iam:User

Extends: iam:Principal

Properties

iam:createdAt (required, max 1)

Validation shape for user creation timestamp.

Created at must be a dateTime

The timestamp when the user was created

iam:email (required, max 1)

Validation shape for email property.

Email must be a valid email address

The email address of the user

iam:emailVerified (required, max 1)

Validation shape for email verified property.

Email verified must be a boolean

Whether the user's email has been verified

iam:firstName (optional, max 1)

Validation shape for first name property.

First name must be a string

The first name of the user

iam:hasRole (optional)

Assigns a role to a principal.

hasRole must reference a Role

A principal can have multiple roles. Effective permissions are the union of all assigned roles' identity policies.

Values:

• iam:FullAccessRole: Grants complete access to all workspace actions.
• iam:SystemAdminRole: Grants full read, write, and invocation access to all system-defined resources.
• iam:SystemReadRole: Grants read access and action invocation on system-defined resources.

Inherited from parent class.

iam:lastName (optional, max 1)

Validation shape for last name property.

Last name must be a string

The last name of the user

iam:updatedAt (required, max 1)

Validation shape for user update timestamp.

Updated at must be a dateTime

The timestamp when the user was last updated

iam:userId (required, max 1)

Validation shape for user ID property.

User ID must be a valid UUID string

The unique identifier of a user (UUID)

iam:username (required, max 1)

Validation shape for username property.

Username must be a non-empty string

The username of the user

iam:website (optional, max 1)

Validation shape for website property.

Website must be a valid URI

The website URL of the user