cdk-iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [inspector2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoninspector2.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Inspector2 extends PolicyStatement { servicePrefix: string; /** * Grants permission to associate an account with an Amazon Inspector administrator account * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_AssociateMember.html */ toAssociateMember(): this; /** * Grants permission to retrieve information about Amazon Inspector accounts for an account * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_BatchGetAccountStatus.html */ toBatchGetAccountStatus(): this; /** * Grants permission to retrieve code snippet information about one or more code vulnerability findings * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_BatchGetCodeSnippet.html */ toBatchGetCodeSnippet(): this; /** * Grants permission to let a customer get enhanced vulnerability intelligence details for findings * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_BatchGetFindingDetails.html */ toBatchGetFindingDetails(): this; /** * Grants permission to retrieve free trial period eligibility about Amazon Inspector accounts for an account * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_BatchGetFreeTrialInfo.html */ toBatchGetFreeTrialInfo(): this; /** * Grants permission to delegated administrator to retrieve ec2 deep inspection status of member accounts * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_BatchGetMemberEc2DeepInspectionStatus.html */ toBatchGetMemberEc2DeepInspectionStatus(): this; /** * Grants permission to update ec2 deep inspection status by delegated administrator for its associated member accounts * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_BatchUpdateMemberEc2DeepInspectionStatus.html */ toBatchUpdateMemberEc2DeepInspectionStatus(): this; /** * Grants permission to cancel the generation of a findings report * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_CancelFindingsReport.html */ toCancelFindingsReport(): this; /** * Grants permission to cancel the generation of an SBOM report * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_CancelSbomExport.html */ toCancelSbomExport(): this; /** * Grants permission to create and define the settings for a CIS scan configuration * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_CreateCisScanConfiguration.html */ toCreateCisScanConfiguration(): this; /** * Grants permission to create and define the settings for a findings filter * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_CreateFilter.html */ toCreateFilter(): this; /** * Grants permission to request the generation of a findings report * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_CreateFindingsReport.html */ toCreateFindingsReport(): this; /** * Grants permission to request the generation of an SBOM report * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_CreateSbomExport.html */ toCreateSbomExport(): this; /** * Grants permission to delete a CIS scan configuration * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_DeleteCisScanConfiguration.html */ toDeleteCisScanConfiguration(): this; /** * Grants permission to delete a findings filter * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_DeleteFilter.html */ toDeleteFilter(): this; /** * Grants permission to retrieve information about the Amazon Inspector configuration settings for an AWS organization * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_DescribeOrganizationConfiguration.html */ toDescribeOrganizationConfiguration(): this; /** * Grants permission to disable an Amazon Inspector account * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_Disable.html */ toDisable(): this; /** * Grants permission to disable an account as the delegated Amazon Inspector administrator account for an AWS organization * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_DisableDelegatedAdminAccount.html */ toDisableDelegatedAdminAccount(): this; /** * Grants permission to an Amazon Inspector administrator account to disassociate from an Inspector member account * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_DisassociateMember.html */ toDisassociateMember(): this; /** * Grants permission to enable and specify the configuration settings for a new Amazon Inspector account * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_Enable.html */ toEnable(): this; /** * Grants permission to enable an account as the delegated Amazon Inspector administrator account for an AWS organization * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_EnableDelegatedAdminAccount.html */ toEnableDelegatedAdminAccount(): this; /** * Grants permission to retrieve a report containing information about completed CIS scans * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_GetCisScanReport.html */ toGetCisScanReport(): this; /** * Grants permission to retrieve information about all details pertaining to one CIS scan and one targeted resource * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_GetCisScanResultDetails.html */ toGetCisScanResultDetails(): this; /** * Grants permission to retrieve information about the Amazon Inspector configuration settings for an AWS account * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_GetConfiguration.html */ toGetConfiguration(): this; /** * Grants permission to retrieve information about the Amazon Inspector administrator account for an account * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_GetDelegatedAdminAccount.html */ toGetDelegatedAdminAccount(): this; /** * Grants permission to retrieve ec2 deep inspection configuration for standalone accounts, delegated administrator and member account * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_GetEc2DeepInspectionConfiguration.html */ toGetEc2DeepInspectionConfiguration(): this; /** * Grants permission to retrieve information about the KMS key used to encrypt code snippets with * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_GetEncryptionKey.html */ toGetEncryptionKey(): this; /** * Grants permission to retrieve status for a requested findings report * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_GetFindingsReportStatus.html */ toGetFindingsReportStatus(): this; /** * Grants permission to retrieve information about an account that's associated with an Amazon Inspector administrator account * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_GetMember.html */ toGetMember(): this; /** * Grants permission to retrieve a requested SBOM report * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_GetSbomExport.html */ toGetSbomExport(): this; /** * Grants permission to retrieve feature configuration permissions associated with an Amazon Inspector account within an organization * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListAccountPermissions.html */ toListAccountPermissions(): this; /** * Grants permission to retrieve information about all CIS scan configurations * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListCisScanConfigurations.html */ toListCisScanConfigurations(): this; /** * Grants permission to retrieve information about all checks pertaining to one CIS scan * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListCisScanResultsAggregatedByChecks.html */ toListCisScanResultsAggregatedByChecks(): this; /** * Grants