Expand description
Actor principals for AWS and AWS-like services.
Principals come in two “flavors”: actor principals and policy principals. Policy principals are used in Aspen
documents and have a source (“AWS”, “CanonicalUser”, “Federated”, or “Service”) and an associated value which may
contain wildcards. These are implemented in the scratchstack-aspen
crate.
On the service implementation side, actor principals (represented by Principal here) are exact, without
wildcards. Beyond the core details, there are additional details attached to a principal actor that can be
referenced in
policy variables.
For example, IAM users have a
universally unique ID.
If the /Sales/Bob
user is deleted and re-created, these two users will have the same ARN but different unique IDs
that can be referenced via the aws:userid
condition key. These details are carried in SessionData structures
apart from the Principal itself.
Re-exports§
pub use utils::IamIdPrefix;
Modules§
- utils
- Validation routines used internally by
scratchstack-aws-principal
but may be useful elsewhere.
Structs§
- Assumed
Role - Details about an AWS STS assumed role.
- Canonical
User - Details about an S3 canonical user.
- Federated
User - Details about an AWS IAM federated user.
- Principal
- A principal that is the source of an action in an AWS (or AWS-like) service.
- Root
User - Details about an AWS account root user.
- Service
- Details about an AWS or AWS-like service.
- Session
Data - Associated data about a principal. This is a map of ASCII case-insensitive strings to SessionValue values.
- User
- Details about an AWS IAM user.
Enums§
- Principal
Error - Errors that can be raise during the parsing of principals.
- Principal
Identity - A principal identity that is the source of an action in an AWS (or AWS-like) service.
- Principal
Source - The source of a principal.
- Session
Value - Associated data about a session key.