ServicePrincipal¶

class aws_cdk.aws_iam.ServicePrincipal(service, *, conditions=None, region=None)¶

Bases: aws_cdk.aws_iam.PrincipalBase

An IAM principal that represents an AWS service (i.e. sqs.amazonaws.com).

ExampleMetadata: infused

Example:

lambda_role = iam.Role(self, "Role",
    assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"),
    description="Example role..."
)

stream = kinesis.Stream(self, "MyEncryptedStream",
    encryption=kinesis.StreamEncryption.KMS
)

# give lambda permissions to read stream
stream.grant_read(lambda_role)

Parameters

service (str) – AWS service (i.e. sqs.amazonaws.com).
conditions (Optional[Mapping[str, Any]]) – Additional conditions to add to the Service Principal. Default: - No conditions
region (Optional[str]) – (deprecated) The region in which the service is operating. Default: - the current Stack’s region.

Methods

add_to_assume_role_policy(document)¶

Add the princpial to the AssumeRolePolicyDocument.

Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.

Parameters

document (PolicyDocument) –

Return type

None

add_to_policy(statement)¶

Add to the policy of this principal.

Parameters

statement (PolicyStatement) –

Return type

bool

add_to_principal_policy(_statement)¶

Add to the policy of this principal.

Parameters

_statement (PolicyStatement) –

Return type

AddToPrincipalPolicyResult

dedupe_string()¶

Return whether or not this principal is equal to the given principal.

Return type: Optional[str]

to_json()¶

JSON-ify the principal.

Used when JSON.stringify() is called

Return type: Mapping[str, List[str]]

to_string()¶

Returns a string representation of an object.

Return type: str

with_conditions(conditions)¶

Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.

When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.

Parameters

conditions (Mapping[str, Any]) –

Return type

PrincipalBase

Returns

a new PrincipalWithConditions object.

with_session_tags()¶

Returns a new principal using this principal as the base, with session tags enabled.

Return type: PrincipalBase
Returns: a new SessionTagsPrincipal object.

Attributes

assume_role_action¶

When this Principal is used in an AssumeRole policy, the action to use.

Return type: str

grant_principal¶

The principal to grant permissions to.

Return type: IPrincipal

policy_fragment¶

Return the policy fragment that identifies this principal in a Policy.

Return type: PrincipalPolicyFragment

principal_account¶

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it’s assumed to be AWS::AccountId.

Return type: Optional[str]

service¶

AWS service (i.e. sqs.amazonaws.com).

Return type: str

Static Methods

classmethod service_principal_name(service)¶

Translate the given service principal name based on the region it’s used in.

For example, for Chinese regions this may (depending on whether that’s necessary for the given service principal) append .cn to the name.

The region-info module is used to obtain this information.

Parameters

service (str) –

Example:

principal_name = iam.ServicePrincipal.service_principal_name("ec2.amazonaws.com")

Return type: str