UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

288 lines (287 loc) 9.45 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
import { Construct } from 'constructs'; import { ICluster } from './cluster'; import { Resource, IResource } from '../../core'; /** * Represents an access entry in an Amazon EKS cluster. * * An access entry defines the permissions and scope for a user or role to access an Amazon EKS cluster. * * @interface IAccessEntry * @extends {IResource} * @property {string} accessEntryName - The name of the access entry. * @property {string} accessEntryArn - The Amazon Resource Name (ARN) of the access entry. */ export interface IAccessEntry extends IResource { /** * The name of the access entry. * @attribute */ readonly accessEntryName: string; /** * The Amazon Resource Name (ARN) of the access entry. * @attribute */ readonly accessEntryArn: string; } /** * Represents the attributes of an access entry. */ export interface AccessEntryAttributes { /** * The name of the access entry. */ readonly accessEntryName: string; /** * The Amazon Resource Name (ARN) of the access entry. */ readonly accessEntryArn: string; } /** * Represents the scope type of an access policy. * * The scope type determines the level of access granted by the policy. * * @export * @enum {string} */ export declare enum AccessScopeType { /** * The policy applies to a specific namespace within the cluster. */ NAMESPACE = "namespace", /** * The policy applies to the entire cluster. */ CLUSTER = "cluster" } /** * Represents the scope of an access policy. * * The scope defines the namespaces or cluster-level access granted by the policy. * * @interface AccessScope * @property {string[]} [namespaces] - The namespaces to which the policy applies, if the scope type is 'namespace'. * @property {AccessScopeType} type - The scope type of the policy, either 'namespace' or 'cluster'. */ export interface AccessScope { /** * A Kubernetes namespace that an access policy is scoped to. A value is required if you specified * namespace for Type. * * @default - no specific namespaces for this scope. */ readonly namespaces?: string[]; /** * The scope type of the policy, either 'namespace' or 'cluster'. */ readonly type: AccessScopeType; } /** * Represents an Amazon EKS Access Policy ARN. * * Amazon EKS Access Policies are used to control access to Amazon EKS clusters. * * @see https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html */ export declare class AccessPolicyArn { readonly policyName: string; /** * The Amazon EKS Admin Policy. This access policy includes permissions that grant an IAM principal * most permissions to resources. When associated to an access entry, its access scope is typically * one or more Kubernetes namespaces. */ static readonly AMAZON_EKS_ADMIN_POLICY: AccessPolicyArn; /** * The Amazon EKS Cluster Admin Policy. This access policy includes permissions that grant an IAM * principal administrator access to a cluster. When associated to an access entry, its access scope * is typically the cluster, rather than a Kubernetes namespace. */ static readonly AMAZON_EKS_CLUSTER_ADMIN_POLICY: AccessPolicyArn; /** * The Amazon EKS Admin View Policy. This access policy includes permissions that grant an IAM principal * access to list/view all resources in a cluster. */ static readonly AMAZON_EKS_ADMIN_VIEW_POLICY: AccessPolicyArn; /** * The Amazon EKS Edit Policy. This access policy includes permissions that allow an IAM principal * to edit most Kubernetes resources. */ static readonly AMAZON_EKS_EDIT_POLICY: AccessPolicyArn; /** * The Amazon EKS View Policy. This access policy includes permissions that grant an IAM principal * access to list/view all resources in a cluster. */ static readonly AMAZON_EKS_VIEW_POLICY: AccessPolicyArn; /** * Creates a new instance of the AccessPolicy class with the specified policy name. * @param policyName The name of the access policy. * @returns A new instance of the AccessPolicy class. */ static of(policyName: string): AccessPolicyArn; /** * The Amazon Resource Name (ARN) of the access policy. */ readonly policyArn: string; /** * Constructs a new instance of the `AccessEntry` class. * * @param policyName - The name of the Amazon EKS access policy. This is used to construct the policy ARN. */ constructor(policyName: string); } /** * Represents an access policy that defines the permissions and scope for a user or role to access an Amazon EKS cluster. * * @interface IAccessPolicy */ export interface IAccessPolicy { /** * The scope of the access policy, which determines the level of access granted. */ readonly accessScope: AccessScope; /** * The access policy itself, which defines the specific permissions. */ readonly policy: string; } /** * Properties for configuring an Amazon EKS Access Policy. */ export interface AccessPolicyProps { /** * The scope of the access policy, which determines the level of access granted. */ readonly accessScope: AccessScope; /** * The access policy itself, which defines the specific permissions. */ readonly policy: AccessPolicyArn; } /** * Represents the options required to create an Amazon EKS Access Policy using the `fromAccessPolicyName()` method. */ export interface AccessPolicyNameOptions { /** * The scope of the access policy. This determines the level of access granted by the policy. */ readonly accessScopeType: AccessScopeType; /** * An optional array of Kubernetes namespaces to which the access policy applies. * @default - no specific namespaces for this scope */ readonly namespaces?: string[]; } /** * Represents an Amazon EKS Access Policy that implements the IAccessPolicy interface. * * @implements {IAccessPolicy} */ export declare class AccessPolicy implements IAccessPolicy { /** * Import AccessPolicy by name. */ static fromAccessPolicyName(policyName: string, options: AccessPolicyNameOptions): IAccessPolicy; /** * The scope of the access policy, which determines the level of access granted. */ readonly accessScope: AccessScope; /** * The access policy itself, which defines the specific permissions. */ readonly policy: string; /** * Constructs a new instance of the AccessPolicy class. * * @param {AccessPolicyProps} props - The properties for configuring the access policy. */ constructor(props: AccessPolicyProps); } /** * Represents the different types of access entries that can be used in an Amazon EKS cluster. * * @enum {string} */ export declare enum AccessEntryType { /** * Represents a standard access entry. */ STANDARD = "STANDARD", /** * Represents a Fargate Linux access entry. */ FARGATE_LINUX = "FARGATE_LINUX", /** * Represents an EC2 Linux access entry. */ EC2_LINUX = "EC2_LINUX", /** * Represents an EC2 Windows access entry. */ EC2_WINDOWS = "EC2_WINDOWS" } /** * Represents the properties required to create an Amazon EKS access entry. */ export interface AccessEntryProps { /** * The name of the AccessEntry. * * @default - No access entry name is provided */ readonly accessEntryName?: string; /** * The type of the AccessEntry. * * @default STANDARD */ readonly accessEntryType?: AccessEntryType; /** * The Amazon EKS cluster to which the access entry applies. */ readonly cluster: ICluster; /** * The access policies that define the permissions and scope for the access entry. */ readonly accessPolicies: IAccessPolicy[]; /** * The Amazon Resource Name (ARN) of the principal (user or role) to associate the access entry with. */ readonly principal: string; } /** * Represents an access entry in an Amazon EKS cluster. * * An access entry defines the permissions and scope for a user or role to access an Amazon EKS cluster. * * @implements {IAccessEntry} */ export declare class AccessEntry extends Resource implements IAccessEntry { /** Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; /** * Imports an `AccessEntry` from its attributes. * * @param scope - The parent construct. * @param id - The ID of the imported construct. * @param attrs - The attributes of the access entry to import. * @returns The imported access entry. */ static fromAccessEntryAttributes(scope: Construct, id: string, attrs: AccessEntryAttributes): IAccessEntry; /** * The name of the access entry. */ readonly accessEntryName: string; /** * The Amazon Resource Name (ARN) of the access entry. */ readonly accessEntryArn: string; private cluster; private principal; private accessPolicies; constructor(scope: Construct, id: string, props: AccessEntryProps); /** * Add the access policies for this entry. * @param newAccessPolicies - The new access policies to add. */ addAccessPolicies(newAccessPolicies: IAccessPolicy[]): void; }