RAM / Client / list_principals

list_principals#

RAM.Client.list_principals(**kwargs)#

Lists the principals that you are sharing resources with or that are sharing resources with you.

See also: AWS API Documentation

Request Syntax

response = client.list_principals(
    resourceOwner='SELF'|'OTHER-ACCOUNTS',
    resourceArn='string',
    principals=[
        'string',
    ],
    resourceType='string',
    resourceShareArns=[
        'string',
    ],
    nextToken='string',
    maxResults=123
)
Parameters:
  • resourceOwner (string) –

    [REQUIRED]

    Specifies that you want to list information for only resource shares that match the following:

    • SELF – principals that your account is sharing resources with

    • OTHER-ACCOUNTS – principals that are sharing resources with your account

  • resourceArn (string) – Specifies that you want to list principal information for the resource share with the specified Amazon Resource Name (ARN).

  • principals (list) –

    Specifies that you want to list information for only the listed principals.

    You can include the following values:

    • An Amazon Web Services account ID, for example: 123456789012

    • An Amazon Resource Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid

    • An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123

    • An ARN of an IAM role, for example: iam::123456789012:role/rolename

    • An ARN of an IAM user, for example: iam::123456789012user/username

    Note

    Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide.

    • (string) –

  • resourceType (string) –

    Specifies that you want to list information for only principals associated with resource shares that include the specified resource type.

    For a list of valid values, query the ListResourceTypes operation.

  • resourceShareArns (list) –

    Specifies that you want to list information for only principals associated with the resource shares specified by a list the Amazon Resource Names (ARNs).

    • (string) –

  • nextToken (string) – Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call’s NextToken response to request the next page of results.

  • maxResults (integer) – Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

Return type:

dict

Returns:

Response Syntax

{
    'principals': [
        {
            'id': 'string',
            'resourceShareArn': 'string',
            'creationTime': datetime(2015, 1, 1),
            'lastUpdatedTime': datetime(2015, 1, 1),
            'external': True|False
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) –

    • principals (list) –

      An array of objects that contain the details about the principals.

      • (dict) –

        Describes a principal for use with Resource Access Manager.

        • id (string) –

          The ID of the principal that can be associated with a resource share.

        • resourceShareArn (string) –

          The Amazon Resource Name (ARN) of a resource share the principal is associated with.

        • creationTime (datetime) –

          The date and time when the principal was associated with the resource share.

        • lastUpdatedTime (datetime) –

          The date and time when the association between the resource share and the principal was last updated.

        • external (boolean) –

          Indicates the relationship between the Amazon Web Services account the principal belongs to and the account that owns the resource share:

          • True – The two accounts belong to same organization.

          • False – The two accounts do not belong to the same organization.

    • nextToken (string) –

      If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.

Exceptions