Skip to main content

Initializer

import cdktn

cdktn.S3BackendAssumeRoleWithWebIdentityConfig(
  duration: str = None,
  policy: str = None,
  policy_arns: typing.List[str] = None,
  role_arn: str = None,
  session_name: str = None,
  web_identity_token: str = None,
  web_identity_token_file: str = None
)

Properties

NameTypeDescription
durationstr(Optional) The duration individual credentials will be valid.
policystr(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
policy_arnstyping.List[str](Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
role_arnstr(Required) Amazon Resource Name (ARN) of the IAM Role to assume.
session_namestr(Optional) Session name to use when assuming the role.
web_identity_tokenstr(Optional) The value of a web identity token from an OpenID Connect (OIDC) or OAuth provider.
web_identity_token_filestr(Optional) File containing a web identity token from an OpenID Connect (OIDC) or OAuth provider.

durationOptional

duration: str
  • Type: str
(Optional) The duration individual credentials will be valid. Credentials are automatically renewed up to the maximum defined by the AWS account. Specified using the format < hours >h< minutes >m< seconds >s with any unit being optional. For example, an hour and a half can be specified as 1h30m or 90m. Must be between 15 minutes (15m) and 12 hours (12h).

policyOptional

policy: str
  • Type: str
(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.

policy_arnsOptional

policy_arns: typing.List[str]
  • Type: typing.List[str]
(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.

role_arnOptional

role_arn: str
  • Type: str
(Required) Amazon Resource Name (ARN) of the IAM Role to assume. Can also be set with the AWS_ROLE_ARN environment variable.

session_nameOptional

session_name: str
  • Type: str
(Optional) Session name to use when assuming the role. Can also be set with the AWS_ROLE_SESSION_NAME environment variable.

web_identity_tokenOptional

web_identity_token: str
  • Type: str
(Optional) The value of a web identity token from an OpenID Connect (OIDC) or OAuth provider. One of web_identity_token or web_identity_token_file is required.

web_identity_token_fileOptional

web_identity_token_file: str
  • Type: str
(Optional) File containing a web identity token from an OpenID Connect (OIDC) or OAuth provider. One of web_identity_token_file or web_identity_token is required. Can also be set with the AWS_WEB_IDENTITY_TOKEN_FILE environment variable.