Resource: awsSignerSigningProfilePermission
Creates a Signer Signing Profile Permission. That is, a cross-account permission for a signing profile.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSignerSigningProfileProdSp =
new aws.signerSigningProfile.SignerSigningProfile(this, "prod_sp", {
namePrefix: "prod_sp_",
platformId: "AWSLambda-SHA384-ECDSA",
signatureValidityPeriod: {
type: "YEARS",
value: 5,
},
tags: {
tag1: "value1",
tag2: "value2",
},
});
new aws.signerSigningProfilePermission.SignerSigningProfilePermission(
this,
"sp_permission_1",
{
action: "signer:StartSigningJob",
principal: "${var.aws_account}",
profileName: awsSignerSigningProfileProdSp.name,
}
);
new aws.signerSigningProfilePermission.SignerSigningProfilePermission(
this,
"sp_permission_2",
{
action: "signer:GetSigningProfile",
principal: "${var.aws_team_role_arn}",
profileName: awsSignerSigningProfileProdSp.name,
statementId: "ProdAccountStartSigningJob_StatementId",
}
);
new aws.signerSigningProfilePermission.SignerSigningProfilePermission(
this,
"sp_permission_3",
{
action: "signer:RevokeSignature",
principal: "123456789012",
profileName: awsSignerSigningProfileProdSp.name,
profileVersion: awsSignerSigningProfileProdSp.version,
statementIdPrefix: "version-permission-",
}
);
Argument Reference
profileName
- (Required) Name of the signing profile to add the cross-account permissions.action
- (Required) An AWS Signer action permitted as part of cross-account permissions. Valid values:signer:startSigningJob
,signer:getSigningProfile
, orsigner:revokeSignature
.principal
- (Required) The AWS principal to be granted a cross-account permission.profileVersion
- (Optional) The signing profile version that a permission applies to.statementId
- (Optional) A unique statement identifier. By default generated by Terraform.statementIdPrefix
- (Optional) A statement identifier prefix. Terraform will generate a unique suffix. Conflicts withstatementId
.
Attributes Reference
No additional attributes are exported.
Import
Signer signing profile permission statements can be imported using profile_name/statement_id, e.g.,