software.amazon.awscdk.services.codebuild

Class UntrustedCodeBoundaryPolicy

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.Resource

software.amazon.awscdk.services.iam.ManagedPolicy

software.amazon.awscdk.services.codebuild.UntrustedCodeBoundaryPolicy

All Implemented Interfaces:

IResource, IManagedPolicy, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.30.0 (build adae23f)",
           date="2021-06-30T10:00:56.563Z")
 @Stability(value=Experimental)
public class UntrustedCodeBoundaryPolicy
extends ManagedPolicy

(experimental) Permissions Boundary for a CodeBuild Project running untrusted code.

This class is a Policy, intended to be used as a Permissions Boundary for a CodeBuild project. It allows most of the actions necessary to run the CodeBuild project, but disallows reading from Parameter Store and Secrets Manager.

Use this when your CodeBuild project is running untrusted code (for example, if you are using one to automatically build Pull Requests that anyone can submit), and you want to prevent your future self from accidentally exposing Secrets to this build.

(The reason you might want to do this is because otherwise anyone who can submit a Pull Request to your project can write a script to email those secrets to themselves).

Example:

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 iam.PermissionsBoundary.of(project).apply(new UntrustedCodeBoundaryPolicy(this, "Boundary"));

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	UntrustedCodeBoundaryPolicy.Builder (experimental) A fluent builder for UntrustedCodeBoundaryPolicy.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IManagedPolicy

IManagedPolicy.Jsii$Default, IManagedPolicy.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource

IResource.Jsii$Default

Constructor Summary

Constructors

Modifier	Constructor and Description
	UntrustedCodeBoundaryPolicy(software.constructs.Construct scope, String id)
	UntrustedCodeBoundaryPolicy(software.constructs.Construct scope, String id, UntrustedCodeBoundaryPolicyProps props)
protected	UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Methods inherited from class software.amazon.awscdk.services.iam.ManagedPolicy

addStatements, attachToGroup, attachToRole, attachToUser, fromAwsManagedPolicyName, fromManagedPolicyArn, fromManagedPolicyName, getDescription, getDocument, getManagedPolicyArn, getManagedPolicyName, getPath

Methods inherited from class software.amazon.awscdk.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource

Methods inherited from class software.constructs.Construct

getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Methods inherited from interface software.constructs.IConstruct

getNode

Constructor Detail

UntrustedCodeBoundaryPolicy

protected UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObjectRef objRef)

UntrustedCodeBoundaryPolicy

protected UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

UntrustedCodeBoundaryPolicy

@Stability(value=Experimental)
public UntrustedCodeBoundaryPolicy(@NotNull
                                                                  software.constructs.Construct scope,
                                                                  @NotNull
                                                                  String id,
                                                                  @Nullable
                                                                  UntrustedCodeBoundaryPolicyProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props -

UntrustedCodeBoundaryPolicy

@Stability(value=Experimental)
public UntrustedCodeBoundaryPolicy(@NotNull
                                                                  software.constructs.Construct scope,
                                                                  @NotNull
                                                                  String id)

Parameters:

scope - This parameter is required.

id - This parameter is required.