:doc:`EC2 <../../ec2>` / Client / modify_vpc_endpoint_service_permissions

***************************************
modify_vpc_endpoint_service_permissions
***************************************



.. py:method:: EC2.Client.modify_vpc_endpoint_service_permissions(**kwargs)

  

  Modifies the permissions for your VPC endpoint service. You can add or remove permissions for service consumers (Amazon Web Services accounts, users, and IAM roles) to connect to your endpoint service. Principal ARNs with path components aren't supported.

   

  If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcEndpointServicePermissions>`_  


  **Request Syntax**
  ::

    response = client.modify_vpc_endpoint_service_permissions(
        DryRun=True|False,
        ServiceId='string',
        AddAllowedPrincipals=[
            'string',
        ],
        RemoveAllowedPrincipals=[
            'string',
        ]
    )
    
  :type DryRun: boolean
  :param DryRun: 

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ``DryRunOperation``. Otherwise, it is ``UnauthorizedOperation``.

    

  
  :type ServiceId: string
  :param ServiceId: **[REQUIRED]** 

    The ID of the service.

    

  
  :type AddAllowedPrincipals: list
  :param AddAllowedPrincipals: 

    The Amazon Resource Names (ARN) of the principals. Permissions are granted to the principals in this list. To grant permissions to all principals, specify an asterisk (*).

    

  
    - *(string) --* 

    

  :type RemoveAllowedPrincipals: list
  :param RemoveAllowedPrincipals: 

    The Amazon Resource Names (ARN) of the principals. Permissions are revoked for principals in this list.

    

  
    - *(string) --* 

    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'AddedPrincipals': [
              {
                  'PrincipalType': 'All'|'Service'|'OrganizationUnit'|'Account'|'User'|'Role',
                  'Principal': 'string',
                  'ServicePermissionId': 'string',
                  'ServiceId': 'string'
              },
          ],
          'ReturnValue': True|False
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **AddedPrincipals** *(list) --* 

        Information about the added principals.

        
        

        - *(dict) --* 

          Describes a principal.

          
          

          - **PrincipalType** *(string) --* 

            The type of principal.

            
          

          - **Principal** *(string) --* 

            The Amazon Resource Name (ARN) of the principal.

            
          

          - **ServicePermissionId** *(string) --* 

            The ID of the service permission.

            
          

          - **ServiceId** *(string) --* 

            The ID of the service.

            
      
    
      

      - **ReturnValue** *(boolean) --* 

        Returns ``true`` if the request succeeds; otherwise, it returns an error.

        
  