class aws_cdk.pipelines.ConfirmPermissionsBroadening(id, *, stage, notification_topic=None)

Bases: Step

Pause the pipeline if a deployment would add IAM permissions or Security Group rules.

This step is only supported in CodePipeline pipelines.




# pipeline: pipelines.CodePipeline

stage = MyApplicationStage(self, "MyApplication")
        pipelines.ConfirmPermissionsBroadening("Check", stage=stage)
  • id (str) – Identifier for this step.

  • stage (Stage) – The CDK Stage object to check the stacks of. This should be the same Stage object you are passing to addStage().

  • notification_topic (Optional[ITopic]) – Topic to send notifications when a human needs to give manual confirmation. Default: - no notification



Add a dependency on another step.


step (Step) –

Return type:


produce_action(stage, *, action_name, artifacts, pipeline, run_order, scope, stack_outputs_map, before_self_mutation=None, code_build_defaults=None, fallback_artifact=None, variables_namespace=None)

Create the desired Action and add it to the pipeline.

  • stage (IStage) –

  • action_name (str) – Name the action should get.

  • artifacts (ArtifactMap) – Helper object to translate FileSets to CodePipeline Artifacts.

  • pipeline (CodePipeline) – The pipeline the action is being generated for.

  • run_order (Union[int, float]) – RunOrder the action should get.

  • scope (Construct) – Scope in which to create constructs.

  • stack_outputs_map (StackOutputsMap) – Helper object to produce variables exported from stack deployments. If your step references outputs from a stack deployment, use this to map the output references to Codepipeline variable names. Note - Codepipeline variables can only be referenced in action configurations.

  • before_self_mutation (Optional[bool]) – Whether or not this action is inserted before self mutation. If it is, the action should take care to reflect some part of its own definition in the pipeline action definition, to trigger a restart after self-mutation (if necessary). Default: false

  • code_build_defaults (Union[CodeBuildOptions, Dict[str, Any], None]) – If this action factory creates a CodeBuild step, default options to inherit. Default: - No CodeBuild project defaults

  • fallback_artifact (Optional[Artifact]) – An input artifact that CodeBuild projects that don’t actually need an input artifact can use. CodeBuild Projects MUST have an input artifact in order to be added to the Pipeline. If the Project doesn’t actually care about its input (it can be anything), it can use the Artifact passed here. Default: - A fallback artifact does not exist

  • variables_namespace (Optional[str]) – If this step is producing outputs, the variables namespace assigned to it. Pass this on to the Action you are creating. Default: - Step doesn’t produce any outputs

Return type:



Return a string representation of this Step.

Return type:




StackOutputReferences this step consumes.


Return the steps this step depends on, based on the FileSets it requires.


The list of FileSets consumed by this Step.


Identifier for this step.


Whether or not this is a Source step.

What it means to be a Source step depends on the engine.


The primary FileSet produced by this Step.

Not all steps produce an output FileSet–if they do you can substitute the Step object for the FileSet object.

Static Methods

classmethod sequence(steps)

Define a sequence of steps to be executed in order.

If you need more fine-grained step ordering, use the addStepDependency() API. For example, if you want secondStep to occur after firstStep, call secondStep.addStepDependency(firstStep).


steps (Sequence[Step]) –

Return type: