1. Advisor
  2. @aws-cdk/aws-iam
  3. functions
  4. @aws-cdk/aws-iam.AccountPrincipal
View all @aws-cdk/aws-iam analysis

How to use the @aws-cdk/aws-iam.AccountPrincipal function in @aws-cdk/aws-iam

To help you get started, we’ve selected a few @aws-cdk/aws-iam examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github aws / aws-cdk / packages / @aws-cdk / aws-kms / lib / key.ts View on Github external
public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {
    // KMS verifies whether the principals included in its key policy actually exist.
    // This is a problem if the stack the grantee is part of depends on the key stack
    // (as it won't exist before the key policy is attempted to be created).
    // In that case, make the account the resource policy principal
    const granteeStackDependsOnKeyStack = this.granteeStackDependsOnKeyStack(grantee);
    const principal = granteeStackDependsOnKeyStack
      ? new iam.AccountPrincipal(granteeStackDependsOnKeyStack)
      : grantee.grantPrincipal;

    const crossAccountAccess = this.isGranteeFromAnotherAccount(grantee);
    const crossRegionAccess = this.isGranteeFromAnotherRegion(grantee);
    const crossEnvironment = crossAccountAccess || crossRegionAccess;
    return iam.Grant.addToPrincipalAndResource({
      grantee,
      actions,
      resource: this,
      resourcePolicyPrincipal: principal,

      // if the key is used in a cross-environment matter,
      // we can't access the Key ARN (they don't have physical names),
      // so fall back to using '*'. ToDo we need to make this better... somehow
      resourceArns: crossEnvironment ? ['*'] : [this.keyArn],
github aws / aws-cdk / packages / @aws-cdk / aws-elasticloadbalancingv2 / lib / alb / application-load-balancer.ts View on Github external
this.setAttribute('access_logs.s3.enabled', 'true');
    this.setAttribute('access_logs.s3.bucket', bucket.bucketName.toString());
    this.setAttribute('access_logs.s3.prefix', prefix);

    const region = Stack.of(this).region;
    if (Token.isUnresolved(region)) {
      throw new Error(`Region is required to enable ELBv2 access logging`);
    }

    const account = ELBV2_ACCOUNTS[region];
    if (!account) {
      throw new Error(`Cannot enable access logging; don't know ELBv2 account for region ${region}`);
    }

    prefix = prefix || '';
    bucket.grantPut(new iam.AccountPrincipal(account), `${(prefix ? prefix + "/" : "")}AWSLogs/${Stack.of(this).account}/*`);

    // make sure the bucket's policy is created before the ALB (see https://github.com/aws/aws-cdk/issues/1633)
    this.node.addDependency(bucket);
  }

@aws-cdk/aws-iam

CDK routines for easily assigning correct and minimal IAM permissions

GitHub
Apache-2.0
Latest version published 1 year ago

Package Health Score

70 / 100
Full package analysis

Popular @aws-cdk/aws-iam functions

Similar packages