UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

76 lines (75 loc) 2.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
import type { IGrantable } from '../../aws-iam'; import * as iam from '../../aws-iam'; import type { IKeyRef } from '../../interfaces/generated/aws-kms-interfaces.generated'; /** * Collection of grant methods for an IKey */ export declare class KeyGrants { /** * Creates grants for an IKeyRef */ static fromKey(resource: IKeyRef, trustAccountIdentities?: boolean): KeyGrants; protected readonly resource: IKeyRef; private readonly trustAccountIdentities?; private readonly policyResource?; private constructor(); /** * Grant the indicated permissions on this key to the given principal * * This modifies both the principal's policy as well as the resource policy, * since the default CloudFormation setup for KMS keys is that the policy * must not be empty and so default grants won't work. * */ actions(grantee: iam.IGrantable, ...actions: string[]): iam.Grant; /** * Grant admins permissions using this key to the given principal * * Key administrators have permissions to manage the key (e.g., change permissions, revoke), but do not have permissions * to use the key in cryptographic operations (e.g., encrypt, decrypt). */ admin(grantee: IGrantable): iam.Grant; /** * Grant decryption permissions using this key to the given principal * */ decrypt(grantee: IGrantable): iam.Grant; /** * Grant encryption permissions using this key to the given principal * */ encrypt(grantee: IGrantable): iam.Grant; /** * Grant encryption and decryption permissions using this key to the given principal * */ encryptDecrypt(grantee: IGrantable): iam.Grant; /** * Grant sign permissions using this key to the given principal * */ sign(grantee: IGrantable): iam.Grant; /** * Grant verify permissions using this key to the given principal * */ verify(grantee: IGrantable): iam.Grant; /** * Grant sign and verify permissions using this key to the given principal * */ signVerify(grantee: IGrantable): iam.Grant; /** * Grant permissions to generating MACs to the given principal * */ generateMac(grantee: IGrantable): iam.Grant; /** * Grant permissions to verifying MACs to the given principal * */ verifyMac(grantee: IGrantable): iam.Grant; private granteeStackDependsOnKeyStack; private isGranteeFromAnotherRegion; private isGranteeFromAnotherAccount; }