cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
594 lines (593 loc) • 22.4 kB
TypeScript
import { AccessLevelList } from '../../shared/access-level';
import { PolicyStatement, Operator } from '../../shared';
import { aws_iam as iam } from "aws-cdk-lib";
/**
* Statement provider for service [globalaccelerator](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsglobalaccelerator.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
export declare class Globalaccelerator extends PolicyStatement {
servicePrefix: string;
/**
* Grants permission to add a virtual private cloud (VPC) subnet endpoint to a custom routing accelerator endpoint group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_AddCustomRoutingEndpoints.html
*/
toAddCustomRoutingEndpoints(): this;
/**
* Grants permission to add an endpoint to a standard accelerator endpoint group
*
* Access Level: Write
*
* Dependent actions:
* - globalaccelerator:UpdateEndpointGroup
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_AddEndpoints.html
*/
toAddEndpoints(): this;
/**
* Grants permission to advertises an IPv4 address range that is provisioned for use with your accelerator through bring your own IP addresses (BYOIP)
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_AdvertiseByoipCidr.html
*/
toAdvertiseByoipCidr(): this;
/**
* Grants permission to allows custom routing of user traffic to a private destination IP:PORT in a specific VPC subnet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_AllowCustomRoutingTraffic.html
*/
toAllowCustomRoutingTraffic(): this;
/**
* Grants permission to create a standard accelerator
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_CreateAccelerator.html
*/
toCreateAccelerator(): this;
/**
* Grants permission to create a CrossAccountAttachment
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_CreateCrossAccountAttachment.html
*/
toCreateCrossAccountAttachment(): this;
/**
* Grants permission to create a Custom Routing accelerator
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_CreateCustomRoutingAccelerator.html
*/
toCreateCustomRoutingAccelerator(): this;
/**
* Grants permission to create an endpoint group for the specified listener for a custom routing accelerator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_CreateCustomRoutingEndpointGroup.html
*/
toCreateCustomRoutingEndpointGroup(): this;
/**
* Grants permission to create a listener to process inbound connections from clients to a custom routing accelerator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_CreateCustomRoutingListener.html
*/
toCreateCustomRoutingListener(): this;
/**
* Grants permission to add an endpoint group to a standard accelerator listener
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_CreateEndpointGroup.html
*/
toCreateEndpointGroup(): this;
/**
* Grants permission to add a listener to a standard accelerator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_CreateListener.html
*/
toCreateListener(): this;
/**
* Grants permission to delete a standard accelerator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DeleteAccelerator.html
*/
toDeleteAccelerator(): this;
/**
* Grants permission to delete a CrossAccountAttachment
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DeleteCrossAccountAttachment.html
*/
toDeleteCrossAccountAttachment(): this;
/**
* Grants permission to delete a custom routing accelerator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DeleteCustomRoutingAccelerator.html
*/
toDeleteCustomRoutingAccelerator(): this;
/**
* Grants permission to delete an endpoint group from a listener for a custom routing accelerator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DeleteCustomRoutingEndpointGroup.html
*/
toDeleteCustomRoutingEndpointGroup(): this;
/**
* Grants permission to delete a listener for a custom routing accelerator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DeleteCustomRoutingListener.html
*/
toDeleteCustomRoutingListener(): this;
/**
* Grants permission to delete an endpoint group associated with a standard accelerator listener
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DeleteEndpointGroup.html
*/
toDeleteEndpointGroup(): this;
/**
* Grants permission to delete a listener from a standard accelerator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DeleteListener.html
*/
toDeleteListener(): this;
/**
* Grants permission to disallows custom routing of user traffic to a private destination IP:PORT in a specific VPC subnet
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DenyCustomRoutingTraffic.html
*/
toDenyCustomRoutingTraffic(): this;
/**
* Grants permission to releases the specified address range that you provisioned for use with your accelerator through bring your own IP addresses (BYOIP)
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DeprovisionByoipCidr.html
*/
toDeprovisionByoipCidr(): this;
/**
* Grants permissions to describe a standard accelerator
*
* Access Level: Read
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeAccelerator.html
*/
toDescribeAccelerator(): this;
