Grant or revoke permissions for service consumers (users, IAM roles, and AWS accounts) to connect to a VPC endpoint service.
If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{
"Type" : "AWS::EC2::VPCEndpointServicePermissions",
"Properties" : {
"AllowedPrincipals" : [ String, ... ],
"ServiceId" : String
}
}
YAML
Type: AWS::EC2::VPCEndpointServicePermissions
Properties:
AllowedPrincipals:
- String
ServiceId: String
Properties
AllowedPrincipals-
The Amazon Resource Names (ARN) of one or more principals (for example, users, IAM roles, and AWS accounts). Permissions are granted to the principals in this list. To grant permissions to all principals, specify an asterisk (*). Permissions are revoked for principals not in this list. If the list is empty, then all permissions are revoked.
Required: No
Type: Array of String
Update requires: No interruption
ServiceId-
The ID of the service.
Required: Yes
Type: String
Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the VPC endpoint service permissions.
For more information about using the Ref function, see Ref.
