AWS Classic

v5.16.2 published on Tuesday, Oct 4, 2022 by Pulumi

RepositoryPermissionsPolicy

Provides a CodeArtifact Repostory Permissions Policy Resource.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var exampleKey = new Aws.Kms.Key("exampleKey", new()
    {
        Description = "domain key",
    });

    var exampleDomain = new Aws.CodeArtifact.Domain("exampleDomain", new()
    {
        DomainName = "example",
        EncryptionKey = exampleKey.Arn,
    });

    var exampleRepository = new Aws.CodeArtifact.Repository("exampleRepository", new()
    {
        RepositoryName = "example",
        Domain = exampleDomain.DomainName,
    });

    var exampleRepositoryPermissionsPolicy = new Aws.CodeArtifact.RepositoryPermissionsPolicy("exampleRepositoryPermissionsPolicy", new()
    {
        Repository = exampleRepository.RepositoryName,
        Domain = exampleDomain.DomainName,
        PolicyDocument = exampleDomain.Arn.Apply(arn => @$"{{
    ""Version"": ""2012-10-17"",
    ""Statement"": [
        {{
            ""Action"": ""codeartifact:CreateRepository"",
            ""Effect"": ""Allow"",
            ""Principal"": ""*"",
            ""Resource"": ""{arn}""
        }}
    ]
}}
"),
    });

});
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/codeartifact"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleKey, err := kms.NewKey(ctx, "exampleKey", &kms.KeyArgs{
			Description: pulumi.String("domain key"),
		})
		if err != nil {
			return err
		}
		exampleDomain, err := codeartifact.NewDomain(ctx, "exampleDomain", &codeartifact.DomainArgs{
			Domain:        pulumi.String("example"),
			EncryptionKey: exampleKey.Arn,
		})
		if err != nil {
			return err
		}
		exampleRepository, err := codeartifact.NewRepository(ctx, "exampleRepository", &codeartifact.RepositoryArgs{
			Repository: pulumi.String("example"),
			Domain:     exampleDomain.Domain,
		})
		if err != nil {
			return err
		}
		_, err = codeartifact.NewRepositoryPermissionsPolicy(ctx, "exampleRepositoryPermissionsPolicy", &codeartifact.RepositoryPermissionsPolicyArgs{
			Repository: exampleRepository.Repository,
			Domain:     exampleDomain.Domain,
			PolicyDocument: exampleDomain.Arn.ApplyT(func(arn string) (string, error) {
				return fmt.Sprintf(`{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "codeartifact:CreateRepository",
            "Effect": "Allow",
            "Principal": "*",
            "Resource": "%v"
        }
    ]
}
`, arn), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.codeartifact.Domain;
import com.pulumi.aws.codeartifact.DomainArgs;
import com.pulumi.aws.codeartifact.Repository;
import com.pulumi.aws.codeartifact.RepositoryArgs;
import com.pulumi.aws.codeartifact.RepositoryPermissionsPolicy;
import com.pulumi.aws.codeartifact.RepositoryPermissionsPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleKey = new Key("exampleKey", KeyArgs.builder()        
            .description("domain key")
            .build());

        var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()        
            .domain("example")
            .encryptionKey(exampleKey.arn())
            .build());

        var exampleRepository = new Repository("exampleRepository", RepositoryArgs.builder()        
            .repository("example")
            .domain(exampleDomain.domain())
            .build());

