1. Packages
  2. AWS Classic
  3. API Docs
  4. signer
  5. SigningProfilePermission

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi

aws.signer.SigningProfilePermission

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi

    Creates a Signer Signing Profile Permission. That is, a cross-account permission for a signing profile.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const prodSp = new aws.signer.SigningProfile("prod_sp", {
        platformId: "AWSLambda-SHA384-ECDSA",
        namePrefix: "prod_sp_",
        signatureValidityPeriod: {
            value: 5,
            type: "YEARS",
        },
        tags: {
            tag1: "value1",
            tag2: "value2",
        },
    });
    const spPermission1 = new aws.signer.SigningProfilePermission("sp_permission_1", {
        profileName: prodSp.name,
        action: "signer:StartSigningJob",
        principal: awsAccount,
    });
    const spPermission2 = new aws.signer.SigningProfilePermission("sp_permission_2", {
        profileName: prodSp.name,
        action: "signer:GetSigningProfile",
        principal: awsTeamRoleArn,
        statementId: "ProdAccountStartSigningJob_StatementId",
    });
    const spPermission3 = new aws.signer.SigningProfilePermission("sp_permission_3", {
        profileName: prodSp.name,
        action: "signer:RevokeSignature",
        principal: "123456789012",
        profileVersion: prodSp.version,
        statementIdPrefix: "version-permission-",
    });
    
    import pulumi
    import pulumi_aws as aws
    
    prod_sp = aws.signer.SigningProfile("prod_sp",
        platform_id="AWSLambda-SHA384-ECDSA",
        name_prefix="prod_sp_",
        signature_validity_period=aws.signer.SigningProfileSignatureValidityPeriodArgs(
            value=5,
            type="YEARS",
        ),
        tags={
            "tag1": "value1",
            "tag2": "value2",
        })
    sp_permission1 = aws.signer.SigningProfilePermission("sp_permission_1",
        profile_name=prod_sp.name,
        action="signer:StartSigningJob",
        principal=aws_account)
    sp_permission2 = aws.signer.SigningProfilePermission("sp_permission_2",
        profile_name=prod_sp.name,
        action="signer:GetSigningProfile",
        principal=aws_team_role_arn,
        statement_id="ProdAccountStartSigningJob_StatementId")
    sp_permission3 = aws.signer.SigningProfilePermission("sp_permission_3",
        profile_name=prod_sp.name,
        action="signer:RevokeSignature",
        principal="123456789012",
        profile_version=prod_sp.version,
        statement_id_prefix="version-permission-")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/signer"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		prodSp, err := signer.NewSigningProfile(ctx, "prod_sp", &signer.SigningProfileArgs{
    			PlatformId: pulumi.String("AWSLambda-SHA384-ECDSA"),
    			NamePrefix: pulumi.String("prod_sp_"),
    			SignatureValidityPeriod: &signer.SigningProfileSignatureValidityPeriodArgs{
    				Value: pulumi.Int(5),
    				Type:  pulumi.String("YEARS"),
    			},
    			Tags: pulumi.StringMap{
    				"tag1": pulumi.String("value1"),
    				"tag2": pulumi.String("value2"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = signer.NewSigningProfilePermission(ctx, "sp_permission_1", &signer.SigningProfilePermissionArgs{
    			ProfileName: prodSp.Name,
    			Action:      pulumi.String("signer:StartSigningJob"),
    			Principal:   pulumi.Any(awsAccount),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = signer.NewSigningProfilePermission(ctx, "sp_permission_2", &signer.SigningProfilePermissionArgs{
    			ProfileName: prodSp.Name,
    			Action:      pulumi.String("signer:GetSigningProfile"),
    			Principal:   pulumi.Any(awsTeamRoleArn),
    			StatementId: pulumi.String("ProdAccountStartSigningJob_StatementId"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = signer.NewSigningProfilePermission(ctx, "sp_permission_3", &signer.SigningProfilePermissionArgs{
    			ProfileName:       prodSp.Name,
    			Action:            pulumi.String("signer:RevokeSignature"),
    			Principal:         pulumi.String("123456789012"),
    			ProfileVersion:    prodSp.Version,
    			StatementIdPrefix: pulumi.String("version-permission-"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var prodSp = new Aws.Signer.SigningProfile("prod_sp", new()
        {
            PlatformId = "AWSLambda-SHA384-ECDSA",
            NamePrefix = "prod_sp_",
            SignatureValidityPeriod = new Aws.Signer.Inputs.SigningProfileSignatureValidityPeriodArgs
            {
                Value = 5,
                Type = "YEARS",
            },
            Tags = 
            {
                { "tag1", "value1" },
                { "tag2", "value2" },
            },
        });
    
        var spPermission1 = new Aws.Signer.SigningProfilePermission("sp_permission_1", new()
        {
            ProfileName = prodSp.Name,
            Action = "signer:StartSigningJob",
            Principal = awsAccount,
        });
    
        var spPermission2 = new Aws.Signer.SigningProfilePermission("sp_permission_2", new()
        {
            ProfileName = prodSp.Name,
            Action = "signer:GetSigningProfile",
            Principal = awsTeamRoleArn,
            StatementId = "ProdAccountStartSigningJob_StatementId",
        });
    
        var spPermission3 = new Aws.Signer.SigningProfilePermission("sp_permission_3", new()
        {
            ProfileName = prodSp.Name,
            Action = "signer:RevokeSignature",
            Principal = "123456789012",
            ProfileVersion = prodSp.Version,
            StatementIdPrefix = "version-permission-",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.signer.SigningProfile;
    import com.pulumi.aws.signer.SigningProfileArgs;
    import com.pulumi.aws.signer.inputs.SigningProfileSignatureValidityPeriodArgs;
    import com.pulumi.aws.signer.SigningProfilePermission;
    import com.pulumi.aws.signer.SigningProfilePermissionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var prodSp = new SigningProfile("prodSp", SigningProfileArgs.builder()        
                .platformId("AWSLambda-SHA384-ECDSA")
                .namePrefix("prod_sp_")
                .signatureValidityPeriod(SigningProfileSignatureValidityPeriodArgs.builder()
                    .value(5)
                    .type("YEARS")
                    .build())
                .tags(Map.ofEntries(
                    Map.entry("tag1", "value1"),
                    Map.entry("tag2", "value2")
                ))
                .build());
    
            var spPermission1 = new SigningProfilePermission("spPermission1", SigningProfilePermissionArgs.builder()        
                .profileName(prodSp.name())
                .action("signer:StartSigningJob")
                .principal(awsAccount)
                .build());
    
            var spPermission2 = new SigningProfilePermission("spPermission2", SigningProfilePermissionArgs.builder()        
                .profileName(prodSp.name())
                .action("signer:GetSigningProfile")
                .principal(awsTeamRoleArn)
                .statementId("ProdAccountStartSigningJob_StatementId")
                .build());
    
            var spPermission3 = new SigningProfilePermission("spPermission3", SigningProfilePermissionArgs.builder()        
                .profileName(prodSp.name())
                .action("signer:RevokeSignature")
                .principal("123456789012")
                .profileVersion(prodSp.version())
                .statementIdPrefix("version-permission-")
                .build());
    
        }
    }
    
    resources:
      prodSp:
        type: aws:signer:SigningProfile
        name: prod_sp
        properties:
          platformId: AWSLambda-SHA384-ECDSA
          namePrefix: prod_sp_
          signatureValidityPeriod:
            value: 5
            type: YEARS
          tags:
            tag1: value1
            tag2: value2
      spPermission1:
        type: aws:signer:SigningProfilePermission
        name: sp_permission_1
        properties:
          profileName: ${prodSp.name}
          action: signer:StartSigningJob
          principal: ${awsAccount}
      spPermission2:
        type: aws:signer:SigningProfilePermission
        name: sp_permission_2
        properties:
          profileName: ${prodSp.name}
          action: signer:GetSigningProfile
          principal: ${awsTeamRoleArn}
          statementId: ProdAccountStartSigningJob_StatementId
      spPermission3:
        type: aws:signer:SigningProfilePermission
        name: sp_permission_3
        properties:
          profileName: ${prodSp.name}
          action: signer:RevokeSignature
          principal: '123456789012'
          profileVersion: ${prodSp.version}
          statementIdPrefix: version-permission-
    

    Create SigningProfilePermission Resource

    new SigningProfilePermission(name: string, args: SigningProfilePermissionArgs, opts?: CustomResourceOptions);
    @overload
    def SigningProfilePermission(resource_name: str,
                                 opts: Optional[ResourceOptions] = None,
                                 action: Optional[str] = None,
                                 principal: Optional[str] = None,
                                 profile_name: Optional[str] = None,
                                 profile_version: Optional[str] = None,
                                 statement_id: Optional[str] = None,
                                 statement_id_prefix: Optional[str] = None)
    @overload
    def SigningProfilePermission(resource_name: str,
                                 args: SigningProfilePermissionArgs,
                                 opts: Optional[ResourceOptions] = None)
    func NewSigningProfilePermission(ctx *Context, name string, args SigningProfilePermissionArgs, opts ...ResourceOption) (*SigningProfilePermission, error)
    public SigningProfilePermission(string name, SigningProfilePermissionArgs args, CustomResourceOptions? opts = null)
    public SigningProfilePermission(String name, SigningProfilePermissionArgs args)
    public SigningProfilePermission(String name, SigningProfilePermissionArgs args, CustomResourceOptions options)
    
    type: aws:signer:SigningProfilePermission
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args SigningProfilePermissionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SigningProfilePermissionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SigningProfilePermissionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SigningProfilePermissionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SigningProfilePermissionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    SigningProfilePermission Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The SigningProfilePermission resource accepts the following input properties:

    Action string
    An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, signer:RevokeSignature, or signer:SignPayload.
    Principal string
    The AWS principal to be granted a cross-account permission.
    ProfileName string
    Name of the signing profile to add the cross-account permissions.
    ProfileVersion string
    The signing profile version that a permission applies to.
    StatementId string
    A unique statement identifier. By default generated by the provider.
    StatementIdPrefix string
    A statement identifier prefix. The provider will generate a unique suffix. Conflicts with statement_id.
    Action string
    An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, signer:RevokeSignature, or signer:SignPayload.
    Principal string
    The AWS principal to be granted a cross-account permission.
    ProfileName string
    Name of the signing profile to add the cross-account permissions.
    ProfileVersion string
    The signing profile version that a permission applies to.
    StatementId string
    A unique statement identifier. By default generated by the provider.
    StatementIdPrefix string
    A statement identifier prefix. The provider will generate a unique suffix. Conflicts with statement_id.
    action String
    An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, signer:RevokeSignature, or signer:SignPayload.
    principal String
    The AWS principal to be granted a cross-account permission.
    profileName String
    Name of the signing profile to add the cross-account permissions.
    profileVersion String
    The signing profile version that a permission applies to.
    statementId String
    A unique statement identifier. By default generated by the provider.
    statementIdPrefix String
    A statement identifier prefix. The provider will generate a unique suffix. Conflicts with statement_id.
    action string
    An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, signer:RevokeSignature, or signer:SignPayload.
    principal string
    The AWS principal to be granted a cross-account permission.
    profileName string
    Name of the signing profile to add the cross-account permissions.
    profileVersion string
    The signing profile version that a permission applies to.
    statementId string
    A unique statement identifier. By default generated by the provider.
    statementIdPrefix string
    A statement identifier prefix. The provider will generate a unique suffix. Conflicts with statement_id.
    action str
    An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, signer:RevokeSignature, or signer:SignPayload.
    principal str
    The AWS principal to be granted a cross-account permission.
    profile_name str
    Name of the signing profile to add the cross-account permissions.
    profile_version str
    The signing profile version that a permission applies to.
    statement_id str
    A unique statement identifier. By default generated by the provider.
    statement_id_prefix str
    A statement identifier prefix. The provider will generate a unique suffix. Conflicts with statement_id.
    action String
    An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, signer:RevokeSignature, or signer:SignPayload.
    principal String
    The AWS principal to be granted a cross-account permission.
    profileName String
    Name of the signing profile to add the cross-account permissions.
    profileVersion String
    The signing profile version that a permission applies to.
    statementId String
    A unique statement identifier. By default generated by the provider.
    statementIdPrefix String
    A statement identifier prefix. The provider will generate a unique suffix. Conflicts with statement_id.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SigningProfilePermission resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing SigningProfilePermission Resource

    Get an existing SigningProfilePermission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SigningProfilePermissionState, opts?: CustomResourceOptions): SigningProfilePermission
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            action: Optional[str] = None,
            principal: Optional[str] = None,
            profile_name: Optional[str] = None,
            profile_version: Optional[str] = None,
            statement_id: Optional[str] = None,
            statement_id_prefix: Optional[str] = None) -> SigningProfilePermission
    func GetSigningProfilePermission(ctx *Context, name string, id IDInput, state *SigningProfilePermissionState, opts ...ResourceOption) (*SigningProfilePermission, error)
    public static SigningProfilePermission Get(string name, Input<string> id, SigningProfilePermissionState? state, CustomResourceOptions? opts = null)
    public static SigningProfilePermission get(String name, Output<String> id, SigningProfilePermissionState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Action string
    An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, signer:RevokeSignature, or signer:SignPayload.
    Principal string
    The AWS principal to be granted a cross-account permission.
    ProfileName string
    Name of the signing profile to add the cross-account permissions.
    ProfileVersion string
    The signing profile version that a permission applies to.
    StatementId string
    A unique statement identifier. By default generated by the provider.
    StatementIdPrefix string
    A statement identifier prefix. The provider will generate a unique suffix. Conflicts with statement_id.
    Action string
    An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, signer:RevokeSignature, or signer:SignPayload.
    Principal string
    The AWS principal to be granted a cross-account permission.
    ProfileName string
    Name of the signing profile to add the cross-account permissions.
    ProfileVersion string
    The signing profile version that a permission applies to.
    StatementId string
    A unique statement identifier. By default generated by the provider.
    StatementIdPrefix string
    A statement identifier prefix. The provider will generate a unique suffix. Conflicts with statement_id.
    action String
    An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, signer:RevokeSignature, or signer:SignPayload.
    principal String
    The AWS principal to be granted a cross-account permission.
    profileName String
    Name of the signing profile to add the cross-account permissions.
    profileVersion String
    The signing profile version that a permission applies to.
    statementId String
    A unique statement identifier. By default generated by the provider.
    statementIdPrefix String
    A statement identifier prefix. The provider will generate a unique suffix. Conflicts with statement_id.
    action string
    An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, signer:RevokeSignature, or signer:SignPayload.
    principal string
    The AWS principal to be granted a cross-account permission.
    profileName string
    Name of the signing profile to add the cross-account permissions.
    profileVersion string
    The signing profile version that a permission applies to.
    statementId string
    A unique statement identifier. By default generated by the provider.
    statementIdPrefix string
    A statement identifier prefix. The provider will generate a unique suffix. Conflicts with statement_id.
    action str
    An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, signer:RevokeSignature, or signer:SignPayload.
    principal str
    The AWS principal to be granted a cross-account permission.
    profile_name str
    Name of the signing profile to add the cross-account permissions.
    profile_version str
    The signing profile version that a permission applies to.
    statement_id str
    A unique statement identifier. By default generated by the provider.
    statement_id_prefix str
    A statement identifier prefix. The provider will generate a unique suffix. Conflicts with statement_id.
    action String
    An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, signer:RevokeSignature, or signer:SignPayload.
    principal String
    The AWS principal to be granted a cross-account permission.
    profileName String
    Name of the signing profile to add the cross-account permissions.
    profileVersion String
    The signing profile version that a permission applies to.
    statementId String
    A unique statement identifier. By default generated by the provider.
    statementIdPrefix String
    A statement identifier prefix. The provider will generate a unique suffix. Conflicts with statement_id.

    Import

    Using pulumi import, import Signer signing profile permission statements using profile_name/statement_id. For example:

    $ pulumi import aws:signer/signingProfilePermission:SigningProfilePermission test_signer_signing_profile_permission prod_profile_DdW3Mk1foYL88fajut4mTVFGpuwfd4ACO6ANL0D1uIj7lrn8adK/ProdAccountStartSigningJobStatementId
    

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi