Class Principal

Namespace

Amazon.Auth.AccessControlPolicy

Assembly

AWSSDK.Core.dll

A principal is an AWS account which is being allowed or denied access to a resource through an access control policy. The principal is a property of the Statement object, not directly the Policy object.

The principal is A in the statement "A has permission to do B to C where D applies."

In an access control policy statement, you can set the principal to all authenticated AWS users through the AllUsers member. This is useful when you don't want to restrict access based on the identity of the requester, but instead on other identifying characteristics such as the requester's IP address.

public class Principal

Inheritance

object

Principal

Inherited Members

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Constructors

Principal(string)

Constructs a new principal with the specified AWS account ID.

public Principal(string accountId)

Parameters

accountId string

An AWS account ID.

Principal(string, string)

Constructs a new principal with the specified provider and id

public Principal(string provider, string id)

Parameters

provider string

The provider of the principal

id string

The unique ID of the Principal within the provider

Principal(string, string, bool)

Constructs a new principal with the specified provider and id and optionally strips hyphens from the id

public Principal(string provider, string id, bool stripHyphen)

Parameters

provider string

The provider of the principal

id string

The unique ID of the Principal within the provider

stripHyphen bool

Strip hyphen

Fields

ANONYMOUS_PROVIDER

Dummy principal provider for anonynous.

public const string ANONYMOUS_PROVIDER = "__ANONYMOUS__"

Field Value

string

AWS_PROVIDER

The default Principal provider for AWS accounts.

public const string AWS_PROVIDER = "AWS"

Field Value

string

AllUsers

Principal instance that includes all authenticated AWS users.

This is useful when you don't want to restrict access based on the identity of the requester, but instead on other identifying characteristics such as the requester's IP address.

public static readonly Principal AllUsers

Field Value

Principal

Anonymous

The anonymous Principal.

public static readonly Principal Anonymous

Field Value

Principal

CANONICAL_USER_PROVIDER

Principal provider for Canonical User IDs.

public const string CANONICAL_USER_PROVIDER = "CanonicalUser"

Field Value

string

FEDERATED_PROVIDER

Principal provider for federated users (using a SAML identity provider)

public const string FEDERATED_PROVIDER = "Federated"

Field Value

string

SERVICE_PROVIDER

Principal provider for assume role policies that will be assumed by an AWS service (e.g. "ec2.amazonaws.com").

public const string SERVICE_PROVIDER = "Service"

Field Value

string

Properties

Id

Gets the unique ID for this principal.

public string Id { get; }

Property Value

string

Provider

Gets and sets the provider for this principal, which indicates in what group of users this principal resides.

public string Provider { get; set; }

Property Value

string