AccountPrincipal

class aws_cdk.aws_iam.AccountPrincipal(account_id)

Bases: ArnPrincipal

Specify AWS account ID as the principal entity in a policy to delegate authority to the account.

ExampleMetadata:: infused

Example:

cluster = neptune.DatabaseCluster(self, "Cluster",
    vpc=vpc,
    instance_type=neptune.InstanceType.R5_LARGE,
    iam_authentication=True
)
role = iam.Role(self, "DBRole", assumed_by=iam.AccountPrincipal(self.account))
cluster.grant_connect(role)

Parameters:: account_id (Any) – AWS account ID (i.e. 123456789012).

Methods

add_to_assume_role_policy(document)

Add the princpial to the AssumeRolePolicyDocument.

Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.

Parameters:: document (PolicyDocument)
Return type:: None

add_to_policy(statement)

Add to the policy of this principal.

Parameters:: statement (PolicyStatement)
Return type:: bool

add_to_principal_policy(_statement)

Add to the policy of this principal.

Parameters:: _statement (PolicyStatement)
Return type:: AddToPrincipalPolicyResult

dedupe_string()

Return whether or not this principal is equal to the given principal.

Return type:: Optional[str]

in_organization(organization_id)

A convenience method for adding a condition that the principal is part of the specified AWS Organization.

Parameters:: organization_id (str)
Return type:: PrincipalBase

to_json()

JSON-ify the principal.

Used when JSON.stringify() is called

Return type:: Mapping[str, List[str]]

to_string()

Returns a string representation of an object.

Return type:: str

with_conditions(conditions)

Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.

When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.

Parameters:: conditions (Mapping[str, Any])
Return type:: PrincipalBase
Returns:: a new PrincipalWithConditions object.

with_session_tags()

Returns a new principal using this principal as the base, with session tags enabled.

Return type:: PrincipalBase
Returns:: a new SessionTagsPrincipal object.

Attributes

account_id: AWS account ID (i.e. 123456789012).

arn

iam::123456789012:user/user-name).

Type:: Amazon Resource Name (ARN) of the principal entity (i.e. arn
Type:: aws

assume_role_action: When this Principal is used in an AssumeRole policy, the action to use.

grant_principal: The principal to grant permissions to.

policy_fragment: Return the policy fragment that identifies this principal in a Policy.

principal_account

The AWS account ID of this principal.

Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it’s assumed to be AWS::AccountId.