PrincipalPolicyFragment

class aws_cdk.aws_iam.PrincipalPolicyFragment(principal_json, conditions=None)

Bases: object

A collection of the fields in a PolicyStatement that can be used to identify a principal.

This consists of the JSON used in the “Principal” field, and optionally a set of “Condition”s that need to be applied to the policy.

Generally, a principal looks like:

{ '<TYPE>': ['ID', 'ID', ...] }

And this is also the type of the field principalJson. However, there is a special type of principal that is just the string ‘*’, which is treated differently by some services. To represent that principal, principalJson should contain { 'LiteralString': ['*'] }.

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_iam as iam

# conditions is of type object

principal_policy_fragment = iam.PrincipalPolicyFragment({
    "principal_json_key": ["principalJson"]
}, {
    "conditions_key": conditions
})
Parameters
  • principal_json (Mapping[str, Sequence[str]]) – JSON of the “Principal” section in a policy statement.

  • conditions (Optional[Mapping[str, Any]]) – The conditions under which the policy is in effect. See the IAM documentation. conditions that need to be applied to this policy

Attributes

conditions

The conditions under which the policy is in effect.

See the IAM documentation. conditions that need to be applied to this policy

Return type

Mapping[str, Any]

principal_json

JSON of the “Principal” section in a policy statement.

Return type

Mapping[str, List[str]]