-
Notifications
You must be signed in to change notification settings - Fork 86
Expand file tree
/
Copy pathbootstrap-props.ts
More file actions
164 lines (143 loc) · 4.64 KB
/
bootstrap-props.ts
File metadata and controls
164 lines (143 loc) · 4.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
import type { BootstrapSource } from './bootstrap-environment';
import type { StringWithoutPlaceholders } from '../environment';
import type { Tag } from '../tags';
export const BUCKET_NAME_OUTPUT = 'BucketName';
export const REPOSITORY_NAME_OUTPUT = 'ImageRepositoryName';
export const BUCKET_DOMAIN_NAME_OUTPUT = 'BucketDomainName';
export const BOOTSTRAP_VERSION_OUTPUT = 'BootstrapVersion';
export const BOOTSTRAP_VERSION_RESOURCE = 'CdkBootstrapVersion';
export const BOOTSTRAP_VARIANT_PARAMETER = 'BootstrapVariant';
/**
* The assumed vendor of a template in case it is not set
*/
export const DEFAULT_BOOTSTRAP_VARIANT = 'AWS CDK: Default Resources';
/**
* Options for the bootstrapEnvironment operation(s)
*/
export interface BootstrapEnvironmentOptions {
readonly toolkitStackName?: string;
readonly roleArn?: StringWithoutPlaceholders;
readonly parameters?: BootstrappingParameters;
readonly forceDeployment?: boolean;
/**
* The source of the bootstrap stack
*
* @default - Modern v2-style bootstrapping
*/
readonly source?: BootstrapSource;
/**
* Whether to execute the changeset or only create it and leave it in review.
* @default true
*/
readonly execute?: boolean;
/**
* Tags for cdktoolkit stack.
*
* @default - No value, optional argument
*/
readonly tags?: Tag[];
/**
* Whether the stacks created by the bootstrap process should be protected from termination.
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html
* @default true
*/
readonly terminationProtection?: boolean;
/**
* Use previous values for unspecified parameters
*
* If not set, all parameters must be specified for every deployment.
*
* @default true
*/
usePreviousParameters?: boolean;
}
/**
* Parameters for the bootstrapping template
*/
export interface BootstrappingParameters {
/**
* The name to be given to the CDK Bootstrap bucket.
*
* @default - A name is generated by CloudFormation
*/
readonly bucketName?: string;
/**
* The ID of an existing KMS key to be used for encrypting items in the bucket.
*
* @default - Use the default KMS key or create a custom one
*/
readonly kmsKeyId?: string;
/**
* Whether or not to create a new customer master key (CMK)
*
* Only applies to modern bootstrapping. Legacy bootstrapping will never create
* a CMK, only use the default S3 key.
*
* @default false
*/
readonly createCustomerMasterKey?: boolean;
/**
* The list of AWS account IDs that are trusted to deploy into the environment being bootstrapped.
*
* @default - Only the bootstrapped account can deploy into this environment
*/
readonly trustedAccounts?: string[];
/**
* The list of AWS account IDs that are trusted to look up values in the environment being bootstrapped.
*
* @default - Only the bootstrapped account can look up values in this environment
*/
readonly trustedAccountsForLookup?: string[];
/**
* The list of AWS account IDs that should not be trusted by the bootstrapped environment.
* If these accounts are already trusted, they will be removed on bootstrapping.
*
* @default - No account will be untrusted
*/
readonly untrustedAccounts?: string[];
/**
* The ARNs of the IAM managed policies that should be attached to the role performing CloudFormation deployments.
* In most cases, this will be the AdministratorAccess policy.
* At least one policy is required if `trustedAccounts` were passed.
*
* @default - The role will have no policies attached
*/
readonly cloudFormationExecutionPolicies?: string[];
/**
* Identifier to distinguish multiple bootstrapped environments
*
* @default - Default qualifier
*/
readonly qualifier?: string;
/**
* Whether or not to enable S3 Staging Bucket Public Access Block Configuration
*
* @default true
*/
readonly publicAccessBlockConfiguration?: boolean;
/**
* Flag for using the default permissions boundary for bootstrapping
*
* @default - No value, optional argument
*/
readonly examplePermissionsBoundary?: boolean;
/**
* Name for the customer's custom permissions boundary for bootstrapping
*
* @default - No value, optional argument
*/
readonly customPermissionsBoundary?: string;
/**
* Whether to apply the permissions boundary to all bootstrap roles
* (not just the CloudFormation execution role)
*
* @default false
*/
readonly permissionsBoundaryAllRoles?: boolean;
/**
* Whether to deny AssumeRole calls with an ExternalId
*
* @default - template default (true)
*/
readonly denyExternalId?: boolean;
}