interface IEncryptedResourceFactory
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.IAM.IEncryptedResourceFactory |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsiam#IEncryptedResourceFactory |
 Java | software.amazon.awscdk.services.iam.IEncryptedResourceFactory |
 Python | aws_cdk.aws_iam.IEncryptedResourceFactory |
 TypeScript (source) | aws-cdk-lib » aws_iam » IEncryptedResourceFactory |
Obtainable from
Default.get()
Factory interface for creating IEncryptedResource instances from constructs.
Implementations of this interface are registered in the DefaultEncryptedResourceFactories registry and enable automatic KMS key permission grants for encrypted CloudFormation resources. When a grant operation is performed on an encrypted resource, the factory converts L1 constructs into resources that can grant permissions on their associated KMS encryption keys.
Factories are typically registered during static initialization and associated with specific CloudFormation resource types (e.g., 'AWS::DynamoDB::Table'). The CDK's grant system uses these factories to automatically add necessary KMS key permissions when granting access to encrypted resources.
Methods
| Name | Description |
|---|---|
| for | Create an IEncryptedResource from a construct. |
forResource(resource)
public forResource(resource: CfnResource): IEncryptedResource
Parameters
- resource
Cfn— the construct to be wrapped as an IEncryptedResource.Resource
Returns
Create an IEncryptedResource from a construct.