": {
12790 "primitive": "string"
12791 }
12792 }
12793 },
12794 {
12795 "docs": {
12796 "stability": "stable",
12797 "summary": "Return whether or not this principal is equal to the given principal."
12798 },
12799 "locationInModule": {
12800 "filename": "lib/principals.ts",
12801 "line": 311
12802 },
12803 "name": "dedupeString",
12804 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12805 "returns": {
12806 "optional": true,
12807 "type": {
12808 "primitive": "string"
12809 }
12810 }
12811 },
12812 {
12813 "docs": {
12814 "remarks": "Used when JSON.stringify() is called",
12815 "stability": "stable",
12816 "summary": "JSON-ify the principal."
12817 },
12818 "locationInModule": {
12819 "filename": "lib/principals.ts",
12820 "line": 306
12821 },
12822 "name": "toJSON",
12823 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12824 "returns": {
12825 "type": {
12826 "collection": {
12827 "elementtype": {
12828 "collection": {
12829 "elementtype": {
12830 "primitive": "string"
12831 },
12832 "kind": "array"
12833 }
12834 },
12835 "kind": "map"
12836 }
12837 }
12838 }
12839 },
12840 {
12841 "docs": {
12842 "stability": "stable",
12843 "summary": "Returns a string representation of an object."
12844 },
12845 "locationInModule": {
12846 "filename": "lib/principals.ts",
12847 "line": 297
12848 },
12849 "name": "toString",
12850 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12851 "returns": {
12852 "type": {
12853 "primitive": "string"
12854 }
12855 }
12856 }
12857 ],
12858 "name": "PrincipalWithConditions",
12859 "properties": [
12860 {
12861 "docs": {
12862 "stability": "stable",
12863 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
12864 },
12865 "immutable": true,
12866 "locationInModule": {
12867 "filename": "lib/principals.ts",
12868 "line": 226
12869 },
12870 "name": "assumeRoleAction",
12871 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12872 "type": {
12873 "primitive": "string"
12874 }
12875 },
12876 {
12877 "docs": {
12878 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
12879 "stability": "stable",
12880 "summary": "The conditions under which the policy is in effect."
12881 },
12882 "immutable": true,
12883 "locationInModule": {
12884 "filename": "lib/principals.ts",
12885 "line": 289
12886 },
12887 "name": "conditions",
12888 "type": {
12889 "collection": {
12890 "elementtype": {
12891 "primitive": "any"
12892 },
12893 "kind": "map"
12894 }
12895 }
12896 },
12897 {
12898 "docs": {
12899 "stability": "stable",
12900 "summary": "Return the policy fragment that identifies this principal in a Policy."
12901 },
12902 "immutable": true,
12903 "locationInModule": {
12904 "filename": "lib/principals.ts",
12905 "line": 293
12906 },
12907 "name": "policyFragment",
12908 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12909 "type": {
12910 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
12911 }
12912 },
12913 {
12914 "docs": {
12915 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
12916 "stability": "stable",
12917 "summary": "The AWS account ID of this principal."
12918 },
12919 "immutable": true,
12920 "locationInModule": {
12921 "filename": "lib/principals.ts",
12922 "line": 227
12923 },
12924 "name": "principalAccount",
12925 "optional": true,
12926 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
12927 "type": {
12928 "primitive": "string"
12929 }
12930 }
12931 ],
12932 "symbolId": "lib/principals:PrincipalWithConditions"
12933 },
12934 "@aws-cdk/aws-iam.Role": {
12935 "assembly": "@aws-cdk/aws-iam",
12936 "base": "@aws-cdk/core.Resource",
12937 "docs": {
12938 "remarks": "Defines an IAM role. The role is created with an assume policy document associated with\nthe specified AWS service principal defined in `serviceAssumeRole`.",
12939 "stability": "stable",
12940 "summary": "IAM Role.",
12941 "example": "const lambdaRole = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),\n description: 'Example role...',\n});\n\nconst stream = new kinesis.Stream(this, 'MyEncryptedStream', {\n encryption: kinesis.StreamEncryption.KMS,\n});\n\n// give lambda permissions to read stream\nstream.grantRead(lambdaRole);",
12942 "custom": {
12943 "exampleMetadata": "infused"
12944 }
12945 },
12946 "fqn": "@aws-cdk/aws-iam.Role",
12947 "initializer": {
12948 "docs": {
12949 "stability": "stable"
12950 },
12951 "locationInModule": {
12952 "filename": "lib/role.ts",
12953 "line": 357
12954 },
12955 "parameters": [
12956 {
12957 "name": "scope",
12958 "type": {
12959 "fqn": "constructs.Construct"
12960 }
12961 },
12962 {
12963 "name": "id",
12964 "type": {
12965 "primitive": "string"
12966 }
12967 },
12968 {
12969 "name": "props",
12970 "type": {
12971 "fqn": "@aws-cdk/aws-iam.RoleProps"
12972 }
12973 }
12974 ]
12975 },
12976 "interfaces": [
12977 "@aws-cdk/aws-iam.IRole"
12978 ],
12979 "kind": "class",
12980 "locationInModule": {
12981 "filename": "lib/role.ts",
12982 "line": 173
12983 },
12984 "methods": [
12985 {
12986 "docs": {
12987 "remarks": "If the imported Role ARN is a Token (such as a\n`CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced\nrole has a `path` (like `arn:...:role/AdminRoles/Alice`), the\n`roleName` property will not resolve to the correct value. Instead it\nwill resolve to the first path component. We unfortunately cannot express\nthe correct calculation of the full path name as a CloudFormation\nexpression. In this scenario the Role ARN should be supplied without the\n`path` in order to resolve the correct role resource.",
12988 "stability": "stable",
12989 "summary": "Import an external role by ARN."
12990 },
12991 "locationInModule": {
12992 "filename": "lib/role.ts",
12993 "line": 191
12994 },
12995 "name": "fromRoleArn",
12996 "parameters": [
12997 {
12998 "docs": {
12999 "summary": "construct scope."
13000 },
13001 "name": "scope",
13002 "type": {
13003 "fqn": "constructs.Construct"
13004 }
13005 },
13006 {
13007 "docs": {
13008 "summary": "construct id."
13009 },
13010 "name": "id",
13011 "type": {
13012 "primitive": "string"
13013 }
13014 },
13015 {
13016 "docs": {
13017 "summary": "the ARN of the role to import."
13018 },
13019 "name": "roleArn",
13020 "type": {
13021 "primitive": "string"
13022 }
13023 },
13024 {
13025 "docs": {
13026 "summary": "allow customizing the behavior of the returned role."
13027 },
13028 "name": "options",
13029 "optional": true,
13030 "type": {
13031 "fqn": "@aws-cdk/aws-iam.FromRoleArnOptions"
13032 }
13033 }
13034 ],
13035 "returns": {
13036 "type": {
13037 "fqn": "@aws-cdk/aws-iam.IRole"
13038 }
13039 },
13040 "static": true
13041 },
13042 {
13043 "docs": {
13044 "remarks": "The imported role is assumed to exist in the same account as the account\nthe scope's containing Stack is being deployed to.",
13045 "stability": "stable",
13046 "summary": "Import an external role by name."
13047 },
13048 "locationInModule": {
13049 "filename": "lib/role.ts",
13050 "line": 302
13051 },
13052 "name": "fromRoleName",
13053 "parameters": [
13054 {
13055 "name": "scope",
13056 "type": {
13057 "fqn": "constructs.Construct"
13058 }
13059 },
13060 {
13061 "name": "id",
13062 "type": {
13063 "primitive": "string"
13064 }
13065 },
13066 {
13067 "name": "roleName",
13068 "type": {
13069 "primitive": "string"
13070 }
13071 }
13072 ],
13073 "returns": {
13074 "type": {
13075 "fqn": "@aws-cdk/aws-iam.IRole"
13076 }
13077 },
13078 "static": true
13079 },
13080 {
13081 "docs": {
13082 "stability": "stable",
13083 "summary": "Attaches a managed policy to this role."
13084 },
13085 "locationInModule": {
13086 "filename": "lib/role.ts",
13087 "line": 452
13088 },
13089 "name": "addManagedPolicy",
13090 "overrides": "@aws-cdk/aws-iam.IIdentity",
13091 "parameters": [
13092 {
13093 "docs": {
13094 "summary": "The the managed policy to attach."
13095 },
13096 "name": "policy",
13097 "type": {
13098 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
13099 }
13100 }
13101 ]
13102 },
13103 {
13104 "docs": {
13105 "stability": "stable",
13106 "summary": "Add to the policy of this principal."
13107 },
13108 "locationInModule": {
13109 "filename": "lib/role.ts",
13110 "line": 444
13111 },
13112 "name": "addToPolicy",
13113 "overrides": "@aws-cdk/aws-iam.IPrincipal",
13114 "parameters": [
13115 {
13116 "name": "statement",
13117 "type": {
13118 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
13119 }
13120 }
13121 ],
13122 "returns": {
13123 "type": {
13124 "primitive": "boolean"
13125 }
13126 }
13127 },
13128 {
13129 "docs": {
13130 "remarks": "If there is no default policy attached to this role, it will be created.",
13131 "stability": "stable",
13132 "summary": "Adds a permission to the role's default policy document."
13133 },
13134 "locationInModule": {
13135 "filename": "lib/role.ts",
13136 "line": 429
13137 },
13138 "name": "addToPrincipalPolicy",
13139 "overrides": "@aws-cdk/aws-iam.IPrincipal",
13140 "parameters": [
13141 {
13142 "docs": {
13143 "summary": "The permission statement to add to the policy document."
13144 },
13145 "name": "statement",
13146 "type": {
13147 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
13148 }
13149 }
13150 ],
13151 "returns": {
13152 "type": {
13153 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
13154 }
13155 }
13156 },
13157 {
13158 "docs": {
13159 "stability": "stable",
13160 "summary": "Attaches a policy to this role."
13161 },
13162 "locationInModule": {
13163 "filename": "lib/role.ts",
13164 "line": 461
13165 },
13166 "name": "attachInlinePolicy",
13167 "overrides": "@aws-cdk/aws-iam.IIdentity",
13168 "parameters": [
13169 {
13170 "docs": {
13171 "summary": "The policy to attach."
