aws-iam

To help you get started, we’ve selected a few @aws-cdk/aws-iam examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

aws / aws-cdk / packages / @aws-cdk / aws-kms / lib / via-service-principal.ts View on Github

import * as iam from '@aws-cdk/aws-iam';

/**
 * A principal to allow access to a key if it's being used through another AWS service
 */
export class ViaServicePrincipal extends iam.PrincipalBase {
  private readonly basePrincipal: iam.IPrincipal;

  constructor(private readonly serviceName: string, basePrincipal?: iam.IPrincipal) {
    super();
    this.basePrincipal = basePrincipal ? basePrincipal : new iam.AnyPrincipal();
  }

  public get policyFragment(): iam.PrincipalPolicyFragment {
    // Make a copy of the base policyFragment to add a condition to it
    const base = this.basePrincipal.policyFragment;
    const conditions = Object.assign({}, base.conditions);

    if (conditions.StringEquals) {
      conditions.StringEquals = Object.assign({ 'kms:ViaService': this.serviceName }, conditions.StringEquals);
    } else {
      conditions.StringEquals = { 'kms:ViaService': this.serviceName };

How to use the @aws-cdk/aws-iam.PrincipalBase function in @aws-cdk/aws-iam

To help you get started, we’ve selected a few @aws-cdk/aws-iam examples, based on popular ways it is used in public projects.

@aws-cdk/aws-iam

Package Health Score

Popular @aws-cdk/aws-iam functions

Similar packages