Crate scratchstack_aws_principal

Expand description

Actor principals for AWS and AWS-like services.

Principals come in two “flavors”: actor principals and policy principals. Policy principals are used in Aspen documents and have a source (“AWS”, “CanonicalUser”, “Federated”, or “Service”) and an associated value which may contain wildcards. These are implemented in the scratchstack-aspen crate.

On the service implementation side, actor principals (represented by the Principal enum here) are exact, without wildcards. Beyond the core details, there are additional details attached to a principal actor that can be referenced in policy variables. For example, IAM users have a universally unique ID. If the /Sales/Bob user is deleted and re-created, these two users will have the same ARN but different unique IDs that can be referenced via the aws:userid condition key. These details are carried in SessionData structures apart from the Principal itself.

Re-exports

pub use utils::IamIdPrefix;

Modules

utils

Structs

AssumedRole

Details about an assumed role actor.

CanonicalUser

Details about an S3 canonical user.

FederatedUser

Details about a federated user.

Principal

A principal that is the source of an action in an AWS (or AWS-like) service. This principal may have multiple aspects to its identity: for example, an assumed role may have an associated service and S3 canonical user.

RootUser

Details about an AWS account root user.

Service

Details about a service.

SessionData

Associated data about a principal. This is a map of ASCII case-insensitive strings to SessionValue values.

User

Details about an AWS IAM user.

Enums

PrincipalError

Errors that can be raise during the parsing of principals.

PrincipalIdentity

A principal identity that is the source of an action in an AWS (or AWS-like) service.

PrincipalSource

The source of a principal.

SessionValue

Associated data about a session key.