ArnComponents

class aws_cdk.ArnComponents(*, resource, service, account=None, arn_format=None, partition=None, region=None, resource_name=None)

Bases: object

Parameters:

  • resource (str) – Resource type (e.g. “table”, “autoScalingGroup”, “certificate”). For some resource types, e.g. S3 buckets, this field defines the bucket name.

  • service (str) – The service namespace that identifies the AWS product (for example, ‘s3’, ‘iam’, ‘codepipeline’).

  • account (Optional[str]) – The ID of the AWS account that owns the resource, without the hyphens. For example, 123456789012. Note that the ARNs for some resources don’t require an account number, so this component might be omitted. Default: The account the stack is deployed to.

  • arn_format (Optional[ArnFormat]) – The specific ARN format to use for this ARN value. Default: - uses value of sep as the separator for formatting, ArnFormat.SLASH_RESOURCE_NAME if that property was also not provided

  • partition (Optional[str]) – The partition that the resource is in. For standard AWS regions, the partition is aws. If you have resources in other partitions, the partition is aws-partitionname. For example, the partition for resources in the China (Beijing) region is aws-cn. Default: The AWS partition the stack is deployed to.

  • region (Optional[str]) – The region the resource resides in. Note that the ARNs for some resources do not require a region, so this component might be omitted. Default: The region the stack is deployed to.

  • resource_name (Optional[str]) – Resource name or path within the resource (i.e. S3 bucket object key) or a wildcard such as "*". This is service-dependent.

ExampleMetadata:

infused

Example:

from aws_cdk.aws_apigatewayv2_authorizers import WebSocketIamAuthorizer
from aws_cdk.aws_apigatewayv2_integrations import WebSocketLambdaIntegration

# This function handles your connect route
# connect_handler: lambda.Function


web_socket_api = apigwv2.WebSocketApi(self, "WebSocketApi")

web_socket_api.add_route("$connect",
    integration=WebSocketLambdaIntegration("Integration", connect_handler),
    authorizer=WebSocketIamAuthorizer()
)

# Create an IAM user (identity)
user = iam.User(self, "User")

web_socket_arn = Stack.of(self).format_arn(
    service="execute-api",
    resource=web_socket_api.api_id
)

# Grant access to the IAM user
user.attach_inline_policy(iam.Policy(self, "AllowInvoke",
    statements=[
        iam.PolicyStatement(
            actions=["execute-api:Invoke"],
            effect=iam.Effect.ALLOW,
            resources=[web_socket_arn]
        )
    ]
))

Attributes

account

The ID of the AWS account that owns the resource, without the hyphens.

For example, 123456789012. Note that the ARNs for some resources don’t require an account number, so this component might be omitted.

Default:

The account the stack is deployed to.

arn_format

The specific ARN format to use for this ARN value.

Default:

  • uses value of sep as the separator for formatting,

ArnFormat.SLASH_RESOURCE_NAME if that property was also not provided

partition

The partition that the resource is in.

For standard AWS regions, the partition is aws. If you have resources in other partitions, the partition is aws-partitionname. For example, the partition for resources in the China (Beijing) region is aws-cn.

Default:

The AWS partition the stack is deployed to.

region

The region the resource resides in.

Note that the ARNs for some resources do not require a region, so this component might be omitted.

Default:

The region the stack is deployed to.

resource

Resource type (e.g. “table”, “autoScalingGroup”, “certificate”). For some resource types, e.g. S3 buckets, this field defines the bucket name.

resource_name

Resource name or path within the resource (i.e. S3 bucket object key) or a wildcard such as "*". This is service-dependent.

service

The service namespace that identifies the AWS product (for example, ‘s3’, ‘iam’, ‘codepipeline’).