CanonicalUserPrincipal
- class aws_cdk.aws_iam.CanonicalUserPrincipal(canonical_user_id)
Bases:
PrincipalBase
A policy principal for canonicalUserIds - useful for S3 bucket policies that use Origin Access identities.
See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html
and
for more details.
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_iam as iam canonical_user_principal = iam.CanonicalUserPrincipal("canonicalUserId")
- Parameters:
canonical_user_id (
str
) – unique identifier assigned by AWS for every account. root user and IAM users for an account all see the same ID. (i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)
Methods
- add_to_assume_role_policy(document)
Add the principal to the AssumeRolePolicyDocument.
Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.
- Parameters:
document (
PolicyDocument
) –- Return type:
None
- add_to_policy(statement)
Add to the policy of this principal.
- Parameters:
statement (
PolicyStatement
) –- Return type:
bool
- add_to_principal_policy(_statement)
Add to the policy of this principal.
- Parameters:
_statement (
PolicyStatement
) –- Return type:
- dedupe_string()
Return whether or not this principal is equal to the given principal.
- Return type:
Optional
[str
]
- to_json()
JSON-ify the principal.
Used when JSON.stringify() is called
- Return type:
Mapping
[str
,List
[str
]]
- to_string()
Returns a string representation of an object.
- Return type:
str
- with_conditions(conditions)
Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.
- Parameters:
conditions (
Mapping
[str
,Any
]) –- Return type:
- Returns:
a new PrincipalWithConditions object.
- with_session_tags()
Returns a new principal using this principal as the base, with session tags enabled.
- Return type:
- Returns:
a new SessionTagsPrincipal object.
Attributes
- assume_role_action
When this Principal is used in an AssumeRole policy, the action to use.
- canonical_user_id
unique identifier assigned by AWS for every account.
root user and IAM users for an account all see the same ID. (i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)
- grant_principal
The principal to grant permissions to.
- policy_fragment
Return the policy fragment that identifies this principal in a Policy.
- principal_account
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it’s assumed to be AWS::AccountId.