software.amazon.awscdk.services.iam

Class LazyRole

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.Resource

software.amazon.awscdk.services.iam.LazyRole

All Implemented Interfaces:

IResource, IGrantable, IIdentity, IPrincipal, IRole, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)",
           date="2022-09-19T20:26:39.774Z")
 @Stability(value=Stable)
public class LazyRole
extends Resource
implements IRole

An IAM role that only gets attached to the construct tree once it gets used, not before.

This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.*;
 import software.amazon.awscdk.services.iam.*;
 ManagedPolicy managedPolicy;
 PolicyDocument policyDocument;
 IPrincipal principal;
 LazyRole lazyRole = LazyRole.Builder.create(this, "MyLazyRole")
         .assumedBy(principal)
         // the properties below are optional
         .description("description")
         .externalIds(List.of("externalIds"))
         .inlinePolicies(Map.of(
                 "inlinePoliciesKey", policyDocument))
         .managedPolicies(List.of(managedPolicy))
         .maxSessionDuration(Duration.minutes(30))
         .path("path")
         .permissionsBoundary(managedPolicy)
         .roleName("roleName")
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	LazyRole.Builder A fluent builder for LazyRole.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IRole

IRole.Jsii$Default, IRole.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor and Description
	LazyRole(software.constructs.Construct scope, String id, LazyRoleProps props)
protected	LazyRole(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	LazyRole(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
void	addManagedPolicy(IManagedPolicy policy) Attaches a managed policy to this role.
Boolean	addToPolicy(PolicyStatement statement) Add to the policy of this principal.
AddToPrincipalPolicyResult	addToPrincipalPolicy(PolicyStatement statement) Adds a permission to the role's default policy document.
void	attachInlinePolicy(Policy policy) Attaches a policy to this role.
String	getAssumeRoleAction() When this Principal is used in an AssumeRole policy, the action to use.
IPrincipal	getGrantPrincipal() The principal to grant permissions to.
PrincipalPolicyFragment	getPolicyFragment() Return the policy fragment that identifies this principal in a Policy.
String	getPrincipalAccount() The AWS account ID of this principal.
String	getRoleArn() Returns the ARN of this role.
String	getRoleId() Returns the stable and unique string identifying the role (i.e.
String	getRoleName() Returns the name of this role.
Grant	grant(IPrincipal identity, String... actions) Grant the actions defined in actions to the identity Principal on this resource.
Grant	grantAssumeRole(IPrincipal identity) Grant permissions to the given principal to assume this role.
Grant	grantPassRole(IPrincipal identity) Grant permissions to the given principal to pass this role.

Methods inherited from class software.amazon.awscdk.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource

Methods inherited from class software.constructs.Construct

getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.IResource

applyRemovalPolicy, getEnv, getStack

Methods inherited from interface software.constructs.IConstruct

getNode

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Constructor Detail

LazyRole

protected LazyRole(software.amazon.jsii.JsiiObjectRef objRef)

LazyRole

protected LazyRole(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

LazyRole

@Stability(value=Stable)
public LazyRole(@NotNull
                                         software.constructs.Construct scope,
                                         @NotNull
                                         String id,
                                         @NotNull
                                         LazyRoleProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props - This parameter is required.

Method Detail

addManagedPolicy

@Stability(value=Stable)
public void addManagedPolicy(@NotNull
                                                      IManagedPolicy policy)

Attaches a managed policy to this role.

Specified by:

addManagedPolicy in interface IIdentity

Parameters:

policy - The managed policy to attach. This parameter is required.

addToPolicy

@Stability(value=Stable)
 @NotNull
public Boolean addToPolicy(@NotNull
                                                              PolicyStatement statement)

Add to the policy of this principal.

Parameters:

statement - This parameter is required.

addToPrincipalPolicy

@Stability(value=Stable)
 @NotNull
public AddToPrincipalPolicyResult addToPrincipalPolicy(@NotNull
                                                                                          PolicyStatement statement)

Adds a permission to the role's default policy document.

If there is no default policy attached to this role, it will be created.

Specified by:

addToPrincipalPolicy in interface IPrincipal

Parameters:

statement - The permission statement to add to the policy document. This parameter is required.

attachInlinePolicy

@Stability(value=Stable)
public void attachInlinePolicy(@NotNull
                                                        Policy policy)

Attaches a policy to this role.

Specified by:

attachInlinePolicy in interface IIdentity

Parameters:

policy - The policy to attach. This parameter is required.

grant

@Stability(value=Stable)
 @NotNull
public Grant grant(@NotNull
                                                      IPrincipal identity,
                                                      @NotNull
                                                      String... actions)

Grant the actions defined in actions to the identity Principal on this resource.

Specified by:

grant in interface IRole

Parameters:

identity - This parameter is required.

actions - This parameter is required.

grantAssumeRole

@Stability(value=Stable)
 @NotNull
public Grant grantAssumeRole(@NotNull
                                                                IPrincipal identity)

Grant permissions to the given principal to assume this role.

Specified by:

grantAssumeRole in interface IRole

Parameters:

identity - This parameter is required.

grantPassRole

@Stability(value=Stable)
 @NotNull
public Grant grantPassRole(@NotNull
                                                              IPrincipal identity)

Grant permissions to the given principal to pass this role.

Specified by:

grantPassRole in interface IRole

Parameters:

identity - This parameter is required.

getAssumeRoleAction

@Stability(value=Stable)
 @NotNull
public String getAssumeRoleAction()

When this Principal is used in an AssumeRole policy, the action to use.

Specified by:

getAssumeRoleAction in interface IPrincipal

getGrantPrincipal

@Stability(value=Stable)
 @NotNull
public IPrincipal getGrantPrincipal()

The principal to grant permissions to.

Specified by:

getGrantPrincipal in interface IGrantable

getPolicyFragment

@Stability(value=Stable)
 @NotNull
public PrincipalPolicyFragment getPolicyFragment()

Return the policy fragment that identifies this principal in a Policy.

Specified by:

getPolicyFragment in interface IPrincipal

getRoleArn

@Stability(value=Stable)
 @NotNull
public String getRoleArn()

Returns the ARN of this role.

Specified by:

getRoleArn in interface IRole

getRoleId

@Stability(value=Stable)
 @NotNull
public String getRoleId()

Returns the stable and unique string identifying the role (i.e. AIDAJQABLZS4A3QDU576Q).

getRoleName

@Stability(value=Stable)
 @NotNull
public String getRoleName()

Returns the name of this role.

Specified by:

getRoleName in interface IRole

getPrincipalAccount

@Stability(value=Stable)
 @Nullable
public String getPrincipalAccount()

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

Specified by:

getPrincipalAccount in interface IPrincipal