Class UntrustedCodeBoundaryPolicy
java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.Resource
software.amazon.awscdk.services.iam.ManagedPolicy
software.amazon.awscdk.services.codebuild.UntrustedCodeBoundaryPolicy
- All Implemented Interfaces:
IConstruct
,IDependable
,IResource
,IManagedPolicy
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)",
date="2023-06-19T16:30:41.852Z")
@Stability(Stable)
public class UntrustedCodeBoundaryPolicy
extends ManagedPolicy
Permissions Boundary for a CodeBuild Project running untrusted code.
This class is a Policy, intended to be used as a Permissions Boundary for a CodeBuild project. It allows most of the actions necessary to run the CodeBuild project, but disallows reading from Parameter Store and Secrets Manager.
Use this when your CodeBuild project is running untrusted code (for example, if you are using one to automatically build Pull Requests that anyone can submit), and you want to prevent your future self from accidentally exposing Secrets to this build.
(The reason you might want to do this is because otherwise anyone who can submit a Pull Request to your project can write a script to email those secrets to themselves).
Example:
Project project; PermissionsBoundary.of(project).apply(new UntrustedCodeBoundaryPolicy(this, "Boundary"));
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic final class
A fluent builder forUntrustedCodeBoundaryPolicy
.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct
IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IManagedPolicy
IManagedPolicy.Jsii$Default, IManagedPolicy.Jsii$Proxy
Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IResource
IResource.Jsii$Default
-
Constructor Summary
ModifierConstructorDescriptionprotected
UntrustedCodeBoundaryPolicy
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
UntrustedCodeBoundaryPolicy
(software.amazon.jsii.JsiiObjectRef objRef) UntrustedCodeBoundaryPolicy
(software.constructs.Construct scope, String id) UntrustedCodeBoundaryPolicy
(software.constructs.Construct scope, String id, UntrustedCodeBoundaryPolicyProps props) -
Method Summary
Methods inherited from class software.amazon.awscdk.services.iam.ManagedPolicy
addStatements, attachToGroup, attachToRole, attachToUser, fromAwsManagedPolicyName, fromManagedPolicyArn, fromManagedPolicyName, getDescription, getDocument, getManagedPolicyArn, getManagedPolicyName, getPath, validate
Methods inherited from class software.amazon.awscdk.core.Resource
applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource
Methods inherited from class software.amazon.awscdk.core.Construct
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize
Methods inherited from class software.constructs.Construct
toString
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.awscdk.core.IConstruct
getNode
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Constructor Details
-
UntrustedCodeBoundaryPolicy
protected UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObjectRef objRef) -
UntrustedCodeBoundaryPolicy
protected UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
UntrustedCodeBoundaryPolicy
@Stability(Stable) public UntrustedCodeBoundaryPolicy(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable UntrustedCodeBoundaryPolicyProps props) - Parameters:
scope
- This parameter is required.id
- This parameter is required.props
-
-
UntrustedCodeBoundaryPolicy
@Stability(Stable) public UntrustedCodeBoundaryPolicy(@NotNull software.constructs.Construct scope, @NotNull String id) - Parameters:
scope
- This parameter is required.id
- This parameter is required.
-