permission to retrieve information about all resources pertaining to one CIS scan * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListCisScanResultsAggregatedByTargetResource.html */ toListCisScanResultsAggregatedByTargetResource(): this; /** * Grants permission to retrieve information about completed CIS scans * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListCisScans.html */ toListCisScans(): this; /** * Grants permission to retrieve the types of statistics Amazon Inspector can generate for resources Inspector monitors * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListCoverage.html */ toListCoverage(): this; /** * Grants permission to retrieve statistical data and other information about the resources Amazon Inspector monitors * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListCoverageStatistics.html */ toListCoverageStatistics(): this; /** * Grants permission to retrieve information about the delegated Amazon Inspector administrator account for an AWS organization * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListDelegatedAdminAccounts.html */ toListDelegatedAdminAccounts(): this; /** * Grants permission to retrieve information about all findings filters * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListFilters.html */ toListFilters(): this; /** * Grants permission to retrieve statistical data and other information about Amazon Inspector findings * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListFindingAggregations.html */ toListFindingAggregations(): this; /** * Grants permission to retrieve a subset of information about one or more findings * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListFindings.html */ toListFindings(): this; /** * Grants permission to retrieve information about the Amazon Inspector member accounts that are associated with an Inspector administrator account * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListMembers.html */ toListMembers(): this; /** * Grants permission to retrieve the tags for an Amazon Inspector resource * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to retrieve aggregated usage data for an account * * Access Level: List * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListUsageTotals.html */ toListUsageTotals(): this; /** * Grants permission to let a customer reset to use an Amazon-owned KMS key to encrypt code snippets with * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_ResetEncryptionKey.html */ toResetEncryptionKey(): this; /** * Grants permission to list Amazon Inspector coverage details for a specific vulnerability * * Access Level: Read * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_SearchVulnerabilities.html */ toSearchVulnerabilities(): this; /** * Grants permission to send CIS health for a CIS scan * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_SendCisSessionHealth.html */ toSendCisSessionHealth(): this; /** * Grants permission to send CIS telemetry for a CIS scan * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_SendCisSessionTelemetry.html */ toSendCisSessionTelemetry(): this; /** * Grants permission to start a CIS scan session * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_StartCisSession.html */ toStartCisSession(): this; /** * Grants permission to stop a CIS scan session * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_StopCisSession.html */ toStopCisSession(): this; /** * Grants permission to add or update the tags for an Amazon Inspector resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to remove tags from an Amazon Inspector resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsResourceTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update the settings for a CIS scan configuration * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_UpdateCisScanConfiguration.html */ toUpdateCisScanConfiguration(): this; /** * Grants permission to update information about the Amazon Inspector configuration settings for an AWS account * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_UpdateConfiguration.html */ toUpdateConfiguration(): this; /** * Grants permission to update ec2 deep inspection configuration by delegated administrator, member and standalone account * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_UpdateEc2DeepInspectionConfiguration.html */ toUpdateEc2DeepInspectionConfiguration(): this; /** * Grants permission to let a customer use a KMS key to encrypt code snippets with * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_UpdateEncryptionKey.html */ toUpdateEncryptionKey(): this; /** * Grants permission to update the settings for a findings filter * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_UpdateFilter.html */ toUpdateFilter(): this; /** * Grants permission to update ec2 deep inspection configuration by delegated administrator for its associated member accounts * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_UpdateOrgEc2DeepInspectionConfiguration.html */ toUpdateOrgEc2DeepInspectionConfiguration(): this; /** * Grants permission to update Amazon Inspector configuration settings for an AWS organization * * Access Level: Write * * https://docs.aws.amazon.com/inspector/v2/APIReference/API_UpdateOrganizationConfiguration.html */ toUpdateOrganizationConfiguration(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type Filter to the statement * * https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html * * @param ownerId - Identifier for the ownerId. * @param filterId - Identifier for the filterId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFilter(ownerId: string, filterId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type Finding to the statement * * https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html * * @param findingId - Identifier for the findingId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onFinding(findingId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type CIS Scan Configuration to the statement * * https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html * * @param ownerId - Identifier for the ownerId. * @param cISScanConfigurationId - Identifier for the cISScanConfigurationId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCISScanConfiguration(ownerId: string, cISScanConfigurationId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the presence of tag key-value pairs in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateCisScanConfiguration() * - .toCreateFilter() * - .toTagResource() * - .toUpdateFilter() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by tag key-value pairs attached to the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to actions: * - .toCreateCisScanConfiguration() * - .toDeleteCisScanConfiguration() * - .toTagResource() * - .toUntagResource() * - .toUpdateCisScanConfiguration() * * Applies to resource types: * - Filter * - CIS Scan Configuration * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the presence of tag keys in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateCisScanConfiguration() * - .toCreateFilter() * - .toTagResource() * - .toUntagResource() * - .toUpdateFilter() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [inspector2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoninspector2.html). * */ constructor(props?: iam.PolicyStatementProps); }