Class ServicePrincipal

An IAM principal that represents an AWS service (i.e. sqs.amazonaws.com).

Inheritance

object

PrincipalBase

ServicePrincipal

Implements

IAssumeRolePrincipal

IComparablePrincipal

IPrincipal

IGrantable

Inherited Members

PrincipalBase.AddToAssumeRolePolicy(PolicyDocument)

PrincipalBase.AddToPolicy(PolicyStatement)

PrincipalBase.AddToPrincipalPolicy(PolicyStatement)

PrincipalBase.ToJSON()

PrincipalBase.WithConditions(IDictionary<string, object>)

PrincipalBase.WithSessionTags()

PrincipalBase.AssumeRoleAction

PrincipalBase.GrantPrincipal

PrincipalBase.PrincipalAccount

Namespace: Amazon.CDK.AWS.IAM

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public class ServicePrincipal : PrincipalBase, IAssumeRolePrincipal, IComparablePrincipal, IPrincipal, IGrantable

Syntax (vb)

Public Class ServicePrincipal Inherits PrincipalBase Implements IAssumeRolePrincipal, IComparablePrincipal, IPrincipal, IGrantable

Remarks

ExampleMetadata: fixture=default infused

Examples

// Create a custom execution role
            var executionRole = new Role(this, "BrowserExecutionRole", new RoleProps {
                AssumedBy = new ServicePrincipal("bedrock-agentcore.amazonaws.com"),
                ManagedPolicies = new [] { ManagedPolicy.FromAwsManagedPolicyName("AmazonBedrockAgentCoreBrowserExecutionRolePolicy") }
            });

            // Create browser with custom execution role
            var browser = new BrowserCustom(this, "MyBrowser", new BrowserCustomProps {
                BrowserCustomName = "my_browser",
                Description = "Browser with custom execution role",
                NetworkConfiguration = BrowserNetworkConfiguration.UsingPublicNetwork(),
                ExecutionRole = executionRole
            });

Synopsis

Constructors

ServicePrincipal(string, IServicePrincipalOpts?)

Reference an AWS service, optionally in a given region.

Properties

PolicyFragment	Return the policy fragment that identifies this principal in a Policy.
Service	AWS service (i.e. sqs.amazonaws.com).

Methods

DedupeString()	Return whether or not this principal is equal to the given principal.
FromStaticServicePrincipleName(string)	Return the service principal using the service principal name as it is passed to the function without any change regardless of the region used in the stack if it is Opted in or not.
ServicePrincipalName(string)	Return the service principal name based on the region it's used in.
ToString()	Returns a string representation of an object.

Constructors

ServicePrincipal(string, IServicePrincipalOpts?)

Reference an AWS service, optionally in a given region.

public ServicePrincipal(string service, IServicePrincipalOpts? opts = null)

Parameters

service string

AWS service (i.e. sqs.amazonaws.com).

opts IServicePrincipalOpts

AWS service (i.e. sqs.amazonaws.com).

Remarks

ExampleMetadata: fixture=default infused

Properties

PolicyFragment

Return the policy fragment that identifies this principal in a Policy.

public override PrincipalPolicyFragment PolicyFragment { get; }

Property Value

PrincipalPolicyFragment

Overrides

PrincipalBase.PolicyFragment

Remarks

ExampleMetadata: fixture=default infused

Service

AWS service (i.e. sqs.amazonaws.com).

public virtual string Service { get; }

Property Value

string

Remarks

ExampleMetadata: fixture=default infused

Methods

DedupeString()

Return whether or not this principal is equal to the given principal.

public override string? DedupeString()

Returns

string

Overrides

PrincipalBase.DedupeString()

Remarks

ExampleMetadata: fixture=default infused

FromStaticServicePrincipleName(string)

Return the service principal using the service principal name as it is passed to the function without any change regardless of the region used in the stack if it is Opted in or not.

public static ServicePrincipal FromStaticServicePrincipleName(string servicePrincipalName)

Parameters

servicePrincipalName string

Returns

ServicePrincipal

Remarks

ExampleMetadata: fixture=default infused

Examples

var principalName = ServicePrincipal.FromStaticServicePrincipleName("elasticmapreduce.amazonaws.com.cn");

ServicePrincipalName(string)

Return the service principal name based on the region it's used in.

public static string ServicePrincipalName(string service)

Parameters

service string

Returns

string

Remarks

Some service principal names used to be different for different partitions, and some were not. This method would return the appropriate region-specific service principal name, getting that information from the region-info module.

These days all service principal names are standardized, and they are all of the form <servicename>.amazonaws.com.

To avoid breaking changes, handling is provided for services added with the formats below, however, no additional handling will be added for new regions or partitions.

Examples

var principalName = ServicePrincipal.ServicePrincipalName("ec2.amazonaws.com");

ToString()

Returns a string representation of an object.

public override string ToString()

Returns

string

Overrides

PrincipalBase.ToString()

Remarks

ExampleMetadata: fixture=default infused

Implements

IAssumeRolePrincipal

IComparablePrincipal

IPrincipal

IGrantable