AWS::EC2::VPCEndpointServicePermissions - AWS CloudFormation

AWS::EC2::VPCEndpointServicePermissions

Grant or revoke permissions for service consumers (users, IAM roles, and AWS accounts) to connect to a VPC endpoint service.

If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::EC2::VPCEndpointServicePermissions", "Properties" : { "AllowedPrincipals" : [ String, ... ], "ServiceId" : String } }

YAML

Type: AWS::EC2::VPCEndpointServicePermissions Properties: AllowedPrincipals: - String ServiceId: String

Properties

AllowedPrincipals

The Amazon Resource Names (ARN) of one or more principals (for example, users, IAM roles, and AWS accounts). Permissions are granted to the principals in this list. To grant permissions to all principals, specify an asterisk (*). Permissions are revoked for principals not in this list. If the list is empty, then all permissions are revoked.

Required: No

Type: Array of String

Update requires: No interruption

ServiceId

The ID of the service.

Required: Yes

Type: String

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the VPC endpoint service permissions.

For more information about using the Ref function, see Ref.