Skip to content

Latest commit

 

History

History
730 lines (448 loc) · 28.8 KB

API.md

File metadata and controls

730 lines (448 loc) · 28.8 KB

API Reference

Constructs

UserWithAccessKey

Initializers 

import { userWithAccessKey } from '@time-loop/cdk-user-with-access-key'

new userWithAccessKey.UserWithAccessKey(scope: Construct, id: Namer, props?: UserWithAccessKeyProps)
Name Type Description
scope constructs.Construct No description.
id multi-convention-namer.Namer No description.
props @time-loop/cdk-user-with-access-key.userWithAccessKey.UserWithAccessKeyProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: multi-convention-namer.Namer
propsOptional
  • Type: @time-loop/cdk-user-with-access-key.userWithAccessKey.UserWithAccessKeyProps

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
addManagedPolicy Attaches a managed policy to the user.
addToGroup Adds this user to a group.
addToPolicy Add to the policy of this principal.
addToPrincipalPolicy Adds an IAM statement to the default policy.
attachInlinePolicy Attaches a policy to this user.
toString 
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy 
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
  • Type: aws-cdk-lib.RemovalPolicy
addManagedPolicy 
public addManagedPolicy(policy: IManagedPolicy): void

Attaches a managed policy to the user.

policyRequired
  • Type: aws-cdk-lib.aws_iam.IManagedPolicy

The managed policy to attach.

addToGroup 
public addToGroup(group: IGroup): void

Adds this user to a group.

groupRequired
  • Type: aws-cdk-lib.aws_iam.IGroup
addToPolicy 
public addToPolicy(statement: PolicyStatement): boolean

Add to the policy of this principal.

statementRequired
  • Type: aws-cdk-lib.aws_iam.PolicyStatement
addToPrincipalPolicy 
public addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult

Adds an IAM statement to the default policy.

statementRequired
  • Type: aws-cdk-lib.aws_iam.PolicyStatement
attachInlinePolicy 
public attachInlinePolicy(policy: Policy): void

Attaches a policy to this user.

policyRequired
  • Type: aws-cdk-lib.aws_iam.Policy

Static Functions

Name Description
isConstruct Checks if x is a construct.
isResource Check whether the given construct is a Resource.
fromUserArn Import an existing user given a user ARN.
fromUserAttributes Import an existing user given user attributes.
fromUserName Import an existing user given a username.
isConstruct 
import { userWithAccessKey } from '@time-loop/cdk-user-with-access-key'

userWithAccessKey.UserWithAccessKey.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

isResource 
import { userWithAccessKey } from '@time-loop/cdk-user-with-access-key'

userWithAccessKey.UserWithAccessKey.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
  • Type: constructs.IConstruct
fromUserArn 
import { userWithAccessKey } from '@time-loop/cdk-user-with-access-key'

userWithAccessKey.UserWithAccessKey.fromUserArn(scope: Construct, id: string, userArn: string)

Import an existing user given a user ARN.

If the ARN comes from a Token, the User cannot have a path; if so, any attempt to reference its username will fail.

scopeRequired
  • Type: constructs.Construct

construct scope.

idRequired
  • Type: string

construct id.

userArnRequired
  • Type: string

the ARN of an existing user to import.

fromUserAttributes 
import { userWithAccessKey } from '@time-loop/cdk-user-with-access-key'

userWithAccessKey.UserWithAccessKey.fromUserAttributes(scope: Construct, id: string, attrs: UserAttributes)

Import an existing user given user attributes.

If the ARN comes from a Token, the User cannot have a path; if so, any attempt to reference its username will fail.

scopeRequired
  • Type: constructs.Construct

construct scope.

idRequired
  • Type: string

construct id.

attrsRequired
  • Type: aws-cdk-lib.aws_iam.UserAttributes

the attributes of the user to import.

fromUserName 
import { userWithAccessKey } from '@time-loop/cdk-user-with-access-key'

userWithAccessKey.UserWithAccessKey.fromUserName(scope: Construct, id: string, userName: string)

Import an existing user given a username.

scopeRequired
  • Type: constructs.Construct

construct scope.

idRequired
  • Type: string

construct id.

userNameRequired
  • Type: string

the username of the existing user to import.

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
assumeRoleAction string When this Principal is used in an AssumeRole policy, the action to use.
grantPrincipal aws-cdk-lib.aws_iam.IPrincipal The principal to grant permissions to.
policyFragment aws-cdk-lib.aws_iam.PrincipalPolicyFragment Return the policy fragment that identifies this principal in a Policy.
userArn string An attribute that represents the user's ARN.
userName string An attribute that represents the user name.
permissionsBoundary aws-cdk-lib.aws_iam.IManagedPolicy Returns the permissions boundary attached to this user.
principalAccount string The AWS account ID of this principal.
credentialsSecret aws-cdk-lib.aws_secretsmanager.ISecret No description.
encryptionKey aws-cdk-lib.aws_kms.IKey No description.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

assumeRoleActionRequired 
public readonly assumeRoleAction: string;
  • Type: string

When this Principal is used in an AssumeRole policy, the action to use.

grantPrincipalRequired 
public readonly grantPrincipal: IPrincipal;
  • Type: aws-cdk-lib.aws_iam.IPrincipal