13172 },
13173 "name": "policy",
13174 "type": {
13175 "fqn": "@aws-cdk/aws-iam.Policy"
13176 }
13177 }
13178 ]
13179 },
13180 {
13181 "docs": {
13182 "stability": "stable",
13183 "summary": "Grant the actions defined in actions to the identity Principal on this resource."
13184 },
13185 "locationInModule": {
13186 "filename": "lib/role.ts",
13187 "line": 469
13188 },
13189 "name": "grant",
13190 "overrides": "@aws-cdk/aws-iam.IRole",
13191 "parameters": [
13192 {
13193 "name": "grantee",
13194 "type": {
13195 "fqn": "@aws-cdk/aws-iam.IPrincipal"
13196 }
13197 },
13198 {
13199 "name": "actions",
13200 "type": {
13201 "primitive": "string"
13202 },
13203 "variadic": true
13204 }
13205 ],
13206 "returns": {
13207 "type": {
13208 "fqn": "@aws-cdk/aws-iam.Grant"
13209 }
13210 },
13211 "variadic": true
13212 },
13213 {
13214 "docs": {
13215 "stability": "stable",
13216 "summary": "Grant permissions to the given principal to assume this role."
13217 },
13218 "locationInModule": {
13219 "filename": "lib/role.ts",
13220 "line": 488
13221 },
13222 "name": "grantAssumeRole",
13223 "overrides": "@aws-cdk/aws-iam.IRole",
13224 "parameters": [
13225 {
13226 "name": "identity",
13227 "type": {
13228 "fqn": "@aws-cdk/aws-iam.IPrincipal"
13229 }
13230 }
13231 ],
13232 "returns": {
13233 "type": {
13234 "fqn": "@aws-cdk/aws-iam.Grant"
13235 }
13236 }
13237 },
13238 {
13239 "docs": {
13240 "stability": "stable",
13241 "summary": "Grant permissions to the given principal to pass this role."
13242 },
13243 "locationInModule": {
13244 "filename": "lib/role.ts",
13245 "line": 481
13246 },
13247 "name": "grantPassRole",
13248 "overrides": "@aws-cdk/aws-iam.IRole",
13249 "parameters": [
13250 {
13251 "name": "identity",
13252 "type": {
13253 "fqn": "@aws-cdk/aws-iam.IPrincipal"
13254 }
13255 }
13256 ],
13257 "returns": {
13258 "type": {
13259 "fqn": "@aws-cdk/aws-iam.Grant"
13260 }
13261 }
13262 },
13263 {
13264 "docs": {
13265 "remarks": "This method can be implemented by derived constructs in order to perform\nvalidation logic. It is called on all constructs before synthesis.",
13266 "stability": "stable",
13267 "summary": "Validate the current construct."
13268 },
13269 "locationInModule": {
13270 "filename": "lib/role.ts",
13271 "line": 510
13272 },
13273 "name": "validate",
13274 "overrides": "@aws-cdk/core.Construct",
13275 "protected": true,
13276 "returns": {
13277 "type": {
13278 "collection": {
13279 "elementtype": {
13280 "primitive": "string"
13281 },
13282 "kind": "array"
13283 }
13284 }
13285 }
13286 },
13287 {
13288 "docs": {
13289 "remarks": "Use the object returned by this method if you want this Role to be used by\na construct without it automatically updating the Role's Policies.\n\nIf you do, you are responsible for adding the correct statements to the\nRole's policies yourself.",
13290 "stability": "stable",
13291 "summary": "Return a copy of this Role object whose Policies will not be updated."
13292 },
13293 "locationInModule": {
13294 "filename": "lib/role.ts",
13295 "line": 502
13296 },
13297 "name": "withoutPolicyUpdates",
13298 "parameters": [
13299 {
13300 "name": "options",
13301 "optional": true,
13302 "type": {
13303 "fqn": "@aws-cdk/aws-iam.WithoutPolicyUpdatesOptions"
13304 }
13305 }
13306 ],
13307 "returns": {
13308 "type": {
13309 "fqn": "@aws-cdk/aws-iam.IRole"
13310 }
13311 }
13312 }
13313 ],
13314 "name": "Role",
13315 "properties": [
13316 {
13317 "docs": {
13318 "stability": "stable",
13319 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
13320 },
13321 "immutable": true,
13322 "locationInModule": {
13323 "filename": "lib/role.ts",
13324 "line": 314
13325 },
13326 "name": "assumeRoleAction",
13327 "overrides": "@aws-cdk/aws-iam.IPrincipal",
13328 "type": {
13329 "primitive": "string"
13330 }
13331 },
13332 {
13333 "docs": {
13334 "stability": "stable",
13335 "summary": "The principal to grant permissions to."
13336 },
13337 "immutable": true,
13338 "locationInModule": {
13339 "filename": "lib/role.ts",
13340 "line": 311
13341 },
13342 "name": "grantPrincipal",
13343 "overrides": "@aws-cdk/aws-iam.IGrantable",
13344 "type": {
13345 "fqn": "@aws-cdk/aws-iam.IPrincipal"
13346 }
13347 },
13348 {
13349 "docs": {
13350 "stability": "stable",
13351 "summary": "Returns the role."
13352 },
13353 "immutable": true,
13354 "locationInModule": {
13355 "filename": "lib/role.ts",
13356 "line": 342
13357 },
13358 "name": "policyFragment",
13359 "overrides": "@aws-cdk/aws-iam.IPrincipal",
13360 "type": {
13361 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
13362 }
13363 },
13364 {
13365 "docs": {
13366 "stability": "stable",
13367 "summary": "Returns the ARN of this role."
13368 },
13369 "immutable": true,
13370 "locationInModule": {
13371 "filename": "lib/role.ts",
13372 "line": 324
13373 },
13374 "name": "roleArn",
13375 "overrides": "@aws-cdk/aws-iam.IRole",
13376 "type": {
13377 "primitive": "string"
13378 }
13379 },
13380 {
13381 "docs": {
13382 "custom": {
13383 "attribute": "true"
13384 },
13385 "remarks": "For example,\nAIDAJQABLZS4A3QDU576Q.",
13386 "stability": "stable",
13387 "summary": "Returns the stable and unique string identifying the role."
13388 },
13389 "immutable": true,
13390 "locationInModule": {
13391 "filename": "lib/role.ts",
13392 "line": 332
13393 },
13394 "name": "roleId",
13395 "type": {
13396 "primitive": "string"
13397 }
13398 },
13399 {
13400 "docs": {
13401 "stability": "stable",
13402 "summary": "Returns the name of the role."
13403 },
13404 "immutable": true,
13405 "locationInModule": {
13406 "filename": "lib/role.ts",
13407 "line": 337
13408 },
13409 "name": "roleName",
13410 "overrides": "@aws-cdk/aws-iam.IRole",
13411 "type": {
13412 "primitive": "string"
13413 }
13414 },
13415 {
13416 "docs": {
13417 "stability": "stable",
13418 "summary": "The assume role policy document associated with this role."
13419 },
13420 "immutable": true,
13421 "locationInModule": {
13422 "filename": "lib/role.ts",
13423 "line": 319
13424 },
13425 "name": "assumeRolePolicy",
13426 "optional": true,
13427 "type": {
13428 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
13429 }
13430 },
13431 {
13432 "docs": {
13433 "stability": "stable",
13434 "summary": "Returns the permissions boundary attached to this role."
13435 },
13436 "immutable": true,
13437 "locationInModule": {
13438 "filename": "lib/role.ts",
13439 "line": 347
13440 },
13441 "name": "permissionsBoundary",
13442 "optional": true,
13443 "type": {
13444 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
13445 }
13446 },
13447 {
13448 "docs": {
13449 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
13450 "stability": "stable",
13451 "summary": "The AWS account ID of this principal."
13452 },
13453 "immutable": true,
13454 "locationInModule": {
13455 "filename": "lib/role.ts",
13456 "line": 312
13457 },
13458 "name": "principalAccount",
13459 "optional": true,
13460 "overrides": "@aws-cdk/aws-iam.IPrincipal",
13461 "type": {
13462 "primitive": "string"
13463 }
13464 }
13465 ],
13466 "symbolId": "lib/role:Role"
13467 },
13468 "@aws-cdk/aws-iam.RoleProps": {
13469 "assembly": "@aws-cdk/aws-iam",
13470 "datatype": true,
13471 "docs": {
13472 "stability": "stable",
13473 "summary": "Properties for defining an IAM Role.",
13474 "example": "const lambdaRole = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),\n description: 'Example role...',\n});\n\nconst stream = new kinesis.Stream(this, 'MyEncryptedStream', {\n encryption: kinesis.StreamEncryption.KMS,\n});\n\n// give lambda permissions to read stream\nstream.grantRead(lambdaRole);",
13475 "custom": {
13476 "exampleMetadata": "infused"
13477 }
13478 },
13479 "fqn": "@aws-cdk/aws-iam.RoleProps",
13480 "kind": "interface",
13481 "locationInModule": {
13482 "filename": "lib/role.ts",
13483 "line": 22
13484 },
13485 "name": "RoleProps",
13486 "properties": [
13487 {
13488 "abstract": true,
13489 "docs": {
13490 "remarks": "You can later modify the assume role policy document by accessing it via\nthe `assumeRolePolicy` property.",
13491 "stability": "stable",
13492 "summary": "The IAM principal (i.e. `new ServicePrincipal('sns.amazonaws.com')`) which can assume this role."
13493 },
13494 "immutable": true,
13495 "locationInModule": {
13496 "filename": "lib/role.ts",
13497 "line": 30
13498 },
13499 "name": "assumedBy",
13500 "type": {
13501 "fqn": "@aws-cdk/aws-iam.IPrincipal"
13502 }
13503 },
13504 {
13505 "abstract": true,
13506 "docs": {
13507 "default": "- No description.",
13508 "remarks": "It can be up to 1000 characters long.",
13509 "stability": "stable",
13510 "summary": "A description of the role."
13511 },
13512 "immutable": true,
13513 "locationInModule": {
13514 "filename": "lib/role.ts",
13515 "line": 140
13516 },
13517 "name": "description",
13518 "optional": true,
13519 "type": {
13520 "primitive": "string"
13521 }
13522 },
13523 {
13524 "abstract": true,
13525 "docs": {
13526 "default": "No external ID required",
13527 "deprecated": "see {@link externalIds}",
13528 "remarks": "If the configured and provided external IDs do not match, the\nAssumeRole operation will fail.",
13529 "stability": "deprecated",
13530 "summary": "ID that the role assumer needs to provide when assuming this role."
