cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,693 lines • 1.77 MB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Ec2 = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [ec2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Ec2 extends shared_1.PolicyStatement {
/**
* Grants permission to accept an Elastic IP address transfer
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptAddressTransfer.html
*/
toAcceptAddressTransfer() {
return this.to('AcceptAddressTransfer');
}
/**
* Grants permission to accept assign billing of the available capacity of a shared Capacity Reservation to the calling account
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptCapacityReservationBillingOwnership.html
*/
toAcceptCapacityReservationBillingOwnership() {
return this.to('AcceptCapacityReservationBillingOwnership');
}
/**
* Grants permission to accept a Convertible Reserved Instance exchange quote
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptReservedInstancesExchangeQuote.html
*/
toAcceptReservedInstancesExchangeQuote() {
return this.to('AcceptReservedInstancesExchangeQuote');
}
/**
* Grants permission to accept a request to associate subnets with a transit gateway multicast domain
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptTransitGatewayMulticastDomainAssociations.html
*/
toAcceptTransitGatewayMulticastDomainAssociations() {
return this.to('AcceptTransitGatewayMulticastDomainAssociations');
}
/**
* Grants permission to accept a transit gateway peering attachment request
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptTransitGatewayPeeringAttachment.html
*/
toAcceptTransitGatewayPeeringAttachment() {
return this.to('AcceptTransitGatewayPeeringAttachment');
}
/**
* Grants permission to accept a request to attach a VPC to a transit gateway
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptTransitGatewayVpcAttachment.html
*/
toAcceptTransitGatewayVpcAttachment() {
return this.to('AcceptTransitGatewayVpcAttachment');
}
/**
* Grants permission to accept one or more interface VPC endpoint connections to your VPC endpoint service
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptVpcEndpointConnections.html
*/
toAcceptVpcEndpointConnections() {
return this.to('AcceptVpcEndpointConnections');
}
/**
* Grants permission to accept a VPC peering connection request
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptVpcPeeringConnection.html
*/
toAcceptVpcPeeringConnection() {
return this.to('AcceptVpcPeeringConnection');
}
/**
* Grants permission to advertise an IP address range that is provisioned for use in AWS through bring your own IP addresses (BYOIP)
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AdvertiseByoipCidr.html
*/
toAdvertiseByoipCidr() {
return this.to('AdvertiseByoipCidr');
}
/**
* Grants permission to allocate an Elastic IP address (EIP) to your account
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AllocateAddress.html
*/
toAllocateAddress() {
return this.to('AllocateAddress');
}
/**
* Grants permission to allocate a Dedicated Host to your account
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AllocateHosts.html
*/
toAllocateHosts() {
return this.to('AllocateHosts');
}
/**
* Grants permission to allocate a CIDR from an Amazon VPC IP Address Manager (IPAM) pool
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AllocateIpamPoolCidr.html
*/
toAllocateIpamPoolCidr() {
return this.to('AllocateIpamPoolCidr');
}
/**
* Grants permission to apply a security group to the association between a Client VPN endpoint and a target network
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ApplySecurityGroupsToClientVpnTargetNetwork.html
*/
toApplySecurityGroupsToClientVpnTargetNetwork() {
return this.to('ApplySecurityGroupsToClientVpnTargetNetwork');
}
/**
* Grants permission to assign one or more IPv6 addresses to a network interface
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssignIpv6Addresses.html
*/
toAssignIpv6Addresses() {
return this.to('AssignIpv6Addresses');
}
/**
* Grants permission to assign one or more secondary private IP addresses to a network interface
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssignPrivateIpAddresses.html
*/
toAssignPrivateIpAddresses() {
return this.to('AssignPrivateIpAddresses');
}
/**
* Grants permission to assign one or more secondary private IP addresses to a private NAT gateway
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssignPrivateNatGatewayAddress.html
*/
toAssignPrivateNatGatewayAddress() {
return this.to('AssignPrivateNatGatewayAddress');
}
/**
* Grants permission to associate an Elastic IP address (EIP) with an instance or a network interface
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateAddress.html
*/
toAssociateAddress() {
return this.to('AssociateAddress');
}
/**
* Grants permission to assign billing of the unused capacity of a shared Capacity Reservation to a consumer account
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateCapacityReservationBillingOwner.html
*/
toAssociateCapacityReservationBillingOwner() {
return this.to('AssociateCapacityReservationBillingOwner');
}
/**
* Grants permission to associate a target network with a Client VPN endpoint
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateClientVpnTargetNetwork.html
*/
toAssociateClientVpnTargetNetwork() {
return this.to('AssociateClientVpnTargetNetwork');
}
/**
* Grants permission to associate or disassociate a set of DHCP options with a VPC
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateDhcpOptions.html
*/
toAssociateDhcpOptions() {
return this.to('AssociateDhcpOptions');
}
/**
* Grants permission to associate an ACM certificate with an IAM role to be used in an EC2 Enclave
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateEnclaveCertificateIamRole.html
*/
toAssociateEnclaveCertificateIamRole() {
return this.to('AssociateEnclaveCertificateIamRole');
}
/**
* Grants permission to associate an IAM instance profile with a running or stopped instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
*/
toAssociateIamInstanceProfile() {
return this.to('AssociateIamInstanceProfile');
}
/**
* Grants permission to associate one or more targets with an event window
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateInstanceEventWindow.html
*/
toAssociateInstanceEventWindow() {
return this.to('AssociateInstanceEventWindow');
}
/**
* Grants permission to associate an Autonomous System Number (ASN) with a BYOIP CIDR
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIpamByoasn.html
*/
toAssociateIpamByoasn() {
return this.to('AssociateIpamByoasn');
}
/**
* Grants permission to associate an IPAM resource discovery with an Amazon VPC IPAM
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIpamResourceDiscovery.html
*/
toAssociateIpamResourceDiscovery() {
return this.to('AssociateIpamResourceDiscovery');
}
/**
* Grants permission to associate an Elastic IP address and private IP address with a public Nat gateway
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateNatGatewayAddress.html
*/
toAssociateNatGatewayAddress() {
return this.to('AssociateNatGatewayAddress');
}
/**
* Grants permission to associate a route server with a VPC
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateRouteServer.html
*/
toAssociateRouteServer() {
return this.to('AssociateRouteServer');
}
/**
* Grants permission to associate a subnet or gateway with a route table
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateRouteTable.html
*/
toAssociateRouteTable() {
return this.to('AssociateRouteTable');
}
/**
* Grants permission to associate a security group with another VPC in the same Region
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateSecurityGroupVpc.html
*/
toAssociateSecurityGroupVpc() {
return this.to('AssociateSecurityGroupVpc');
}
/**
* Grants permission to associate a CIDR block with a subnet
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateSubnetCidrBlock.html
*/
toAssociateSubnetCidrBlock() {
return this.to('AssociateSubnetCidrBlock');
}
/**
* Grants permission to associate an attachment and list of subnets with a transit gateway multicast domain
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateTransitGatewayMulticastDomain.html
*/
toAssociateTransitGatewayMulticastDomain() {
return this.to('AssociateTransitGatewayMulticastDomain');
}
/**
* Grants permission to associate a policy table with a transit gateway attachment
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateTransitGatewayPolicyTable.html
*/
toAssociateTransitGatewayPolicyTable() {
return this.to('AssociateTransitGatewayPolicyTable');
}
/**
* Grants permission to associate an attachment with a transit gateway route table
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateTransitGatewayRouteTable.html
*/
toAssociateTransitGatewayRouteTable() {
return this.to('AssociateTransitGatewayRouteTable');
}
/**
* Grants permission to associate a branch network interface with a trunk network interface
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateTrunkInterface.html
*/
toAssociateTrunkInterface() {
return this.to('AssociateTrunkInterface');
}
/**
* Grants permission to associate an AWS Web Application Firewall (WAF) web access control list (ACL) with a Verified Access instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/verified-access/latest/ug/waf-integration.html
*/
toAssociateVerifiedAccessInstanceWebAcl() {
return this.to('AssociateVerifiedAccessInstanceWebAcl');
}
/**
* Grants permission to associate a CIDR block with a VPC
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateVpcCidrBlock.html
*/
toAssociateVpcCidrBlock() {
return this.to('AssociateVpcCidrBlock');
}
/**
* Grants permission to link an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachClassicLinkVpc.html
*/
toAttachClassicLinkVpc() {
return this.to('AttachClassicLinkVpc');
}
/**
* Grants permission to attach an internet gateway to a VPC
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachInternetGateway.html
*/
toAttachInternetGateway() {
return this.to('AttachInternetGateway');
}
/**
