profile_permissions
Creates, updates, deletes or gets a profile_permission resource or lists profile_permissions in a region
Overview
| Name | profile_permissions |
| Type | Resource |
| Description | An example resource schema demonstrating some basic constructs and validation rules. |
| Id | aws.signer.profile_permissions |
Fields
| Name | Datatype | Description |
|---|---|---|
profile_name | string | |
profile_version | string | |
action | string | |
principal | string | |
statement_id | string | |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | ProfileName, Action, Principal, StatementId, region |
delete_resource | DELETE | data__Identifier, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all profile_permissions in a region.
SELECT
region,
profile_name,
profile_version,
action,
principal,
statement_id
FROM aws.signer.profile_permissions
WHERE region = 'us-east-1';
Gets all properties from an individual profile_permission.
SELECT
region,
profile_name,
profile_version,
action,
principal,
statement_id
FROM aws.signer.profile_permissions
WHERE region = 'us-east-1' AND data__Identifier = '<StatementId>|<ProfileName>';
INSERT example
Use the following StackQL query and manifest file to create a new profile_permission resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.signer.profile_permissions (
ProfileName,
Action,
Principal,
StatementId,
region
)
SELECT
'{{ ProfileName }}',
'{{ Action }}',
'{{ Principal }}',
'{{ StatementId }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.signer.profile_permissions (
ProfileName,
ProfileVersion,
Action,
Principal,
StatementId,
region
)
SELECT
'{{ ProfileName }}',
'{{ ProfileVersion }}',
'{{ Action }}',
'{{ Principal }}',
'{{ StatementId }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: profile_permission
props:
- name: ProfileName
value: '{{ ProfileName }}'
- name: ProfileVersion
value: '{{ ProfileVersion }}'
- name: Action
value: '{{ Action }}'
- name: Principal
value: '{{ Principal }}'
- name: StatementId
value: '{{ StatementId }}'
DELETE example
/*+ delete */
DELETE FROM aws.signer.profile_permissions
WHERE data__Identifier = '<StatementId|ProfileName>'
AND region = 'us-east-1';
Permissions
To operate on the profile_permissions resource, the following permissions are required:
Create
signer:AddProfilePermission,
signer:ListProfilePermissions
Read
signer:ListProfilePermissions
Delete
signer:RemoveProfilePermission,
signer:ListProfilePermissions
List
signer:ListProfilePermissions,
signer:GetSigningProfile