Skip to content

Resource: awsCodeartifactRepositoryPermissionsPolicy

Provides a CodeArtifact Repostory Permissions Policy Resource.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsKmsKeyExample = new aws.kmsKey.KmsKey(this, "example", {
  description: "domain key",
});
const awsCodeartifactDomainExample =
  new aws.codeartifactDomain.CodeartifactDomain(this, "example_1", {
    domain: "example",
    encryptionKey: awsKmsKeyExample.arn,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCodeartifactDomainExample.overrideLogicalId("example");
const awsCodeartifactRepositoryExample =
  new aws.codeartifactRepository.CodeartifactRepository(this, "example_2", {
    domain: awsCodeartifactDomainExample.domain,
    repository: "example",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCodeartifactRepositoryExample.overrideLogicalId("example");
const dataAwsIamPolicyDocumentExample =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example_3", {
    statement: [
      {
        actions: ["codeartifact:CreateRepository"],
        effect: "Allow",
        principals: [
          {
            identifiers: ["*"],
            type: "*",
          },
        ],
        resources: [awsCodeartifactDomainExample.arn],
      },
    ],
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsIamPolicyDocumentExample.overrideLogicalId("example");
const awsCodeartifactRepositoryPermissionsPolicyExample =
  new aws.codeartifactRepositoryPermissionsPolicy.CodeartifactRepositoryPermissionsPolicy(
    this,
    "example_4",
    {
      domain: awsCodeartifactDomainExample.domain,
      policyDocument: dataAwsIamPolicyDocumentExample.json,
      repository: awsCodeartifactRepositoryExample.repository,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCodeartifactRepositoryPermissionsPolicyExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • repository - (Required) The name of the repository to set the resource policy on.
  • domain - (Required) The name of the domain on which to set the resource policy.
  • policyDocument - (Required) A JSON policy string to be set as the access control resource policy on the provided domain.
  • domainOwner - (Optional) The account number of the AWS account that owns the domain.
  • policyRevision - (Optional) The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ARN of the resource associated with the resource policy.
  • resourceArn - The ARN of the resource associated with the resource policy.

Import

CodeArtifact Repository Permissions Policies can be imported using the CodeArtifact Repository ARN, e.g.,

$ terraform import aws_codeartifact_repository_permissions_policy.example arn:aws:codeartifact:us-west-2:012345678912:repository/tf-acc-test-6968272603913957763/tf-acc-test-6968272603913957763