Crate scratchstack_aws_principal

Source
Expand description

Actor principals for AWS and AWS-like services.

Principals come in two “flavors”: actor principals and policy principals. Policy principals are used in Aspen documents and have a source (“AWS”, “CanonicalUser”, “Federated”, or “Service”) and an associated value which may contain wildcards. These are implemented in the scratchstack-aspen crate.

On the service implementation side, actor principals (represented by Principal here) are exact, without wildcards. Beyond the core details, there are additional details attached to a principal actor that can be referenced in policy variables. For example, IAM users have a universally unique ID. If the /Sales/Bob user is deleted and re-created, these two users will have the same ARN but different unique IDs that can be referenced via the aws:userid condition key. These details are carried in SessionData structures apart from the Principal itself.

Re-exports§

pub use utils::IamIdPrefix;

Modules§

utils
Validation routines used internally by scratchstack-aws-principal but may be useful elsewhere.

Structs§

AssumedRole
Details about an AWS STS assumed role.
CanonicalUser
Details about an S3 canonical user.
FederatedUser
Details about an AWS IAM federated user.
Principal
A principal that is the source of an action in an AWS (or AWS-like) service.
RootUser
Details about an AWS account root user.
Service
Details about an AWS or AWS-like service.
SessionData
Associated data about a principal. This is a map of ASCII case-insensitive strings to SessionValue values.
User
Details about an AWS IAM user.

Enums§

PrincipalError
Errors that can be raise during the parsing of principals.
PrincipalIdentity
A principal identity that is the source of an action in an AWS (or AWS-like) service.
PrincipalSource
The source of a principal.
SessionValue
Associated data about a session key.