-
Notifications
You must be signed in to change notification settings - Fork 17
/
awsiam_UserProps.go
77 lines (74 loc) · 3.16 KB
/
awsiam_UserProps.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
package awsiam
import (
"github.com/aws/aws-cdk-go/awscdk"
)
// Properties for defining an IAM user.
//
// Example:
// user := awscdk.NewUser(this, jsii.String("MyUser"), &userProps{
// password: cdk.secretValue.unsafePlainText(jsii.String("1234")),
// })
// group := awscdk.NewGroup(this, jsii.String("MyGroup"))
//
// policy := awscdk.NewPolicy(this, jsii.String("MyPolicy"))
// policy.attachToUser(user)
// group.attachInlinePolicy(policy)
//
// Experimental.
type UserProps struct {
// Groups to add this user to.
//
// You can also use `addToGroup` to add this
// user to a group.
// Experimental.
Groups *[]IGroup `field:"optional" json:"groups" yaml:"groups"`
// A list of managed policies associated with this role.
//
// You can add managed policies later using
// `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.
// Experimental.
ManagedPolicies *[]IManagedPolicy `field:"optional" json:"managedPolicies" yaml:"managedPolicies"`
// The password for the user. This is required so the user can access the AWS Management Console.
//
// You can use `SecretValue.unsafePlainText` to specify a password in plain text or
// use `secretsmanager.Secret.fromSecretAttributes` to reference a secret in
// Secrets Manager.
// Experimental.
Password awscdk.SecretValue `field:"optional" json:"password" yaml:"password"`
// Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console.
//
// If this is set to 'true', you must also specify "initialPassword".
// Experimental.
PasswordResetRequired *bool `field:"optional" json:"passwordResetRequired" yaml:"passwordResetRequired"`
// The path for the user name.
//
// For more information about paths, see IAM
// Identifiers in the IAM User Guide.
// Experimental.
Path *string `field:"optional" json:"path" yaml:"path"`
// AWS supports permissions boundaries for IAM entities (users or roles).
//
// A permissions boundary is an advanced feature for using a managed policy
// to set the maximum permissions that an identity-based policy can grant to
// an IAM entity. An entity's permissions boundary allows it to perform only
// the actions that are allowed by both its identity-based policies and its
// permissions boundaries.
// Experimental.
PermissionsBoundary IManagedPolicy `field:"optional" json:"permissionsBoundary" yaml:"permissionsBoundary"`
// A name for the IAM user.
//
// For valid values, see the UserName parameter for
// the CreateUser action in the IAM API Reference. If you don't specify a
// name, AWS CloudFormation generates a unique physical ID and uses that ID
// for the user name.
//
// If you specify a name, you cannot perform updates that require
// replacement of this resource. You can perform updates that require no or
// some interruption. If you must replace the resource, specify a new name.
//
// If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to
// acknowledge your template's capabilities. For more information, see
// Acknowledging IAM Resources in AWS CloudFormation Templates.
// Experimental.
UserName *string `field:"optional" json:"userName" yaml:"userName"`
}