interface SdkCallsPolicyOptions
Language | Type name |
---|---|
.NET | Amazon.CDK.CustomResources.SdkCallsPolicyOptions |
Go | github.com/aws/aws-cdk-go/awscdk/v2/customresources#SdkCallsPolicyOptions |
Java | software.amazon.awscdk.customresources.SdkCallsPolicyOptions |
Python | aws_cdk.custom_resources.SdkCallsPolicyOptions |
TypeScript (source) | aws-cdk-lib » custom_resources » SdkCallsPolicyOptions |
Options for the auto-generation of policies based on the configured SDK calls.
Example
const getParameter = new cr.AwsCustomResource(this, 'GetParameter', {
onUpdate: { // will also be called for a CREATE event
service: 'SSM',
action: 'GetParameter',
parameters: {
Name: 'my-parameter',
WithDecryption: true,
},
physicalResourceId: cr.PhysicalResourceId.of(Date.now().toString()), // Update physical id to always fetch the latest version
},
policy: cr.AwsCustomResourcePolicy.fromSdkCalls({
resources: cr.AwsCustomResourcePolicy.ANY_RESOURCE,
}),
});
// Use the value in another construct with
getParameter.getResponseField('Parameter.Value');
Properties
Name | Type | Description |
---|---|---|
resources | string[] | The resources that the calls will have access to. |
resources
Type:
string[]
The resources that the calls will have access to.
It is best to use specific resource ARN's when possible. However, you can also use AwsCustomResourcePolicy.ANY_RESOURCE
to allow access to all resources. For example, when onCreate
is used to create a resource which you don't
know the physical name of in advance.
Note that will apply to ALL SDK calls.