Crate scratchstack_aws_principal
source ·Expand description
Actor principals for AWS and AWS-like services.
Principals come in two “flavors”: actor principals and policy principals. Policy principals are used in Aspen
documents and have a source (“AWS”, “CanonicalUser”, “Federated”, or “Service”) and an associated value which may
contain wildcards. These are implemented in the scratchstack-aspen
crate.
On the service implementation side, actor principals (represented by Principal here) are exact, without
wildcards. Beyond the core details, there are additional details attached to a principal actor that can be
referenced in
policy variables.
For example, IAM users have a
universally unique ID.
If the /Sales/Bob
user is deleted and re-created, these two users will have the same ARN but different unique IDs
that can be referenced via the aws:userid
condition key. These details are carried in SessionData structures
apart from the Principal itself.
Re-exports
pub use utils::IamIdPrefix;
Modules
scratchstack-aws-principal
but may be useful elsewhere.