UNPKG

4.84 kBTypeScriptView Raw
1import { Resource } from '@aws-cdk/core';
2import { Construct } from 'constructs';
3import { IIdentity } from './identity-base';
4import { IManagedPolicy } from './managed-policy';
5import { Policy } from './policy';
6import { PolicyStatement } from './policy-statement';
7import { AddToPrincipalPolicyResult, IPrincipal, PrincipalPolicyFragment } from './principals';
8import { IUser } from './user';
9/**
10 * Represents an IAM Group.
11 *
12 * @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
13 */
14export interface IGroup extends IIdentity {
15 /**
16 * Returns the IAM Group Name
17 *
18 * @attribute
19 */
20 readonly groupName: string;
21 /**
22 * Returns the IAM Group ARN
23 *
24 * @attribute
25 */
26 readonly groupArn: string;
27}
28/**
29 * Properties for defining an IAM group
30 */
31export interface GroupProps {
32 /**
33 * A name for the IAM group. For valid values, see the GroupName parameter
34 * for the CreateGroup action in the IAM API Reference. If you don't specify
35 * a name, AWS CloudFormation generates a unique physical ID and uses that
36 * ID for the group name.
37 *
38 * If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to
39 * acknowledge your template's capabilities. For more information, see
40 * Acknowledging IAM Resources in AWS CloudFormation Templates.
41 *
42 * @default Generated by CloudFormation (recommended)
43 */
44 readonly groupName?: string;
45 /**
46 * A list of managed policies associated with this role.
47 *
48 * You can add managed policies later using
49 * `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.
50 *
51 * @default - No managed policies.
52 */
53 readonly managedPolicies?: IManagedPolicy[];
54 /**
55 * The path to the group. For more information about paths, see [IAM
56 * Identifiers](http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html)
57 * in the IAM User Guide.
58 *
59 * @default /
60 */
61 readonly path?: string;
62}
63declare abstract class GroupBase extends Resource implements IGroup {
64 abstract readonly groupName: string;
65 abstract readonly groupArn: string;
66 readonly grantPrincipal: IPrincipal;
67 readonly principalAccount: string | undefined;
68 readonly assumeRoleAction: string;
69 private readonly attachedPolicies;
70 private defaultPolicy?;
71 get policyFragment(): PrincipalPolicyFragment;
72 /**
73 * Attaches a policy to this group.
74 * @param policy The policy to attach.
75 */
76 attachInlinePolicy(policy: Policy): void;
77 addManagedPolicy(_policy: IManagedPolicy): void;
78 /**
79 * Adds a user to this group.
80 */
81 addUser(user: IUser): void;
82 /**
83 * Adds an IAM statement to the default policy.
84 */
85 addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult;
86 addToPolicy(statement: PolicyStatement): boolean;
87}
88/**
89 * An IAM Group (collection of IAM users) lets you specify permissions for
90 * multiple users, which can make it easier to manage permissions for those users.
91 *
92 * @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
93 */
94export declare class Group extends GroupBase {
95 /**
96 * Import an external group by ARN.
97 *
98 * If the imported Group ARN is a Token (such as a
99 * `CfnParameter.valueAsString` or a `Fn.importValue()`) *and* the referenced
100 * group has a `path` (like `arn:...:group/AdminGroup/NetworkAdmin`), the
101 * `groupName` property will not resolve to the correct value. Instead it
102 * will resolve to the first path component. We unfortunately cannot express
103 * the correct calculation of the full path name as a CloudFormation
104 * expression. In this scenario the Group ARN should be supplied without the
105 * `path` in order to resolve the correct group resource.
106 *
107 * @param scope construct scope
108 * @param id construct id
109 * @param groupArn the ARN of the group to import (e.g. `arn:aws:iam::account-id:group/group-name`)
110 */
111 static fromGroupArn(scope: Construct, id: string, groupArn: string): IGroup;
112 /**
113 * Import an existing group by given name (with path).
114 * This method has same caveats of `fromGroupArn`
115 *
116 * @param scope construct scope
117 * @param id construct id
118 * @param groupName the groupName (path included) of the existing group to import
119 */
120 static fromGroupName(scope: Construct, id: string, groupName: string): IGroup;
121 readonly groupName: string;
122 readonly groupArn: string;
123 private readonly managedPolicies;
124 constructor(scope: Construct, id: string, props?: GroupProps);
125 /**
126 * Attaches a managed policy to this group.
127 * @param policy The managed policy to attach.
128 */
129 addManagedPolicy(policy: IManagedPolicy): void;
130}
131export {};