cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,539 lines • 242 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Iam = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [iam](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentityandaccessmanagementiam.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Iam extends shared_1.PolicyStatement {
/**
* Grants permission to add a new client ID (audience) to the list of registered IDs for the specified IAM OpenID Connect (OIDC) provider resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddClientIDToOpenIDConnectProvider.html
*/
toAddClientIDToOpenIDConnectProvider() {
return this.to('AddClientIDToOpenIDConnectProvider');
}
/**
* Grants permission to add an IAM role to the specified instance profile
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddRoleToInstanceProfile.html
*/
toAddRoleToInstanceProfile() {
return this.to('AddRoleToInstanceProfile');
}
/**
* Grants permission to add an IAM user to the specified IAM group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddUserToGroup.html
*/
toAddUserToGroup() {
return this.to('AddUserToGroup');
}
/**
* Grants permission to attach a managed policy to the specified IAM group
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPolicyARN()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html
*/
toAttachGroupPolicy() {
return this.to('AttachGroupPolicy');
}
/**
* Grants permission to attach a managed policy to the specified IAM role
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPolicyARN()
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html
*/
toAttachRolePolicy() {
return this.to('AttachRolePolicy');
}
/**
* Grants permission to attach a managed policy to the specified IAM user
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPolicyARN()
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html
*/
toAttachUserPolicy() {
return this.to('AttachUserPolicy');
}
/**
* Grants permission to an IAM user to change their own password
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html
*/
toChangePassword() {
return this.to('ChangePassword');
}
/**
* Grants permission to create access key and secret access key for the specified IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html
*/
toCreateAccessKey() {
return this.to('CreateAccessKey');
}
/**
* Grants permission to create an alias for your AWS account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccountAlias.html
*/
toCreateAccountAlias() {
return this.to('CreateAccountAlias');
}
/**
* Grants permission to create a new group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateGroup.html
*/
toCreateGroup() {
return this.to('CreateGroup');
}
/**
* Grants permission to create a new instance profile
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateInstanceProfile.html
*/
toCreateInstanceProfile() {
return this.to('CreateInstanceProfile');
}
/**
* Grants permission to create a password for the specified IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateLoginProfile.html
*/
toCreateLoginProfile() {
return this.to('CreateLoginProfile');
}
/**
* Grants permission to create an IAM resource that describes an identity provider (IdP) that supports OpenID Connect (OIDC)
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html
*/
toCreateOpenIDConnectProvider() {
return this.to('CreateOpenIDConnectProvider');
}
/**
* Grants permission to create a new managed policy
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
*/
toCreatePolicy() {
return this.to('CreatePolicy');
}
/**
* Grants permission to create a new version of the specified managed policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicyVersion.html
*/
toCreatePolicyVersion() {
return this.to('CreatePolicyVersion');
}
/**
* Grants permission to create a new role
*
* Access Level: Write
*
* Possible conditions:
* - .ifPermissionsBoundary()
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
*/
toCreateRole() {
return this.to('CreateRole');
}
/**
* Grants permission to create an IAM resource that describes an identity provider (IdP) that supports SAML 2.0
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateSAMLProvider.html
*/
toCreateSAMLProvider() {
return this.to('CreateSAMLProvider');
}
/**
* Grants permission to create an IAM role that allows an AWS service to perform actions on your behalf
*
* Access Level: Write
*
* Possible conditions:
* - .ifAWSServiceName()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceLinkedRole.html
*/
toCreateServiceLinkedRole() {
return this.to('CreateServiceLinkedRole');
}
/**
* Grants permission to create a new service-specific credential for an IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceSpecificCredential.html
*/
toCreateServiceSpecificCredential() {
return this.to('CreateServiceSpecificCredential');
}
/**
* Grants permission to create a new IAM user
*
* Access Level: Write
*
* Possible conditions:
* - .ifPermissionsBoundary()
