Package software.amazon.awscdk.services.codebuild

Class UntrustedCodeBoundaryPolicy

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.Resource

software.amazon.awscdk.services.iam.ManagedPolicy

software.amazon.awscdk.services.codebuild.UntrustedCodeBoundaryPolicy

All Implemented Interfaces:

IResource, IGrantable, IManagedPolicy, IManagedPolicyRef, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.116.0 (build 0eddcff)",
           date="2025-10-24T13:34:33.553Z")
@Stability(Stable)
public class UntrustedCodeBoundaryPolicy
extends ManagedPolicy

Permissions Boundary for a CodeBuild Project running untrusted code.

This class is a Policy, intended to be used as a Permissions Boundary for a CodeBuild project. It allows most of the actions necessary to run the CodeBuild project, but disallows reading from Parameter Store and Secrets Manager.

Use this when your CodeBuild project is running untrusted code (for example, if you are using one to automatically build Pull Requests that anyone can submit), and you want to prevent your future self from accidentally exposing Secrets to this build.

(The reason you might want to do this is because otherwise anyone who can submit a Pull Request to your project can write a script to email those secrets to themselves).

Example:

 Project project;
 PermissionsBoundary.of(project).apply(new UntrustedCodeBoundaryPolicy(this, "Boundary"));
 

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	UntrustedCodeBoundaryPolicy.Builder	A fluent builder for UntrustedCodeBoundaryPolicy.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IGrantable

IGrantable.Jsii$Default, IGrantable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IManagedPolicy

IManagedPolicy.Jsii$Default, IManagedPolicy.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource

IResource.Jsii$Default

Field Summary

Fields

Modifier and Type	Field	Description
static final String	PROPERTY_INJECTION_ID	Uniquely identifies this class.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObjectRef objRef)
	UntrustedCodeBoundaryPolicy(software.constructs.Construct scope, String id)
	UntrustedCodeBoundaryPolicy(software.constructs.Construct scope, String id, UntrustedCodeBoundaryPolicyProps props)

Method Summary

Methods inherited from class software.amazon.awscdk.services.iam.ManagedPolicy

addStatements, attachToGroup, attachToRole, attachToUser, fromAwsManagedPolicyName, fromManagedPolicyArn, fromManagedPolicyName, getDescription, getDocument, getGrantPrincipal, getManagedPolicyArn, getManagedPolicyName, getManagedPolicyRef, getPath

Methods inherited from class software.amazon.awscdk.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource

Methods inherited from class software.constructs.Construct

getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.constructs.IConstruct

getNode

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Details

PROPERTY_INJECTION_ID

@Stability(Stable)
public static final String PROPERTY_INJECTION_ID

Uniquely identifies this class.

Constructor Details

UntrustedCodeBoundaryPolicy

protected UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObjectRef objRef)

UntrustedCodeBoundaryPolicy

protected UntrustedCodeBoundaryPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

UntrustedCodeBoundaryPolicy

@Stability(Stable)
public UntrustedCodeBoundaryPolicy(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @Nullable
 UntrustedCodeBoundaryPolicyProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props -

UntrustedCodeBoundaryPolicy

@Stability(Stable)
public UntrustedCodeBoundaryPolicy(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id)

Parameters:

scope - This parameter is required.

id - This parameter is required.