* Grants permission to attach a network interface to an instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachNetworkInterface.html
*/
toAttachNetworkInterface() {
return this.to('AttachNetworkInterface');
}
/**
* Grants permission to attach a trust provider to a Verified Access instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachVerifiedAccessTrustProvider.html
*/
toAttachVerifiedAccessTrustProvider() {
return this.to('AttachVerifiedAccessTrustProvider');
}
/**
* Grants permission to attach an EBS volume to a running or stopped instance and expose it to the instance with the specified device name
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachVolume.html
*/
toAttachVolume() {
return this.to('AttachVolume');
}
/**
* Grants permission to attach a virtual private gateway to a VPC
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachVpnGateway.html
*/
toAttachVpnGateway() {
return this.to('AttachVpnGateway');
}
/**
* Grants permission to add an inbound authorization rule to a Client VPN endpoint
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AuthorizeClientVpnIngress.html
*/
toAuthorizeClientVpnIngress() {
return this.to('AuthorizeClientVpnIngress');
}
/**
* Grants permission to add one or more outbound rules to a VPC security group. Policies using the security-group-rule resource-level permission are only enforced when the API request includes TagSpecifications
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AuthorizeSecurityGroupEgress.html
*/
toAuthorizeSecurityGroupEgress() {
return this.to('AuthorizeSecurityGroupEgress');
}
/**
* Grants permission to add one or more inbound rules to a VPC security group. Policies using the security-group-rule resource-level permission are only enforced when the API request includes TagSpecifications
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AuthorizeSecurityGroupIngress.html
*/
toAuthorizeSecurityGroupIngress() {
return this.to('AuthorizeSecurityGroupIngress');
}
/**
* Grants permission to bundle an instance store-backed Windows instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_BundleInstance.html
*/
toBundleInstance() {
return this.to('BundleInstance');
}
/**
* Grants permission to cancel a bundling operation
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelBundleTask.html
*/
toCancelBundleTask() {
return this.to('CancelBundleTask');
}
/**
* Grants permission to cancel a Capacity Reservation and release the reserved capacity
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelCapacityReservation.html
*/
toCancelCapacityReservation() {
return this.to('CancelCapacityReservation');
}
/**
* Grants permission to cancel one or more Capacity Reservation Fleets
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CancelCapacityReservation
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelCapacityReservationFleets.html
*/
toCancelCapacityReservationFleets() {
return this.to('CancelCapacityReservationFleets');
}
/**
* Grants permission to cancel an active conversion task
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelConversionTask.html
*/
toCancelConversionTask() {
return this.to('CancelConversionTask');
}
/**
* Grants permission to cancel a declarative policies report
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelDeclarativePoliciesReport.html
*/
toCancelDeclarativePoliciesReport() {
return this.to('CancelDeclarativePoliciesReport');
}
/**
* Grants permission to cancel an active export task
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelExportTask.html
*/
toCancelExportTask() {
return this.to('CancelExportTask');
}
/**
* Grants permission to remove your AWS account from the launch permissions for the specified AMI
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelImageLaunchPermission.html
*/
toCancelImageLaunchPermission() {
return this.to('CancelImageLaunchPermission');
}
/**
* Grants permission to cancel an in-process import virtual machine or import snapshot task
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelImportTask.html
*/
toCancelImportTask() {
return this.to('CancelImportTask');
}
/**
* Grants permission to cancel a Reserved Instance listing on the Reserved Instance Marketplace
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelReservedInstancesListing.html
*/
toCancelReservedInstancesListing() {
return this.to('CancelReservedInstancesListing');
}
/**
* Grants permission to cancel one or more Spot Fleet requests
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelSpotFleetRequests.html
*/
toCancelSpotFleetRequests() {
return this.to('CancelSpotFleetRequests');
}
/**
* Grants permission to cancel one or more Spot Instance requests
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelSpotInstanceRequests.html
*/
toCancelSpotInstanceRequests() {
return this.to('CancelSpotInstanceRequests');
}
/**
* Grants permission to determine whether an owned product code is associated with an instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ConfirmProductInstance.html
*/
toConfirmProductInstance() {
return this.to('ConfirmProductInstance');
}
/**
