ServicePrincipal¶
-
class
aws_cdk.aws_iam.
ServicePrincipal
(service, *, conditions=None, region=None)¶ Bases:
aws_cdk.aws_iam.PrincipalBase
An IAM principal that represents an AWS service (i.e. sqs.amazonaws.com).
- ExampleMetadata
infused
Example:
lambda_role = iam.Role(self, "Role", assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"), description="Example role..." ) stream = kinesis.Stream(self, "MyEncryptedStream", encryption=kinesis.StreamEncryption.KMS ) # give lambda permissions to read stream stream.grant_read(lambda_role)
- Parameters
service (
str
) – AWS service (i.e. sqs.amazonaws.com).conditions (
Optional
[Mapping
[str
,Any
]]) – Additional conditions to add to the Service Principal. Default: - No conditionsregion (
Optional
[str
]) – (deprecated) The region in which the service is operating. Default: - the current Stack’s region.
Methods
-
add_to_assume_role_policy
(document)¶ Add the princpial to the AssumeRolePolicyDocument.
Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.
- Parameters
document (
PolicyDocument
) –- Return type
None
-
add_to_policy
(statement)¶ Add to the policy of this principal.
- Parameters
statement (
PolicyStatement
) –- Return type
bool
-
add_to_principal_policy
(_statement)¶ Add to the policy of this principal.
- Parameters
_statement (
PolicyStatement
) –- Return type
-
dedupe_string
()¶ Return whether or not this principal is equal to the given principal.
- Return type
Optional
[str
]
-
to_json
()¶ JSON-ify the principal.
Used when JSON.stringify() is called
- Return type
Mapping
[str
,List
[str
]]
-
to_string
()¶ Returns a string representation of an object.
- Return type
str
-
with_conditions
(conditions)¶ Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.
- Parameters
conditions (
Mapping
[str
,Any
]) –- Return type
- Returns
a new PrincipalWithConditions object.
Returns a new principal using this principal as the base, with session tags enabled.
- Return type
- Returns
a new SessionTagsPrincipal object.
Attributes
-
assume_role_action
¶ When this Principal is used in an AssumeRole policy, the action to use.
- Return type
str
-
grant_principal
¶ The principal to grant permissions to.
- Return type
-
policy_fragment
¶ Return the policy fragment that identifies this principal in a Policy.
- Return type
-
principal_account
¶ The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it’s assumed to be AWS::AccountId.
- Return type
Optional
[str
]
-
service
¶ AWS service (i.e. sqs.amazonaws.com).
- Return type
str
Static Methods
-
classmethod
service_principal_name
(service)¶ Translate the given service principal name based on the region it’s used in.
For example, for Chinese regions this may (depending on whether that’s necessary for the given service principal) append
.cn
to the name.The
region-info
module is used to obtain this information.- Parameters
service (
str
) –
Example:
principal_name = iam.ServicePrincipal.service_principal_name("ec2.amazonaws.com")
- Return type
str