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateUser.html
*/
toCreateUser() {
return this.to('CreateUser');
}
/**
* Grants permission to create a new virtual MFA device
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateVirtualMFADevice.html
*/
toCreateVirtualMFADevice() {
return this.to('CreateVirtualMFADevice');
}
/**
* Grants permission to deactivate the specified MFA device and remove its association with the IAM user for which it was originally enabled
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html
*/
toDeactivateMFADevice() {
return this.to('DeactivateMFADevice');
}
/**
* Grants permission to delete the access key pair that is associated with the specified IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html
*/
toDeleteAccessKey() {
return this.to('DeleteAccessKey');
}
/**
* Grants permission to delete the specified AWS account alias
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountAlias.html
*/
toDeleteAccountAlias() {
return this.to('DeleteAccountAlias');
}
/**
* Grants permission to delete the password policy for the AWS account
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountPasswordPolicy.html
*/
toDeleteAccountPasswordPolicy() {
return this.to('DeleteAccountPasswordPolicy');
}
/**
* Grants permission to delete an existing CloudFront public key
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
*/
toDeleteCloudFrontPublicKey() {
return this.to('DeleteCloudFrontPublicKey');
}
/**
* Grants permission to delete the specified IAM group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroup.html
*/
toDeleteGroup() {
return this.to('DeleteGroup');
}
/**
* Grants permission to delete the specified inline policy from its group
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroupPolicy.html
*/
toDeleteGroupPolicy() {
return this.to('DeleteGroupPolicy');
}
/**
* Grants permission to delete the specified instance profile
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteInstanceProfile.html
*/
toDeleteInstanceProfile() {
return this.to('DeleteInstanceProfile');
}
/**
* Grants permission to delete the password for the specified IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteLoginProfile.html
*/
toDeleteLoginProfile() {
return this.to('DeleteLoginProfile');
}
/**
* Grants permission to delete an OpenID Connect identity provider (IdP) resource object in IAM
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteOpenIDConnectProvider.html
*/
toDeleteOpenIDConnectProvider() {
return this.to('DeleteOpenIDConnectProvider');
}
/**
* Grants permission to delete the specified managed policy and remove it from any IAM entities (users, groups, or roles) to which it is attached
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html
*/
toDeletePolicy() {
return this.to('DeletePolicy');
}
/**
* Grants permission to delete a version from the specified managed policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html
*/
toDeletePolicyVersion() {
return this.to('DeletePolicyVersion');
}
/**
* Grants permission to delete the specified role
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRole.html
*/
toDeleteRole() {
return this.to('DeleteRole');
}
/**
* Grants permission to remove the permissions boundary from a role
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePermissionsBoundary.html
*/
toDeleteRolePermissionsBoundary() {
return this.to('DeleteRolePermissionsBoundary');
}
/**
* Grants permission to delete the specified inline policy from the specified role
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html
*/
toDeleteRolePolicy() {
return this.to('DeleteRolePolicy');
}
/**
* Grants permission to delete a SAML provider resource in IAM
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSAMLProvider.html
*/
toDeleteSAMLProvider() {
return this.to('DeleteSAMLProvider');
}
/**
* Grants permission to delete the specified SSH public key
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSSHPublicKey.html
*/
toDeleteSSHPublicKey() {
return this.to('DeleteSSHPublicKey');
}
/**
* Grants permission to delete the specified server certificate
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServerCertificate.html
*/
toDeleteServerCertificate() {
return this.to('DeleteServerCertificate');
}
/**
* Grants permission to delete an IAM role that is linked to a specific AWS service, if the service is no longer using it
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceLinkedRole.html
*/
toDeleteServiceLinkedRole() {
return this.to('DeleteServiceLinkedRole');
}
/**
* Grants permission to delete the specified service-specific credential for an IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceSpecificCredential.html
*/
toDeleteServiceSpecificCredential() {
return this.to('DeleteServiceSpecificCredential');
}
/**
* Grants permission to delete a signing certificate that is associated with the specified IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSigningCertificate.html