/**
* Grants permission to describe a standard accelerator attributes
*
* Access Level: Read
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeAcceleratorAttributes.html
*/
toDescribeAcceleratorAttributes(): this;
/**
* Grants permissions to describe a CrossAccountAttachment
*
* Access Level: Read
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeCrossAccountAttachment.html
*/
toDescribeCrossAccountAttachment(): this;
/**
* Grants permission to describe a custom routing accelerator
*
* Access Level: Read
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeCustomRoutingAccelerator.html
*/
toDescribeCustomRoutingAccelerator(): this;
/**
* Grants permission to describe the attributes of a custom routing accelerator
*
* Access Level: Read
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeCustomRoutingAcceleratorAttributes.html
*/
toDescribeCustomRoutingAcceleratorAttributes(): this;
/**
* Grants permission to describe an endpoint group for a custom routing accelerator
*
* Access Level: Read
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeCustomRoutingEndpointGroup.html
*/
toDescribeCustomRoutingEndpointGroup(): this;
/**
* Grants permission to describe a listener for a custom routing accelerator
*
* Access Level: Read
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeCustomRoutingListener.html
*/
toDescribeCustomRoutingListener(): this;
/**
* Grants permission to describe a standard accelerator endpoint group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeEndpointGroup.html
*/
toDescribeEndpointGroup(): this;
/**
* Grants permission to describe a standard accelerator listener
*
* Access Level: Read
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeListener.html
*/
toDescribeListener(): this;
/**
* Grants permission to list all standard accelerators
*
* Access Level: List
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListAccelerators.html
*/
toListAccelerators(): this;
/**
* Grants permission to list the BYOIP cidrs
*
* Access Level: List
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListByoipCidrs.html
*/
toListByoipCidrs(): this;
/**
* Grants permission to list all CrossAccountAttachments
*
* Access Level: List
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListCrossAccountAttachments.html
*/
toListCrossAccountAttachments(): this;
/**
* Grants permission to list accounts with CrossAccountAttachments listing caller as a principal
*
* Access Level: List
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListCrossAccountResourceAccounts.html
*/
toListCrossAccountResourceAccounts(): this;
/**
* Grants permission to list all CrossAccountAttachment resources usable by caller
*
* Access Level: List
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListCrossAccountResources.html
*/
toListCrossAccountResources(): this;
/**
* Grants permission to list the custom routing accelerators for an AWS account
*
* Access Level: List
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListCustomRoutingAccelerators.html
*/
toListCustomRoutingAccelerators(): this;
/**
* Grants permission to list the endpoint groups that are associated with a listener for a custom routing accelerator
*
* Access Level: List
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListCustomRoutingEndpointGroups.html
*/
toListCustomRoutingEndpointGroups(): this;
/**
* Grants permission to list the listeners for a custom routing accelerator
*
* Access Level: List
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListCustomRoutingListeners.html
*/
toListCustomRoutingListeners(): this;
/**
* Grants permission to list the port mappings for a custom routing accelerator
*
* Access Level: List
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListCustomRoutingPortMappings.html
*/
toListCustomRoutingPortMappings(): this;
/**
* Grants permission to list the port mappings for a specific endpoint IP address (a destination address) in a subnet
*
* Access Level: List
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListCustomRoutingPortMappingsByDestination.html
*/
toListCustomRoutingPortMappingsByDestination(): this;
/**
* Grants permission to list all endpoint groups associated with a standard accelerator listener
*
* Access Level: List
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListEndpointGroups.html
*/
toListEndpointGroups(): this;
/**
* Grants permission to list all listeners associated with a standard accelerator
*
* Access Level: List
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListListeners.html
*/
toListListeners(): this;
/**
* Grants permission to list tags for a globalaccelerator resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListTagsForResource.html
*/
toListTagsForResource(): this;
/**
* Grants permission to provisions an address range for use with your accelerator through bring your own IP addresses (BYOIP)
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_ProvisionByoipCidr.html
*/
toProvisionByoipCidr(): this;
/**