The principal to grant permissions to.

policyFragmentRequired 
public readonly policyFragment: PrincipalPolicyFragment;
  • Type: aws-cdk-lib.aws_iam.PrincipalPolicyFragment

Return the policy fragment that identifies this principal in a Policy.

userArnRequired 
public readonly userArn: string;
  • Type: string

An attribute that represents the user's ARN.

userNameRequired 
public readonly userName: string;
  • Type: string

An attribute that represents the user name.

permissionsBoundaryOptional 
public readonly permissionsBoundary: IManagedPolicy;
  • Type: aws-cdk-lib.aws_iam.IManagedPolicy

Returns the permissions boundary attached to this user.

principalAccountOptional 
public readonly principalAccount: string;
  • Type: string

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

credentialsSecretRequired 
public readonly credentialsSecret: ISecret;
  • Type: aws-cdk-lib.aws_secretsmanager.ISecret
encryptionKeyRequired 
public readonly encryptionKey: IKey;
  • Type: aws-cdk-lib.aws_kms.IKey

Structs

SecretGrantees

We must use this interface because otherwise, using strictly aws_iam.IGrantable results in cyclic dependencies if the grantable resource is created in the same Stack as the secret. Yeah, it's ugly...but it's what we've got to work with.

Initializer 

import { userWithAccessKey } from '@time-loop/cdk-user-with-access-key'

const secretGrantees: userWithAccessKey.SecretGrantees = { ... }

Properties

Name Type Description
groups aws-cdk-lib.aws_iam.IGroup[] No description.
roles aws-cdk-lib.aws_iam.IRole[] No description.
users aws-cdk-lib.aws_iam.IUser[] No description.
groupsOptional 
public readonly groups: IGroup[];
  • Type: aws-cdk-lib.aws_iam.IGroup[]
  • Default: []
rolesOptional 
public readonly roles: IRole[];
  • Type: aws-cdk-lib.aws_iam.IRole[]
  • Default: []
usersOptional 
public readonly users: IUser[];
  • Type: aws-cdk-lib.aws_iam.IUser[]
  • Default: []

UserWithAccessKeyProps

Initializer 

import { userWithAccessKey } from '@time-loop/cdk-user-with-access-key'

const userWithAccessKeyProps: userWithAccessKey.UserWithAccessKeyProps = { ... }

Properties

Name Type Description
groups aws-cdk-lib.aws_iam.IGroup[] Groups to add this user to.
managedPolicies aws-cdk-lib.aws_iam.IManagedPolicy[] A list of managed policies associated with this role.
password aws-cdk-lib.SecretValue The password for the user. This is required so the user can access the AWS Management Console.
passwordResetRequired boolean Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.
path string The path for the user name.
permissionsBoundary aws-cdk-lib.aws_iam.IManagedPolicy AWS supports permissions boundaries for IAM entities (users or roles).
userName string A name for the IAM user.
encryptionKey aws-cdk-lib.aws_kms.IKey No description.
grantees @time-loop/cdk-user-with-access-key.userWithAccessKey.SecretGrantees Would you like us to grant read on the credentialsSecret to anyone?
secretName string No description.
groupsOptional 
public readonly groups: IGroup[];
  • Type: aws-cdk-lib.aws_iam.IGroup[]
  • Default: No groups.

Groups to add this user to.

You can also use addToGroup to add this user to a group.

managedPoliciesOptional 
public readonly managedPolicies: IManagedPolicy[];
  • Type: aws-cdk-lib.aws_iam.IManagedPolicy[]
  • Default: No managed policies.

A list of managed policies associated with this role.

You can add managed policies later using addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName)).

passwordOptional 
public readonly password: SecretValue;
  • Type: aws-cdk-lib.SecretValue
  • Default: User won't be able to access the management console without a password.

The password for the user. This is required so the user can access the AWS Management Console.

You can use SecretValue.unsafePlainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager.

passwordResetRequiredOptional 
public readonly passwordResetRequired: boolean;
  • Type: boolean
  • Default: false

Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.

If this is set to 'true', you must also specify "initialPassword".

pathOptional 
public readonly path: string;
  • Type: string
  • Default: /

The path for the user name.

For more information about paths, see IAM Identifiers in the IAM User Guide.

permissionsBoundaryOptional 
public readonly permissionsBoundary: IManagedPolicy;
  • Type: aws-cdk-lib.aws_iam.IManagedPolicy
  • Default: No permissions boundary.

AWS supports permissions boundaries for IAM entities (users or roles).

A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html

userNameOptional 
public readonly userName: string;
  • Type: string
  • Default: Generated by CloudFormation (recommended)

A name for the IAM user.

For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.

If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.

encryptionKeyOptional 
public readonly encryptionKey: IKey;
  • Type: aws-cdk-lib.aws_kms.IKey
  • Default: undefined - generate a KMS key.
granteesOptional 
public readonly grantees: SecretGrantees;
  • Type: @time-loop/cdk-user-with-access-key.userWithAccessKey.SecretGrantees
  • Default: [] - no grantees

Would you like us to grant read on the credentialsSecret to anyone?

secretNameOptional 
public readonly secretName: string;
  • Type: string
  • Default: undefined - have CDK generate an ugly unique secret name