ReadonlyassumeWhen this Principal is used in an AssumeRole policy, the action to use.
ReadonlyenvThe environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
ReadonlygrantThe principal to grant permissions to
ReadonlynodeThe tree node.
ReadonlypolicyReturn the policy fragment that identifies this principal in a Policy.
Optional ReadonlyprincipalThe AWS account ID of this principal. Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
ReadonlyroleReturns the ARN of this role.
ReadonlyroleReturns the name of this role.
ReadonlyroleA reference to a Role resource.
ReadonlystackThe stack in which this resource is defined.
Attaches a managed policy to this principal.
Add to the policy of this principal.
Apply the given removal policy to this resource
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
Attaches an inline policy to this principal.
This is the same as calling policy.addToXxx(principal).
Grant the actions defined in actions to the identity Principal on this resource.
Grant permissions to the given principal to assume this role.
Grant permissions to the given principal to pass this role.
Returns a string representation of this construct.
StaticisChecks if x is a construct.
Use this method instead of instanceof to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct in each copy of the constructs library
is seen as a different class, and an instance of one class will not test as
instanceof the other class. npm install will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof will behave
unpredictably. It is safest to avoid using instanceof, and using
this type-testing method instead.
Any object
true if x is an object created from a class which extends Construct.
The IAM ServiceLinkedRole is an eventually consistent resource. CloudFormation receives a successful response immediately when a SLR is created and the actual resource may not yet exist. This can cause stacks to fail when creating subsequent resources that depend on the SLR.
This construct uses a custom-resource lambda and a CFN wait condition to make sure the SLR exist before resolving and can be used as a dependency in the subsequent resouce
DependsOnpolicies