CanonicalUserPrincipal

class aws_cdk.aws_iam.CanonicalUserPrincipal(canonical_user_id)

Bases: PrincipalBase

A policy principal for canonicalUserIds - useful for S3 bucket policies that use Origin Access identities.

See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html

and

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

for more details.

ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_iam as iam

canonical_user_principal = iam.CanonicalUserPrincipal("canonicalUserId")

Parameters:: canonical_user_id (str) – unique identifier assigned by AWS for every account. root user and IAM users for an account all see the same ID. (i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)

Methods

add_to_assume_role_policy(document)

Add the princpial to the AssumeRolePolicyDocument.

Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.

Parameters:

document (PolicyDocument) –

Return type:

None

add_to_policy(statement)

Add to the policy of this principal.

Parameters:

statement (PolicyStatement) –

Return type:

bool

add_to_principal_policy(_statement)

Add to the policy of this principal.

Parameters:

_statement (PolicyStatement) –

Return type:

AddToPrincipalPolicyResult

dedupe_string()

Return whether or not this principal is equal to the given principal.

Return type:: Optional[str]

to_json()

JSON-ify the principal.

Used when JSON.stringify() is called

Return type:: Mapping[str, List[str]]

to_string()

Returns a string representation of an object.

Return type:: str

with_conditions(conditions)

Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.

When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.

Parameters:

conditions (Mapping[str, Any]) –

Return type:

PrincipalBase

Returns:

a new PrincipalWithConditions object.

with_session_tags()

Returns a new principal using this principal as the base, with session tags enabled.

Return type:: PrincipalBase
Returns:: a new SessionTagsPrincipal object.

Attributes

assume_role_action: When this Principal is used in an AssumeRole policy, the action to use.

canonical_user_id

unique identifier assigned by AWS for every account.

root user and IAM users for an account all see the same ID. (i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)

grant_principal: The principal to grant permissions to.

policy_fragment: Return the policy fragment that identifies this principal in a Policy.

principal_account

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it’s assumed to be AWS::AccountId.