IEncryptedResourceFactory
- class aws_cdk.aws_iam.IEncryptedResourceFactory(*args, **kwargs)
Bases:
ProtocolFactory interface for creating IEncryptedResource instances from constructs.
Implementations of this interface are registered in the DefaultEncryptedResourceFactories registry and enable automatic KMS key permission grants for encrypted CloudFormation resources. When a grant operation is performed on an encrypted resource, the factory converts L1 constructs into resources that can grant permissions on their associated KMS encryption keys.
Factories are typically registered during static initialization and associated with specific CloudFormation resource types (e.g., ‘AWS::DynamoDB::Table’). The CDK’s grant system uses these factories to automatically add necessary KMS key permissions when granting access to encrypted resources.
Methods
- for_resource(resource)
Create an IEncryptedResource from a construct.
- Parameters:
resource (
CfnResource) – the construct to be wrapped as an IEncryptedResource.- Return type: