cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,452 lines (1,451 loc) • 164 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Sso = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [sso](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiamidentitycenter.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Sso extends shared_1.PolicyStatement {
/**
* Grants permission to connect a directory to be used by AWS IAM Identity Center
*
* Access Level: Write
*
* Dependent actions:
* - ds:AuthorizeApplication
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toAssociateDirectory() {
return this.to('AssociateDirectory');
}
/**
* Grants permission to create an association between a directory user or group and a profile
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toAssociateProfile() {
return this.to('AssociateProfile');
}
/**
* Grants permission to attach a customer managed policy reference to a permission set
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachCustomerManagedPolicyReferenceToPermissionSet.html
*/
toAttachCustomerManagedPolicyReferenceToPermissionSet() {
return this.to('AttachCustomerManagedPolicyReferenceToPermissionSet');
}
/**
* Grants permission to attach an AWS managed policy to a permission set
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachManagedPolicyToPermissionSet.html
*/
toAttachManagedPolicyToPermissionSet() {
return this.to('AttachManagedPolicyToPermissionSet');
}
/**
* Grants permission to assign access to a Principal for a specified AWS account using a specified permission set
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateAccountAssignment.html
*/
toCreateAccountAssignment() {
return this.to('CreateAccountAssignment');
}
/**
* Grants permission to create an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplication.html
*/
toCreateApplication() {
return this.to('CreateApplication');
}
/**
* Grants permission to create an application assignment
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplicationAssignment.html
*/
toCreateApplicationAssignment() {
return this.to('CreateApplicationAssignment');
}
/**
* Grants permission to add an application instance to AWS IAM Identity Center
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toCreateApplicationInstance() {
return this.to('CreateApplicationInstance');
}
/**
* Grants permission to add a new certificate for an application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toCreateApplicationInstanceCertificate() {
return this.to('CreateApplicationInstanceCertificate');
}
/**
* Grants permission to create an identity center instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
* - organizations:DescribeOrganization
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateInstance.html
*/
toCreateInstance() {
return this.to('CreateInstance');
}
/**
* Grants permission to enable the instance for ABAC and specify the attributes
*
* Access Level: Write
*
* Dependent actions:
* - iam:AttachRolePolicy
* - iam:CreateRole
* - iam:DeleteRole
* - iam:DeleteRolePolicy
* - iam:DetachRolePolicy
* - iam:GetRole
* - iam:ListAttachedRolePolicies
* - iam:ListRolePolicies
* - iam:PutRolePolicy
* - iam:UpdateAssumeRolePolicy
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateInstanceAccessControlAttributeConfiguration.html
*/
toCreateInstanceAccessControlAttributeConfiguration() {
return this.to('CreateInstanceAccessControlAttributeConfiguration');
}
/**
* Grants permission to add a managed application instance to AWS IAM Identity Center
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toCreateManagedApplicationInstance() {
return this.to('CreateManagedApplicationInstance');
}
/**
* Grants permission to create a permission set
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreatePermissionSet.html
*/
toCreatePermissionSet() {
return this.to('CreatePermissionSet');
}
/**
* Grants permission to create a profile for an application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toCreateProfile() {
return this.to('CreateProfile');
}
/**
* Grants permission to create a federation trust in a target account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toCreateTrust() {
return this.to('CreateTrust');
}
/**
* Grants permission to create a trusted token issuer for an instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateTrustedTokenIssuer.html
*/
toCreateTrustedTokenIssuer() {
return this.to('CreateTrustedTokenIssuer');
}
/**
* Grants permission to delete a Principal's access from a specified AWS account using a specified permission set
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteAccountAssignment.html
*/
toDeleteAccountAssignment() {
return this.to('DeleteAccountAssignment');
}
/**
* Grants permission to delete an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplication.html
*/
toDeleteApplication() {
return this.to('DeleteApplication');
}
/**
* Grants permission to delete an access scope to an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAccessScope.html
*/
toDeleteApplicationAccessScope() {
return this.to('DeleteApplicationAccessScope');
}
/**
* Grants permission to delete an application assignment
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAssignment.html
*/
toDeleteApplicationAssignment() {