13531 },
13532 "immutable": true,
13533 "locationInModule": {
13534 "filename": "lib/role.ts",
13535 "line": 42
13536 },
13537 "name": "externalId",
13538 "optional": true,
13539 "type": {
13540 "primitive": "string"
13541 }
13542 },
13543 {
13544 "abstract": true,
13545 "docs": {
13546 "default": "No external ID required",
13547 "remarks": "If the configured and provided external IDs do not match, the\nAssumeRole operation will fail.",
13548 "stability": "stable",
13549 "summary": "List of IDs that the role assumer needs to provide one of when assuming this role."
13550 },
13551 "immutable": true,
13552 "locationInModule": {
13553 "filename": "lib/role.ts",
13554 "line": 52
13555 },
13556 "name": "externalIds",
13557 "optional": true,
13558 "type": {
13559 "collection": {
13560 "elementtype": {
13561 "primitive": "string"
13562 },
13563 "kind": "array"
13564 }
13565 }
13566 },
13567 {
13568 "abstract": true,
13569 "docs": {
13570 "default": "- No policy is inlined in the Role resource.",
13571 "remarks": "These policies will be\ncreated with the role, whereas those added by ``addToPolicy`` are added\nusing a separate CloudFormation resource (allowing a way around circular\ndependencies that could otherwise be introduced).",
13572 "stability": "stable",
13573 "summary": "A list of named policies to inline into this role."
13574 },
13575 "immutable": true,
13576 "locationInModule": {
13577 "filename": "lib/role.ts",
13578 "line": 72
13579 },
13580 "name": "inlinePolicies",
13581 "optional": true,
13582 "type": {
13583 "collection": {
13584 "elementtype": {
13585 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
13586 },
13587 "kind": "map"
13588 }
13589 }
13590 },
13591 {
13592 "abstract": true,
13593 "docs": {
13594 "default": "- No managed policies.",
13595 "remarks": "You can add managed policies later using\n`addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.",
13596 "stability": "stable",
13597 "summary": "A list of managed policies associated with this role."
13598 },
13599 "immutable": true,
13600 "locationInModule": {
13601 "filename": "lib/role.ts",
13602 "line": 62
13603 },
13604 "name": "managedPolicies",
13605 "optional": true,
13606 "type": {
13607 "collection": {
13608 "elementtype": {
13609 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
13610 },
13611 "kind": "array"
13612 }
13613 }
13614 },
13615 {
13616 "abstract": true,
13617 "docs": {
13618 "custom": {
13619 "link": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html"
13620 },
13621 "default": "Duration.hours(1)",
13622 "remarks": "This setting can have a value from 1 hour (3600sec) to 12 (43200sec) hours.\n\nAnyone who assumes the role from the AWS CLI or API can use the\nDurationSeconds API parameter or the duration-seconds CLI parameter to\nrequest a longer session. The MaxSessionDuration setting determines the\nmaximum duration that can be requested using the DurationSeconds\nparameter.\n\nIf users don't specify a value for the DurationSeconds parameter, their\nsecurity credentials are valid for one hour by default. This applies when\nyou use the AssumeRole* API operations or the assume-role* CLI operations\nbut does not apply when you use those operations to create a console URL.",
13623 "stability": "stable",
13624 "summary": "The maximum session duration that you want to set for the specified role."
13625 },
13626 "immutable": true,
13627 "locationInModule": {
13628 "filename": "lib/role.ts",
13629 "line": 133
13630 },
13631 "name": "maxSessionDuration",
13632 "optional": true,
13633 "type": {
13634 "fqn": "@aws-cdk/core.Duration"
13635 }
13636 },
13637 {
13638 "abstract": true,
13639 "docs": {
13640 "default": "/",
13641 "remarks": "For information about IAM paths, see\nFriendly Names and Paths in IAM User Guide.",
13642 "stability": "stable",
13643 "summary": "The path associated with this role."
13644 },
13645 "immutable": true,
13646 "locationInModule": {
13647 "filename": "lib/role.ts",
13648 "line": 80
13649 },
13650 "name": "path",
13651 "optional": true,
13652 "type": {
13653 "primitive": "string"
13654 }
13655 },
13656 {
13657 "abstract": true,
13658 "docs": {
13659 "custom": {
13660 "link": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html"
13661 },
13662 "default": "- No permissions boundary.",
13663 "remarks": "A permissions boundary is an advanced feature for using a managed policy\nto set the maximum permissions that an identity-based policy can grant to\nan IAM entity. An entity's permissions boundary allows it to perform only\nthe actions that are allowed by both its identity-based policies and its\npermissions boundaries.",
13664 "stability": "stable",
13665 "summary": "AWS supports permissions boundaries for IAM entities (users or roles)."
13666 },
13667 "immutable": true,
13668 "locationInModule": {
13669 "filename": "lib/role.ts",
13670 "line": 95
13671 },
13672 "name": "permissionsBoundary",
13673 "optional": true,
13674 "type": {
13675 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
13676 }
13677 },
13678 {
13679 "abstract": true,
13680 "docs": {
13681 "default": "- AWS CloudFormation generates a unique physical ID and uses that ID\nfor the role name.",
13682 "remarks": "For valid values, see the RoleName parameter for\nthe CreateRole action in the IAM API Reference.\n\nIMPORTANT: If you specify a name, you cannot perform updates that require\nreplacement of this resource. You can perform updates that require no or\nsome interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the CAPABILITY_NAMED_IAM value to\nacknowledge your template's capabilities. For more information, see\nAcknowledging IAM Resources in AWS CloudFormation Templates.",
13683 "stability": "stable",
13684 "summary": "A name for the IAM role."
13685 },
13686 "immutable": true,
13687 "locationInModule": {
13688 "filename": "lib/role.ts",
13689 "line": 112
13690 },
13691 "name": "roleName",
13692 "optional": true,
13693 "type": {
13694 "primitive": "string"
13695 }
13696 }
13697 ],
13698 "symbolId": "lib/role:RoleProps"
13699 },
13700 "@aws-cdk/aws-iam.SamlConsolePrincipal": {
13701 "assembly": "@aws-cdk/aws-iam",
13702 "base": "@aws-cdk/aws-iam.SamlPrincipal",
13703 "docs": {
13704 "stability": "stable",
13705 "summary": "Principal entity that represents a SAML federated identity provider for programmatic and AWS Management Console access.",
13706 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.SamlConsolePrincipal(provider),\n});",
13707 "custom": {
13708 "exampleMetadata": "infused"
13709 }
13710 },
13711 "fqn": "@aws-cdk/aws-iam.SamlConsolePrincipal",
13712 "initializer": {
13713 "docs": {
13714 "stability": "stable"
13715 },
13716 "locationInModule": {
13717 "filename": "lib/principals.ts",
13718 "line": 703
13719 },
13720 "parameters": [
13721 {
13722 "name": "samlProvider",
13723 "type": {
13724 "fqn": "@aws-cdk/aws-iam.ISamlProvider"
13725 }
13726 },
13727 {
13728 "name": "conditions",
13729 "optional": true,
13730 "type": {
13731 "collection": {
13732 "elementtype": {
13733 "primitive": "any"
13734 },
13735 "kind": "map"
13736 }
13737 }
13738 }
13739 ]
13740 },
13741 "kind": "class",
13742 "locationInModule": {
13743 "filename": "lib/principals.ts",
13744 "line": 702
13745 },
13746 "methods": [
13747 {
13748 "docs": {
13749 "stability": "stable",
13750 "summary": "Returns a string representation of an object."
13751 },
13752 "locationInModule": {
13753 "filename": "lib/principals.ts",
13754 "line": 712
13755 },
13756 "name": "toString",
13757 "overrides": "@aws-cdk/aws-iam.SamlPrincipal",
13758 "returns": {
13759 "type": {
13760 "primitive": "string"
13761 }
13762 }
13763 }
13764 ],
13765 "name": "SamlConsolePrincipal",
13766 "symbolId": "lib/principals:SamlConsolePrincipal"
13767 },
13768 "@aws-cdk/aws-iam.SamlMetadataDocument": {
13769 "abstract": true,
13770 "assembly": "@aws-cdk/aws-iam",
13771 "docs": {
13772 "stability": "stable",
13773 "summary": "A SAML metadata document.",
13774 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nconst principal = new iam.SamlPrincipal(provider, {\n StringEquals: {\n 'SAML:iss': 'issuer',\n },\n});",
13775 "custom": {
13776 "exampleMetadata": "infused"
13777 }
13778 },
13779 "fqn": "@aws-cdk/aws-iam.SamlMetadataDocument",
13780 "initializer": {
13781 "docs": {
13782 "stability": "stable"
13783 }
13784 },
13785 "kind": "class",
13786 "locationInModule": {
13787 "filename": "lib/saml-provider.ts",
13788 "line": 49
13789 },
13790 "methods": [
13791 {
13792 "docs": {
13793 "stability": "stable",
13794 "summary": "Create a SAML metadata document from a XML file."
13795 },
13796 "locationInModule": {
13797 "filename": "lib/saml-provider.ts",
13798 "line": 60
13799 },
13800 "name": "fromFile",
13801 "parameters": [
13802 {
13803 "name": "path",
13804 "type": {
13805 "primitive": "string"
13806 }
13807 }
13808 ],
13809 "returns": {
13810 "type": {
13811 "fqn": "@aws-cdk/aws-iam.SamlMetadataDocument"
13812 }
13813 },
13814 "static": true
13815 },
13816 {
13817 "docs": {
13818 "stability": "stable",
13819 "summary": "Create a SAML metadata document from a XML string."
13820 },
13821 "locationInModule": {
13822 "filename": "lib/saml-provider.ts",
13823 "line": 53
13824 },
13825 "name": "fromXml",
13826 "parameters": [
13827 {
13828 "name": "xml",
13829 "type": {
13830 "primitive": "string"
13831 }
13832 }
13833 ],
13834 "returns": {
13835 "type": {
13836 "fqn": "@aws-cdk/aws-iam.SamlMetadataDocument"
13837 }
13838 },
13839 "static": true
13840 }
13841 ],
13842 "name": "SamlMetadataDocument",
13843 "properties": [
13844 {
13845 "abstract": true,
13846 "docs": {
13847 "stability": "stable",
13848 "summary": "The XML content of the metadata document."
