Provides a CodeBuild Resource Policy Resource.
resource "aws_codebuild_report_group" "example" {
name = "example"
type = "TEST"
export_config {
type = "NO_EXPORT"
}
}
data "aws_partition" "current" {}
data "aws_caller_identity" "current" {}
resource "aws_codebuild_resource_policy" "example" {
resource_arn = aws_codebuild_report_group.example.arn
policy = jsonencode({
Version = "2012-10-17"
Id = "default"
Statement = [{
Sid = "default"
Effect = "Allow"
Principal = {
AWS = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"
}
Action = [
"codebuild:BatchGetReportGroups",
"codebuild:BatchGetReports",
"codebuild:ListReportsForReportGroup",
"codebuild:DescribeTestCases",
]
Resource = aws_codebuild_report_group.example.arn
}]
})
}
This resource supports the following arguments:
resource_arn
- (Required) The ARN of the Project or ReportGroup resource you want to associate with a resource policy.policy
- (Required) A JSON-formatted resource policy. For more information, see Sharing a Projec and Sharing a Report Group.This resource exports the following attributes in addition to the arguments above:
id
- The ARN of Resource.In Terraform v1.5.0 and later, use an import
block to import CodeBuild Resource Policy using the CodeBuild Resource Policy arn. For example:
import {
to = aws_codebuild_resource_policy.example
id = "arn:aws:codebuild:us-west-2:123456789:report-group/report-group-name"
}
Using terraform import
, import CodeBuild Resource Policy using the CodeBuild Resource Policy arn. For example:
% terraform import aws_codebuild_resource_policy.example arn:aws:codebuild:us-west-2:123456789:report-group/report-group-name