return this.to('DeleteApplicationAssignment');
}
/**
* Grants permission to delete an authentication method to an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAuthenticationMethod.html
*/
toDeleteApplicationAuthenticationMethod() {
return this.to('DeleteApplicationAuthenticationMethod');
}
/**
* Grants permission to delete a grant from an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationGrant.html
*/
toDeleteApplicationGrant() {
return this.to('DeleteApplicationGrant');
}
/**
* Grants permission to delete the application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDeleteApplicationInstance() {
return this.to('DeleteApplicationInstance');
}
/**
* Grants permission to delete an inactive or expired certificate from the application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDeleteApplicationInstanceCertificate() {
return this.to('DeleteApplicationInstanceCertificate');
}
/**
* Grants permission to delete the inline policy from a specified permission set
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInlinePolicyFromPermissionSet.html
*/
toDeleteInlinePolicyFromPermissionSet() {
return this.to('DeleteInlinePolicyFromPermissionSet');
}
/**
* Grants permission to delete an identity center instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInstance.html
*/
toDeleteInstance() {
return this.to('DeleteInstance');
}
/**
* Grants permission to disable ABAC and remove the attributes list for the instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInstanceAccessControlAttributeConfiguration.html
*/
toDeleteInstanceAccessControlAttributeConfiguration() {
return this.to('DeleteInstanceAccessControlAttributeConfiguration');
}
/**
* Grants permission to delete the managed application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDeleteManagedApplicationInstance() {
return this.to('DeleteManagedApplicationInstance');
}
/**
* Grants permission to delete a permission set
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeletePermissionSet.html
*/
toDeletePermissionSet() {
return this.to('DeletePermissionSet');
}
/**
* Grants permission to remove permissions boundary from a permission set
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeletePermissionsBoundaryFromPermissionSet.html
*/
toDeletePermissionsBoundaryFromPermissionSet() {
return this.to('DeletePermissionsBoundaryFromPermissionSet');
}
/**
* Grants permission to delete the permission policy associated with a permission set
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDeletePermissionsPolicy() {
return this.to('DeletePermissionsPolicy');
}
/**
* Grants permission to delete the profile for an application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDeleteProfile() {
return this.to('DeleteProfile');
}
/**
* Grants permission to delete a trusted token issuer for an instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteTrustedTokenIssuer.html
*/
toDeleteTrustedTokenIssuer() {
return this.to('DeleteTrustedTokenIssuer');
}
/**
* Grants permission to describe the status of the assignment creation request
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeAccountAssignmentCreationStatus.html
*/
toDescribeAccountAssignmentCreationStatus() {
return this.to('DescribeAccountAssignmentCreationStatus');
}
/**
* Grants permission to describe the status of an assignment deletion request
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeAccountAssignmentDeletionStatus.html
*/
toDescribeAccountAssignmentDeletionStatus() {
return this.to('DescribeAccountAssignmentDeletionStatus');
}
/**
* Grants permission to obtain information about an application
*
* Access Level: Read
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplication.html
*/
toDescribeApplication() {
return this.to('DescribeApplication');
}
/**
* Grants permission to retrieve an application assignment
*
* Access Level: Read
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplicationAssignment.html
*/
toDescribeApplicationAssignment() {
return this.to('DescribeApplicationAssignment');
}
/**
* Grants permission to describe an application provider
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplicationProvider.html
*/
toDescribeApplicationProvider() {
return this.to('DescribeApplicationProvider');
}
/**
* Grants permission to obtain information about the directories for this account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDescribeDirectories() {
return this.to('DescribeDirectories');
}
/**
* Grants permission to obtain information about an identity center instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeInstance.html
*/
toDescribeInstance() {
return this.to('DescribeInstance');
}
/**
* Grants permission to get the list of attributes used by the instance for ABAC
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeInstanceAccessControlAttributeConfiguration.html
*/
toDescribeInstanceAccessControlAttributeConfiguration() {
return this.to('DescribeInstanceAccessControlAttributeConfiguration');
}
/**
* Grants permission to describe a permission set
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribePermissionSet.html
*/
toDescribePermissionSet() {
return this.to('DescribePermissionSet');
}
/**
* Grants permission to describe the status for the given Permission Set Provisioning request
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribePermissionSetProvisioningStatus.html
*/
toDescribePermissionSetProvisioningStatus() {
return this.to('DescribePermissionSetProvisioningStatus');
}
/**
* Grants permission to retrieve all the permissions policies associated with a permission set
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDescribePermissionsPolicies() {
return this.to('DescribePermissionsPolicies');
}
/**
* Grants permission to obtain the regions where your organization has enabled AWS IAM Identity Center
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDescribeRegisteredRegions() {
return this.to('DescribeRegisteredRegions');
}
/**
* Grants permission to describe a trusted token issuer for an instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeTrustedTokenIssuer.html
*/
toDescribeTrustedTokenIssuer() {
return this.to('DescribeTrustedTokenIssuer');
}
/**
* Grants permission to obtain information about the trust relationships for this account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDescribeTrusts() {
return this.to('DescribeTrusts');
}
/**
* Grants permission to detach a customer managed policy reference from a permission set
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DetachCustomerManagedPolicyReferenceFromPermissionSet.html
*/
toDetachCustomerManagedPolicyReferenceFromPermissionSet() {
return this.to('DetachCustomerManagedPolicyReferenceFromPermissionSet');
}
/**
* Grants permission to detach the attached AWS managed policy from the specified permission set
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DetachManagedPolicyFromPermissionSet.html
*/
toDetachManagedPolicyFromPermissionSet() {
return this.to('DetachManagedPolicyFromPermissionSet');
}
/**
* Grants permission to disassociate a directory to be used by AWS IAM Identity Center
*
* Access Level: Write
*
* Dependent actions:
* - ds:UnauthorizeApplication
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDisassociateDirectory() {
return this.to('DisassociateDirectory');
}
/**
* Grants permission to disassociate a directory user or group from a profile
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDisassociateProfile() {
return this.to('DisassociateProfile');
}
/**
* Grants permission to get an access scope to an application
*
* Access Level: Read
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAccessScope.html
*/
toGetApplicationAccessScope() {
return this.to('GetApplicationAccessScope');
}
/**
* Grants permission to read assignment configurations for an application
*
* Access Level: Read
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAssignmentConfiguration.html
*/
toGetApplicationAssignmentConfiguration() {
return this.to('GetApplicationAssignmentConfiguration');
}
/**
* Grants permission to get an authentication method to an application
*
* Access Level: Read
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAuthenticationMethod.html
*/
toGetApplicationAuthenticationMethod() {
return this.to('GetApplicationAuthenticationMethod');
}
/**
* Grants permission to obtain details about a grant belonging to an application
*
* Access Level: Read
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationGrant.html
*/
toGetApplicationGrant() {
return this.to('GetApplicationGrant');
}
/**
* Grants permission to retrieve details for an application instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetApplicationInstance() {
return this.to('GetApplicationInstance');
}
/**
* Grants permission to retrieve application template details
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetApplicationTemplate() {
return this.to('GetApplicationTemplate');
}
/**
* Grants permission to obtain the inline policy assigned to the permission set
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetInlinePolicyForPermissionSet.html
*/
toGetInlinePolicyForPermissionSet() {
return this.to('GetInlinePolicyForPermissionSet');
}
/**
* Grants permission to retrieve details for an application instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetManagedApplicationInstance() {
return this.to('GetManagedApplicationInstance');
}
/**
* Grants permission to retrieve Mfa Device Management settings for the directory
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetMfaDeviceManagementForDirectory() {
return this.to('GetMfaDeviceManagementForDirectory');
}
/**
* Grants permission to retrieve details of a permission set
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetPermissionSet() {
return this.to('GetPermissionSet');
}
/**
* Grants permission to get permissions boundary for a permission set
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetPermissionsBoundaryForPermissionSet.html
*/
toGetPermissionsBoundaryForPermissionSet() {
return this.to('GetPermissionsBoundaryForPermissionSet');
}
/**
* Grants permission to retrieve all permission policies associated with a permission set
*
* Access Level: Read
*
* Dependent actions:
* - sso:DescribePermissionsPolicies
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetPermissionsPolicy() {
return this.to('GetPermissionsPolicy');
}
/**
* Grants permission to retrieve a profile for an application instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetProfile() {
return this.to('GetProfile');
}
/**
