Class RoleConfig

IamConfig / RoleSetConfig / RoleConfig

Description

IAM Role configuration

Example

- name: EC2-Default-SSM-AD-Role
  assumedBy:
    - principal: ec2.amazonaws.com
      type: service
  boundaryPolicy: Default-Boundary-Policy
  instanceProfile: true
  policies:
    awsManaged:
      - AmazonSSMManagedInstanceCore
      - AmazonSSMDirectoryServiceAccess
      - CloudWatchAgentServerPolicy

Hierarchy

  • RoleConfig

Implements

Constructors

constructor

Properties

assumedBy boundaryPolicy externalIds? instanceProfile name policies

Constructors

constructor

Properties

Readonly assumedBy

assumedBy: AssumedByConfig[] = []

AssumedBy configuration

Readonly boundaryPolicy

boundaryPolicy: string = ''

A permissions boundary configuration

Optional Readonly externalIds

externalIds?: string[]

List of IDs that the role assumer needs to provide one of when assuming this role

Remarks

For more information about granting third party access to assume an IAM Role, please reference the documentation. From the documentation, this will apply a similar stanza in the assume role policy document of your IAM role.

"Principal": {"AWS": "Example Corp's AWS account ID"},
"Condition": {"StringEquals": {"sts:ExternalId": "Unique ID Assigned by Example Corp"}}

Example

- name: Test-Arn-Role
  assumedBy:
    - type: principalArn
      principal: "arn:aws:iam::555555555555:user/TestUser"
   externalIds:
     - "777777777777"

Readonly instanceProfile

instanceProfile: undefined | boolean = undefined

Indicates whether role is used for EC2 instance profile

Readonly name

name: string = ''

A name for the role

Readonly policies

policies: undefined | PoliciesConfig = undefined

List of policies for the role

Settings

Member Visibility

Theme

Generated using TypeDoc