ServicePrincipalOpts
- class aws_cdk.aws_iam.ServicePrincipalOpts(*, conditions=None, region=None)
Bases:
object
Options for a service principal.
- Parameters:
conditions (
Optional
[Mapping
[str
,Any
]]) – Additional conditions to add to the Service Principal. Default: - No conditionsregion (
Optional
[str
]) – The region in which you want to reference the service. This is only necessary for cross-region references to opt-in regions. In those cases, the region name needs to be included to reference the correct service principal. In all other cases, the global service principal name is sufficient. This field behaves differently depending on whether the@aws-cdk/aws-iam:standardizedServicePrincipals
flag is set or not: - If the flag is set, the input service principal is assumed to be of the formSERVICE.amazonaws.com
. That value will always be returned, unless the given region is an opt-in region and the service principal is rendered in a stack in a different region, in which caseSERVICE.REGION.amazonaws.com
will be rendered. Under this regime, there is no downside to always specifying the region property: it will be rendered only if necessary. - If the flag is not set, the service principal will resolve to a single principal whose name comes from the@aws-cdk/region-info
package, using the region to override the stack region. If there is no entry for this service principal in the database,, the input service name is returned literally. This is legacy behavior and is not recommended. Default: - the resolving Stack’s region.
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_iam as iam # conditions: Any service_principal_opts = iam.ServicePrincipalOpts( conditions={ "conditions_key": conditions }, region="region" )
Attributes
- conditions
Additional conditions to add to the Service Principal.
- Default:
No conditions
- region
The region in which you want to reference the service.
This is only necessary for cross-region references to opt-in regions. In those cases, the region name needs to be included to reference the correct service principal. In all other cases, the global service principal name is sufficient.
This field behaves differently depending on whether the
@aws-cdk/aws-iam:standardizedServicePrincipals
flag is set or not:If the flag is set, the input service principal is assumed to be of the form
SERVICE.amazonaws.com
. That value will always be returned, unless the given region is an opt-in region and the service principal is rendered in a stack in a different region, in which caseSERVICE.REGION.amazonaws.com
will be rendered. Under this regime, there is no downside to always specifying the region property: it will be rendered only if necessary.If the flag is not set, the service principal will resolve to a single principal whose name comes from the
@aws-cdk/region-info
package, using the region to override the stack region. If there is no entry for this service principal in the database,, the input service name is returned literally. This is legacy behavior and is not recommended.
- Default:
the resolving Stack’s region.