diff --git a/packages/@aws-cdk/aws-iam/lib/principals.ts b/packages/@aws-cdk/aws-iam/lib/principals.ts index 3f7c1792f30c5..27ece9e4d59f5 100644 --- a/packages/@aws-cdk/aws-iam/lib/principals.ts +++ b/packages/@aws-cdk/aws-iam/lib/principals.ts @@ -604,19 +604,24 @@ export class CanonicalUserPrincipal extends PrincipalBase { export class FederatedPrincipal extends PrincipalBase { public readonly assumeRoleAction: string; + /** + * The conditions under which the policy is in effect. + * @see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html + */ + public readonly conditions: Conditions; + /** * * @param federated federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito) - * @param conditions The conditions under which the policy is in effect. - * See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html). * @param sessionTags Whether to enable session tagging (see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) */ constructor( public readonly federated: string, - public readonly conditions: Conditions, + conditions: Conditions = {}, assumeRoleAction: string = 'sts:AssumeRole') { super(); + this.conditions = conditions; this.assumeRoleAction = assumeRoleAction; } diff --git a/packages/@aws-cdk/aws-iam/test/principals.test.ts b/packages/@aws-cdk/aws-iam/test/principals.test.ts index 2a1f74e2c5056..e3b1078d2a933 100644 --- a/packages/@aws-cdk/aws-iam/test/principals.test.ts +++ b/packages/@aws-cdk/aws-iam/test/principals.test.ts @@ -103,6 +103,19 @@ test('can have multiple principals the same conditions in the same statement', ( })); }); +test('use federated principal', () => { + // GIVEN + const stack = new Stack(); + + // WHEN + const principal = new iam.FederatedPrincipal('federated'); + + // THEN + expect(stack.resolve(principal.federated)).toStrictEqual('federated'); + expect(stack.resolve(principal.assumeRoleAction)).toStrictEqual('sts:AssumeRole'); + expect(stack.resolve(principal.conditions)).toStrictEqual({}); +}); + test('use Web Identity principal', () => { // GIVEN const stack = new Stack();