PrincipalPolicyFragment

class aws_cdk.aws_iam.PrincipalPolicyFragment(principal_json, conditions=None)

Bases: object

A collection of the fields in a PolicyStatement that can be used to identify a principal.

This consists of the JSON used in the “Principal” field, and optionally a set of “Condition”s that need to be applied to the policy.

Generally, a principal looks like:

{ '<TYPE>': ['ID', 'ID', ...] }

And this is also the type of the field principalJson. However, there is a special type of principal that is just the string ‘*’, which is treated differently by some services. To represent that principal, principalJson should contain { 'LiteralString': ['*'] }.

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_iam as iam

# conditions: Any

principal_policy_fragment = iam.PrincipalPolicyFragment({
    "principal_json_key": ["principalJson"]
}, {
    "conditions_key": conditions
})
Parameters:
  • principal_json (Mapping[str, Sequence[str]]) – JSON of the “Principal” section in a policy statement.

  • conditions (Optional[Mapping[str, Any]]) – The conditions under which the policy is in effect. See the IAM documentation. conditions that need to be applied to this policy

Attributes

conditions

The conditions under which the policy is in effect.

See the IAM documentation. conditions that need to be applied to this policy

principal_json

JSON of the “Principal” section in a policy statement.