software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.services.iam.ManagedPolicy

software.amazon.awscdk.services.codebuild.UntrustedCodeBoundaryPolicy

All Implemented Interfaces:: IResource, IGrantable, IManagedPolicy, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.97.0 (build 729de35)", date="2024-04-18T17:54:14.122Z") @Stability(Stable) public class UntrustedCodeBoundaryPolicy extends ManagedPolicy

Permissions Boundary for a CodeBuild Project running untrusted code.

This class is a Policy, intended to be used as a Permissions Boundary for a CodeBuild project. It allows most of the actions necessary to run the CodeBuild project, but disallows reading from Parameter Store and Secrets Manager.

Use this when your CodeBuild project is running untrusted code (for example, if you are using one to automatically build Pull Requests that anyone can submit), and you want to prevent your future self from accidentally exposing Secrets to this build.

(The reason you might want to do this is because otherwise anyone who can submit a Pull Request to your project can write a script to email those secrets to themselves).

Example:

 Project project;
 PermissionsBoundary.of(project).apply(new UntrustedCodeBoundaryPolicy(this, "Boundary"));

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

static final class

UntrustedCodeBoundaryPolicy.Builder

A fluent builder for UntrustedCodeBoundaryPolicy.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IGrantable
IGrantable.Jsii$Default, IGrantable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IManagedPolicy
IManagedPolicy.Jsii$Default, IManagedPolicy.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource
IResource.Jsii$Default
Constructor Summary

Constructors

Modifier

Constructor

Description

protected

UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

protected

UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObjectRef objRef)

UntrustedCodeBoundaryPolicy(software.constructs.Construct scope, String id)

UntrustedCodeBoundaryPolicy(software.constructs.Construct scope, String id, UntrustedCodeBoundaryPolicyProps props)
Method Summary

Methods inherited from class software.amazon.awscdk.services.iam.ManagedPolicy
addStatements, attachToGroup, attachToRole, attachToUser, fromAwsManagedPolicyName, fromManagedPolicyArn, fromManagedPolicyName, getDescription, getDocument, getGrantPrincipal, getManagedPolicyArn, getManagedPolicyName, getPath

Methods inherited from class software.amazon.awscdk.Resource
applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource

Methods inherited from class software.constructs.Construct
getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.constructs.IConstruct
getNode

Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson

Constructor Details
- UntrustedCodeBoundaryPolicy
  
  protected UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObjectRef objRef)
- UntrustedCodeBoundaryPolicy
  
  protected UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
- UntrustedCodeBoundaryPolicy
  
  @Stability(Stable) public UntrustedCodeBoundaryPolicy(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable UntrustedCodeBoundaryPolicyProps props)
  
  Parameters:
  
  scope - This parameter is required.
  
  id - This parameter is required.
  
  props -
- UntrustedCodeBoundaryPolicy
  
  @Stability(Stable) public UntrustedCodeBoundaryPolicy(@NotNull software.constructs.Construct scope, @NotNull String id)
  
  Parameters:
  
  scope - This parameter is required.
  
  id - This parameter is required.

Class UntrustedCodeBoundaryPolicy

Nested Class Summary

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

Nested classes/interfaces inherited from interface software.constructs.IConstruct

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IGrantable

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IManagedPolicy

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource

Constructor Summary

Method Summary

Methods inherited from class software.amazon.awscdk.services.iam.ManagedPolicy

Methods inherited from class software.amazon.awscdk.Resource

Methods inherited from class software.constructs.Construct

Methods inherited from class software.amazon.jsii.JsiiObject

Methods inherited from class java.lang.Object

Methods inherited from interface software.constructs.IConstruct

Methods inherited from interface software.amazon.jsii.JsiiSerializable

Constructor Details

UntrustedCodeBoundaryPolicy

UntrustedCodeBoundaryPolicy

UntrustedCodeBoundaryPolicy

UntrustedCodeBoundaryPolicy