ServicePrincipalOpts

class aws_cdk.aws_iam.ServicePrincipalOpts(*, conditions=None, region=None)

Bases: object

Options for a service principal.

Parameters:
  • conditions (Optional[Mapping[str, Any]]) – Additional conditions to add to the Service Principal. Default: - No conditions

  • region (Optional[str]) – The region in which you want to reference the service. This is only necessary for cross-region references to opt-in regions. In those cases, the region name needs to be included to reference the correct service principal. In all other cases, the global service principal name is sufficient. This field behaves differently depending on whether the @aws-cdk/aws-iam:standardizedServicePrincipals flag is set or not: - If the flag is set, the input service principal is assumed to be of the form SERVICE.amazonaws.com. That value will always be returned, unless the given region is an opt-in region and the service principal is rendered in a stack in a different region, in which case SERVICE.REGION.amazonaws.com will be rendered. Under this regime, there is no downside to always specifying the region property: it will be rendered only if necessary. - If the flag is not set, the service principal will resolve to a single principal whose name comes from the @aws-cdk/region-info package, using the region to override the stack region. If there is no entry for this service principal in the database,, the input service name is returned literally. This is legacy behavior and is not recommended. Default: - the resolving Stack’s region.

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_iam as iam

# conditions: Any

service_principal_opts = iam.ServicePrincipalOpts(
    conditions={
        "conditions_key": conditions
    },
    region="region"
)

Attributes

conditions

Additional conditions to add to the Service Principal.

Default:
  • No conditions

region

The region in which you want to reference the service.

This is only necessary for cross-region references to opt-in regions. In those cases, the region name needs to be included to reference the correct service principal. In all other cases, the global service principal name is sufficient.

This field behaves differently depending on whether the @aws-cdk/aws-iam:standardizedServicePrincipals flag is set or not:

  • If the flag is set, the input service principal is assumed to be of the form SERVICE.amazonaws.com. That value will always be returned, unless the given region is an opt-in region and the service principal is rendered in a stack in a different region, in which case SERVICE.REGION.amazonaws.com will be rendered. Under this regime, there is no downside to always specifying the region property: it will be rendered only if necessary.

  • If the flag is not set, the service principal will resolve to a single principal whose name comes from the @aws-cdk/region-info package, using the region to override the stack region. If there is no entry for this service principal in the database,, the input service name is returned literally. This is legacy behavior and is not recommended.

Default:
  • the resolving Stack’s region.