*/
toDeleteSigningCertificate() {
return this.to('DeleteSigningCertificate');
}
/**
* Grants permission to delete the specified IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUser.html
*/
toDeleteUser() {
return this.to('DeleteUser');
}
/**
* Grants permission to remove the permissions boundary from the specified IAM user
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPermissionsBoundary.html
*/
toDeleteUserPermissionsBoundary() {
return this.to('DeleteUserPermissionsBoundary');
}
/**
* Grants permission to delete the specified inline policy from an IAM user
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html
*/
toDeleteUserPolicy() {
return this.to('DeleteUserPolicy');
}
/**
* Grants permission to delete a virtual MFA device
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteVirtualMFADevice.html
*/
toDeleteVirtualMFADevice() {
return this.to('DeleteVirtualMFADevice');
}
/**
* Grants permission to detach a managed policy from the specified IAM group
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPolicyARN()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html
*/
toDetachGroupPolicy() {
return this.to('DetachGroupPolicy');
}
/**
* Grants permission to detach a managed policy from the specified role
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPolicyARN()
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html
*/
toDetachRolePolicy() {
return this.to('DetachRolePolicy');
}
/**
* Grants permission to detach a managed policy from the specified IAM user
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPolicyARN()
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html
*/
toDetachUserPolicy() {
return this.to('DetachUserPolicy');
}
/**
* Grants permission to disable the management of member account root user credentials for an organization managed under the current account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DisableOrganizationsRootCredentialsManagement.html
*/
toDisableOrganizationsRootCredentialsManagement() {
return this.to('DisableOrganizationsRootCredentialsManagement');
}
/**
* Grants permission to disable privileged root actions in member accounts for an organization managed under the current account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DisableOrganizationsRootSessions.html
*/
toDisableOrganizationsRootSessions() {
return this.to('DisableOrganizationsRootSessions');
}
/**
* Grants permission to enable an MFA device and associate it with the specified IAM user
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegisterSecurityKey()
* - .ifFIDOFIPS1402Certification()
* - .ifFIDOFIPS1403Certification()
* - .ifFIDOCertification()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html
*/
toEnableMFADevice() {
return this.to('EnableMFADevice');
}
/**
* Grants permission to enable the management of member account root user credentials for an organization managed under the current account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableOrganizationsRootCredentialsManagement.html
*/
toEnableOrganizationsRootCredentialsManagement() {
return this.to('EnableOrganizationsRootCredentialsManagement');
}
/**
* Grants permission to enable privileged root actions in member accounts for an organization managed under the current account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableOrganizationsRootSessions.html
*/
toEnableOrganizationsRootSessions() {
return this.to('EnableOrganizationsRootSessions');
}
/**
* Grants permission to generate a credential report for the AWS account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateCredentialReport.html
*/
toGenerateCredentialReport() {
return this.to('GenerateCredentialReport');
}
/**
* Grants permission to generate an access report for an AWS Organizations entity
*
* Access Level: Read
*
* Possible conditions:
* - .ifOrganizationsPolicyId()
*
* Dependent actions:
* - organizations:DescribePolicy
* - organizations:ListChildren
* - organizations:ListParents
* - organizations:ListPoliciesForTarget
* - organizations:ListRoots
* - organizations:ListTargetsForPolicy
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html
*/
toGenerateOrganizationsAccessReport() {
return this.to('GenerateOrganizationsAccessReport');
}
/**
* Grants permission to generate a service last accessed data report for an IAM resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateServiceLastAccessedDetails.html
*/
toGenerateServiceLastAccessedDetails() {
return this.to('GenerateServiceLastAccessedDetails');
}
/**
* Grants permission to retrieve information about when the specified access key was last used
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccessKeyLastUsed.html
*/
toGetAccessKeyLastUsed() {
return this.to('GetAccessKeyLastUsed');
}
/**
* Grants permission to retrieve information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountAuthorizationDetails.html
*/
toGetAccountAuthorizationDetails() {
return this.to('GetAccountAuthorizationDetails');
}
/**
* Grants permission to retrieve the email address that is associated with the account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html
*/
toGetAccountEmailAddress() {
return this.to('GetAccountEmailAddress');
}
/**
* Grants permission to retrieve the account name that is associated with the account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html
*/
toGetAccountName() {
return this.to('GetAccountName');
}
/**
* Grants permission to retrieve the password policy for the AWS account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountPasswordPolicy.html
*/
toGetAccountPasswordPolicy() {
return this.to('GetAccountPasswordPolicy');
}
/**
* Grants permission to retrieve information about IAM entity usage and IAM quotas in the AWS account
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html
*/
toGetAccountSummary() {
return this.to('GetAccountSummary');
}
/**
* Grants permission to retrieve information about the specified CloudFront public key
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
*/
toGetCloudFrontPublicKey() {
return this.to('GetCloudFrontPublicKey');
}
/**
* Grants permission to retrieve a list of all of the context keys that are referenced in the specified policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html
*/
toGetContextKeysForCustomPolicy() {
return this.to('GetContextKeysForCustomPolicy');
}
/**
* Grants permission to retrieve a list of all context keys that are referenced in all IAM policies that are attached to the specified IAM identity (user, group, or role)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html
*/
toGetContextKeysForPrincipalPolicy() {
return this.to('GetContextKeysForPrincipalPolicy');
}
/**
* Grants permission to retrieve a credential report for the AWS account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetCredentialReport.html
*/
toGetCredentialReport() {
return this.to('GetCredentialReport');
}
/**
* Grants permission to retrieve a list of IAM users in the specified IAM group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroup.html
*/
toGetGroup() {
return this.to('GetGroup');
}
/**
* Grants permission to retrieve an inline policy document that is embedded in the specified IAM group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html
*/
toGetGroupPolicy() {
return this.to('GetGroupPolicy');
}
/**
* Grants permission to retrieve information about the specified instance profile, including the instance profile's path, GUID, ARN, and role
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetInstanceProfile.html
*/
toGetInstanceProfile() {
return this.to('GetInstanceProfile');
}
/**
* Grants permission to retrieve the user name and password creation date for the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetLoginProfile.html
*/
toGetLoginProfile() {
return this.to('GetLoginProfile');
}
/**
* Grants permission to retrieve information about an MFA device for the specified user
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetMFADevice.html
*/
toGetMFADevice() {
return this.to('GetMFADevice');
}
/**
* Grants permission to retrieve information about the specified OpenID Connect (OIDC) provider resource in IAM
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOpenIDConnectProvider.html
*/
toGetOpenIDConnectProvider() {
return this.to('GetOpenIDConnectProvider');
}
/**
* Grants permission to retrieve an AWS Organizations access report
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOrganizationsAccessReport.html
*/
toGetOrganizationsAccessReport() {
return this.to('GetOrganizationsAccessReport');
}
/**
* Grants permission to retrieve information about the specified managed policy, including the policy's default version and the total number of identities to which the policy is attached
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
*/
toGetPolicy() {
return this.to('GetPolicy');
}
/**
* Grants permission to retrieve information about a version of the specified managed policy, including the policy document
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
*/
toGetPolicyVersion() {
return this.to('GetPolicyVersion');
}
/**
* Grants permission to retrieve information about the specified role, including the role's path, GUID, ARN, and the role's trust policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html
*/
toGetRole() {
return this.to('GetRole');
}
/**
* Grants permission to retrieve an inline policy document that is embedded with the specified IAM role
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html
*/
toGetRolePolicy() {
return this.to('GetRolePolicy');
}
/**
* Grants permission to retrieve the SAML provider metadocument that was uploaded when the IAM SAML provider resource was created or updated
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSAMLProvider.html
*/
toGetSAMLProvider() {
return this.to('GetSAMLProvider');
}
/**
