AWS::EC2::VPCEndpointServicePermissions - AWS CloudFormation


Grant or revoke permissions for service consumers (users, IAM roles, and AWS accounts) to connect to a VPC endpoint service.

If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::EC2::VPCEndpointServicePermissions", "Properties" : { "AllowedPrincipals" : [ String, ... ], "ServiceId" : String } }


Type: AWS::EC2::VPCEndpointServicePermissions Properties: AllowedPrincipals: - String ServiceId: String



The Amazon Resource Names (ARN) of one or more principals (for example, users, IAM roles, and AWS accounts). Permissions are granted to the principals in this list. To grant permissions to all principals, specify an asterisk (*). Permissions are revoked for principals not in this list. If the list is empty, then all permissions are revoked.

Required: No

Type: Array of String

Update requires: No interruption


The ID of the service.

Required: Yes

Type: String

Update requires: Replacement

Return values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the VPC endpoint service permissions.

For more information about using the Ref function, see Ref.