UNPKG

@scloud/cdk-patterns

Version:

Serverless CDK patterns for common infrastructure needs

github.com/davidcarboni/scloud

davidcarboni/scloud

47 lines (46 loc) 2.79 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import { CfnAccessKey, OpenIdConnectProvider, Role, User } from 'aws-cdk-lib/aws-iam'; import { Stack } from 'aws-cdk-lib'; import { IRepository } from 'aws-cdk-lib/aws-ecr'; import { IFunction } from 'aws-cdk-lib/aws-lambda'; import { IBucket } from 'aws-cdk-lib/aws-s3'; import { IDistribution } from 'aws-cdk-lib/aws-cloudfront'; import { Construct } from 'constructs'; export declare function addGhaSecret(construct: Construct, name: string, value: string): void; export declare function addGhaVariable(construct: Construct, name: string, type: string, value: string): void; export declare function addGhaLambda(construct: Construct, name: string, lambda: IFunction): void; export declare function addGhaBucket(construct: Construct, name: string, bucket: IBucket): void; export declare function addGhaDistribution(construct: Construct, name: string, distribution: IDistribution): void; export declare function addGhaRepository(construct: Construct, name: string, repository: IRepository): void; export declare function saveGhaValues(stack: Stack): void; export declare function ghaPolicy(stack: Stack): import("aws-cdk-lib/aws-iam").ManagedPolicy; /** * @deprecated - Use GithubActions instead * * Create an account-wide OIDC connection fo Guthub Actions. * NB only one OIDC provider for GitHub can be created per AWS account (because the provider URL must be unique). * To provide access to resources, you can create multiple roles that trust the provider so you'll probably want to call ghaOidcRole() instead. * See: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services * @param repo What to grant access to. This is a minimum of a GitHub owner (user or org), optionally a repository name, and you can also specify a filter to limit access to e.g. a branch. */ export declare function ghaOidcProvider(stack: Stack): OpenIdConnectProvider; /** * @deprecated - Use GithubActions instead * * Add permissions to the GitHub OIDC role that allow workflows to access the AWS resources in this stack that need to be updated at build time. * See: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services * @param repo The repository to grant access to (owner and name). You can also specify a filter to limit access e.g. to a branch. */ export declare function ghaOidcRole(stack: Stack, repo: { owner: string; repo?: string; filter?: string; }, openIdConnectProvider?: OpenIdConnectProvider): Role; /** * @deprecated - Use GithubActions instead * * A user for Gihud Actions CI/CD. */ export declare function ghaUser(stack: Stack, username?: string): { user: User; accessKey: CfnAccessKey | undefined; };