UNPKG

aws-delivlib

Version:

A fabulous library for defining continuous pipelines for building, testing and releasing code libraries.

github.com/cdklabs/aws-delivlib

cdklabs/aws-delivlib

37 lines (36 loc) 1.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
import { aws_iam as iam } from 'aws-cdk-lib'; /** * Describe a Secrets Manager secret external to the CDK app */ export interface ExternalSecret { /** * The ARN of the AWS Secrets Manager secret. */ secretArn: string; /** * ARN of the encryption key for this secret. * * (After creation of the project, you must manually grant "kms:Decrypt" * permissions on this key to the role created for this CodeBuild project). */ keyArn?: string; /** * Optional role to be assumed in order to access the secret. * @default None */ assumeRoleArn?: string; /** * The region where the secret is stored. * @default current region */ region?: Region; } export type Region = 'us-east-1' | 'us-east-2' | 'us-west-1' | 'us-west-2' | 'ap-northeast-1' | 'ap-northeast-2' | 'ap-northeast-3' | 'ap-south-1' | 'ap-southeast-1' | 'ap-southeast-2' | 'ca-central-1' | 'cn-north-1' | 'cn-northwest-1' | 'eu-central-1' | 'eu-west-1' | 'eu-west-2' | 'eu-west-3' | 'sa-east-1'; /** * Give the role permission to read a particular secret and its key. */ export declare function grantSecretRead(secret: ExternalSecret, identity: iam.IPrincipal): void; /** * Give the role permission to assume another role. */ export declare function grantAssumeRole(roleToAssumeArn: string, identity: iam.IPrincipal): void;