in python/vpce/modify_vpce_service_permissions_sample.py [0:0]
def modify_vpce_service_permissions(service_id, principal_arns, add_remove):
"""
Modifies the permissions for your VPC endpoint service.
You can add or remove permissions for service consumers (IAM users,
IAM roles, and AWS accounts) to connect to your endpoint service.
If you grant permissions to all principals, the service is public.
Any users who know the name of a public service can send a request
to attach an endpoint. If the service does not require manual approval,
attachments are automatically approved.
Accepts
- service_id: Service id.
- principal_arns (list of str): List of principal arns ['iam_user1_arn']
- add_remove (str): Add or remove specified principal. 'add'|'remove'
Usage:
- modify_vpce_service_permissions('service1', ['principal_arn'], 'add',
True, db_dict)
- modify_vpce_service_permissions('vpce-svc-xxxx', ['principal_arn'],
'add')
"""
logging.info(f"Removing {principal_arns} from VPCE Service: {service_id}")
try:
if add_remove == 'add':
response = ec2.modify_vpc_endpoint_service_permissions(
ServiceId=service_id,
AddAllowedPrincipals=principal_arns
)
elif add_remove == 'remove':
response = ec2.modify_vpc_endpoint_service_permissions(
ServiceId=service_id,
RemoveAllowedPrincipals=principal_arns
)
return response
except ClientError as e:
logging.error(e)
return None