cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
483 lines (482 loc) • 17.3 kB
TypeScript
import { AccessLevelList } from '../../shared/access-level';
import { PolicyStatement, Operator } from '../../shared';
import { aws_iam as iam } from "aws-cdk-lib";
/**
* Statement provider for service [evidently](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatchevidently.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
export declare class Evidently extends PolicyStatement {
servicePrefix: string;
/**
* Grants permission to send a batched evaluate feature request
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_BatchEvaluateFeature.html
*/
toBatchEvaluateFeature(): this;
/**
* Grants permission to create an experiment
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_CreateExperiment.html
*/
toCreateExperiment(): this;
/**
* Grants permission to create a feature
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_CreateFeature.html
*/
toCreateFeature(): this;
/**
* Grants permission to create a launch
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_CreateLaunch.html
*/
toCreateLaunch(): this;
/**
* Grants permission to create a project
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
* - iam:GetRole
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_CreateProject.html
*/
toCreateProject(): this;
/**
* Grants permission to create a segment
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_CreateSegment.html
*/
toCreateSegment(): this;
/**
* Grants permission to delete an experiment
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_DeleteExperiment.html
*/
toDeleteExperiment(): this;
/**
* Grants permission to delete a feature
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_DeleteFeature.html
*/
toDeleteFeature(): this;
/**
* Grants permission to delete a launch
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_DeleteLaunch.html
*/
toDeleteLaunch(): this;
/**
* Grants permission to delete a project
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_DeleteProject.html
*/
toDeleteProject(): this;
/**
* Grants permission to delete a segment
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_DeleteSegment.html
*/
toDeleteSegment(): this;
/**
* Grants permission to send an evaluate feature request
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_EvaluateFeature.html
*/
toEvaluateFeature(): this;
/**
* Grants permission to get experiment details
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_GetExperiment.html
*/
toGetExperiment(): this;
/**
* Grants permission to get experiment result
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_GetExperimentResults.html
*/
toGetExperimentResults(): this;
/**
* Grants permission to get feature details
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_GetFeature.html
*/
toGetFeature(): this;
/**
* Grants permission to get launch details
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_GetLaunch.html
*/
toGetLaunch(): this;
/**
* Grants permission to get project details
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_GetProject.html
*/
toGetProject(): this;
/**
* Grants permission to get segment details
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_GetSegment.html
*/
toGetSegment(): this;
/**
* Grants permission to list experiments
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_ListExperiments.html
*/
toListExperiments(): this;
/**
* Grants permission to list features
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_ListFeatures.html
*/
toListFeatures(): this;
/**
* Grants permission to list launches
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_ListLaunches.html
*/
toListLaunches(): this;
/**
* Grants permission to list projects
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_ListProjects.html
*/
toListProjects(): this;
/**
* Grants permission to list resources referencing a segment
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_ListSegmentReferences.html
*/
toListSegmentReferences(): this;
/**
* Grants permission to list segments
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_ListSegments.html
*/
toListSegments(): this;
/**
* Grants permission to list tags for resources
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource(): this;
/**
* Grants permission to send performance events
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_PutProjectEvents.html
*/
toPutProjectEvents(): this;
/**
* Grants permission to start an experiment
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_StartExperiment.html
*/
toStartExperiment(): this;
/**
* Grants permission to start a launch
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_StartLaunch.html
*/
toStartLaunch(): this;
/**
* Grants permission to stop an experiment
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_StopExperiment.html
*/
toStopExperiment(): this;
/**
* Grants permission to stop a launch
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_StopLaunch.html
*/
toStopLaunch(): this;
/**
* Grants permission to tag resources
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_TagResource.html
*/
toTagResource(): this;
/**
* Grants permission to test a segment pattern
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_TestSegmentPattern.html
*/
toTestSegmentPattern(): this;
/**
* Grants permission to untag resources
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_UntagResource.html
*/
toUntagResource(): this;
/**
* Grants permission to update experiment
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_UpdateExperiment.html
*/
toUpdateExperiment(): this;
/**
* Grants permission to update feature
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_UpdateFeature.html
*/
toUpdateFeature(): this;
/**
* Grants permission to update a launch
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_UpdateLaunch.html
*/
toUpdateLaunch(): this;
/**
* Grants permission to update project
*
* Access Level: Write
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
* - iam:GetRole
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_UpdateProject.html
*/
toUpdateProject(): this;
/**
* Grants permission to update project data delivery
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_UpdateProjectDataDelivery.html
*/
toUpdateProjectDataDelivery(): this;
protected accessLevelList: AccessLevelList;
/**
* Adds a resource of type Project to the statement
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_Project.html
*
* @param projectName - Identifier for the projectName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onProject(projectName: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Feature to the statement
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_Feature.html
*
* @param projectName - Identifier for the projectName.
* @param featureName - Identifier for the featureName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onFeature(projectName: string, featureName: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Experiment to the statement
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_Experiment.html
*
* @param projectName - Identifier for the projectName.
* @param experimentName - Identifier for the experimentName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onExperiment(projectName: string, experimentName: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Launch to the statement
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_Launch.html
*
* @param projectName - Identifier for the projectName.
* @param launchName - Identifier for the launchName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onLaunch(projectName: string, launchName: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Segment to the statement
*
* https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_Segment.html
*
* @param segmentName - Identifier for the segmentName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onSegment(segmentName: string, account?: string, region?: string, partition?: string): this;
/**
* Filters access by the tags that are passed the request on behalf of the IAM principal
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateExperiment()
* - .toCreateFeature()
* - .toCreateLaunch()
* - .toCreateProject()
* - .toCreateSegment()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the tags associated with the resource that make the request on behalf of the IAM principal
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
*
* Applies to resource types:
* - Project
* - Feature
* - Experiment
* - Launch
* - Segment
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the tag keys that are passed in the request on behalf of the IAM principal
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateExperiment()
* - .toCreateFeature()
* - .toCreateLaunch()
* - .toCreateProject()
* - .toCreateSegment()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value: string | string[], operator?: Operator | string): this;
/**
* Statement provider for service [evidently](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatchevidently.html).
*
*/
constructor(props?: iam.PolicyStatementProps);
}