aws-cdk-lib.custom_resources.SdkCallsPolicyOptions

interface SdkCallsPolicyOptions

LanguageType name
.NETAmazon.CDK.CustomResources.SdkCallsPolicyOptions
Gogithub.com/aws/aws-cdk-go/awscdk/v2/customresources#SdkCallsPolicyOptions
Javasoftware.amazon.awscdk.customresources.SdkCallsPolicyOptions
Pythonaws_cdk.custom_resources.SdkCallsPolicyOptions
TypeScript (source)aws-cdk-lib » custom_resources » SdkCallsPolicyOptions

Options for the auto-generation of policies based on the configured SDK calls.

Example

const getParameter = new cr.AwsCustomResource(this, 'GetParameter', {
  onUpdate: { // will also be called for a CREATE event
    service: 'SSM',
    action: 'getParameter',
    parameters: {
      Name: 'my-parameter',
      WithDecryption: true,
    },
    physicalResourceId: cr.PhysicalResourceId.of(Date.now().toString()), // Update physical id to always fetch the latest version
  },
  policy: cr.AwsCustomResourcePolicy.fromSdkCalls({
    resources: cr.AwsCustomResourcePolicy.ANY_RESOURCE,
  }),
});

// Use the value in another construct with
getParameter.getResponseField('Parameter.Value');

Properties

NameTypeDescription
resourcesstring[]The resources that the calls will have access to.

resources

Type: string[]

The resources that the calls will have access to.

It is best to use specific resource ARN's when possible. However, you can also use AwsCustomResourcePolicy.ANY_RESOURCE to allow access to all resources. For example, when onCreate is used to create a resource which you don't know the physical name of in advance.

Note that will apply to ALL SDK calls.