NOTICE: This release includes a framework-wide breaking change which changes the type of all the string resource attributes across the framework. Instead of using strong-types that extend cdk.Token (such as QueueArn, TopicName, etc), we now represent all these attributes as normal strings, and codify the tokens into the string (using the feature introduced in #168).

Furthermore, the cdk.Arn type has been removed. In order to format/parse ARNs, use the static methods on cdk.ArnUtils.

See motivation and discussion in #695.

Breaking Changes

cfn2ts: use stringified tokens for resource attributes instead of strong types (#712) (6508f78), closes #518 #695 #744
aws-dynamodb: Attribute type for keys, changes the signature of the addPartitionKey and addSortKey methods to be consistent across the board. (#720) (e6cc189)
aws-codebuild: fix typo "priviledged" -> "privileged

Bug Fixes

assets: can't use multiple assets in the same stack (#725) (bba2e5b), closes #706
aws-codebuild: typo in BuildEnvironment "priviledged" -> "privileged (#734) (72fec36)
aws-ecr: fix addToResourcePolicy (#737) (eadbda5)
aws-events: ruleName can now be specified (#726) (a7bc5ee), closes #708
aws-lambda: jsii use no long requires 'sourceAccount' (#728) (9e7d311), closes #714
aws-s3: remove policy argument (#730) (a79190c), closes #672
cdk: "cdk init" java template is broken (#732) (281c083), closes #711 awslabs/jsii#233

Features

aws-apigateway: new API Gateway Construct Library (#665) (b0f3857)
aws-cdk: detect presence of EC2 credentials (#724) (8e8c295), closes #702 #130
aws-codepipeline: make the Stage insertion API in CodePipeline more flexible (#460) (d182818)
aws-codepipeline: new "Pipeline#addStage" convenience method (#647) (25c9fa0)
aws-rds: add support for parameter groups (#729) (2541508), closes #719
docs: add documentation for CDK toolkit plugings (#733) (965b918)
dependencies: upgrade to jsii 0.7.6

Readme

Source

AWS IAM Construct Library

Define a role and add permissions to it. This will automatically create and attach an IAM policy to the role:

const role = new Role(this, 'MyRole', {
  assumedBy: new ServicePrincipal('sns.amazonaws.com')
});
role.addPermission(new Permission('*', 'lambda:InvokeFunction'));

Define a policy and attach it to groups, users and roles. Note that it is possible to attach the policy either by calling xxx.attachPolicy(policy) or policy.attachToXxx(xxx).

const user = new User(this, 'MyUser', { password: '1234' });
const group = new Group(this, 'MyGroup');

const policy = new Policy(this, 'MyPolicy');
policy.attachToUser(user);
group.attachPolicy(policy);

Managed policies can be attached using xxx.attachManagedPolicy(arn):

const group = new Group(this, 'MyGroup');
group.attachManagedPolicy('arn:aws:iam::aws:policy/AdministratorAccess');

Features

Policy name uniqueness is enforced. If two policies by the same name are attached to the same principal, the attachment will fail.
Policy names are not required - the CDK logical ID will be used and ensured to be unique.

Keywords

FAQs

What is @aws-cdk/aws-iam?

Is @aws-cdk/aws-iam popular?

Is @aws-cdk/aws-iam well maintained?

Last updated on 20 Sep 2018

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@aws-cdk/aws-iam

Breaking Changes

Bug Fixes

Features

AWS IAM Construct Library

Features

Keywords

Related posts

Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack

OpenSSF Warns of Reputation Farming Leveraging Closed GitHub Issues and PRs