AWS Classic v5.41.0, May 15 23

aws.codeartifact.DomainPermissions

Explore with Pulumi AI

Provides a CodeArtifact Domains Permissions Policy Resource.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var exampleKey = new Aws.Kms.Key("exampleKey", new()
    {
        Description = "domain key",
    });

    var exampleDomain = new Aws.CodeArtifact.Domain("exampleDomain", new()
    {
        DomainName = "example",
        EncryptionKey = exampleKey.Arn,
    });

    var testPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "*",
                        Identifiers = new[]
                        {
                            "*",
                        },
                    },
                },
                Actions = new[]
                {
                    "codeartifact:CreateRepository",
                },
                Resources = new[]
                {
                    exampleDomain.Arn,
                },
            },
        },
    });

    var testDomainPermissions = new Aws.CodeArtifact.DomainPermissions("testDomainPermissions", new()
    {
        Domain = exampleDomain.DomainName,
        PolicyDocument = testPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/codeartifact"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleKey, err := kms.NewKey(ctx, "exampleKey", &kms.KeyArgs{
			Description: pulumi.String("domain key"),
		})
		if err != nil {
			return err
		}
		exampleDomain, err := codeartifact.NewDomain(ctx, "exampleDomain", &codeartifact.DomainArgs{
			Domain:        pulumi.String("example"),
			EncryptionKey: exampleKey.Arn,
		})
		if err != nil {
			return err
		}
		testPolicyDocument := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
			Statements: iam.GetPolicyDocumentStatementArray{
				&iam.GetPolicyDocumentStatementArgs{
					Effect: pulumi.String("Allow"),
					Principals: iam.GetPolicyDocumentStatementPrincipalArray{
						&iam.GetPolicyDocumentStatementPrincipalArgs{
							Type: pulumi.String("*"),
							Identifiers: pulumi.StringArray{
								pulumi.String("*"),
							},
						},
					},
					Actions: pulumi.StringArray{
						pulumi.String("codeartifact:CreateRepository"),
					},
					Resources: pulumi.StringArray{
						exampleDomain.Arn,
					},
				},
			},
		}, nil)
		_, err = codeartifact.NewDomainPermissions(ctx, "testDomainPermissions", &codeartifact.DomainPermissionsArgs{
			Domain: exampleDomain.Domain,
			PolicyDocument: testPolicyDocument.ApplyT(func(testPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {
				return &testPolicyDocument.Json, nil
			}).(pulumi.StringPtrOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.codeartifact.Domain;
import com.pulumi.aws.codeartifact.DomainArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.codeartifact.DomainPermissions;
import com.pulumi.aws.codeartifact.DomainPermissionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleKey = new Key("exampleKey", KeyArgs.builder()        
            .description("domain key")
            .build());

        var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()        
            .domain("example")
            .encryptionKey(exampleKey.arn())
            .build());

        final var testPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("*")
                    .identifiers("*")
                    .build())
                .actions("codeartifact:CreateRepository")
                .resources(exampleDomain.arn())
                .build())
            .build());

        var testDomainPermissions = new DomainPermissions("testDomainPermissions", DomainPermissionsArgs.builder()        
            .domain(exampleDomain.domain())
            .policyDocument(testPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(testPolicyDocument -> testPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
            .build());

    }
}

import pulumi
import pulumi_aws as aws

example_key = aws.kms.Key("exampleKey", description="domain key")
example_domain = aws.codeartifact.Domain("exampleDomain",
    domain="example",
    encryption_key=example_key.arn)
test_policy_document = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
    effect="Allow",
    principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
        type="*",
        identifiers=["*"],
    )],
    actions=["codeartifact:CreateRepository"],
    resources=[example_domain.arn],
)])
test_domain_permissions = aws.codeartifact.DomainPermissions("testDomainPermissions",
    domain=example_domain.domain,
    policy_document=test_policy_document.json)

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleKey = new aws.kms.Key("exampleKey", {description: "domain key"});
const exampleDomain = new aws.codeartifact.Domain("exampleDomain", {
    domain: "example",
    encryptionKey: exampleKey.arn,
});
const testPolicyDocument = aws.iam.getPolicyDocumentOutput({
    statements: [{
        effect: "Allow",
        principals: [{
            type: "*",
            identifiers: ["*"],
        }],
        actions: ["codeartifact:CreateRepository"],
        resources: [exampleDomain.arn],
    }],
});
const testDomainPermissions = new aws.codeartifact.DomainPermissions("testDomainPermissions", {
    domain: exampleDomain.domain,
    policyDocument: testPolicyDocument.apply(testPolicyDocument => testPolicyDocument.json),
});

resources:
  exampleKey:
    type: aws:kms:Key
    properties:
      description: domain key
  exampleDomain:
    type: aws:codeartifact:Domain
    properties:
      domain: example
      encryptionKey: ${exampleKey.arn}
  testDomainPermissions:
    type: aws:codeartifact:DomainPermissions
    properties:
      domain: ${exampleDomain.domain}
      policyDocument: ${testPolicyDocument.json}
variables:
  testPolicyDocument:
    fn::invoke:
      Function: aws:iam:getPolicyDocument
      Arguments:
        statements:
          - effect: Allow
            principals:
              - type: '*'
                identifiers:
                  - '*'
            actions:
              - codeartifact:CreateRepository
            resources:
              - ${exampleDomain.arn}

Create DomainPermissions Resource

new DomainPermissions(name: string, args: DomainPermissionsArgs, opts?: CustomResourceOptions);