* Grants permission to check if AWS IAM Identity Center is enabled
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetSSOStatus() {
return this.to('GetSSOStatus');
}
/**
* Grants permission to retrieve shared configuration for the current SSO instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetSharedSsoConfiguration() {
return this.to('GetSharedSsoConfiguration');
}
/**
* Grants permission to retrieve configuration for the current SSO instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetSsoConfiguration() {
return this.to('GetSsoConfiguration');
}
/**
* Grants permission to retrieve the federation trust in a target account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetTrust() {
return this.to('GetTrust');
}
/**
* Grants permission to update the application instance by uploading an application SAML metadata file provided by the service provider
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toImportApplicationInstanceServiceProviderMetadata() {
return this.to('ImportApplicationInstanceServiceProviderMetadata');
}
/**
* Grants permission to list the status of the AWS account assignment creation requests for a specified SSO instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentCreationStatus.html
*/
toListAccountAssignmentCreationStatus() {
return this.to('ListAccountAssignmentCreationStatus');
}
/**
* Grants permission to list the status of the AWS account assignment deletion requests for a specified SSO instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentDeletionStatus.html
*/
toListAccountAssignmentDeletionStatus() {
return this.to('ListAccountAssignmentDeletionStatus');
}
/**
* Grants permission to list the assignee of the specified AWS account with the specified permission set
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignments.html
*/
toListAccountAssignments() {
return this.to('ListAccountAssignments');
}
/**
* Grants permission to list accounts assigned to user or group
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentsForPrincipal.html
*/
toListAccountAssignmentsForPrincipal() {
return this.to('ListAccountAssignmentsForPrincipal');
}
/**
* Grants permission to list all the AWS accounts where the specified permission set is provisioned
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountsForProvisionedPermissionSet.html
*/
toListAccountsForProvisionedPermissionSet() {
return this.to('ListAccountsForProvisionedPermissionSet');
}
/**
* Grants permission to list access scopes to an application
*
* Access Level: List
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAccessScopes.html
*/
toListApplicationAccessScopes() {
return this.to('ListApplicationAccessScopes');
}
/**
* Grants permission to list application assignments
*
* Access Level: List
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAssignments.html
*/
toListApplicationAssignments() {
return this.to('ListApplicationAssignments');
}
/**
* Grants permission to list applications assigned to user or group
*
* Access Level: List
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAssignmentsForPrincipal.html
*/
toListApplicationAssignmentsForPrincipal() {
return this.to('ListApplicationAssignmentsForPrincipal');
}
/**
* Grants permission to list authentication methods to an application
*
* Access Level: List
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAuthenticationMethods.html
*/
toListApplicationAuthenticationMethods() {
return this.to('ListApplicationAuthenticationMethods');
}
/**
* Grants permission to list grants from an application
*
* Access Level: List
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationGrants.html
*/
toListApplicationGrants() {
return this.to('ListApplicationGrants');
}
/**
* Grants permission to retrieve all of the certificates for a given application instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toListApplicationInstanceCertificates() {
return this.to('ListApplicationInstanceCertificates');
}
/**
* Grants permission to retrieve all application instances
*
* Access Level: List
*
* Dependent actions:
* - sso:GetApplicationInstance
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toListApplicationInstances() {
return this.to('ListApplicationInstances');
}
/**
* Grants permission to list application providers
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationProviders.html
*/
toListApplicationProviders() {
return this.to('ListApplicationProviders');
}
/**
* Grants permission to retrieve all supported application templates
*
* Access Level: List
*
* Dependent actions:
* - sso:GetApplicationTemplate
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toListApplicationTemplates() {
return this.to('ListApplicationTemplates');
}
/**
* Grants permission to retrieve all applications associated with the instance of IAM Identity Center
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplications.html
*/
toListApplications() {
return this.to('ListApplications');
}
/**
* Grants permission to list the customer managed policy references that are attached to a permission set
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListCustomerManagedPolicyReferencesInPermissionSet.html
*/
toListCustomerManagedPolicyReferencesInPermissionSet() {
return this.to('ListCustomerManagedPolicyReferencesInPermissionSet');
}
/**
