Class UntrustedCodeBoundaryPolicy
Permissions Boundary for a CodeBuild Project running untrusted code.
Inherited Members
Namespace: Amazon.CDK.AWS.CodeBuild
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class UntrustedCodeBoundaryPolicy : ManagedPolicy, IResource, IManagedPolicy, IGrantable
Syntax (vb)
Public Class UntrustedCodeBoundaryPolicy
Inherits ManagedPolicy
Implements IResource, IManagedPolicy, IGrantable
Remarks
This class is a Policy, intended to be used as a Permissions Boundary for a CodeBuild project. It allows most of the actions necessary to run the CodeBuild project, but disallows reading from Parameter Store and Secrets Manager.
Use this when your CodeBuild project is running untrusted code (for example, if you are using one to automatically build Pull Requests that anyone can submit), and you want to prevent your future self from accidentally exposing Secrets to this build.
(The reason you might want to do this is because otherwise anyone who can submit a Pull Request to your project can write a script to email those secrets to themselves).
Examples
Project project;
PermissionsBoundary.Of(project).Apply(new UntrustedCodeBoundaryPolicy(this, "Boundary"));
Synopsis
Constructors
UntrustedCodeBoundaryPolicy(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
UntrustedCodeBoundaryPolicy(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
UntrustedCodeBoundaryPolicy(Construct, String, IUntrustedCodeBoundaryPolicyProps) |
Constructors
UntrustedCodeBoundaryPolicy(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected UntrustedCodeBoundaryPolicy(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
UntrustedCodeBoundaryPolicy(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected UntrustedCodeBoundaryPolicy(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
UntrustedCodeBoundaryPolicy(Construct, String, IUntrustedCodeBoundaryPolicyProps)
public UntrustedCodeBoundaryPolicy(Construct scope, string id, IUntrustedCodeBoundaryPolicyProps props = null)
Parameters
- scope Constructs.Construct
- id System.String
- props IUntrustedCodeBoundaryPolicyProps