AWS Fundamentals Logo
AWS Fundamentals
L2 Construct

User

Define a new IAM user.

Import

import { User } from 'aws-cdk-lib/aws-iam';

Or use the module namespace:

import * as iam from 'aws-cdk-lib/aws-iam';
// iam.User

Properties

Configuration passed to the constructor as UserProps.

groupsOptional
IGroup[]

Groups to add this user to. You can also use `addToGroup` to add this user to a group.

Default: - No groups.

managedPoliciesOptional
IManagedPolicy[]

A list of managed policies associated with this role. You can add managed policies later using `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.

Default: - No managed policies.

passwordOptional
SecretValue

The password for the user. This is required so the user can access the AWS Management Console. You can use `SecretValue.unsafePlainText` to specify a password in plain text or use `secretsmanager.Secret.fromSecretAttributes` to reference a secret in Secrets Manager.

Default: - User won't be able to access the management console without a password.

passwordResetRequiredOptional
boolean

Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console. If this is set to 'true', you must also specify "initialPassword".

Default: false

pathOptional
string

The path for the user name. For more information about paths, see IAM Identifiers in the IAM User Guide.

Default: /

permissionsBoundaryOptional
IManagedPolicy

AWS supports permissions boundaries for IAM entities (users or roles). A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.

Default: - No permissions boundary.

userNameOptional
string

A name for the IAM user. For valid values, see the UserName parameter for the CreateUser action in the IAM API Reference. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.

Default: - Generated by CloudFormation (recommended)

Get the AWS IAM Cheat Sheet

Everything you need to know about AWS IAM on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

LevelL2 (Higher-level)
Moduleaws-iam
Properties7

Related Constructs

Explore This Service

External Links