* Grants permission to retrieve details about the directory connected to AWS IAM Identity Center
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toListDirectoryAssociations() {
return this.to('ListDirectoryAssociations');
}
/**
* Grants permission to list the SSO Instances that the caller has access to
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html
*/
toListInstances() {
return this.to('ListInstances');
}
/**
* Grants permission to list the AWS managed policies that are attached to a specified permission set
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListManagedPoliciesInPermissionSet.html
*/
toListManagedPoliciesInPermissionSet() {
return this.to('ListManagedPoliciesInPermissionSet');
}
/**
* Grants permission to list the status of the Permission Set Provisioning requests for a specified SSO instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSetProvisioningStatus.html
*/
toListPermissionSetProvisioningStatus() {
return this.to('ListPermissionSetProvisioningStatus');
}
/**
* Grants permission to retrieve all permission sets
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSets.html
*/
toListPermissionSets() {
return this.to('ListPermissionSets');
}
/**
* Grants permission to list all the permission sets that are provisioned to a specified AWS account
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSetsProvisionedToAccount.html
*/
toListPermissionSetsProvisionedToAccount() {
return this.to('ListPermissionSetsProvisionedToAccount');
}
/**
* Grants permission to retrieve the directory user or group associated with the profile
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toListProfileAssociations() {
return this.to('ListProfileAssociations');
}
/**
* Grants permission to retrieve all profiles for an application instance
*
* Access Level: List
*
* Dependent actions:
* - sso:GetProfile
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toListProfiles() {
return this.to('ListProfiles');
}
/**
* Grants permission to list the tags that are attached to a specified resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to list trusted token issuers for an instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListTrustedTokenIssuers.html
*/
toListTrustedTokenIssuers() {
return this.to('ListTrustedTokenIssuers');
}
/**
* Grants permission to provision a specified permission set to the specified target
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ProvisionPermissionSet.html
*/
toProvisionPermissionSet() {
return this.to('ProvisionPermissionSet');
}
/**
* Grants permission to create/update an access scope to an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAccessScope.html
*/
toPutApplicationAccessScope() {
return this.to('PutApplicationAccessScope');
}
/**
* Grants permission to add assignment configurations to an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAssignmentConfiguration.html
*/
toPutApplicationAssignmentConfiguration() {
return this.to('PutApplicationAssignmentConfiguration');
}
/**
* Grants permission to create/update an authentication method to an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAuthenticationMethod.html
*/
toPutApplicationAuthenticationMethod() {
return this.to('PutApplicationAuthenticationMethod');
}
/**
* Grants permission to create/update a grant to an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationGrant.html
*/
toPutApplicationGrant() {
return this.to('PutApplicationGrant');
}
/**
* Grants permission to attach an IAM inline policy to a permission set
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutInlinePolicyToPermissionSet.html
*/
toPutInlinePolicyToPermissionSet() {
return this.to('PutInlinePolicyToPermissionSet');
}
/**
* Grants permission to put Mfa Device Management settings for the directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toPutMfaDeviceManagementForDirectory() {
return this.to('PutMfaDeviceManagementForDirectory');
}
/**
* Grants permission to add permissions boundary to a permission set
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutPermissionsBoundaryToPermissionSet.html
*/
toPutPermissionsBoundaryToPermissionSet() {
return this.to('PutPermissionsBoundaryToPermissionSet');
}
/**
* Grants permission to add a policy to a permission set
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toPutPermissionsPolicy() {
return this.to('PutPermissionsPolicy');
}
/**
* Grants permission to search for groups within the associated directory
*
* Access Level: Read
*
* Dependent actions:
* - ds:DescribeDirectories
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toSearchGroups() {
return this.to('SearchGroups');
}
/**
* Grants permission to search for users within the associated directory
*
* Access Level: Read
*
* Dependent actions:
* - ds:DescribeDirectories
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toSearchUsers() {
return this.to('SearchUsers');
}
/**
* Grants permission to initialize AWS IAM Identity Center
*
* Access Level: Write
*
* Dependent actions:
* - organizations:DescribeOrganization
* - organizations:EnableAWSServiceAccess
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toStartSSO() {
return this.to('StartSSO');
}
/**