13849 },
13850 "immutable": true,
13851 "locationInModule": {
13852 "filename": "lib/saml-provider.ts",
13853 "line": 67
13854 },
13855 "name": "xml",
13856 "type": {
13857 "primitive": "string"
13858 }
13859 }
13860 ],
13861 "symbolId": "lib/saml-provider:SamlMetadataDocument"
13862 },
13863 "@aws-cdk/aws-iam.SamlPrincipal": {
13864 "assembly": "@aws-cdk/aws-iam",
13865 "base": "@aws-cdk/aws-iam.FederatedPrincipal",
13866 "docs": {
13867 "stability": "stable",
13868 "summary": "Principal entity that represents a SAML federated identity provider.",
13869 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nconst principal = new iam.SamlPrincipal(provider, {\n StringEquals: {\n 'SAML:iss': 'issuer',\n },\n});",
13870 "custom": {
13871 "exampleMetadata": "infused"
13872 }
13873 },
13874 "fqn": "@aws-cdk/aws-iam.SamlPrincipal",
13875 "initializer": {
13876 "docs": {
13877 "stability": "stable"
13878 },
13879 "locationInModule": {
13880 "filename": "lib/principals.ts",
13881 "line": 689
13882 },
13883 "parameters": [
13884 {
13885 "name": "samlProvider",
13886 "type": {
13887 "fqn": "@aws-cdk/aws-iam.ISamlProvider"
13888 }
13889 },
13890 {
13891 "name": "conditions",
13892 "type": {
13893 "collection": {
13894 "elementtype": {
13895 "primitive": "any"
13896 },
13897 "kind": "map"
13898 }
13899 }
13900 }
13901 ]
13902 },
13903 "kind": "class",
13904 "locationInModule": {
13905 "filename": "lib/principals.ts",
13906 "line": 688
13907 },
13908 "methods": [
13909 {
13910 "docs": {
13911 "stability": "stable",
13912 "summary": "Returns a string representation of an object."
13913 },
13914 "locationInModule": {
13915 "filename": "lib/principals.ts",
13916 "line": 693
13917 },
13918 "name": "toString",
13919 "overrides": "@aws-cdk/aws-iam.FederatedPrincipal",
13920 "returns": {
13921 "type": {
13922 "primitive": "string"
13923 }
13924 }
13925 }
13926 ],
13927 "name": "SamlPrincipal",
13928 "symbolId": "lib/principals:SamlPrincipal"
13929 },
13930 "@aws-cdk/aws-iam.SamlProvider": {
13931 "assembly": "@aws-cdk/aws-iam",
13932 "base": "@aws-cdk/core.Resource",
13933 "docs": {
13934 "stability": "stable",
13935 "summary": "A SAML provider.",
13936 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.SamlConsolePrincipal(provider),\n});",
13937 "custom": {
13938 "exampleMetadata": "infused"
13939 }
13940 },
13941 "fqn": "@aws-cdk/aws-iam.SamlProvider",
13942 "initializer": {
13943 "docs": {
13944 "stability": "stable"
13945 },
13946 "locationInModule": {
13947 "filename": "lib/saml-provider.ts",
13948 "line": 86
13949 },
13950 "parameters": [
13951 {
13952 "name": "scope",
13953 "type": {
13954 "fqn": "constructs.Construct"
13955 }
13956 },
13957 {
13958 "name": "id",
13959 "type": {
13960 "primitive": "string"
13961 }
13962 },
13963 {
13964 "name": "props",
13965 "type": {
13966 "fqn": "@aws-cdk/aws-iam.SamlProviderProps"
13967 }
13968 }
13969 ]
13970 },
13971 "interfaces": [
13972 "@aws-cdk/aws-iam.ISamlProvider"
13973 ],
13974 "kind": "class",
13975 "locationInModule": {
13976 "filename": "lib/saml-provider.ts",
13977 "line": 73
13978 },
13979 "methods": [
13980 {
13981 "docs": {
13982 "stability": "stable",
13983 "summary": "Import an existing provider."
13984 },
13985 "locationInModule": {
13986 "filename": "lib/saml-provider.ts",
13987 "line": 77
13988 },
13989 "name": "fromSamlProviderArn",
13990 "parameters": [
13991 {
13992 "name": "scope",
13993 "type": {
13994 "fqn": "constructs.Construct"
13995 }
13996 },
13997 {
13998 "name": "id",
13999 "type": {
14000 "primitive": "string"
14001 }
14002 },
14003 {
14004 "name": "samlProviderArn",
14005 "type": {
14006 "primitive": "string"
14007 }
14008 }
14009 ],
14010 "returns": {
14011 "type": {
14012 "fqn": "@aws-cdk/aws-iam.ISamlProvider"
14013 }
14014 },
14015 "static": true
14016 }
14017 ],
14018 "name": "SamlProvider",
14019 "properties": [
14020 {
14021 "docs": {
14022 "stability": "stable",
14023 "summary": "The Amazon Resource Name (ARN) of the provider."
14024 },
14025 "immutable": true,
14026 "locationInModule": {
14027 "filename": "lib/saml-provider.ts",
14028 "line": 84
14029 },
14030 "name": "samlProviderArn",
14031 "overrides": "@aws-cdk/aws-iam.ISamlProvider",
14032 "type": {
14033 "primitive": "string"
14034 }
14035 }
14036 ],
14037 "symbolId": "lib/saml-provider:SamlProvider"
14038 },
14039 "@aws-cdk/aws-iam.SamlProviderProps": {
14040 "assembly": "@aws-cdk/aws-iam",
14041 "datatype": true,
14042 "docs": {
14043 "stability": "stable",
14044 "summary": "Properties for a SAML provider.",
14045 "example": "const provider = new iam.SamlProvider(this, 'Provider', {\n metadataDocument: iam.SamlMetadataDocument.fromFile('/path/to/saml-metadata-document.xml'),\n});\nnew iam.Role(this, 'Role', {\n assumedBy: new iam.SamlConsolePrincipal(provider),\n});",
14046 "custom": {
14047 "exampleMetadata": "infused"
14048 }
14049 },
14050 "fqn": "@aws-cdk/aws-iam.SamlProviderProps",
14051 "kind": "interface",
14052 "locationInModule": {
14053 "filename": "lib/saml-provider.ts",
14054 "line": 21
14055 },
14056 "name": "SamlProviderProps",
14057 "properties": [
14058 {
14059 "abstract": true,
14060 "docs": {
14061 "stability": "stable",
14062 "summary": "An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP."
14063 },
14064 "immutable": true,
14065 "locationInModule": {
14066 "filename": "lib/saml-provider.ts",
14067 "line": 43
14068 },
14069 "name": "metadataDocument",
14070 "type": {
14071 "fqn": "@aws-cdk/aws-iam.SamlMetadataDocument"
14072 }
14073 },
14074 {
14075 "abstract": true,
14076 "docs": {
14077 "default": "- a CloudFormation generated name",
14078 "remarks": "This parameter allows a string of characters consisting of upper and\nlowercase alphanumeric characters with no spaces. You can also include\nany of the following characters: _+=,.@-\n\nLength must be between 1 and 128 characters.",
14079 "stability": "stable",
14080 "summary": "The name of the provider to create."
14081 },
14082 "immutable": true,
14083 "locationInModule": {
14084 "filename": "lib/saml-provider.ts",
14085 "line": 33
14086 },
14087 "name": "name",
14088 "optional": true,
14089 "type": {
14090 "primitive": "string"
14091 }
14092 }
14093 ],
14094 "symbolId": "lib/saml-provider:SamlProviderProps"
14095 },
14096 "@aws-cdk/aws-iam.ServicePrincipal": {
14097 "assembly": "@aws-cdk/aws-iam",
14098 "base": "@aws-cdk/aws-iam.PrincipalBase",
14099 "docs": {
14100 "stability": "stable",
14101 "summary": "An IAM principal that represents an AWS service (i.e. sqs.amazonaws.com).",
14102 "example": "const lambdaRole = new iam.Role(this, 'Role', {\n assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),\n description: 'Example role...',\n});\n\nconst stream = new kinesis.Stream(this, 'MyEncryptedStream', {\n encryption: kinesis.StreamEncryption.KMS,\n});\n\n// give lambda permissions to read stream\nstream.grantRead(lambdaRole);",
14103 "custom": {
14104 "exampleMetadata": "infused"
14105 }
14106 },
14107 "fqn": "@aws-cdk/aws-iam.ServicePrincipal",
14108 "initializer": {
14109 "docs": {
14110 "stability": "stable"
14111 },
14112 "locationInModule": {
14113 "filename": "lib/principals.ts",
14114 "line": 509
14115 },
14116 "parameters": [
14117 {
14118 "docs": {
14119 "summary": "AWS service (i.e. sqs.amazonaws.com)."
14120 },
14121 "name": "service",
14122 "type": {
14123 "primitive": "string"
14124 }
14125 },
14126 {
14127 "name": "opts",
14128 "optional": true,
14129 "type": {
14130 "fqn": "@aws-cdk/aws-iam.ServicePrincipalOpts"
14131 }
14132 }
14133 ]
14134 },
14135 "kind": "class",
14136 "locationInModule": {
14137 "filename": "lib/principals.ts",
14138 "line": 489
14139 },
14140 "methods": [
14141 {
14142 "docs": {
14143 "example": "const principalName = iam.ServicePrincipal.servicePrincipalName('ec2.amazonaws.com');",
14144 "remarks": "For example, for Chinese regions this may (depending on whether that's necessary\nfor the given service principal) append `.cn` to the name.\n\nThe `region-info` module is used to obtain this information.",
14145 "stability": "stable",
14146 "summary": "Translate the given service principal name based on the region it's used in."
14147 },
14148 "locationInModule": {
14149 "filename": "lib/principals.ts",
14150 "line": 501
14151 },
14152 "name": "servicePrincipalName",
14153 "parameters": [
14154 {
14155 "name": "service",
14156 "type": {
14157 "primitive": "string"
14158 }
14159 }
14160 ],
14161 "returns": {
14162 "type": {
14163 "primitive": "string"
14164 }
14165 },
14166 "static": true
14167 },
14168 {
14169 "docs": {
14170 "stability": "stable",
14171 "summary": "Return whether or not this principal is equal to the given principal."
14172 },
14173 "locationInModule": {
14174 "filename": "lib/principals.ts",
14175 "line": 525
14176 },
14177 "name": "dedupeString",
14178 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14179 "returns": {
14180 "optional": true,
14181 "type": {
14182 "primitive": "string"
14183 }
14184 }
14185 },
14186 {
14187 "docs": {
14188 "stability": "stable",
14189 "summary": "Returns a string representation of an object."
14190 },
14191 "locationInModule": {
14192 "filename": "lib/principals.ts",
14193 "line": 521
14194 },
14195 "name": "toString",
14196 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14197 "returns": {
14198 "type": {
14199 "primitive": "string"
14200 }
14201 }
14202 }
14203 ],
14204 "name": "ServicePrincipal",
14205 "properties": [
14206 {
14207 "docs": {
14208 "stability": "stable",
14209 "summary": "Return the policy fragment that identifies this principal in a Policy."
14210 },
14211 "immutable": true,
14212 "locationInModule": {
14213 "filename": "lib/principals.ts",
14214 "line": 513
14215 },
14216 "name": "policyFragment",
14217 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14218 "type": {
14219 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
14220 }
14221 },
14222 {
14223 "docs": {
14224 "stability": "stable",
14225 "summary": "AWS service (i.e. sqs.amazonaws.com)."
14226 },
14227 "immutable": true,
14228 "locationInModule": {
14229 "filename": "lib/principals.ts",
14230 "line": 509
14231 },
14232 "name": "service",
14233 "type": {
14234 "primitive": "string"
14235 }
14236 }
14237 ],
14238 "symbolId": "lib/principals:ServicePrincipal"
14239 },
14240 "@aws-cdk/aws-iam.ServicePrincipalOpts": {
14241 "assembly": "@aws-cdk/aws-iam",
14242 "datatype": true,
14243 "docs": {
14244 "stability": "stable",
14245 "summary": "Options for a service principal.",
14246 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const conditions: any;\nconst servicePrincipalOpts: iam.ServicePrincipalOpts = {\n conditions: {\n conditionsKey: conditions,\n },\n region: 'region',\n};",
14247 "custom": {
14248 "exampleMetadata": "fixture=_generated"
14249 }
14250 },
14251 "fqn": "@aws-cdk/aws-iam.ServicePrincipalOpts",
14252 "kind": "interface",
14253 "locationInModule": {
14254 "filename": "lib/principals.ts",
14255 "line": 469
14256 },
14257 "name": "ServicePrincipalOpts",
14258 "properties": [
14259 {
14260 "abstract": true,
14261 "docs": {
14262 "default": "- No conditions",
14263 "stability": "stable",
14264 "summary": "Additional conditions to add to the Service Principal."
14265 },
14266 "immutable": true,
14267 "locationInModule": {
14268 "filename": "lib/principals.ts",
14269 "line": 483
14270 },
14271 "name": "conditions",
14272 "optional": true,
14273 "type": {
14274 "collection": {
14275 "elementtype": {
14276 "primitive": "any"
14277 },
14278 "kind": "map"
14279 }
14280 }
14281 },
14282 {
14283 "abstract": true,
14284 "docs": {
14285 "default": "- the current Stack's region.",
14286 "deprecated": "You should not need to set this. The stack's region is always correct.",
14287 "stability": "deprecated",
14288 "summary": "The region in which the service is operating."
14289 },
14290 "immutable": true,
14291 "locationInModule": {
14292 "filename": "lib/principals.ts",
14293 "line": 476
14294 },
14295 "name": "region",
14296 "optional": true,
14297 "type": {
14298 "primitive": "string"
14299 }
14300 }
14301 ],
14302 "symbolId": "lib/principals:ServicePrincipalOpts"
14303 },
14304 "@aws-cdk/aws-iam.SessionTagsPrincipal": {
14305 "assembly": "@aws-cdk/aws-iam",
14306 "base": "@aws-cdk/aws-iam.PrincipalBase",
14307 "docs": {
14308 "remarks": "For more information on session tags, see:\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html",
14309 "stability": "stable",
14310 "summary": "Enables session tags on role assumptions from a principal.",
14311 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\n\ndeclare const principal: iam.IPrincipal;\nconst sessionTagsPrincipal = new iam.SessionTagsPrincipal(principal);",
14312 "custom": {
14313 "exampleMetadata": "fixture=_generated"
14314 }
14315 },
14316 "fqn": "@aws-cdk/aws-iam.SessionTagsPrincipal",
14317 "initializer": {
14318 "docs": {
14319 "stability": "stable"
14320 },
14321 "locationInModule": {
14322 "filename": "lib/principals.ts",
14323 "line": 350
14324 },
14325 "parameters": [
14326 {
14327 "name": "principal",
14328 "type": {
14329 "fqn": "@aws-cdk/aws-iam.IPrincipal"
14330 }
14331 }
14332 ]
14333 },
14334 "kind": "class",
14335 "locationInModule": {
14336 "filename": "lib/principals.ts",
14337 "line": 349
14338 },
14339 "methods": [
14340 {
14341 "docs": {
14342 "remarks": "Add the statements to the AssumeRolePolicyDocument necessary to give this principal\npermissions to assume the given role.",
14343 "stability": "stable",
14344 "summary": "Add the princpial to the AssumeRolePolicyDocument."
14345 },
14346 "locationInModule": {
14347 "filename": "lib/principals.ts",
14348 "line": 354
14349 },
14350 "name": "addToAssumeRolePolicy",
14351 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14352 "parameters": [
14353 {
14354 "name": "doc",
14355 "type": {
14356 "fqn": "@aws-cdk/aws-iam.PolicyDocument"
14357 }
14358 }
14359 ]
14360 },
14361 {
14362 "docs": {
14363 "stability": "stable",
14364 "summary": "Add to the policy of this principal."
14365 },
14366 "locationInModule": {
14367 "filename": "lib/principals.ts",
14368 "line": 235
14369 },
14370 "name": "addToPolicy",
14371 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14372 "parameters": [
14373 {
14374 "name": "statement",
14375 "type": {
14376 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
14377 }
14378 }
14379 ],
14380 "returns": {
14381 "type": {
14382 "primitive": "boolean"
14383 }
14384 }
14385 },
14386 {
14387 "docs": {
14388 "stability": "stable",
14389 "summary": "Add to the policy of this principal."
14390 },
14391 "locationInModule": {
14392 "filename": "lib/principals.ts",
14393 "line": 238
14394 },
14395 "name": "addToPrincipalPolicy",
14396 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14397 "parameters": [
14398 {
14399 "name": "statement",
14400 "type": {
14401 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
14402 }
14403 }
14404 ],
14405 "returns": {
14406 "type": {
14407 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
14408 }
14409 }
14410 },
14411 {
14412 "docs": {
14413 "stability": "stable",
14414 "summary": "Append the given string to the wrapped principal's dedupe string (if available)."
14415 },
14416 "locationInModule": {
14417 "filename": "lib/principals.ts",
14418 "line": 245
14419 },
14420 "name": "appendDedupe",
14421 "parameters": [
14422 {
14423 "name": "append",
14424 "type": {
14425 "primitive": "string"
14426 }
14427 }
14428 ],
14429 "protected": true,
14430 "returns": {
14431 "optional": true,
14432 "type": {
14433 "primitive": "string"
14434 }
14435 }
14436 },
14437 {
14438 "docs": {
14439 "stability": "stable",
14440 "summary": "Return whether or not this principal is equal to the given principal."
14441 },
14442 "locationInModule": {
14443 "filename": "lib/principals.ts",
14444 "line": 366
14445 },
14446 "name": "dedupeString",
14447 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14448 "returns": {
14449 "optional": true,
14450 "type": {
14451 "primitive": "string"
14452 }
14453 }
14454 }
14455 ],
14456 "name": "SessionTagsPrincipal",
14457 "properties": [
14458 {
14459 "docs": {
14460 "stability": "stable",
14461 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
14462 },
14463 "immutable": true,
14464 "locationInModule": {
14465 "filename": "lib/principals.ts",
14466 "line": 226
14467 },
14468 "name": "assumeRoleAction",
14469 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14470 "type": {
14471 "primitive": "string"
14472 }
14473 },
14474 {
14475 "docs": {
14476 "stability": "stable",
14477 "summary": "Return the policy fragment that identifies this principal in a Policy."
14478 },
14479 "immutable": true,
14480 "locationInModule": {
14481 "filename": "lib/principals.ts",
14482 "line": 233
14483 },
14484 "name": "policyFragment",
14485 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14486 "type": {
14487 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
14488 }
14489 },
14490 {
14491 "docs": {
14492 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
14493 "stability": "stable",
14494 "summary": "The AWS account ID of this principal."
14495 },
14496 "immutable": true,
14497 "locationInModule": {
14498 "filename": "lib/principals.ts",
14499 "line": 227
14500 },
14501 "name": "principalAccount",
14502 "optional": true,
14503 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14504 "type": {
14505 "primitive": "string"
14506 }
14507 }
14508 ],
14509 "symbolId": "lib/principals:SessionTagsPrincipal"
14510 },
14511 "@aws-cdk/aws-iam.StarPrincipal": {
14512 "assembly": "@aws-cdk/aws-iam",
14513 "base": "@aws-cdk/aws-iam.PrincipalBase",
14514 "docs": {
14515 "remarks": "Some services behave differently when you specify `Principal: \"*\"`\nor `Principal: { AWS: \"*\" }` in their resource policy.\n\n`StarPrincipal` renders to `Principal: *`. Most of the time, you\nshould use `AnyPrincipal` instead.",
14516 "stability": "stable",
14517 "summary": "A principal that uses a literal '*' in the IAM JSON language.",
14518 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst starPrincipal = new iam.StarPrincipal();",
14519 "custom": {
14520 "exampleMetadata": "fixture=_generated"
14521 }
14522 },
14523 "fqn": "@aws-cdk/aws-iam.StarPrincipal",
14524 "initializer": {
14525 "docs": {
14526 "stability": "stable"
14527 }
14528 },
14529 "kind": "class",
14530 "locationInModule": {
14531 "filename": "lib/principals.ts",
14532 "line": 765
14533 },
14534 "methods": [
14535 {
14536 "docs": {
14537 "stability": "stable",
14538 "summary": "Return whether or not this principal is equal to the given principal."