        var exampleRepositoryPermissionsPolicy = new RepositoryPermissionsPolicy("exampleRepositoryPermissionsPolicy", RepositoryPermissionsPolicyArgs.builder()        
            .repository(exampleRepository.repository())
            .domain(exampleDomain.domain())
            .policyDocument(exampleDomain.arn().applyValue(arn -> """
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "codeartifact:CreateRepository",
            "Effect": "Allow",
            "Principal": "*",
            "Resource": "%s"
        }
    ]
}
", arn)))
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example_key = aws.kms.Key("exampleKey", description="domain key")
example_domain = aws.codeartifact.Domain("exampleDomain",
    domain="example",
    encryption_key=example_key.arn)
example_repository = aws.codeartifact.Repository("exampleRepository",
    repository="example",
    domain=example_domain.domain)
example_repository_permissions_policy = aws.codeartifact.RepositoryPermissionsPolicy("exampleRepositoryPermissionsPolicy",
    repository=example_repository.repository,
    domain=example_domain.domain,
    policy_document=example_domain.arn.apply(lambda arn: f"""{{
    "Version": "2012-10-17",
    "Statement": [
        {{
            "Action": "codeartifact:CreateRepository",
            "Effect": "Allow",
            "Principal": "*",
            "Resource": "{arn}"
        }}
    ]
}}
"""))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleKey = new aws.kms.Key("exampleKey", {description: "domain key"});
const exampleDomain = new aws.codeartifact.Domain("exampleDomain", {
    domain: "example",
    encryptionKey: exampleKey.arn,
});
const exampleRepository = new aws.codeartifact.Repository("exampleRepository", {
    repository: "example",
    domain: exampleDomain.domain,
});
const exampleRepositoryPermissionsPolicy = new aws.codeartifact.RepositoryPermissionsPolicy("exampleRepositoryPermissionsPolicy", {
    repository: exampleRepository.repository,
    domain: exampleDomain.domain,
    policyDocument: pulumi.interpolate`{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "codeartifact:CreateRepository",
            "Effect": "Allow",
            "Principal": "*",
            "Resource": "${exampleDomain.arn}"
        }
    ]
}
`,
});
resources:
  exampleKey:
    type: aws:kms:Key
    properties:
      description: domain key
  exampleDomain:
    type: aws:codeartifact:Domain
    properties:
      domain: example
      encryptionKey: ${exampleKey.arn}
  exampleRepository:
    type: aws:codeartifact:Repository
    properties:
      repository: example
      domain: ${exampleDomain.domain}
  exampleRepositoryPermissionsPolicy:
    type: aws:codeartifact:RepositoryPermissionsPolicy
    properties:
      repository: ${exampleRepository.repository}
      domain: ${exampleDomain.domain}
      policyDocument: |
        {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Action": "codeartifact:CreateRepository",
                    "Effect": "Allow",
                    "Principal": "*",
                    "Resource": "${exampleDomain.arn}"
                }
            ]
        }        

Create a RepositoryPermissionsPolicy Resource

new RepositoryPermissionsPolicy(name: string, args: RepositoryPermissionsPolicyArgs, opts?: CustomResourceOptions);
@overload
def RepositoryPermissionsPolicy(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                domain: Optional[str] = None,
                                domain_owner: Optional[str] = None,
                                policy_document: Optional[str] = None,
                                policy_revision: Optional[str] = None,
                                repository: Optional[str] = None)
@overload
def RepositoryPermissionsPolicy(resource_name: str,
                                args: RepositoryPermissionsPolicyArgs,
                                opts: Optional[ResourceOptions] = None)
func NewRepositoryPermissionsPolicy(ctx *Context, name string, args RepositoryPermissionsPolicyArgs, opts ...ResourceOption) (*RepositoryPermissionsPolicy, error)
public RepositoryPermissionsPolicy(string name, RepositoryPermissionsPolicyArgs args, CustomResourceOptions? opts = null)
public RepositoryPermissionsPolicy(String name, RepositoryPermissionsPolicyArgs args)
public RepositoryPermissionsPolicy(String name, RepositoryPermissionsPolicyArgs args, CustomResourceOptions options)
type: aws:codeartifact:RepositoryPermissionsPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args RepositoryPermissionsPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args RepositoryPermissionsPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args RepositoryPermissionsPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args RepositoryPermissionsPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args RepositoryPermissionsPolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

RepositoryPermissionsPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The RepositoryPermissionsPolicy resource accepts the following input properties:

Domain string

The name of the domain on which to set the resource policy.

PolicyDocument string

A JSON policy string to be set as the access control resource policy on the provided domain.

Repository string

The name of the repository to set the resource policy on.

DomainOwner string

The account number of the AWS account that owns the domain.

PolicyRevision string

The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

Domain string

The name of the domain on which to set the resource policy.

PolicyDocument string

A JSON policy string to be set as the access control resource policy on the provided domain.

Repository string

The name of the repository to set the resource policy on.

DomainOwner string

The account number of the AWS account that owns the domain.

PolicyRevision string

The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

domain String

The name of the domain on which to set the resource policy.

policyDocument String

A JSON policy string to be set as the access control resource policy on the provided domain.

repository String

The name of the repository to set the resource policy on.

domainOwner String

The account number of the AWS account that owns the domain.

policyRevision String

The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

domain string

The name of the domain on which to set the resource policy.

policyDocument string

A JSON policy string to be set as the access control resource policy on the provided domain.

repository string

The name of the repository to set the resource policy on.

domainOwner string

The account number of the AWS account that owns the domain.

policyRevision string

The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

domain str

The name of the domain on which to set the resource policy.

policy_document str

A JSON policy string to be set as the access control resource policy on the provided domain.

repository str

The name of the repository to set the resource policy on.

domain_owner str

The account number of the AWS account that owns the domain.

policy_revision str

The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

domain String

The name of the domain on which to set the resource policy.

policyDocument String

A JSON policy string to be set as the access control resource policy on the provided domain.

repository String

The name of the repository to set the resource policy on.

domainOwner String

The account number of the AWS account that owns the domain.

policyRevision String

The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the RepositoryPermissionsPolicy resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

ResourceArn string

The ARN of the resource associated with the resource policy.

