Alchemy

Appearance

ProfilePermission

The ProfilePermission resource allows you to manage permissions for AWS Signer profiles, enabling access controls for signing operations. For more details, refer to the AWS Signer ProfilePermissions documentation.

Minimal Example

Create a basic ProfilePermission with required properties and one optional property.

ts
import AWS from "alchemy/aws/control";

const profilePermission = await AWS.Signer.ProfilePermission("basicProfilePermission", {
  Action: "signer:StartSigningJob",
  StatementId: "AllowSigningJobs",
  ProfileName: "MySigningProfile",
  Principal: "arn:aws:iam::123456789012:role/MySigningRole",
  ProfileVersion: "1" // Optional
});

Advanced Configuration

Configure a ProfilePermission with additional properties and a custom action.

ts
const advancedProfilePermission = await AWS.Signer.ProfilePermission("advancedProfilePermission", {
  Action: "signer:PutSigningProfile",
  StatementId: "AllowPutSigningProfile",
  ProfileName: "AdvancedSigningProfile",
  Principal: "arn:aws:iam::123456789012:role/MyAdvancedSigningRole",
  ProfileVersion: "2", // Optional
  adopt: true // Adopt existing resource if it already exists
});

Granting Permissions to Multiple Principals

You can create a ProfilePermission that grants access to multiple IAM roles or users for signing operations.

ts
const multiPrincipalProfilePermission = await AWS.Signer.ProfilePermission("multiPrincipalProfilePermission", {
  Action: "signer:StartSigningJob",
  StatementId: "AllowMultiSigningJobs",
  ProfileName: "MultiPrincipalSigningProfile",
  Principal: "arn:aws:iam::123456789012:role/MyFirstSigningRole,arn:aws:iam::123456789012:role/MySecondSigningRole"
});

Using IAM Policy Document Format

You can specify the Action using a more detailed IAM policy JSON structure.

ts
const iamPolicyProfilePermission = await AWS.Signer.ProfilePermission("iamPolicyProfilePermission", {
  Action: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: [
          "signer:StartSigningJob",
          "signer:GetSigningProfile"
        ],
        Resource: "*"
      }
    ]
  }),
  StatementId: "AllowSigningActions",
  ProfileName: "IamPolicySigningProfile",
  Principal: "arn:aws:iam::123456789012:role/MyPolicySigningRole"
});