AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::EC2::VPCEndpointServicePermissions

Grant or revoke permissions for service consumers (IAM users, IAM roles, and AWS accounts) to connect to the VPC endpoint service. For more information, see ModifyVpcEndpointServicePermissions in the Amazon EC2 API Reference.

If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::EC2::VPCEndpointServicePermissions", "Properties" : { "AllowedPrincipals" : [ String, ... ], "ServiceId" : String } }

YAML

Type: "AWS::EC2::VPCEndpointServicePermissions" Properties: AllowedPrincipals: - String ServiceId: String

Properties

AllowedPrincipals

The Amazon Resource Names (ARN) of one or more principals (IAM users, IAM roles, and AWS accounts). Permissions are granted to the principals in this list. To grant permissions to all principals, specify an asterisk (*). Permissions are revoked for principals not in this list. If the list is empty, then all permissions are revoked.

Required: No

Type: List of String values

Update requires: No interruption

ServiceId

The ID of the VPC endpoint service.

Required: Yes

Type: String

Update requires: Replacement

Return Values

Ref

When you pass the logical ID of an AWS::EC2::VPCEndpointServicePermissions resource to the intrinsic Ref function, the function returns the ID of the VPC endpoint service.

For more information about using the Ref function, see Ref.