Skip to main content

Initializer 

import { S3BackendAssumeRoleWithWebIdentityConfig } from 'cdktn'

const s3BackendAssumeRoleWithWebIdentityConfig: S3BackendAssumeRoleWithWebIdentityConfig = { ... }

Properties

NameTypeDescription
durationstring(Optional) The duration individual credentials will be valid.
policystring(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
policyArnsstring[](Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
roleArnstring(Required) Amazon Resource Name (ARN) of the IAM Role to assume.
sessionNamestring(Optional) Session name to use when assuming the role.
webIdentityTokenstring(Optional) The value of a web identity token from an OpenID Connect (OIDC) or OAuth provider.
webIdentityTokenFilestring(Optional) File containing a web identity token from an OpenID Connect (OIDC) or OAuth provider.

durationOptional 

public readonly duration: string;
  • Type: string
(Optional) The duration individual credentials will be valid. Credentials are automatically renewed up to the maximum defined by the AWS account. Specified using the format < hours >h< minutes >m< seconds >s with any unit being optional. For example, an hour and a half can be specified as 1h30m or 90m. Must be between 15 minutes (15m) and 12 hours (12h).

policyOptional 

public readonly policy: string;
  • Type: string
(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.

policyArnsOptional 

public readonly policyArns: string[];
  • Type: string[]
(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.

roleArnOptional 

public readonly roleArn: string;
  • Type: string
(Required) Amazon Resource Name (ARN) of the IAM Role to assume. Can also be set with the AWS_ROLE_ARN environment variable.

sessionNameOptional 

public readonly sessionName: string;
  • Type: string
(Optional) Session name to use when assuming the role. Can also be set with the AWS_ROLE_SESSION_NAME environment variable.

webIdentityTokenOptional 

public readonly webIdentityToken: string;
  • Type: string
(Optional) The value of a web identity token from an OpenID Connect (OIDC) or OAuth provider. One of web_identity_token or web_identity_token_file is required.

webIdentityTokenFileOptional 

public readonly webIdentityTokenFile: string;
  • Type: string
(Optional) File containing a web identity token from an OpenID Connect (OIDC) or OAuth provider. One of web_identity_token_file or web_identity_token is required. Can also be set with the AWS_WEB_IDENTITY_TOKEN_FILE environment variable.