14539 },
14540 "locationInModule": {
14541 "filename": "lib/principals.ts",
14542 "line": 775
14543 },
14544 "name": "dedupeString",
14545 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14546 "returns": {
14547 "optional": true,
14548 "type": {
14549 "primitive": "string"
14550 }
14551 }
14552 },
14553 {
14554 "docs": {
14555 "stability": "stable",
14556 "summary": "Returns a string representation of an object."
14557 },
14558 "locationInModule": {
14559 "filename": "lib/principals.ts",
14560 "line": 771
14561 },
14562 "name": "toString",
14563 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14564 "returns": {
14565 "type": {
14566 "primitive": "string"
14567 }
14568 }
14569 }
14570 ],
14571 "name": "StarPrincipal",
14572 "properties": [
14573 {
14574 "docs": {
14575 "stability": "stable",
14576 "summary": "Return the policy fragment that identifies this principal in a Policy."
14577 },
14578 "immutable": true,
14579 "locationInModule": {
14580 "filename": "lib/principals.ts",
14581 "line": 766
14582 },
14583 "name": "policyFragment",
14584 "overrides": "@aws-cdk/aws-iam.PrincipalBase",
14585 "type": {
14586 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
14587 }
14588 }
14589 ],
14590 "symbolId": "lib/principals:StarPrincipal"
14591 },
14592 "@aws-cdk/aws-iam.UnknownPrincipal": {
14593 "assembly": "@aws-cdk/aws-iam",
14594 "docs": {
14595 "remarks": "Some resources have roles associated with them which they assume, such as\nLambda Functions, CodeBuild projects, StepFunctions machines, etc.\n\nWhen those resources are imported, their actual roles are not always\nimported with them. When that happens, we use an instance of this class\ninstead, which will add user warnings when statements are attempted to be\nadded to it.",
14596 "stability": "stable",
14597 "summary": "A principal for use in resources that need to have a role but it's unknown.",
14598 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as constructs from 'constructs';\n\ndeclare const construct: constructs.Construct;\nconst unknownPrincipal = new iam.UnknownPrincipal({\n resource: construct,\n});",
14599 "custom": {
14600 "exampleMetadata": "fixture=_generated"
14601 }
14602 },
14603 "fqn": "@aws-cdk/aws-iam.UnknownPrincipal",
14604 "initializer": {
14605 "docs": {
14606 "stability": "stable"
14607 },
14608 "locationInModule": {
14609 "filename": "lib/unknown-principal.ts",
14610 "line": 32
14611 },
14612 "parameters": [
14613 {
14614 "name": "props",
14615 "type": {
14616 "fqn": "@aws-cdk/aws-iam.UnknownPrincipalProps"
14617 }
14618 }
14619 ]
14620 },
14621 "interfaces": [
14622 "@aws-cdk/aws-iam.IPrincipal"
14623 ],
14624 "kind": "class",
14625 "locationInModule": {
14626 "filename": "lib/unknown-principal.ts",
14627 "line": 27
14628 },
14629 "methods": [
14630 {
14631 "docs": {
14632 "stability": "stable",
14633 "summary": "Add to the policy of this principal."
14634 },
14635 "locationInModule": {
14636 "filename": "lib/unknown-principal.ts",
14637 "line": 49
14638 },
14639 "name": "addToPolicy",
14640 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14641 "parameters": [
14642 {
14643 "name": "statement",
14644 "type": {
14645 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
14646 }
14647 }
14648 ],
14649 "returns": {
14650 "type": {
14651 "primitive": "boolean"
14652 }
14653 }
14654 },
14655 {
14656 "docs": {
14657 "stability": "stable",
14658 "summary": "Add to the policy of this principal."
14659 },
14660 "locationInModule": {
14661 "filename": "lib/unknown-principal.ts",
14662 "line": 41
14663 },
14664 "name": "addToPrincipalPolicy",
14665 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14666 "parameters": [
14667 {
14668 "name": "statement",
14669 "type": {
14670 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
14671 }
14672 }
14673 ],
14674 "returns": {
14675 "type": {
14676 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
14677 }
14678 }
14679 }
14680 ],
14681 "name": "UnknownPrincipal",
14682 "properties": [
14683 {
14684 "docs": {
14685 "stability": "stable",
14686 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
14687 },
14688 "immutable": true,
14689 "locationInModule": {
14690 "filename": "lib/unknown-principal.ts",
14691 "line": 28
14692 },
14693 "name": "assumeRoleAction",
14694 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14695 "type": {
14696 "primitive": "string"
14697 }
14698 },
14699 {
14700 "docs": {
14701 "stability": "stable",
14702 "summary": "The principal to grant permissions to."
14703 },
14704 "immutable": true,
14705 "locationInModule": {
14706 "filename": "lib/unknown-principal.ts",
14707 "line": 29
14708 },
14709 "name": "grantPrincipal",
14710 "overrides": "@aws-cdk/aws-iam.IGrantable",
14711 "type": {
14712 "fqn": "@aws-cdk/aws-iam.IPrincipal"
14713 }
14714 },
14715 {
14716 "docs": {
14717 "stability": "stable",
14718 "summary": "Return the policy fragment that identifies this principal in a Policy."
14719 },
14720 "immutable": true,
14721 "locationInModule": {
14722 "filename": "lib/unknown-principal.ts",
14723 "line": 37
14724 },
14725 "name": "policyFragment",
14726 "overrides": "@aws-cdk/aws-iam.IPrincipal",
14727 "type": {
14728 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
14729 }
14730 }
14731 ],
14732 "symbolId": "lib/unknown-principal:UnknownPrincipal"
14733 },
14734 "@aws-cdk/aws-iam.UnknownPrincipalProps": {
14735 "assembly": "@aws-cdk/aws-iam",
14736 "datatype": true,
14737 "docs": {
14738 "stability": "stable",
14739 "summary": "Properties for an UnknownPrincipal.",
14740 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as constructs from 'constructs';\n\ndeclare const construct: constructs.Construct;\nconst unknownPrincipalProps: iam.UnknownPrincipalProps = {\n resource: construct,\n};",
14741 "custom": {
14742 "exampleMetadata": "fixture=_generated"
14743 }
14744 },
14745 "fqn": "@aws-cdk/aws-iam.UnknownPrincipalProps",
14746 "kind": "interface",
14747 "locationInModule": {
14748 "filename": "lib/unknown-principal.ts",
14749 "line": 9
14750 },
14751 "name": "UnknownPrincipalProps",
14752 "properties": [
14753 {
14754 "abstract": true,
14755 "docs": {
14756 "stability": "stable",
14757 "summary": "The resource the role proxy is for."
14758 },
14759 "immutable": true,
14760 "locationInModule": {
14761 "filename": "lib/unknown-principal.ts",
14762 "line": 13
14763 },
14764 "name": "resource",
14765 "type": {
14766 "fqn": "constructs.IConstruct"
14767 }
14768 }
14769 ],
14770 "symbolId": "lib/unknown-principal:UnknownPrincipalProps"
14771 },
14772 "@aws-cdk/aws-iam.User": {
14773 "assembly": "@aws-cdk/aws-iam",
14774 "base": "@aws-cdk/core.Resource",
14775 "docs": {
14776 "stability": "stable",
14777 "summary": "Define a new IAM user.",
14778 "example": "const user = new iam.User(this, 'MyUser'); // or User.fromUserName(stack, 'User', 'johnsmith');\nconst group = new iam.Group(this, 'MyGroup'); // or Group.fromGroupArn(stack, 'Group', 'arn:aws:iam::account-id:group/group-name');\n\nuser.addToGroup(group);\n// or\ngroup.addUser(user);",
14779 "custom": {
14780 "exampleMetadata": "infused"
14781 }
14782 },
14783 "fqn": "@aws-cdk/aws-iam.User",
14784 "initializer": {
14785 "docs": {
14786 "stability": "stable"
14787 },
14788 "locationInModule": {
14789 "filename": "lib/user.ts",
14790 "line": 257
14791 },
14792 "parameters": [
14793 {
14794 "name": "scope",
14795 "type": {
14796 "fqn": "constructs.Construct"
14797 }
14798 },
14799 {
14800 "name": "id",
14801 "type": {
14802 "primitive": "string"
14803 }
14804 },
14805 {
14806 "name": "props",
14807 "optional": true,
14808 "type": {
14809 "fqn": "@aws-cdk/aws-iam.UserProps"
14810 }
14811 }
14812 ]
14813 },
14814 "interfaces": [
14815 "@aws-cdk/aws-iam.IIdentity",
14816 "@aws-cdk/aws-iam.IUser"
14817 ],
14818 "kind": "class",
14819 "locationInModule": {
14820 "filename": "lib/user.ts",
14821 "line": 137
14822 },
14823 "methods": [
14824 {
14825 "docs": {
14826 "remarks": "If the ARN comes from a Token, the User cannot have a path; if so, any attempt\nto reference its username will fail.",
14827 "stability": "stable",
14828 "summary": "Import an existing user given a user ARN."
14829 },
14830 "locationInModule": {
14831 "filename": "lib/user.ts",
14832 "line": 166
14833 },
14834 "name": "fromUserArn",
14835 "parameters": [
14836 {
14837 "docs": {
14838 "summary": "construct scope."
14839 },
14840 "name": "scope",
14841 "type": {
14842 "fqn": "constructs.Construct"
14843 }
14844 },
14845 {
14846 "docs": {
14847 "summary": "construct id."
14848 },
14849 "name": "id",
14850 "type": {
14851 "primitive": "string"
14852 }
14853 },
14854 {
14855 "docs": {
14856 "summary": "the ARN of an existing user to import."
14857 },
14858 "name": "userArn",
14859 "type": {
14860 "primitive": "string"
14861 }
14862 }
14863 ],
14864 "returns": {
14865 "type": {
14866 "fqn": "@aws-cdk/aws-iam.IUser"
14867 }
14868 },
14869 "static": true
14870 },
14871 {
14872 "docs": {
14873 "remarks": "If the ARN comes from a Token, the User cannot have a path; if so, any attempt\nto reference its username will fail.",
14874 "stability": "stable",
14875 "summary": "Import an existing user given user attributes."
14876 },
14877 "locationInModule": {
14878 "filename": "lib/user.ts",
14879 "line": 180
14880 },
14881 "name": "fromUserAttributes",
14882 "parameters": [
14883 {
14884 "docs": {
14885 "summary": "construct scope."