* Grants permission to remove virtual private cloud (VPC) subnet endpoints from a custom routing accelerator endpoint group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_RemoveCustomRoutingEndpoints.html
*/
toRemoveCustomRoutingEndpoints(): this;
/**
* Grants permission to remove an endpoint from a standard accelerator endpoint group
*
* Access Level: Write
*
* Dependent actions:
* - globalaccelerator:UpdateEndpointGroup
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_RemoveEndpoints.html
*/
toRemoveEndpoints(): this;
/**
* Grants permission to add tags to a globalaccelerator resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_TagResource.html
*/
toTagResource(): this;
/**
* Grants permission to remove tags from a globalaccelerator resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_UntagResource.html
*/
toUntagResource(): this;
/**
* Grants permission to update a standard accelerator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_UpdateAccelerator.html
*/
toUpdateAccelerator(): this;
/**
* Grants permission to update a standard accelerator attributes
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_UpdateAcceleratorAttributes.html
*/
toUpdateAcceleratorAttributes(): this;
/**
* Grants permission to update a CrossAccountAttachment
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_UpdateCrossAccountAttachment.html
*/
toUpdateCrossAccountAttachment(): this;
/**
* Grants permission to update a custom routing accelerator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_UpdateCustomRoutingAccelerator.html
*/
toUpdateCustomRoutingAccelerator(): this;
/**
* Grants permission to update the attributes for a custom routing accelerator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_UpdateCustomRoutingAcceleratorAttributes.html
*/
toUpdateCustomRoutingAcceleratorAttributes(): this;
/**
* Grants permission to update a listener for a custom routing accelerator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_UpdateCustomRoutingListener.html
*/
toUpdateCustomRoutingListener(): this;
/**
* Grants permission to update an endpoint group on a standard accelerator listener
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_UpdateEndpointGroup.html
*/
toUpdateEndpointGroup(): this;
/**
* Grants permission to update a listener on a standard accelerator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_UpdateListener.html
*/
toUpdateListener(): this;
/**
* Grants permission to stops advertising a BYOIP IPv4 address
*
* Access Level: Write
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_WithdrawByoipCidr.html
*/
toWithdrawByoipCidr(): this;
protected accessLevelList: AccessLevelList;
/**
* Adds a resource of type accelerator to the statement
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_Accelerator.html
*
* @param resourceId - Identifier for the resourceId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onAccelerator(resourceId: string, account?: string, partition?: string): this;
/**
* Adds a resource of type listener to the statement
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_Listener.html
*
* @param resourceId - Identifier for the resourceId.
* @param listenerId - Identifier for the listenerId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onListener(resourceId: string, listenerId: string, account?: string, partition?: string): this;
/**
* Adds a resource of type endpointgroup to the statement
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_EndpointGroup.html
*
* @param resourceId - Identifier for the resourceId.
* @param listenerId - Identifier for the listenerId.
* @param endpointGroupId - Identifier for the endpointGroupId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onEndpointgroup(resourceId: string, listenerId: string, endpointGroupId: string, account?: string, partition?: string): this;
/**
* Adds a resource of type attachment to the statement
*
* https://docs.aws.amazon.com/global-accelerator/latest/api/API_CrossAccountAttachment.html
*
* @param resourceId - Identifier for the resourceId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onAttachment(resourceId: string, account?: string, partition?: string): this;
/**
* Filters access by the presence of tag key-value pairs in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateAccelerator()
* - .toCreateCrossAccountAttachment()
* - .toCreateCustomRoutingAccelerator()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by tag key-value pairs attached to the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to resource types:
* - accelerator
* - listener
* - endpointgroup
* - attachment
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the presence of tag keys in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateAccelerator()
* - .toCreateCrossAccountAttachment()
* - .toCreateCustomRoutingAccelerator()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value: string | string[], operator?: Operator | string): this;
/**
* Statement provider for service [globalaccelerator](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsglobalaccelerator.html).
*
*/
constructor(props?: iam.PolicyStatementProps);
}