* Grants permission to copy a source Amazon FPGA image (AFI) to the current Region. Resource-level permissions specified for this action apply to the new AFI only. They do not apply to the source AFI
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyFpgaImage.html
*/
toCopyFpgaImage() {
return this.to('CopyFpgaImage');
}
/**
* Grants permission to copy an Amazon Machine Image (AMI) from a source Region to the current Region
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html
*/
toCopyImage() {
return this.to('CopyImage');
}
/**
* Grants permission to copy a point-in-time snapshot of an EBS volume and store it in Amazon S3. Resource-level permissions specified for this action apply to both the snapshot copy and the source snapshot
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopySnapshot.html
*/
toCopySnapshot() {
return this.to('CopySnapshot');
}
/**
* Grants permission to create a Capacity Reservation
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCapacityReservation.html
*/
toCreateCapacityReservation() {
return this.to('CreateCapacityReservation');
}
/**
* Grants permission to create a new Capacity Reservation by splitting the available capacity of the source Capacity Reservation
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCapacityReservationBySplitting.html
*/
toCreateCapacityReservationBySplitting() {
return this.to('CreateCapacityReservationBySplitting');
}
/**
* Grants permission to create a Capacity Reservation Fleet
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateCapacityReservation
* - ec2:CreateTags
* - ec2:DescribeCapacityReservations
* - ec2:DescribeInstances
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCapacityReservationFleet.html
*/
toCreateCapacityReservationFleet() {
return this.to('CreateCapacityReservationFleet');
}
/**
* Grants permission to create a carrier gateway and provides CSP connectivity to VPC customers
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCarrierGateway.html
*/
toCreateCarrierGateway() {
return this.to('CreateCarrierGateway');
}
/**
* Grants permission to create a Client VPN endpoint
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateClientVpnEndpoint.html
*/
toCreateClientVpnEndpoint() {
return this.to('CreateClientVpnEndpoint');
}
/**
* Grants permission to add a network route to a Client VPN endpoint's route table
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateClientVpnRoute.html
*/
toCreateClientVpnRoute() {
return this.to('CreateClientVpnRoute');
}
/**
* Grants permission to create a range of customer-owned IP (CoIP) addresses
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCoipCidr.html
*/
toCreateCoipCidr() {
return this.to('CreateCoipCidr');
}
/**
* Grants permission to create a pool of customer-owned IP (CoIP) addresses
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCoipPool.html
*/
toCreateCoipPool() {
return this.to('CreateCoipPool');
}
/**
* Grants permission to allow a service to access a customer-owned IP (CoIP) pool
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/outposts/latest/userguide/identity-access-management.html
*/
toCreateCoipPoolPermission() {
return this.to('CreateCoipPoolPermission');
}
/**
* Grants permission to create a customer gateway, which provides information to AWS about your customer gateway device
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCustomerGateway.html
*/
toCreateCustomerGateway() {
return this.to('CreateCustomerGateway');
}
/**
* Grants permission to create a default subnet in a specified Availability Zone in a default VPC
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateDefaultSubnet.html
*/
toCreateDefaultSubnet() {
return this.to('CreateDefaultSubnet');
}
/**
* Grants permission to create a default VPC with a default subnet in each Availability Zone
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateDefaultVpc.html
*/
toCreateDefaultVpc() {
return this.to('CreateDefaultVpc');
}
/**
* Grants permission to create a set of DHCP options for a VPC
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateDhcpOptions.html
*/
toCreateDhcpOptions() {
return this.to('CreateDhcpOptions');
}
/**
* Grants permission to create an egress-only internet gateway for a VPC
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateEgressOnlyInternetGateway.html
*/
toCreateEgressOnlyInternetGateway() {
return this.to('CreateEgressOnlyInternetGateway');
}
/**
* Grants permission to launch an EC2 Fleet. Resource-level permissions for this action do not include the resources specified in a launch template. To specify resource-level permissions for resources specified in a launch template, you must include the resources in the RunInstances action statement
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet.html
*/
toCreateFleet() {
return this.to('CreateFleet');
}
/**
* Grants permission to create one or more flow logs to capture IP traffic for a network interface
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
* - ecs:ListClusters
* - ecs:ListContainerInstances
* - ecs:ListServices
* - ecs:ListTaskDefinitions
