UntrustedCodeBoundaryPolicy
Permissions Boundary for a CodeBuild Project running untrusted code. This class is a Policy, intended to be used as a Permissions Boundary for a CodeBuild project. It allows most of the actions necessary to run the CodeBuild project, but disallows reading from Parameter Store and Secrets Manager. Use this when your CodeBuild project is running untrusted code (for example, if you are using one to automatically build Pull Requests that anyone can submit), and you want to prevent your future self from accidentally exposing Secrets to this build. (The reason you might want to do this is because otherwise anyone who can submit a Pull Request to your project can write a script to email those secrets to themselves).
Import
import { UntrustedCodeBoundaryPolicy } from 'aws-cdk-lib/aws-codebuild';Or use the module namespace:
import * as codebuild from 'aws-cdk-lib/aws-codebuild';
// codebuild.UntrustedCodeBoundaryPolicyProperties
Configuration passed to the constructor as UntrustedCodeBoundaryPolicyProps.
additionalStatementsOptionalPolicyStatement[]Additional statements to add to the default set of statements.
Default: - No additional statements
managedPolicyNameOptionalstringThe name of the managed policy.
Default: - A name is automatically generated.
Get the AWS CodeBuild Cheat Sheet
Everything you need to know about AWS CodeBuild on one page. HD quality, print-friendly.
Download Free InfographicQuick Facts
aws-codebuild