Crate scratchstack_aws_principal

Actor principals for AWS and AWS-like services.

Principals come in two “flavors”: actor principals and policy principals. Policy principals are used in Aspen documents and have a source (“AWS”, “CanonicalUser”, “Federated”, or “Service”) and an associated value which may contain wildcards. These are implemented in the scratchstack-aspen crate.

On the service implementation side, actor principals (represented by Principal here) are exact, without wildcards. Beyond the core details, there are additional details attached to a principal actor that can be referenced in policy variables. For example, IAM users have a universally unique ID. If the /Sales/Bob user is deleted and re-created, these two users will have the same ARN but different unique IDs that can be referenced via the aws:userid condition key. These details are carried in SessionData structures apart from the Principal itself.

Re-exports

pub use utils::IamIdPrefix;

Modules

utils

Validation routines used internally by scratchstack-aws-principal but may be useful elsewhere.

Structs

AssumedRole

Details about an AWS STS assumed role.

CanonicalUser

Details about an S3 canonical user.

FederatedUser

Details about an AWS IAM federated user.

Principal

A principal that is the source of an action in an AWS (or AWS-like) service.

RootUser

Details about an AWS account root user.

Service

Details about an AWS or AWS-like service.

SessionData

Associated data about a principal. This is a map of ASCII case-insensitive strings to SessionValue values.

User

Details about an AWS IAM user.

Enums

PrincipalError

Errors that can be raise during the parsing of principals.

PrincipalIdentity

A principal identity that is the source of an action in an AWS (or AWS-like) service.

PrincipalSource

The source of a principal.

SessionValue

Associated data about a session key.