* Grants permission to associate a set of tags with a specified resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to disassociate a set of tags from a specified resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateApplication.html
*/
toUpdateApplication() {
return this.to('UpdateApplication');
}
/**
* Grants permission to set a certificate as the active one for this application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateApplicationInstanceActiveCertificate() {
return this.to('UpdateApplicationInstanceActiveCertificate');
}
/**
* Grants permission to update display data of an application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateApplicationInstanceDisplayData() {
return this.to('UpdateApplicationInstanceDisplayData');
}
/**
* Grants permission to update federation response configuration for the application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateApplicationInstanceResponseConfiguration() {
return this.to('UpdateApplicationInstanceResponseConfiguration');
}
/**
* Grants permission to update federation response schema configuration for the application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateApplicationInstanceResponseSchemaConfiguration() {
return this.to('UpdateApplicationInstanceResponseSchemaConfiguration');
}
/**
* Grants permission to update security details for the application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateApplicationInstanceSecurityConfiguration() {
return this.to('UpdateApplicationInstanceSecurityConfiguration');
}
/**
* Grants permission to update service provider related configuration for the application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateApplicationInstanceServiceProviderConfiguration() {
return this.to('UpdateApplicationInstanceServiceProviderConfiguration');
}
/**
* Grants permission to update the status of an application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateApplicationInstanceStatus() {
return this.to('UpdateApplicationInstanceStatus');
}
/**
* Grants permission to update the user attribute mappings for your connected directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateDirectoryAssociation() {
return this.to('UpdateDirectoryAssociation');
}
/**
* Grants permission to update an identity center instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateInstance.html
*/
toUpdateInstance() {
return this.to('UpdateInstance');
}
/**
* Grants permission to update the attributes to use with the instance for ABAC
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateInstanceAccessControlAttributeConfiguration.html
*/
toUpdateInstanceAccessControlAttributeConfiguration() {
return this.to('UpdateInstanceAccessControlAttributeConfiguration');
}
/**
* Grants permission to update the status of a managed application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateManagedApplicationInstanceStatus() {
return this.to('UpdateManagedApplicationInstanceStatus');
}
/**
* Grants permission to update the permission set
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdatePermissionSet.html
*/
toUpdatePermissionSet() {
return this.to('UpdatePermissionSet');
}
/**
* Grants permission to update the profile for an application instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateProfile() {
return this.to('UpdateProfile');
}
/**
* Grants permission to update the configuration for the current SSO instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateSSOConfiguration() {
return this.to('UpdateSSOConfiguration');
}
/**
* Grants permission to update the federation trust in a target account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateTrust() {
return this.to('UpdateTrust');
}
/**
* Grants permission to update a trusted token issuer for an instance
*
* Access Level: Write
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateTrustedTokenIssuer.html
*/
toUpdateTrustedTokenIssuer() {
return this.to('UpdateTrustedTokenIssuer');
}
/**
* Adds a resource of type PermissionSet to the statement
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetsconcept.html
*
* @param instanceId - Identifier for the instanceId.
* @param permissionSetId - Identifier for the permissionSetId.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onPermissionSet(instanceId, permissionSetId, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:sso:::permissionSet/${instanceId}/${permissionSetId}`);
}
/**
* Adds a resource of type Account to the statement
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html
*
* @param accountId - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onAccount(accountId, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:sso:::account/${accountId ?? this.defaultAccount}`);
}
/**
* Adds a resource of type Instance to the statement
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_InstanceMetadata.html
*
* @param instanceId - Identifier for the instanceId.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onInstance(instanceId, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:sso:::instance/${instanceId}`);
}
/**
* Adds a resource of type Application to the statement
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_Application.html
*
* @param instanceId - Identifier for the instanceId.
* @param applicationId - Identifier for the applicationId.
* @param accountId - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.