Resource
Provides a CodeBuild Resource Policy Resource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.codebuild.ReportGroup("example", {
name: "example",
type: "TEST",
exportConfig: {
type: "NO_EXPORT",
},
});
const current = aws.getPartition({});
const currentGetCallerIdentity = aws.getCallerIdentity({});
const exampleResourcePolicy = new aws.codebuild.ResourcePolicy("example", {
resourceArn: example.arn,
policy: pulumi.jsonStringify({
Version: "2012-10-17",
Id: "default",
Statement: [{
Sid: "default",
Effect: "Allow",
Principal: {
AWS: Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) => `arn:${current.partition}:iam::${currentGetCallerIdentity.accountId}:root`),
},
Action: [
"codebuild:BatchGetReportGroups",
"codebuild:BatchGetReports",
"codebuild:ListReportsForReportGroup",
"codebuild:DescribeTestCases",
],
Resource: example.arn,
}],
}),
});Content copied to clipboard
import pulumi
import json
import pulumi_aws as aws
example = aws.codebuild.ReportGroup("example",
name="example",
type="TEST",
export_config={
"type": "NO_EXPORT",
})
current = aws.get_partition()
current_get_caller_identity = aws.get_caller_identity()
example_resource_policy = aws.codebuild.ResourcePolicy("example",
resource_arn=example.arn,
policy=pulumi.Output.json_dumps({
"Version": "2012-10-17",
"Id": "default",
"Statement": [{
"Sid": "default",
"Effect": "Allow",
"Principal": {
"AWS": f"arn:{current.partition}:iam::{current_get_caller_identity.account_id}:root",
},
"Action": [
"codebuild:BatchGetReportGroups",
"codebuild:BatchGetReports",
"codebuild:ListReportsForReportGroup",
"codebuild:DescribeTestCases",
],
"Resource": example.arn,
}],
}))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.CodeBuild.ReportGroup("example", new()
{
Name = "example",
Type = "TEST",
ExportConfig = new Aws.CodeBuild.Inputs.ReportGroupExportConfigArgs
{
Type = "NO_EXPORT",
},
});
var current = Aws.GetPartition.Invoke();
var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();
var exampleResourcePolicy = new Aws.CodeBuild.ResourcePolicy("example", new()
{
ResourceArn = example.Arn,
Policy = Output.JsonSerialize(Output.Create(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Id"] = "default",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Sid"] = "default",
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["AWS"] = Output.Tuple(current, currentGetCallerIdentity).Apply(values =>
{
var current = values.Item1;
var currentGetCallerIdentity = values.Item2;
return $"arn:{current.Apply(getPartitionResult => getPartitionResult.Partition)}:iam::{currentGetCallerIdentity.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:root";
}),
},
["Action"] = new[]
{
"codebuild:BatchGetReportGroups",
"codebuild:BatchGetReports",
"codebuild:ListReportsForReportGroup",
"codebuild:DescribeTestCases",
},
["Resource"] = example.Arn,
},
},
})),
});
});Content copied to clipboard
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codebuild"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := codebuild.NewReportGroup(ctx, "example", &codebuild.ReportGroupArgs{
Name: pulumi.String("example"),
Type: pulumi.String("TEST"),
ExportConfig: &codebuild.ReportGroupExportConfigArgs{
Type: pulumi.String("NO_EXPORT"),
},
})
if err != nil {
return err
}
current, err := aws.GetPartition(ctx, &aws.GetPartitionArgs{}, nil)
if err != nil {
return err
}
currentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, &aws.GetCallerIdentityArgs{}, nil)
if err != nil {
return err
}
_, err = codebuild.NewResourcePolicy(ctx, "example", &codebuild.ResourcePolicyArgs{
ResourceArn: example.Arn,
Policy: example.Arn.ApplyT(func(arn string) (pulumi.String, error) {
var _zero pulumi.String
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Id": "default",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Sid": "default",
"Effect": "Allow",
"Principal": map[string]interface{}{
"AWS": fmt.Sprintf("arn:%v:iam::%v:root", current.Partition, currentGetCallerIdentity.AccountId),
},
"Action": []string{
"codebuild:BatchGetReportGroups",
"codebuild:BatchGetReports",
"codebuild:ListReportsForReportGroup",
"codebuild:DescribeTestCases",
},
"Resource": arn,
},
},
})
if err != nil {
return _zero, err
}
json0 := string(tmpJSON0)
return pulumi.String(json0), nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.codebuild.ReportGroup;
import com.pulumi.aws.codebuild.ReportGroupArgs;
import com.pulumi.aws.codebuild.inputs.ReportGroupExportConfigArgs;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetPartitionArgs;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.codebuild.ResourcePolicy;
import com.pulumi.aws.codebuild.ResourcePolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ReportGroup("example", ReportGroupArgs.builder()
.name("example")
.type("TEST")
.exportConfig(ReportGroupExportConfigArgs.builder()
.type("NO_EXPORT")
.build())
.build());
final var current = AwsFunctions.getPartition(GetPartitionArgs.builder()
.build());
final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity(GetCallerIdentityArgs.builder()
.build());
var exampleResourcePolicy = new ResourcePolicy("exampleResourcePolicy", ResourcePolicyArgs.builder()
.resourceArn(example.arn())
.policy(example.arn().applyValue(_arn -> serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Id", "default"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Sid", "default"),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("AWS", String.format("arn:%s:iam::%s:root", current.partition(),currentGetCallerIdentity.accountId()))
)),
jsonProperty("Action", jsonArray(
"codebuild:BatchGetReportGroups",
"codebuild:BatchGetReports",
"codebuild:ListReportsForReportGroup",
"codebuild:DescribeTestCases"
)),
jsonProperty("Resource", _arn)
)))
))))
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:codebuild:ReportGroup
properties:
name: example
type: TEST
exportConfig:
type: NO_EXPORT
exampleResourcePolicy:
type: aws:codebuild:ResourcePolicy
name: example
properties:
resourceArn: ${example.arn}
policy:
fn::toJSON:
Version: 2012-10-17
Id: default
Statement:
- Sid: default
Effect: Allow
Principal:
AWS: arn:${current.partition}:iam::${currentGetCallerIdentity.accountId}:root
Action:
- codebuild:BatchGetReportGroups
- codebuild:BatchGetReports
- codebuild:ListReportsForReportGroup
- codebuild:DescribeTestCases
Resource: ${example.arn}
variables:
current:
fn::invoke:
function: aws:getPartition
arguments: {}
currentGetCallerIdentity:
fn::invoke:
function: aws:getCallerIdentity
arguments: {}Content copied to clipboard
Import
Using pulumi import, import CodeBuild Resource Policy using the CodeBuild Resource Policy arn. For example:
$ pulumi import aws:codebuild/resourcePolicy:ResourcePolicy example arn:aws:codebuild:us-west-2:123456789:report-group/report-group-nameContent copied to clipboard
Properties
Link copied to clipboard
A JSON-formatted resource policy. For more information, see Sharing a Projec and Sharing a Report Group.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The ARN of the Project or ReportGroup resource you want to associate with a resource policy.