cdk-iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [ce](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscostexplorerservice.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Ce extends PolicyStatement { servicePrefix: string; /** * Grants permission to create a new Anomaly Monitor * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_CreateAnomalyMonitor.html */ toCreateAnomalyMonitor(): this; /** * Grants permission to create a new Anomaly Subscription * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_CreateAnomalySubscription.html */ toCreateAnomalySubscription(): this; /** * Grants permission to create a new Cost Category with the requested name and rules * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_CreateCostCategoryDefinition.html */ toCreateCostCategoryDefinition(): this; /** * Grants permission to create Reservation expiration alerts * * Access Level: Write * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html */ toCreateNotificationSubscription(): this; /** * Grants permission to create Cost Explorer Reports * * Access Level: Write * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html */ toCreateReport(): this; /** * Grants permission to delete an Anomaly Monitor * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_DeleteAnomalyMonitor.html */ toDeleteAnomalyMonitor(): this; /** * Grants permission to delete an Anomaly Subscription * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_DeleteAnomalySubscription.html */ toDeleteAnomalySubscription(): this; /** * Grants permission to delete a Cost Category * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_DeleteCostCategoryDefinition.html */ toDeleteCostCategoryDefinition(): this; /** * Grants permission to delete Reservation expiration alerts * * Access Level: Write * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html */ toDeleteNotificationSubscription(): this; /** * Grants permission to delete Cost Explorer Reports * * Access Level: Write * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html */ toDeleteReport(): this; /** * Grants permission to retrieve descriptions such as the name, ARN, rules, definition, and effective dates of a Cost Category * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_DescribeCostCategoryDefinition.html */ toDescribeCostCategoryDefinition(): this; /** * Grants permission to view Reservation expiration alerts * * Access Level: Read * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html */ toDescribeNotificationSubscription(): this; /** * Grants permission to view Cost Explorer Reports page * * Access Level: Read * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html */ toDescribeReport(): this; /** * Grants permission to retrieve anomalies * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetAnomalies.html */ toGetAnomalies(): this; /** * Grants permission to query Anomaly Monitors * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetAnomalyMonitors.html */ toGetAnomalyMonitors(): this; /** * Grants permission to query Anomaly Subscriptions * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetAnomalySubscriptions.html */ toGetAnomalySubscriptions(): this; /** * Grants permission to retrieve approximate usage record count for the chosen resource, level, and hourly granularity preferences, derived from the past month's usage * * Access Level: Read * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html */ toGetApproximateUsageRecords(): this; /** * Grants permission to retrieve the commitment purchase analysis for your account * * Access Level: Read * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetCommitmentPurchaseAnalysis.html */ toGetCommitmentPurchaseAnalysis(): this; /** * Grants permission to view whether existing or fine-grained IAM actions are being used to control authorization to Billing, Cost Management, and Account consoles * * Access Level: Read * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html */ toGetConsoleActionSetEnforced(): this; /** * Grants permission to retrieve the cost and usage metrics for your account * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetCostAndUsage.html */ toGetCostAndUsage(): this; /** * Grants permission to retrieve the cost and usage metrics with resources for your account * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetCostAndUsageWithResources.html */ toGetCostAndUsageWithResources(): this; /** * Grants permission to query Cost Catagory names and values for a specified time period * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetCostCategories.html */ toGetCostCategories(): this; /** * Grants permission to retrieve a cost forecast for a forecast time period * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetCostForecast.html */ toGetCostForecast(): this; /** * Grants permission to retrieve all available filter values for a filter for a period of time * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetDimensionValues.html */ toGetDimensionValues(): this; /** * Grants permission to view Cost Explorer Preferences page * * Access Level: Read * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html */ toGetPreferences(): this; /** * Grants permission to retrieve the reservation coverage for your account * * Access Level: Read * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetReservationCoverage.html */ toGetReservationCoverage(): this; /** * Grants permission to retrieve the reservation recommendations for your account * * Access Level: Read * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetReservationPurchaseRecommendation.html */ toGetReservationPurchaseRecommendation(): this; /** * Grants permission to retrieve the reservation utilization for your account * * Access Level: Read * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetReservationUtilization.html */ toGetReservationUtilization(): this; /** * Grants permission to retrieve the rightsizing recommendations for your account * * Access Level: Read * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetRightsizingRecommendation.html */ toGetRightsizingRecommendation(): this; /** * Grants permission to retrieve the Savings Plan recommendation details for your account * * Access Level: Read * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetSavingsPlanPurchaseRecommendationDetails.html */ toGetSavingsPlanPurchaseRecommendationDetails(): this; /** * Grants permission to retrieve the Savings Plans coverage for your account * * Access Level: Read * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetSavingsPlansCoverage.html */ toGetSavingsPlansCoverage(): this; /** * Grants permission to retrieve the Savings Plans recommendations for your account * * Access Level: Read * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetSavingsPlansPurchaseRecommendation.html */ toGetSavingsPlansPurchaseRecommendation(): this; /** * Grants permission to retrieve the Savings Plans utilization for your account * * Access Level: Read * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetSavingsPlansUtilization.html */ toGetSavingsPlansUtilization(): this; /** * Grants permission to retrieve the Savings Plans utilization details for your account * * Access Level: Read * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetSavingsPlansUtilizationDetails.html */ toGetSavingsPlansUtilizationDetails(): this; /** * Grants permission to query tags for a specified time period * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetTags.html */ toGetTags(): this; /** * Grants permission to retrieve a usage forecast for a forecast time period * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetUsageForecast.html */ toGetUsageForecast(): this; /** * Grants permission to retrieve a list of your historical commitment purchase analyses * * Access Level: List * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_ListCommitmentPurchaseAnalyses.html */ toListCommitmentPurchaseAnalyses(): this; /** * Grants permission to list Cost Allocation Tag backfill history * * Access Level: List * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_ListCostAllocationTagBackfillHistory.html */ toListCostAllocationTagBackfillHistory(): this; /** * Grants permission to list Cost Allocation Tags * * Access Level: List * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_ListCostAllocationTags.html */ toListCostAllocationTags(): this; /** * Grants permission to retrieve names, ARN, and effective dates for all Cost Categories * * Access Level: List * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_ListCostCategoryDefinitions.html */ toListCostCategoryDefinitions(): this; /** * Grants permission to retrieve a list of your historical recommendation generations * * Access Level: List * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_ListSavingsPlansPurchaseRecommendationGeneration.html */ toListSavingsPlansPurchaseRecommendationGeneration(): this; /** * Grants permission to list tags for a Cost Explorer resource * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to provide feedback on detected anomalies * * Access Level: Write * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_ProvideAnomalyFeedback.html */ toProvideAnomalyFeedback(): this; /** * Grants permission to request a commitment purchase analysis * * Access Level: Write * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_StartCommitmentPurchaseAnalysis.html */ toStartCommitmentPurchaseAnalysis(): this; /** * Grants permission to request a Cost Allocation Tag backfill * * Access Level: Write * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_StartCostAllocationTagBackfill.html */ toStartCostAllocationTagBackfill(): this; /** * Grants permission to request a Savings Plans recommendation generation * * Access Level: Write * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_StartSavingsPlansPurchaseRecommendationGeneration.html */ toStartSavingsPlansPurchaseRecommendationGeneration(): this; /** * Grants permission to tag a Cost Explorer resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to remove tags from a Cost Explorer resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update an existing Anomaly Monitor * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_UpdateAnomalyMonitor.html */ toUpdateAnomalyMonitor(): this; /** * Grants permission to update an existing Anomaly Subscription * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_UpdateAnomalySubscription.html */ toUpdateAnomalySubscription(): this; /** * Grants permission to change whether existing or fine-grained IAM actions will be used to control authorization to Billing, Cost Management, and Account consoles * * Access Level: Write * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html */ toUpdateConsoleActionSetEnforced(): this; /** * Grants permission to update existing Cost Allocation Tags status * * Access Level: Write * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_UpdateCostAllocationTagsStatus.html */ toUpdateCostAllocationTagsStatus(): this; /** * Grants permission to update an existing Cost Category * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_UpdateCostCategoryDefinition.html */ toUpdateCostCategoryDefinition(): this; /** * Grants permission to update Reservation expiration alerts * * Access Level: Write * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html */ toUpdateNotificationSubscription(): this; /** * Grants permission to edit Cost Explorer Preferences page * * Access Level: Write * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html */ toUpdatePreferences(): this; /** * Grants permission to update Cost Explorer Reports * * Access Level: Write * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html */ toUpdateReport(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type anomalysubscription to the statement * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_AnomalySubscription.html * * @param identifier - Identifier for the identifier. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAnomalysubscription(identifier: string, account?: string, partition?: string): this; /** * Adds a resource of type anomalymonitor to the statement * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_AnomalyMonitor.html * * @param identifier - Identifier for the identifier. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAnomalymonitor(identifier: string, account?: string, partition?: string): this; /** * Adds a resource of type costcategory to the statement * * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_CostCategory.html * * @param identifier - Identifier for the identifier. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCostcategory(identifier: string, account?: string, partition?: string): this; /** * Adds a resource of type billingview to the statement * * https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/ * * @param resourceId - Identifier for the resourceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onBillingview(resourceId: string, account?: string, partition?: string): this; /** * Filters access by the tags that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateAnomalyMonitor() * - .toCreateAnomalySubscription() * - .toCreateCostCategoryDefinition() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tags associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to actions: * - .toDeleteAnomalyMonitor() * - .toDeleteAnomalySubscription() * - .toDeleteCostCategoryDefinition() * - .toDescribeCostCategoryDefinition() * - .toGetAnomalies() * - .toGetAnomalyMonitors() * - .toGetAnomalySubscriptions() * - .toGetCostAndUsage() * - .toGetCostAndUsageWithResources() * - .toGetCostCategories() * - .toGetCostForecast() * - .toGetDimensionValues() * - .toGetTags() * - .toGetUsageForecast() * - .toListTagsForResource() * - .toTagResource() * - .toUntagResource() * - .toUpdateAnomalyMonitor() * - .toUpdateAnomalySubscription() * - .toUpdateCostCategoryDefinition() * * Applies to resource types: * - anomalysubscription * - anomalymonitor * - costcategory * - billingview * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag keys that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateAnomalyMonitor() * - .toCreateAnomalySubscription() * - .toCreateCostCategoryDefinition() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [ce](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscostexplorerservice.html). * */ constructor(props?: iam.PolicyStatementProps); }