pulumi-aws-kotlin/com.pulumi.aws.signer.kotlin/SigningProfilePermission

SigningProfilePermission

class SigningProfilePermission : KotlinCustomResource

Creates a Signer Signing Profile Permission. That is, a cross-account permission for a signing profile.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.signer.SigningProfile;
import com.pulumi.aws.signer.SigningProfileArgs;
import com.pulumi.aws.signer.inputs.SigningProfileSignatureValidityPeriodArgs;
import com.pulumi.aws.signer.SigningProfilePermission;
import com.pulumi.aws.signer.SigningProfilePermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var prodSp = new SigningProfile("prodSp", SigningProfileArgs.builder()
            .platformId("AWSLambda-SHA384-ECDSA")
            .namePrefix("prod_sp_")
            .signatureValidityPeriod(SigningProfileSignatureValidityPeriodArgs.builder()
                .value(5)
                .type("YEARS")
                .build())
            .tags(Map.ofEntries(
                Map.entry("tag1", "value1"),
                Map.entry("tag2", "value2")
            ))
            .build());
        var spPermission1 = new SigningProfilePermission("spPermission1", SigningProfilePermissionArgs.builder()
            .profileName(prodSp.name())
            .action("signer:StartSigningJob")
            .principal(var_.aws_account())
            .build());
        var spPermission2 = new SigningProfilePermission("spPermission2", SigningProfilePermissionArgs.builder()
            .profileName(prodSp.name())
            .action("signer:GetSigningProfile")
            .principal(var_.aws_team_role_arn())
            .statementId("ProdAccountStartSigningJob_StatementId")
            .build());
        var spPermission3 = new SigningProfilePermission("spPermission3", SigningProfilePermissionArgs.builder()
            .profileName(prodSp.name())
            .action("signer:RevokeSignature")
            .principal("123456789012")
            .profileVersion(prodSp.version())
            .statementIdPrefix("version-permission-")
            .build());
    }
}
Content copied to clipboard

Import

Signer signing profile permission statements can be imported using profile_name/statement_id, e.g.,

$ pulumi import aws:signer/signingProfilePermission:SigningProfilePermission test_signer_signing_profile_permission prod_profile_DdW3Mk1foYL88fajut4mTVFGpuwfd4ACO6ANL0D1uIj7lrn8adK/ProdAccountStartSigningJobStatementId
Content copied to clipboard

Properties

Link copied to clipboard
val action: Output<String>

An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, or signer:RevokeSignature.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val principal: Output<String>

The AWS principal to be granted a cross-account permission.

Link copied to clipboard
val profileName: Output<String>

Name of the signing profile to add the cross-account permissions.

Link copied to clipboard
val profileVersion: Output<String>

The signing profile version that a permission applies to.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val statementId: Output<String>

A unique statement identifier. By default generated by the provider.

Link copied to clipboard
val statementIdPrefix: Output<String>?

A statement identifier prefix. The provider will generate a unique suffix. Conflicts with statement_id.

Link copied to clipboard
val urn: Output<String>