UNPKG

@k9securityio/k9-cdk

Version:

Provision strong AWS security policies easily using the AWS CDK.

github.com/k9securityio/k9-cdk

k9securityio/k9-cdk

29 lines (28 loc) 1.33 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
import { AddToResourcePolicyResult, PolicyDocument } from 'aws-cdk-lib/aws-iam'; import { IQueue } from 'aws-cdk-lib/aws-sqs'; import { IAccessSpec } from './k9policy'; export interface K9SQSResourcePolicyProps { readonly queue: IQueue; readonly k9DesiredAccess: Array<IAccessSpec>; } export declare const SID_DENY_EVERYONE_ELSE = "DenyEveryoneElse"; /** * Generate a SQS resource policy from the provided props that can be attached to a queue. * * @param props specifying desired access * @return a PolicyDocument that can be attached to an SQS queue */ export declare function makeResourcePolicy(props: K9SQSResourcePolicyProps): PolicyDocument; /** * Grant access to a queue via resource policy using k9 IAccessSpec definitions. This function * is the preferred interface for granting access to a queue. * * The grant and make operations are split because SQS policies can only be managed via the * IQueue.addToResourcePolicy method but IQueue does not offer a way to read the policy. * So making the policy is done in a separate function so policy generation can be tested. * * @param props specifying the queue and desired access * * @return the results for adding each statement */ export declare function grantAccessViaResourcePolicy(props: K9SQSResourcePolicyProps): AddToResourcePolicyResult[];