Package software.amazon.awscdk.customresources

Interface AwsSdkCall

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
AwsSdkCall.Jsii$Proxy
@Generated(value="jsii-pacmak/1.119.0 (build 1634eac)", date="2025-11-17T14:41:02.825Z") @Stability(Stable) public interface AwsSdkCall extends software.amazon.jsii.JsiiSerializable
An AWS SDK call.

Example: 

 AwsCustomResource.Builder.create(this, "GetParameterCustomResource")
         .onUpdate(AwsSdkCall.builder() // will also be called for a CREATE event
                 .service("SSM")
                 .action("getParameter")
                 .parameters(Map.of(
                         "Name", "my-parameter",
                         "WithDecryption", true))
                 .physicalResourceId(PhysicalResourceId.fromResponse("Parameter.ARN")).build())
         .policy(AwsCustomResourcePolicy.fromSdkCalls(SdkCallsPolicyOptions.builder()
                 .resources(AwsCustomResourcePolicy.ANY_RESOURCE)
                 .build()))
         .build();

  • Method Details

    • getAction

      @Stability(Stable) @NotNull String getAction()
      The service action to call.

      This is the name of an AWS API call, in one of the following forms:

      • An API call name as found in the API Reference documentation (GetObject)
      • The API call name starting with a lowercase letter (getObject)
      • The AWS SDK for JavaScript v3 command class name (GetObjectCommand)

      See Also:

    • getService

      @Stability(Stable) @NotNull String getService()
      The service to call.

      This is the name of an AWS service, in one of the following forms:

      • An AWS SDK for JavaScript v3 package name (@aws-sdk/client-api-gateway)
      • An AWS SDK for JavaScript v3 client name (api-gateway)
      • An AWS SDK for JavaScript v2 constructor name (APIGateway)
      • A lowercase AWS SDK for JavaScript v2 constructor name (apigateway)

      See Also:

    • getApiVersion

      @Stability(Stable) @Nullable default String getApiVersion()
      API version to use for the service.

      Default: - use latest available API version

      See Also:

    • getAssumedRoleArn

      @Stability(Stable) @Nullable default String getAssumedRoleArn()
      Used for running the SDK calls in underlying lambda with a different role.

      Can be used primarily for cross-account requests to for example connect hostedzone with a shared vpc. Region controls where assumeRole call is made.

      Example for Route53 / associateVPCWithHostedZone

      Default: - run without assuming role

    • getExternalId

      @Stability(Stable) @Nullable default String getExternalId()
      External ID to use when assuming the role for cross-account requests.

      This is an additional security measure that helps prevent the "confused deputy" problem where an entity that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action.

      The external ID must be provided by the third-party service and should not be generated by you. This value should be unique among the third-party service's customers.

      This property is only used when assumedRoleArn is specified.

      Default: - no external ID

      See Also:

    • getIgnoreErrorCodesMatching

      @Stability(Stable) @Nullable default String getIgnoreErrorCodesMatching()
      The regex pattern to use to catch API errors.

      The code property of the Error object will be tested against this pattern. If there is a match an error will not be thrown.

      Default: - do not catch errors

    • getLogging

      @Stability(Stable) @Nullable default Logging getLogging()
      A property used to configure logging during lambda function execution.

      Note: The default Logging configuration is all. This configuration will enable logging on all logged data in the lambda handler. This includes:

      • The event object that is received by the lambda handler
      • The response received after making a API call
      • The response object that the lambda handler will return
      • SDK versioning information
      • Caught and uncaught errors

      Default: Logging.all()

    • getOutputPaths

      @Stability(Stable) @Nullable default List<String> getOutputPaths()
      Restrict the data returned by the custom resource to specific paths in the API response.

      Use this to limit the data returned by the custom resource if working with API calls that could potentially result in custom response objects exceeding the hard limit of 4096 bytes.

      Example for ECS / updateService: ['service.deploymentConfiguration.maximumPercent']

      Default: - return all data

    • getParameters

      @Stability(Stable) @Nullable default Object getParameters()
      The parameters for the service action.

      Default: - no parameters

      See Also:

    • getPhysicalResourceId

      @Stability(Stable) @Nullable default PhysicalResourceId getPhysicalResourceId()
      The physical resource id of the custom resource for this call.

      Mandatory for onCreate call. In onUpdate, you can omit this to passthrough it from request.

      Default: - no physical resource id

    • getRegion

      @Stability(Stable) @Nullable default String getRegion()
      The region to send service requests to.

      Note: Cross-region operations are generally considered an anti-pattern. Consider first deploying a stack in that region.

      Default: - the region where this custom resource is deployed

    • builder

      @Stability(Stable) static AwsSdkCall.Builder builder()
      Returns:
      a AwsSdkCall.Builder of AwsSdkCall