aws-cdk-lib
Version:
Version 2 of the AWS Cloud Development Kit library
62 lines (61 loc) • 1.96 kB
TypeScript
import { ITableRef } from './dynamodb.generated';
import * as iam from '../../aws-iam';
import * as kms from '../../aws-kms';
/**
* Construction properties for StreamGrants
*/
export interface StreamGrantsProps {
/**
* The table this stream is for
*/
readonly table: ITableRef;
/**
* The ARN of the Stream
*/
readonly tableStreamArn: string;
/**
* The encryption key of the table
*
* Required permissions will be added to the key as well.
*
* @default - No key
*/
readonly encryptionKey?: kms.IKey;
}
/**
* A set of permissions to grant on a Table Stream
*/
export declare class StreamGrants {
private readonly table;
private readonly tableStreamArn;
private readonly encryptionKey?;
constructor(props: StreamGrantsProps);
/**
* Adds an IAM policy statement associated with this table's stream to an
* IAM principal's policy.
*
* If `encryptionKey` is present, appropriate grants to the key needs to be added
* separately using the `table.encryptionKey.grant*` methods.
*
* @param grantee The principal (no-op if undefined)
* @param actions The set of actions to allow (i.e. "dynamodb:DescribeStream", "dynamodb:GetRecords", ...)
*/
actions(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
/**
* Permits an IAM Principal to list streams attached to current dynamodb table.
*
* @param grantee The principal (no-op if undefined)
*/
list(grantee: iam.IGrantable): iam.Grant;
/**
* Permits an IAM principal all stream data read operations for this
* table's stream:
* DescribeStream, GetRecords, GetShardIterator, ListStreams.
*
* Appropriate grants will also be added to the customer-managed KMS key
* if one was configured.
*
* @param grantee The principal to grant access to
*/
read(grantee: iam.IGrantable): iam.Grant;
}