interface AwsSdkCall
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.CustomResources.AwsSdkCall |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/customresources#AwsSdkCall |
 Java | software.amazon.awscdk.customresources.AwsSdkCall |
 Python | aws_cdk.custom_resources.AwsSdkCall |
 TypeScript (source) | aws-cdk-lib » custom_resources » AwsSdkCall |
An AWS SDK call.
Example
new cr.AwsCustomResource(this, 'GetParameterCustomResource', {
onUpdate: { // will also be called for a CREATE event
service: 'SSM',
action: 'getParameter',
parameters: {
Name: 'my-parameter',
WithDecryption: true,
},
physicalResourceId: cr.PhysicalResourceId.fromResponse('Parameter.ARN'),
},
policy: cr.AwsCustomResourcePolicy.fromSdkCalls({
resources: cr.AwsCustomResourcePolicy.ANY_RESOURCE,
}),
});
Properties
| Name | Type | Description |
|---|---|---|
| action | string | The service action to call. |
| service | string | The service to call. |
| api | string | API version to use for the service. |
| assumed | string | Used for running the SDK calls in underlying lambda with a different role. |
| external | string | External ID to use when assuming the role for cross-account requests. |
| ignore | string | The regex pattern to use to catch API errors. |
| logging? | Logging | A property used to configure logging during lambda function execution. |
| output | string[] | Restrict the data returned by the custom resource to specific paths in the API response. |
| parameters? | any | The parameters for the service action. |
| physical | Physical | The physical resource id of the custom resource for this call. |
| region? | string | The region to send service requests to. |
action
Type:
string
The service action to call.
This is the name of an AWS API call, in one of the following forms:
- An API call name as found in the API Reference documentation (
GetObject) - The API call name starting with a lowercase letter (
getObject) - The AWS SDK for JavaScript v3 command class name (
GetObjectCommand)
See also: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/index.html
service
Type:
string
The service to call.
This is the name of an AWS service, in one of the following forms:
- An AWS SDK for JavaScript v3 package name (
@aws-sdk/client-api-gateway) - An AWS SDK for JavaScript v3 client name (
api-gateway) - An AWS SDK for JavaScript v2 constructor name (
APIGateway) - A lowercase AWS SDK for JavaScript v2 constructor name (
apigateway)
See also: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/index.html
apiVersion?
Type:
string
(optional, default: use latest available API version)
API version to use for the service.
assumedRoleArn?
Type:
string
(optional, default: run without assuming role)
Used for running the SDK calls in underlying lambda with a different role.
Can be used primarily for cross-account requests to for example connect hostedzone with a shared vpc. Region controls where assumeRole call is made.
Example for Route53 / associateVPCWithHostedZone
externalId?
Type:
string
(optional, default: no external ID)
External ID to use when assuming the role for cross-account requests.
This is an additional security measure that helps prevent the "confused deputy" problem where an entity that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action.
The external ID must be provided by the third-party service and should not be generated by you. This value should be unique among the third-party service's customers.
This property is only used when assumedRoleArn is specified.
See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
ignoreErrorCodesMatching?
Type:
string
(optional, default: do not catch errors)
The regex pattern to use to catch API errors.
The code property of the
Error object will be tested against this pattern. If there is a match an
error will not be thrown.
logging?
Type:
Logging
(optional, default: Logging.all())
A property used to configure logging during lambda function execution.
Note: The default Logging configuration is all. This configuration will enable logging on all logged data in the lambda handler. This includes:
- The event object that is received by the lambda handler
- The response received after making a API call
- The response object that the lambda handler will return
- SDK versioning information
- Caught and uncaught errors
outputPaths?
Type:
string[]
(optional, default: return all data)
Restrict the data returned by the custom resource to specific paths in the API response.
Use this to limit the data returned by the custom resource if working with API calls that could potentially result in custom response objects exceeding the hard limit of 4096 bytes.
Example for ECS / updateService: ['service.deploymentConfiguration.maximumPercent']
parameters?
Type:
any
(optional, default: no parameters)
The parameters for the service action.
See also: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/index.html
physicalResourceId?
Type:
Physical
(optional, default: no physical resource id)
The physical resource id of the custom resource for this call.
Mandatory for onCreate call. In onUpdate, you can omit this to passthrough it from request.
region?
Type:
string
(optional, default: the region where this custom resource is deployed)
The region to send service requests to.
Note: Cross-region operations are generally considered an anti-pattern. Consider first deploying a stack in that region.