* Grants permission to retrieve the specified SSH public key, including metadata about the key
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSSHPublicKey.html
*/
toGetSSHPublicKey() {
return this.to('GetSSHPublicKey');
}
/**
* Grants permission to retrieve information about the specified server certificate stored in IAM
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServerCertificate.html
*/
toGetServerCertificate() {
return this.to('GetServerCertificate');
}
/**
* Grants permission to retrieve information about the service last accessed data report
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetails.html
*/
toGetServiceLastAccessedDetails() {
return this.to('GetServiceLastAccessedDetails');
}
/**
* Grants permission to retrieve information about the entities from the service last accessed data report
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetailsWithEntities.html
*/
toGetServiceLastAccessedDetailsWithEntities() {
return this.to('GetServiceLastAccessedDetailsWithEntities');
}
/**
* Grants permission to retrieve an IAM service-linked role deletion status
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLinkedRoleDeletionStatus.html
*/
toGetServiceLinkedRoleDeletionStatus() {
return this.to('GetServiceLinkedRoleDeletionStatus');
}
/**
* Grants permission to retrieve information about the specified IAM user, including the user's creation date, path, unique ID, and ARN
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html
*/
toGetUser() {
return this.to('GetUser');
}
/**
* Grants permission to retrieve an inline policy document that is embedded in the specified IAM user
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html
*/
toGetUserPolicy() {
return this.to('GetUserPolicy');
}
/**
* Grants permission to list information about the access key IDs that are associated with the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html
*/
toListAccessKeys() {
return this.to('ListAccessKeys');
}
/**
* Grants permission to list the account alias that is associated with the AWS account
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html
*/
toListAccountAliases() {
return this.to('ListAccountAliases');
}
/**
* Grants permission to list all managed policies that are attached to the specified IAM group
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html
*/
toListAttachedGroupPolicies() {
return this.to('ListAttachedGroupPolicies');
}
/**
* Grants permission to list all managed policies that are attached to the specified IAM role
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html
*/
toListAttachedRolePolicies() {
return this.to('ListAttachedRolePolicies');
}
/**
* Grants permission to list all managed policies that are attached to the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html
*/
toListAttachedUserPolicies() {
return this.to('ListAttachedUserPolicies');
}
/**
* Grants permission to list all current CloudFront public keys for the account
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
*/
toListCloudFrontPublicKeys() {
return this.to('ListCloudFrontPublicKeys');
}
/**
* Grants permission to list all IAM identities to which the specified managed policy is attached
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html
*/
toListEntitiesForPolicy() {
return this.to('ListEntitiesForPolicy');
}
/**
* Grants permission to list the names of the inline policies that are embedded in the specified IAM group
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html
*/
toListGroupPolicies() {
return this.to('ListGroupPolicies');
}
/**
* Grants permission to list the IAM groups that have the specified path prefix
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroups.html
*/
toListGroups() {
return this.to('ListGroups');
}
/**
* Grants permission to list the IAM groups that the specified IAM user belongs to
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupsForUser.html
*/
toListGroupsForUser() {
return this.to('ListGroupsForUser');
}
/**
* Grants permission to list the tags that are attached to the specified instance profile
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfileTags.html
*/
toListInstanceProfileTags() {
return this.to('ListInstanceProfileTags');
}
/**
* Grants permission to list the instance profiles that have the specified path prefix
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfiles.html
*/
toListInstanceProfiles() {
return this.to('ListInstanceProfiles');
}
/**
* Grants permission to list the instance profiles that have the specified associated IAM role
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfilesForRole.html
*/
toListInstanceProfilesForRole() {
return this.to('ListInstanceProfilesForRole');
}
/**
* Grants permission to list the tags that are attached to the specified virtual mfa device
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADeviceTags.html
*/
toListMFADeviceTags() {
return this.to('ListMFADeviceTags');
}
/**
* Grants permission to list the MFA devices for an IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADevices.html
*/
toListMFADevices() {
return this.to('ListMFADevices');
}
/**
* Grants permission to list the tags that are attached to the specified OpenID Connect provider
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviderTags.html
*/
toListOpenIDConnectProviderTags() {
return this.to('ListOpenIDConnectProviderTags');
}
/**
* Grants permission to list information about the IAM OpenID Connect (OIDC) provider resource objects that are defined in the AWS account
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html
*/
toListOpenIDConnectProviders() {
return this.to('ListOpenIDConnectProviders');
}
/**
* Grants permission to list the centralized root access features enabled for your organization
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOrganizationsFeatures.html
*/
toListOrganizationsFeatures() {
return this.to('ListOrganizationsFeatures');
}
/**
* Grants permission to list all managed policies
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html
*/
toListPolicies() {
return this.to('ListPolicies');
}
/**
* Grants permission to list information about the policies that grant an entity access to a specific service
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPoliciesGrantingServiceAccess.html
*/
toListPoliciesGrantingServiceAccess() {
return this.to('ListPoliciesGrantingServiceAccess');
}
/**
* Grants permission to list the tags that are attached to the specified managed policy
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyTags.html
*/
toListPolicyTags() {
return this.to('ListPolicyTags');
}
/**
* Grants permission to list information about the versions of the specified managed policy, including the version that is currently set as the policy's default version
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html
*/
toListPolicyVersions() {
return this.to('ListPolicyVersions');
}
/**
* Grants permission to list the names of the inline policies that are embedded in the specified IAM role
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html
*/
toListRolePolicies() {
return this.to('ListRolePolicies');
}
/**
* Grants permission to list the tags that are attached to the specified IAM role
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoleTags.html
*/
toListRoleTags() {
return this.to('ListRoleTags');
}
/**
* Grants permission to list the IAM roles that have the specified path prefix
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoles.html
*/
toListRoles() {
return this.to('ListRoles');
}
/**
* Grants permission to list the tags that are attached to the specified SAML provider
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviderTags.html
*/
toListSAMLProviderTags() {
return this.to('ListSAMLProviderTags');
}
/**
* Grants permission to list the SAML provider resources in IAM
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviders.html
*/
toListSAMLProviders() {
return this.to('ListSAMLProviders');
}
/**
* Grants permission to list information about the SSH public keys that are associated with the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSSHPublicKeys.html
*/
toListSSHPublicKeys() {
return this.to('ListSSHPublicKeys');
}
/**
* Grants permission to list the status of all active STS regional endpoints
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
*/
toListSTSRegionalEndpointsStatus() {
return this.to('ListSTSRegionalEndpointsStatus');
}
/**
* Grants permission to list the tags that are attached to the specified server certificate
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificateTags.html
*/
toListServerCertificateTags() {
return this.to('ListServerCertificateTags');
}
/**
* Grants permission to list the server certificates that have the specified path prefix
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificates.html
*/
toListServerCertificates() {
return this.to('ListServerCertificates');
}
/**
* Grants permission to list the service-specific credentials that are associated with the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServiceSpecificCredentials.html
*/
toListServiceSpecificCredentials() {
return this.to('ListServiceSpecificCredentials');
}
/**
* Grants permission to list information about the signing certificates that are associated with the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSigningCertificates.html
*/
toListSigningCertificates() {
return this.to('ListSigningCertificates');
}
/**
* Grants permission to list the names of the inline policies that are embedded in the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserPolicies.html
*/
toListUserPolicies() {
return this.to('ListUserPolicies');
}
/**
* Grants permission to list the tags that are attached to the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserTags.html
*/
toListUserTags() {
return this.to('ListUserTags');
}
/**
* Grants permission to list the IAM users that have the specified path prefix
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUsers.html
*/
toListUsers() {
return this.to('ListUsers');
}
/**
* Grants permission to list virtual MFA devices by assignment status
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListVirtualMFADevices.html
*/
toListVirtualMFADevices() {
return this.to('ListVirtualMFADevices');
}
/**
* Grants permission to pass a role to a service
*
* Access Level: Write
*
* Possible conditions:
* - .ifAssociatedResourceArn()
* - .ifPassedToService()
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html
*/
toPassRole() {
return this.to('PassRole');
}
/**
* Grants permission to create or update an inline policy document that is embedded in the specified IAM group
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html
*/
toPutGroupPolicy() {
return this.to('PutGroupPolicy');
}
/**
* Grants permission to set a managed policy as a permissions boundary for a role
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePermissionsBoundary.html
*/
toPutRolePermissionsBoundary() {
return this.to('PutRolePermissionsBoundary');
}
/**
* Grants permission to create or update an inline policy document that is embedded in the specified IAM role
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html
*/
toPutRolePolicy() {
return this.to('PutRolePolicy');
}
/**
* Grants permission to set a managed policy as a permissions boundary for an IAM user
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPermissionsBoundary.html
*/
toPutUserPermissionsBoundary() {
return this.to('PutUserPermissionsBoundary');
}
/**
* Grants permission to create or update an inline policy document that is embedded in the specified IAM user
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
*/
toPutUserPolicy() {
return this.to('PutUserPolicy');
}
/**
* Grants permission to remove the client ID (audience) from the list of client IDs in the specified IAM OpenID Connect (OIDC) provider resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveClientIDFromOpenIDConnectProvider.html
*/
toRemoveClientIDFromOpenIDConnectProvider() {
return this.to('RemoveClientIDFromOpenIDConnectProvider');
}
/**
* Grants permission to remove an IAM role from the specified EC2 instance profile
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveRoleFromInstanceProfile.html
*/
toRemoveRoleFromInstanceProfile() {
return this.to('RemoveRoleFromInstanceProfile');
}
/**
* Grants permission to remove an IAM user from the specified group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveUserFromGroup.html
*/
toRemoveUserFromGroup() {
return this.to('RemoveUserFromGroup');
}
/**
* Grants permission to reset the password for an existing service-specific credential for an IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html
*/
toResetServiceSpecificCredential() {
return this.to('ResetServiceSpecificCredential');
}
/**
* Grants permission to synchronize the specified MFA device with its IAM entity (user or role)
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResyncMFADevice.html
*/
toResyncMFADevice() {
return this.to('ResyncMFADevice');
}
/**
* Grants permission to set the version of the specified policy as the policy's default version
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetDefaultPolicyVersion.html
*/
toSetDefaultPolicyVersion() {
return this.to('SetDefaultPolicyVersion');
}
/**
* Grants permission to activate or deactivate an STS regional endpoint
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
*/
toSetSTSRegionalEndpointStatus() {
return this.to('SetSTSRegionalEndpointStatus');
}
/**
* Grants permission to set the STS global endpoint token version
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetSecurityTokenServicePreferences.html
*/
toSetSecurityTokenServicePreferences() {
return this.to('SetSecurityTokenServicePreferences');
}
/**
* Grants permission to simulate whether an identity-based policy or resource-based policy provides permissions for specific API operations and resources
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html
*/
toSimulateCustomPolicy() {
return this.to('SimulateCustomPolicy');
}
/**
* Grants permission to simulate whether an identity-based policy that is attached to a specified IAM entity (user or role) provides permissions for specific API operations and resources
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html
*/
toSimulatePrincipalPolicy() {
return this.to('SimulatePrincipalPolicy');
}
/**
* Grants permission to add tags to an instance profile
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagInstanceProfile.html
*/
toTagInstanceProfile() {
return this.to('TagInstanceProfile');
}
/**
* Grants permission to add tags to a virtual mfa device
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagMFADevice.html
*/
toTagMFADevice() {
return this.to('TagMFADevice');
}
/**
* Grants permission to add tags to an OpenID Connect provider
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifA