AWS IAM

Define a new IAM Access Key.

An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users.

IAM Instance Profile.

An IAM role that only gets attached to the construct tree once it gets used, not before. This construct can be used to simplify logic in other constructs which need to create a role but only if certain configurations occur (such as when AutoScaling is configured). The role can be configured in one place, but if it never gets used it doesn't get instantiated and will not be synthesized or deployed.

Managed policy.

IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce. You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities.

IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce. You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities. ⚠️ **IMPORTANT NOTICE FOR CONTRIBUTORS** ⚠️ **DO NOT ADD NEW FEATURES TO THIS CONSTRUCT** This construct uses a custom resource with Lambda functions and is maintained for backward compatibility only. We cannot deprecate it due to its usage in existing services like EKS (see https://github.com/aws/aws-cdk/pull/28634#discussion_r1842962697). For new functionality, developers should use `OidcProviderNative` instead, which utilizes the native CloudFormation resource `AWS::IAM::OIDCProvider` and provides the same functionality with less complexity. If you are considering adding features to this construct, please: 1. Consider implementing the feature in `OidcProviderNative` instead 2. Discuss with the CDK team before proceeding 3. Ensure any changes maintain strict backward compatibility

The AWS::IAM::Policy resource associates an [inline](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#inline) IAM policy with IAM users, roles, or groups. For more information about IAM policies, see [Overview of IAM Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html) in the IAM User Guide guide.

IAM Role. Defines an IAM role. The role is created with an assume policy document associated with the specified AWS service principal defined in `serviceAssumeRole`.

A SAML provider.

Define a new IAM user.