Id string

The provider-assigned unique ID for this managed resource.

ResourceArn string

The ARN of the resource associated with the resource policy.

id String

The provider-assigned unique ID for this managed resource.

resourceArn String

The ARN of the resource associated with the resource policy.

id string

The provider-assigned unique ID for this managed resource.

resourceArn string

The ARN of the resource associated with the resource policy.

id str

The provider-assigned unique ID for this managed resource.

resource_arn str

The ARN of the resource associated with the resource policy.

id String

The provider-assigned unique ID for this managed resource.

resourceArn String

The ARN of the resource associated with the resource policy.

Look up an Existing RepositoryPermissionsPolicy Resource

Get an existing RepositoryPermissionsPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RepositoryPermissionsPolicyState, opts?: CustomResourceOptions): RepositoryPermissionsPolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        domain: Optional[str] = None,
        domain_owner: Optional[str] = None,
        policy_document: Optional[str] = None,
        policy_revision: Optional[str] = None,
        repository: Optional[str] = None,
        resource_arn: Optional[str] = None) -> RepositoryPermissionsPolicy
func GetRepositoryPermissionsPolicy(ctx *Context, name string, id IDInput, state *RepositoryPermissionsPolicyState, opts ...ResourceOption) (*RepositoryPermissionsPolicy, error)
public static RepositoryPermissionsPolicy Get(string name, Input<string> id, RepositoryPermissionsPolicyState? state, CustomResourceOptions? opts = null)
public static RepositoryPermissionsPolicy get(String name, Output<String> id, RepositoryPermissionsPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Domain string

The name of the domain on which to set the resource policy.

DomainOwner string

The account number of the AWS account that owns the domain.

PolicyDocument string

A JSON policy string to be set as the access control resource policy on the provided domain.

PolicyRevision string

The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

Repository string

The name of the repository to set the resource policy on.

ResourceArn string

The ARN of the resource associated with the resource policy.

Domain string

The name of the domain on which to set the resource policy.

DomainOwner string

The account number of the AWS account that owns the domain.

PolicyDocument string

A JSON policy string to be set as the access control resource policy on the provided domain.

PolicyRevision string

The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

Repository string

The name of the repository to set the resource policy on.

ResourceArn string

The ARN of the resource associated with the resource policy.

domain String

The name of the domain on which to set the resource policy.

domainOwner String

The account number of the AWS account that owns the domain.

policyDocument String

A JSON policy string to be set as the access control resource policy on the provided domain.

policyRevision String

The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

repository String

The name of the repository to set the resource policy on.

resourceArn String

The ARN of the resource associated with the resource policy.

domain string

The name of the domain on which to set the resource policy.

domainOwner string

The account number of the AWS account that owns the domain.

policyDocument string

A JSON policy string to be set as the access control resource policy on the provided domain.

policyRevision string

The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

repository string

The name of the repository to set the resource policy on.

resourceArn string

The ARN of the resource associated with the resource policy.

domain str

The name of the domain on which to set the resource policy.

domain_owner str

The account number of the AWS account that owns the domain.

policy_document str

A JSON policy string to be set as the access control resource policy on the provided domain.

policy_revision str

The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

repository str

The name of the repository to set the resource policy on.

resource_arn str

The ARN of the resource associated with the resource policy.

domain String

The name of the domain on which to set the resource policy.

domainOwner String

The account number of the AWS account that owns the domain.

policyDocument String

A JSON policy string to be set as the access control resource policy on the provided domain.

policyRevision String

The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.

repository String

The name of the repository to set the resource policy on.

resourceArn String

The ARN of the resource associated with the resource policy.

Import

CodeArtifact Repository Permissions Policies can be imported using the CodeArtifact Repository ARN, e.g.,

 $ pulumi import aws:codeartifact/repositoryPermissionsPolicy:RepositoryPermissionsPolicy example arn:aws:codeartifact:us-west-2:012345678912:repository/tf-acc-test-6968272603913957763/tf-acc-test-6968272603913957763

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.