@overload
def DomainPermissions(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      domain: Optional[str] = None,
                      domain_owner: Optional[str] = None,
                      policy_document: Optional[str] = None,
                      policy_revision: Optional[str] = None)
@overload
def DomainPermissions(resource_name: str,
                      args: DomainPermissionsArgs,
                      opts: Optional[ResourceOptions] = None)

func NewDomainPermissions(ctx *Context, name string, args DomainPermissionsArgs, opts ...ResourceOption) (*DomainPermissions, error)

public DomainPermissions(string name, DomainPermissionsArgs args, CustomResourceOptions? opts = null)

public DomainPermissions(String name, DomainPermissionsArgs args)
public DomainPermissions(String name, DomainPermissionsArgs args, CustomResourceOptions options)

type: aws:codeartifact:DomainPermissions
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DomainPermissionsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args DomainPermissionsArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DomainPermissionsArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DomainPermissionsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args DomainPermissionsArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

DomainPermissions Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The DomainPermissions resource accepts the following input properties:

Domain string: The name of the domain on which to set the resource policy.
PolicyDocument string: A JSON policy string to be set as the access control resource policy on the provided domain.
DomainOwner string: The account number of the AWS account that owns the domain.
PolicyRevision string: The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

Domain string: The name of the domain on which to set the resource policy.
PolicyDocument string: A JSON policy string to be set as the access control resource policy on the provided domain.
DomainOwner string: The account number of the AWS account that owns the domain.
PolicyRevision string: The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

domain String: The name of the domain on which to set the resource policy.
policyDocument String: A JSON policy string to be set as the access control resource policy on the provided domain.
domainOwner String: The account number of the AWS account that owns the domain.
policyRevision String: The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

domain string: The name of the domain on which to set the resource policy.
policyDocument string: A JSON policy string to be set as the access control resource policy on the provided domain.
domainOwner string: The account number of the AWS account that owns the domain.
policyRevision string: The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

domain str: The name of the domain on which to set the resource policy.
policy_document str: A JSON policy string to be set as the access control resource policy on the provided domain.
domain_owner str: The account number of the AWS account that owns the domain.
policy_revision str: The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

domain String: The name of the domain on which to set the resource policy.
policyDocument String: A JSON policy string to be set as the access control resource policy on the provided domain.
domainOwner String: The account number of the AWS account that owns the domain.
policyRevision String: The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the DomainPermissions resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
ResourceArn string: The ARN of the resource associated with the resource policy.

Id string: The provider-assigned unique ID for this managed resource.
ResourceArn string: The ARN of the resource associated with the resource policy.

id String: The provider-assigned unique ID for this managed resource.
resourceArn String: The ARN of the resource associated with the resource policy.

id string: The provider-assigned unique ID for this managed resource.
resourceArn string: The ARN of the resource associated with the resource policy.

id str: The provider-assigned unique ID for this managed resource.
resource_arn str: The ARN of the resource associated with the resource policy.

id String: The provider-assigned unique ID for this managed resource.
resourceArn String: The ARN of the resource associated with the resource policy.

Look up Existing DomainPermissions Resource

Get an existing DomainPermissions resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DomainPermissionsState, opts?: CustomResourceOptions): DomainPermissions

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        domain: Optional[str] = None,
        domain_owner: Optional[str] = None,
        policy_document: Optional[str] = None,
        policy_revision: Optional[str] = None,
        resource_arn: Optional[str] = None) -> DomainPermissions

func GetDomainPermissions(ctx *Context, name string, id IDInput, state *DomainPermissionsState, opts ...ResourceOption) (*DomainPermissions, error)

public static DomainPermissions Get(string name, Input<string> id, DomainPermissionsState? state, CustomResourceOptions? opts = null)

public static DomainPermissions get(String name, Output<String> id, DomainPermissionsState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Domain string: The name of the domain on which to set the resource policy.
DomainOwner string: The account number of the AWS account that owns the domain.
PolicyDocument string: A JSON policy string to be set as the access control resource policy on the provided domain.
PolicyRevision string: The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.
ResourceArn string: The ARN of the resource associated with the resource policy.

Domain string: The name of the domain on which to set the resource policy.
DomainOwner string: The account number of the AWS account that owns the domain.
PolicyDocument string: A JSON policy string to be set as the access control resource policy on the provided domain.
PolicyRevision string: The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.
ResourceArn string: The ARN of the resource associated with the resource policy.

domain String: The name of the domain on which to set the resource policy.
domainOwner String: The account number of the AWS account that owns the domain.
policyDocument String: A JSON policy string to be set as the access control resource policy on the provided domain.
policyRevision String: The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.
resourceArn String: The ARN of the resource associated with the resource policy.

domain string: The name of the domain on which to set the resource policy.
domainOwner string: The account number of the AWS account that owns the domain.
policyDocument string: A JSON policy string to be set as the access control resource policy on the provided domain.
policyRevision string: The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.
resourceArn string: The ARN of the resource associated with the resource policy.

domain str: The name of the domain on which to set the resource policy.
domain_owner str: The account number of the AWS account that owns the domain.
policy_document str: A JSON policy string to be set as the access control resource policy on the provided domain.
policy_revision str: The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.
resource_arn str: The ARN of the resource associated with the resource policy.

domain String: The name of the domain on which to set the resource policy.
domainOwner String: The account number of the AWS account that owns the domain.
policyDocument String: A JSON policy string to be set as the access control resource policy on the provided domain.
policyRevision String: The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.
resourceArn String: The ARN of the resource associated with the resource policy.

Import

CodeArtifact Domain Permissions Policies can be imported using the CodeArtifact Domain ARN, e.g.,

 $ pulumi import aws:codeartifact/domainPermissions:DomainPermissions example arn:aws:codeartifact:us-west-2:012345678912:domain/tf-acc-test-1928056699409417367

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.