14886 },
14887 "name": "scope",
14888 "type": {
14889 "fqn": "constructs.Construct"
14890 }
14891 },
14892 {
14893 "docs": {
14894 "summary": "construct id."
14895 },
14896 "name": "id",
14897 "type": {
14898 "primitive": "string"
14899 }
14900 },
14901 {
14902 "docs": {
14903 "summary": "the attributes of the user to import."
14904 },
14905 "name": "attrs",
14906 "type": {
14907 "fqn": "@aws-cdk/aws-iam.UserAttributes"
14908 }
14909 }
14910 ],
14911 "returns": {
14912 "type": {
14913 "fqn": "@aws-cdk/aws-iam.IUser"
14914 }
14915 },
14916 "static": true
14917 },
14918 {
14919 "docs": {
14920 "stability": "stable",
14921 "summary": "Import an existing user given a username."
14922 },
14923 "locationInModule": {
14924 "filename": "lib/user.ts",
14925 "line": 145
14926 },
14927 "name": "fromUserName",
14928 "parameters": [
14929 {
14930 "docs": {
14931 "summary": "construct scope."
14932 },
14933 "name": "scope",
14934 "type": {
14935 "fqn": "constructs.Construct"
14936 }
14937 },
14938 {
14939 "docs": {
14940 "summary": "construct id."
14941 },
14942 "name": "id",
14943 "type": {
14944 "primitive": "string"
14945 }
14946 },
14947 {
14948 "docs": {
14949 "summary": "the username of the existing user to import."
14950 },
14951 "name": "userName",
14952 "type": {
14953 "primitive": "string"
14954 }
14955 }
14956 ],
14957 "returns": {
14958 "type": {
14959 "fqn": "@aws-cdk/aws-iam.IUser"
14960 }
14961 },
14962 "static": true
14963 },
14964 {
14965 "docs": {
14966 "stability": "stable",
14967 "summary": "Attaches a managed policy to the user."
14968 },
14969 "locationInModule": {
14970 "filename": "lib/user.ts",
14971 "line": 301
14972 },
14973 "name": "addManagedPolicy",
14974 "overrides": "@aws-cdk/aws-iam.IIdentity",
14975 "parameters": [
14976 {
14977 "docs": {
14978 "summary": "The managed policy to attach."
14979 },
14980 "name": "policy",
14981 "type": {
14982 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
14983 }
14984 }
14985 ]
14986 },
14987 {
14988 "docs": {
14989 "stability": "stable",
14990 "summary": "Adds this user to a group."
14991 },
14992 "locationInModule": {
14993 "filename": "lib/user.ts",
14994 "line": 293
14995 },
14996 "name": "addToGroup",
14997 "overrides": "@aws-cdk/aws-iam.IUser",
14998 "parameters": [
14999 {
15000 "name": "group",
15001 "type": {
15002 "fqn": "@aws-cdk/aws-iam.IGroup"
15003 }
15004 }
15005 ]
15006 },
15007 {
15008 "docs": {
15009 "stability": "stable",
15010 "summary": "Add to the policy of this principal."
15011 },
15012 "locationInModule": {
15013 "filename": "lib/user.ts",
15014 "line": 329
15015 },
15016 "name": "addToPolicy",
15017 "overrides": "@aws-cdk/aws-iam.IPrincipal",
15018 "parameters": [
15019 {
15020 "name": "statement",
15021 "type": {
15022 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
15023 }
15024 }
15025 ],
15026 "returns": {
15027 "type": {
15028 "primitive": "boolean"
15029 }
15030 }
15031 },
15032 {
15033 "docs": {
15034 "returns": "true",
15035 "stability": "stable",
15036 "summary": "Adds an IAM statement to the default policy."
15037 },
15038 "locationInModule": {
15039 "filename": "lib/user.ts",
15040 "line": 319
15041 },
15042 "name": "addToPrincipalPolicy",
15043 "overrides": "@aws-cdk/aws-iam.IPrincipal",
15044 "parameters": [
15045 {
15046 "name": "statement",
15047 "type": {
15048 "fqn": "@aws-cdk/aws-iam.PolicyStatement"
15049 }
15050 }
15051 ],
15052 "returns": {
15053 "type": {
15054 "fqn": "@aws-cdk/aws-iam.AddToPrincipalPolicyResult"
15055 }
15056 }
15057 },
15058 {
15059 "docs": {
15060 "stability": "stable",
15061 "summary": "Attaches a policy to this user."
15062 },
15063 "locationInModule": {
15064 "filename": "lib/user.ts",
15065 "line": 309
15066 },
15067 "name": "attachInlinePolicy",
15068 "overrides": "@aws-cdk/aws-iam.IIdentity",
15069 "parameters": [
15070 {
15071 "name": "policy",
15072 "type": {
15073 "fqn": "@aws-cdk/aws-iam.Policy"
15074 }
15075 }
15076 ]
15077 }
15078 ],
15079 "name": "User",
15080 "properties": [
15081 {
15082 "docs": {
15083 "stability": "stable",
15084 "summary": "When this Principal is used in an AssumeRole policy, the action to use."
15085 },
15086 "immutable": true,
15087 "locationInModule": {
15088 "filename": "lib/user.ts",
15089 "line": 231
15090 },
15091 "name": "assumeRoleAction",
15092 "overrides": "@aws-cdk/aws-iam.IPrincipal",
15093 "type": {
15094 "primitive": "string"
15095 }
15096 },
15097 {
15098 "docs": {
15099 "stability": "stable",
15100 "summary": "The principal to grant permissions to."
15101 },
15102 "immutable": true,
15103 "locationInModule": {
15104 "filename": "lib/user.ts",
15105 "line": 229
15106 },
15107 "name": "grantPrincipal",
15108 "overrides": "@aws-cdk/aws-iam.IGrantable",
15109 "type": {
15110 "fqn": "@aws-cdk/aws-iam.IPrincipal"
15111 }
15112 },
15113 {
15114 "docs": {
15115 "stability": "stable",
15116 "summary": "Return the policy fragment that identifies this principal in a Policy."
15117 },
15118 "immutable": true,
15119 "locationInModule": {
15120 "filename": "lib/user.ts",
15121 "line": 250
15122 },
15123 "name": "policyFragment",
15124 "overrides": "@aws-cdk/aws-iam.IPrincipal",
15125 "type": {
15126 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
15127 }
15128 },
15129 {
15130 "docs": {
15131 "custom": {
15132 "attribute": "true"
15133 },
15134 "stability": "stable",
15135 "summary": "An attribute that represents the user's ARN."
15136 },
15137 "immutable": true,
15138 "locationInModule": {
15139 "filename": "lib/user.ts",
15140 "line": 243
15141 },
15142 "name": "userArn",
15143 "overrides": "@aws-cdk/aws-iam.IUser",
15144 "type": {
15145 "primitive": "string"
15146 }
15147 },
15148 {
15149 "docs": {
15150 "custom": {
15151 "attribute": "true"
15152 },
15153 "stability": "stable",
15154 "summary": "An attribute that represents the user name."
15155 },
15156 "immutable": true,
15157 "locationInModule": {
15158 "filename": "lib/user.ts",
15159 "line": 237
15160 },
15161 "name": "userName",
15162 "overrides": "@aws-cdk/aws-iam.IUser",
15163 "type": {
15164 "primitive": "string"
15165 }
15166 },
15167 {
15168 "docs": {
15169 "stability": "stable",
15170 "summary": "Returns the permissions boundary attached to this user."
15171 },
15172 "immutable": true,
15173 "locationInModule": {
15174 "filename": "lib/user.ts",
15175 "line": 248
15176 },
15177 "name": "permissionsBoundary",
15178 "optional": true,
15179 "type": {
15180 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
15181 }
15182 },
15183 {
15184 "docs": {
15185 "remarks": "Can be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
15186 "stability": "stable",
15187 "summary": "The AWS account ID of this principal."
15188 },
15189 "immutable": true,
15190 "locationInModule": {
15191 "filename": "lib/user.ts",
15192 "line": 230
15193 },
15194 "name": "principalAccount",
15195 "optional": true,
15196 "overrides": "@aws-cdk/aws-iam.IPrincipal",
15197 "type": {
15198 "primitive": "string"
15199 }
15200 }
15201 ],
15202 "symbolId": "lib/user:User"
15203 },
15204 "@aws-cdk/aws-iam.UserAttributes": {
15205 "assembly": "@aws-cdk/aws-iam",
15206 "datatype": true,
15207 "docs": {
15208 "stability": "stable",
15209 "summary": "Represents a user defined outside of this stack.",
15210 "example": "const user = iam.User.fromUserAttributes(this, 'MyImportedUserByAttributes', {\n userArn: 'arn:aws:iam::123456789012:user/johnsmith',\n});",
15211 "custom": {
15212 "exampleMetadata": "infused"
15213 }
15214 },
15215 "fqn": "@aws-cdk/aws-iam.UserAttributes",
15216 "kind": "interface",
15217 "locationInModule": {
15218 "filename": "lib/user.ts",
15219 "line": 125
15220 },
15221 "name": "UserAttributes",
15222 "properties": [
15223 {
15224 "abstract": true,
15225 "docs": {
15226 "remarks": "Format: arn:<partition>:iam::<account-id>:user/<user-name-with-path>",
15227 "stability": "stable",
15228 "summary": "The ARN of the user."
15229 },
15230 "immutable": true,
15231 "locationInModule": {
15232 "filename": "lib/user.ts",
15233 "line": 131
15234 },
15235 "name": "userArn",
15236 "type": {
15237 "primitive": "string"
15238 }
15239 }
15240 ],
15241 "symbolId": "lib/user:UserAttributes"
15242 },
15243 "@aws-cdk/aws-iam.UserProps": {
15244 "assembly": "@aws-cdk/aws-iam",
15245 "datatype": true,
15246 "docs": {
15247 "stability": "stable",
15248 "summary": "Properties for defining an IAM user.",
15249 "example": " const user = new User(this, 'MyUser', { password: cdk.SecretValue.unsafePlainText('1234') });\n const group = new Group(this, 'MyGroup');\n\n const policy = new Policy(this, 'MyPolicy');\n policy.attachToUser(user);\n group.attachInlinePolicy(policy);",
15250 "custom": {
15251 "exampleMetadata": "lit=test/example.attaching.lit.ts infused"
15252 }
15253 },
15254 "fqn": "@aws-cdk/aws-iam.UserProps",
15255 "kind": "interface",
15256 "locationInModule": {
15257 "filename": "lib/user.ts",
15258 "line": 39
15259 },
15260 "name": "UserProps",
15261 "properties": [
15262 {
15263 "abstract": true,
15264 "docs": {
15265 "default": "- No groups.",
15266 "remarks": "You can also use `addToGroup` to add this\nuser to a group.",
15267 "stability": "stable",
15268 "summary": "Groups to add this user to."
15269 },
15270 "immutable": true,
15271 "locationInModule": {
15272 "filename": "lib/user.ts",
15273 "line": 46
15274 },
15275 "name": "groups",
15276 "optional": true,
15277 "type": {
15278 "collection": {
15279 "elementtype": {
15280 "fqn": "@aws-cdk/aws-iam.IGroup"
15281 },
15282 "kind": "array"
15283 }
15284 }
15285 },
15286 {
15287 "abstract": true,
15288 "docs": {
15289 "default": "- No managed policies.",
15290 "remarks": "You can add managed policies later using\n`addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.",
15291 "stability": "stable",
15292 "summary": "A list of managed policies associated with this role."
15293 },
15294 "immutable": true,
15295 "locationInModule": {
15296 "filename": "lib/user.ts",
15297 "line": 56
15298 },
15299 "name": "managedPolicies",
15300 "optional": true,
15301 "type": {
15302 "collection": {
15303 "elementtype": {
15304 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
15305 },
15306 "kind": "array"
15307 }
15308 }
15309 },
15310 {
15311 "abstract": true,
15312 "docs": {
15313 "default": "- User won't be able to access the management console without a password.",
15314 "remarks": "You can use `SecretValue.unsafePlainText` to specify a password in plain text or\nuse `secretsmanager.Secret.fromSecretAttributes` to reference a secret in\nSecrets Manager.",
15315 "stability": "stable",
15316 "summary": "The password for the user. This is required so the user can access the AWS Management Console."
15317 },
15318 "immutable": true,
15319 "locationInModule": {
15320 "filename": "lib/user.ts",
15321 "line": 109
15322 },
15323 "name": "password",
15324 "optional": true,
15325 "type": {
15326 "fqn": "@aws-cdk/core.SecretValue"
15327 }
15328 },
15329 {
15330 "abstract": true,
15331 "docs": {
15332 "default": "false",
15333 "remarks": "If this is set to 'true', you must also specify \"initialPassword\".",
15334 "stability": "stable",
15335 "summary": "Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console."
15336 },
15337 "immutable": true,
15338 "locationInModule": {
15339 "filename": "lib/user.ts",
15340 "line": 119
15341 },
15342 "name": "passwordResetRequired",
15343 "optional": true,
15344 "type": {
15345 "primitive": "boolean"
15346 }
15347 },
15348 {
15349 "abstract": true,
15350 "docs": {
15351 "default": "/",
15352 "remarks": "For more information about paths, see IAM\nIdentifiers in the IAM User Guide.",
15353 "stability": "stable",
15354 "summary": "The path for the user name."
15355 },
15356 "immutable": true,
15357 "locationInModule": {
15358 "filename": "lib/user.ts",
15359 "line": 64
15360 },
15361 "name": "path",
15362 "optional": true,
15363 "type": {
15364 "primitive": "string"
15365 }
15366 },
15367 {
15368 "abstract": true,
15369 "docs": {
15370 "custom": {
15371 "link": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html"
15372 },
15373 "default": "- No permissions boundary.",
15374 "remarks": "A permissions boundary is an advanced feature for using a managed policy\nto set the maximum permissions that an identity-based policy can grant to\nan IAM entity. An entity's permissions boundary allows it to perform only\nthe actions that are allowed by both its identity-based policies and its\npermissions boundaries.",
15375 "stability": "stable",
15376 "summary": "AWS supports permissions boundaries for IAM entities (users or roles)."
15377 },
15378 "immutable": true,
15379 "locationInModule": {
15380 "filename": "lib/user.ts",
15381 "line": 79
15382 },
15383 "name": "permissionsBoundary",
15384 "optional": true,
15385 "type": {
15386 "fqn": "@aws-cdk/aws-iam.IManagedPolicy"
15387 }
15388 },
15389 {
15390 "abstract": true,
15391 "docs": {
15392 "default": "- Generated by CloudFormation (recommended)",
15393 "remarks": "For valid values, see the UserName parameter for\nthe CreateUser action in the IAM API Reference. If you don't specify a\nname, AWS CloudFormation generates a unique physical ID and uses that ID\nfor the user name.\n\nIf you specify a name, you cannot perform updates that require\nreplacement of this resource. You can perform updates that require no or\nsome interruption. If you must replace the resource, specify a new name.\n\nIf you specify a name, you must specify the CAPABILITY_NAMED_IAM value to\nacknowledge your template's capabilities. For more information, see\nAcknowledging IAM Resources in AWS CloudFormation Templates.",
15394 "stability": "stable",
15395 "summary": "A name for the IAM user."
15396 },
15397 "immutable": true,
15398 "locationInModule": {
15399 "filename": "lib/user.ts",
15400 "line": 97
15401 },
15402 "name": "userName",
15403 "optional": true,
15404 "type": {
15405 "primitive": "string"
15406 }
15407 }
15408 ],
15409 "symbolId": "lib/user:UserProps"
15410 },
15411 "@aws-cdk/aws-iam.WebIdentityPrincipal": {
15412 "assembly": "@aws-cdk/aws-iam",
15413 "base": "@aws-cdk/aws-iam.FederatedPrincipal",
15414 "docs": {
15415 "stability": "stable",
15416 "summary": "A principal that represents a federated identity provider as Web Identity such as Cognito, Amazon, Facebook, Google, etc.",
15417 "example": "const principal = new iam.WebIdentityPrincipal('cognito-identity.amazonaws.com', {\n 'StringEquals': { 'cognito-identity.amazonaws.com:aud': 'us-east-2:12345678-abcd-abcd-abcd-123456' },\n 'ForAnyValue:StringLike': {'cognito-identity.amazonaws.com:amr': 'unauthenticated' },\n});",
15418 "custom": {
15419 "exampleMetadata": "infused"
15420 }
15421 },
15422 "fqn": "@aws-cdk/aws-iam.WebIdentityPrincipal",
15423 "initializer": {
15424 "docs": {
15425 "stability": "stable"
15426 },
15427 "locationInModule": {
15428 "filename": "lib/principals.ts",
15429 "line": 648
15430 },
15431 "parameters": [
15432 {
15433 "docs": {
15434 "summary": "identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito)."
15435 },
15436 "name": "identityProvider",
15437 "type": {
15438 "primitive": "string"
15439 }
15440 },
15441 {
15442 "docs": {
15443 "remarks": "See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
15444 "summary": "The conditions under which the policy is in effect."
15445 },
15446 "name": "conditions",
15447 "optional": true,
15448 "type": {
15449 "collection": {
15450 "elementtype": {
15451 "primitive": "any"
15452 },
15453 "kind": "map"
15454 }
15455 }
15456 }
15457 ]
15458 },
15459 "kind": "class",
15460 "locationInModule": {
15461 "filename": "lib/principals.ts",
15462 "line": 639
15463 },
15464 "methods": [
15465 {
15466 "docs": {
15467 "stability": "stable",
15468 "summary": "Returns a string representation of an object."
15469 },
15470 "locationInModule": {
15471 "filename": "lib/principals.ts",
15472 "line": 656
15473 },
15474 "name": "toString",
15475 "overrides": "@aws-cdk/aws-iam.FederatedPrincipal",
15476 "returns": {
15477 "type": {
15478 "primitive": "string"
15479 }
15480 }
15481 }
15482 ],
15483 "name": "WebIdentityPrincipal",
15484 "properties": [
15485 {
15486 "docs": {
15487 "stability": "stable",
15488 "summary": "Return the policy fragment that identifies this principal in a Policy."
15489 },
15490 "immutable": true,
15491 "locationInModule": {
15492 "filename": "lib/principals.ts",
15493 "line": 652
15494 },
15495 "name": "policyFragment",
15496 "overrides": "@aws-cdk/aws-iam.FederatedPrincipal",
15497 "type": {
15498 "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment"
15499 }
15500 }
15501 ],
15502 "symbolId": "lib/principals:WebIdentityPrincipal"
15503 },
15504 "@aws-cdk/aws-iam.WithoutPolicyUpdatesOptions": {
15505 "assembly": "@aws-cdk/aws-iam",
15506 "datatype": true,
15507 "docs": {
15508 "stability": "stable",
15509 "summary": "Options for the `withoutPolicyUpdates()` modifier of a Role.",
15510 "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as iam from '@aws-cdk/aws-iam';\nconst withoutPolicyUpdatesOptions: iam.WithoutPolicyUpdatesOptions = {\n addGrantsToResources: false,\n};",
15511 "custom": {
15512 "exampleMetadata": "fixture=_generated"
15513 }
15514 },
15515 "fqn": "@aws-cdk/aws-iam.WithoutPolicyUpdatesOptions",
15516 "kind": "interface",
15517 "locationInModule": {
15518 "filename": "lib/role.ts",
15519 "line": 651
15520 },
15521 "name": "WithoutPolicyUpdatesOptions",
15522 "properties": [
15523 {
15524 "abstract": true,
15525 "docs": {
15526 "default": "false",
15527 "remarks": "If this is `false` or not specified, grant permissions added to this role are ignored.\nIt is your own responsibility to make sure the role has the required permissions.\n\nIf this is `true`, any grant permissions will be added to the resource instead.",
15528 "stability": "stable",
15529 "summary": "Add grants to resources instead of dropping them."
15530 },
15531 "immutable": true,
15532 "locationInModule": {
15533 "filename": "lib/role.ts",
15534 "line": 662
15535 },
15536 "name": "addGrantsToResources",
15537 "optional": true,
15538 "type": {
15539 "primitive": "boolean"
15540 }
15541 }
15542 ],
15543 "symbolId": "lib/role:WithoutPolicyUpdatesOptions"
15544 }
15545 },
15546 "version": "1.204.0",
15547 "fingerprint": "**********"
15548}
\No newline at end of file