* - ecs:ListTasks
* - iam:PassRole
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFlowLogs.html
*/
toCreateFlowLogs() {
return this.to('CreateFlowLogs');
}
/**
* Grants permission to create an Amazon FPGA Image (AFI) from a design checkpoint (DCP)
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFpgaImage.html
*/
toCreateFpgaImage() {
return this.to('CreateFpgaImage');
}
/**
* Grants permission to create an Amazon EBS-backed AMI from a stopped or running Amazon EBS-backed instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html
*/
toCreateImage() {
return this.to('CreateImage');
}
/**
* Grants permission to create an EC2 Instance Connect Endpoint that allows you to connect to an instance without a public IPv4 address
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInstanceConnectEndpoint.html
*/
toCreateInstanceConnectEndpoint() {
return this.to('CreateInstanceConnectEndpoint');
}
/**
* Grants permission to create an event window in which scheduled events for the associated Amazon EC2 instances can run
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInstanceEventWindow.html
*/
toCreateInstanceEventWindow() {
return this.to('CreateInstanceEventWindow');
}
/**
* Grants permission to export a running or stopped instance to an Amazon S3 bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInstanceExportTask.html
*/
toCreateInstanceExportTask() {
return this.to('CreateInstanceExportTask');
}
/**
* Grants permission to create an internet gateway for a VPC
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInternetGateway.html
*/
toCreateInternetGateway() {
return this.to('CreateInternetGateway');
}
/**
* Grants permission to create an Amazon VPC IP Address Manager (IPAM)
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
* - iam:CreateServiceLinkedRole
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpam.html
*/
toCreateIpam() {
return this.to('CreateIpam');
}
/**
* Grants permission to create a verification token, which proves ownership of an external resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpamExternalResourceVerificationToken.html
*/
toCreateIpamExternalResourceVerificationToken() {
return this.to('CreateIpamExternalResourceVerificationToken');
}
/**
* Grants permission to create an IP address pool for Amazon VPC IP Address Manager (IPAM), which is a collection of contiguous IP address CIDRs
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpamPool.html
*/
toCreateIpamPool() {
return this.to('CreateIpamPool');
}
/**
* Grants permission to create an IPAM resource discovery
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
* - iam:CreateServiceLinkedRole
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpamResourceDiscovery.html
*/
toCreateIpamResourceDiscovery() {
return this.to('CreateIpamResourceDiscovery');
}
/**
* Grants permission to create an Amazon VPC IP Address Manager (IPAM) scope, which is the highest-level container within IPAM
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpamScope.html
*/
toCreateIpamScope() {
return this.to('CreateIpamScope');
}
/**
* Grants permission to create a 2048-bit RSA key pair
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html
*/
toCreateKeyPair() {
return this.to('CreateKeyPair');
}
/**
* Grants permission to create a launch template
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
* - ssm:GetParameters
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html
*/
toCreateLaunchTemplate() {
return this.to('CreateLaunchTemplate');
}
/**
* Grants permission to create a new version of a launch template
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ssm:GetParameters
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplateVersion.html
*/
toCreateLaunchTemplateVersion() {
return this.to('CreateLaunchTemplateVersion');
}
/**
* Grants permission to create a static route for a local gateway route table
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayRoute.html
*/
toCreateLocalGatewayRoute() {
return this.to('CreateLocalGatewayRoute');
}
/**
* Grants permission to create a local gateway route table
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayRouteTable.html
*/
toCreateLocalGatewayRouteTable() {
return this.to('CreateLocalGatewayRouteTable');
}
/**
* Grants permission to allow a service to access a local gateway route table
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/outposts/latest/userguide/identity-access-management.html
*/
toCreateLocalGatewayRouteTablePermission() {
return this.to('CreateLocalGatewayRouteTablePermission');
}
/**
* Grants permission to create a local gateway route table virtual interface group association
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation.html
*/
toCreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation() {
return this.to('CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation');
}
/**
* Grants permission to associate a VPC with a local gateway route table
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayRouteTableVpcAssociation.html
*/
toCreateLocalGatewayRouteTableVpcAssociation() {
return this.to('CreateLocalGatewayRouteTableVpcAssociation');
}
/**
* Grants permission to create a local gateway virtual interface
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayVirtualInterface.html
*/
toCreateLocalGatewayVirtualInterface() {
return this.to('CreateLocalGatewayVirtualInterface');
}
/**
* Grants permission to create a local gateway virtual interface group
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayVirtualInterfaceGroup.html
*/
toCreateLocalGatewayVirtualInterfaceGroup() {
return this.to('CreateLocalGatewayVirtualInterfaceGroup');
}
/**
* Grants permission to create a managed prefix list
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateManagedPrefixList.html
*/
toCreateManagedPrefixList() {
return this.to('CreateManagedPrefixList');
}
/**
* Grants permission to create a NAT gateway in a subnet
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNatGateway.html
*/
toCreateNatGateway() {
return this.to('CreateNatGateway');
}
/**
* Grants permission to create a network ACL in a VPC
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkAcl.html
*/
toCreateNetworkAcl() {
return this.to('CreateNetworkAcl');
}
/**
* Grants permission to create a numbered entry (a rule) in a network ACL
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkAclEntry.html
*/
toCreateNetworkAclEntry() {
return this.to('CreateNetworkAclEntry');
}
/**
* Grants permission to create a Network Access Scope
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInsightsAccessScope.html
*/
toCreateNetworkInsightsAccessScope() {
return this.to('CreateNetworkInsightsAccessScope');
}
/**
* Grants permission to create a path to analyze for reachability
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInsightsPath.html
*/
toCreateNetworkInsightsPath() {
return this.to('CreateNetworkInsightsPath');
}
/**
* Grants permission to create a network interface in a subnet
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html
*/
toCreateNetworkInterface() {
return this.to('CreateNetworkInterface');
}
/**
* Grants permission to create a permission for an AWS-authorized user to perform certain operations on a network interface
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterfacePermission.html
*/
toCreateNetworkInterfacePermission() {
return this.to('CreateNetworkInterfacePermission');
}
/**
* Grants permission to create a placement group
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreatePlacementGroup.html
*/
toCreatePlacementGroup() {
return this.to('CreatePlacementGroup');
}
/**
* Grants permission to create a public IPv4 address pool for public IPv4 CIDRs that you own and bring to Amazon to manage with Amazon VPC IP Address Manager (IPAM)
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreatePublicIpv4Pool.html
*/
toCreatePublicIpv4Pool() {
return this.to('CreatePublicIpv4Pool');
}
/**
* Grants permission to create a root volume replacement task
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateReplaceRootVolumeTask.html
*/
toCreateReplaceRootVolumeTask() {
return this.to('CreateReplaceRootVolumeTask');
}
/**
* Grants permission to create a listing for Standard Reserved Instances to be sold in the Reserved Instance Marketplace
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateReservedInstancesListing.html
*/
toCreateReservedInstancesListing() {
return this.to('CreateReservedInstancesListing');
}
/**
* Grants permission to start a task that restores an AMI from an S3 object previously created by using CreateStoreImageTask
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRestoreImageTask.html
*/
toCreateRestoreImageTask() {
return this.to('CreateRestoreImageTask');
}
/**
* Grants permission to create a route in a VPC route table
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRoute.html
*/
toCreateRoute() {
return this.to('CreateRoute');
}
/**
* Grants permission to create a route server
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTags
* - sns:CreateTopic
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRouteServer.html
*/
toCreateRouteServer() {
return this.to('CreateRouteServer');
}
/**
* Grants permission to create a route server endpoint
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:AuthorizeSecurityGroupIngress
* - ec2:CreateNetworkInterface
* - ec2:CreateNetworkInterfacePermission
* - ec2:CreateSecurityGroup
* - ec2:CreateTags
* - ec2:DescribeSecurityGroups
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRouteServerEndpoint.html
*/
toCreateRouteServerEndpoint() {
return this.to('CreateRouteServerEndpoint');
}
/**
* Grants permission to create a route server peer
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:AuthorizeSecurityGroupIngress
* - ec2:CreateTags
*
* https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRouteServerPeer.html
*/
toCreateRouteServerPeer() {
return this.to('CreateRouteServerPeer');
}
/**
* Grants permission to create a route table for a VPC
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegion()
*
* Dependent actions:
* - ec2:CreateTag