cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
703 lines (702 loc) • 25.4 kB
TypeScript
import { AccessLevelList } from '../../shared/access-level';
import { PolicyStatement, Operator } from '../../shared';
import { aws_iam as iam } from "aws-cdk-lib";
/**
* Statement provider for service [resiliencehub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsresiliencehub.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
export declare class Resiliencehub extends PolicyStatement {
servicePrefix: string;
/**
* Grants permission to accept resource grouping recommendations
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_AcceptResourceGroupingRecommendations.html
*/
toAcceptResourceGroupingRecommendations(): this;
/**
* Grants permission to add draft application version resource mappings
*
* Access Level: Write
*
* Dependent actions:
* - cloudformation:DescribeStacks
* - cloudformation:ListStackResources
* - resource-groups:GetGroup
* - resource-groups:ListGroupResources
* - servicecatalog:GetApplication
* - servicecatalog:ListAssociatedResources
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_AddDraftAppVersionResourceMappings.html
*/
toAddDraftAppVersionResourceMappings(): this;
/**
* Grants permission to include or exclude one or more operational recommendations
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_BatchUpdateRecommendationStatus.html
*/
toBatchUpdateRecommendationStatus(): this;
/**
* Grants permission to create application
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_CreateApp.html
*/
toCreateApp(): this;
/**
* Grants permission to create application app component
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_CreateAppVersionAppComponent.html
*/
toCreateAppVersionAppComponent(): this;
/**
* Grants permission to create application resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_CreateAppVersionResource.html
*/
toCreateAppVersionResource(): this;
/**
* Grants permission to create recommendation template
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - s3:CreateBucket
* - s3:ListBucket
* - s3:PutObject
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_CreateRecommendationTemplate.html
*/
toCreateRecommendationTemplate(): this;
/**
* Grants permission to create resiliency policy
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_CreateResiliencyPolicy.html
*/
toCreateResiliencyPolicy(): this;
/**
* Grants permission to batch delete application
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DeleteApp.html
*/
toDeleteApp(): this;
/**
* Grants permission to batch delete application assessment
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DeleteAppAssessment.html
*/
toDeleteAppAssessment(): this;
/**
* Grants permission to remove application input source
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DeleteAppInputSource.html
*/
toDeleteAppInputSource(): this;
/**
* Grants permission to delete application app component
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DeleteAppVersionAppComponent.html
*/
toDeleteAppVersionAppComponent(): this;
/**
* Grants permission to delete application resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DeleteAppVersionResource.html
*/
toDeleteAppVersionResource(): this;
/**
* Grants permission to batch delete recommendation template
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DeleteRecommendationTemplate.html
*/
toDeleteRecommendationTemplate(): this;
/**
* Grants permission to batch delete resiliency policy
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DeleteResiliencyPolicy.html
*/
toDeleteResiliencyPolicy(): this;
/**
* Grants permission to describe application
*
* Access Level: Read
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DescribeApp.html
*/
toDescribeApp(): this;
/**
* Grants permission to describe application assessment
*
* Access Level: Read
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DescribeAppAssessment.html
*/
toDescribeAppAssessment(): this;
/**
* Grants permission to describe application version
*
* Access Level: Read
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DescribeAppVersion.html
*/
toDescribeAppVersion(): this;
/**
* Grants permission to describe application version app component
*
* Access Level: Read
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DescribeAppVersionAppComponent.html
*/
toDescribeAppVersionAppComponent(): this;
/**
* Grants permission to describe application version resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DescribeAppVersionResource.html
*/
toDescribeAppVersionResource(): this;
/**
* Grants permission to describe application resolution
*
* Access Level: Read
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DescribeAppVersionResourcesResolutionStatus.html
*/
toDescribeAppVersionResourcesResolutionStatus(): this;
/**
* Grants permission to describe application version template
*
* Access Level: Read
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DescribeAppVersionTemplate.html
*/
toDescribeAppVersionTemplate(): this;
/**
* Grants permission to describe draft application version resources import status
*
* Access Level: Read
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DescribeDraftAppVersionResourcesImportStatus.html
*/
toDescribeDraftAppVersionResourcesImportStatus(): this;
/**
* Grants permission to describe metrics export
*
* Access Level: Read
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DescribeMetricsExport.html
*/
toDescribeMetricsExport(): this;
/**
* Grants permission to describe resiliency policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DescribeResiliencyPolicy.html
*/
toDescribeResiliencyPolicy(): this;
/**
* Grants permission to describe the latest status of the grouping recommendation process
*
* Access Level: Read
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DescribeResourceGroupingRecommendationTask.html
*/
toDescribeResourceGroupingRecommendationTask(): this;
/**
* Grants permission to import resources to draft application version
*
* Access Level: Write
*
* Dependent actions:
* - cloudformation:DescribeStacks
* - cloudformation:ListStackResources
* - resource-groups:GetGroup
* - resource-groups:ListGroupResources
* - servicecatalog:GetApplication
* - servicecatalog:ListAssociatedResources
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ImportResourcesToDraftAppVersion.html
*/
toImportResourcesToDraftAppVersion(): this;
/**
* Grants permission to list alarm recommendation
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListAlarmRecommendations.html
*/
toListAlarmRecommendations(): this;
/**
* Grants permission to list compliance drifts that were detected while running an assessment
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListAppAssessmentComplianceDrifts.html
*/
toListAppAssessmentComplianceDrifts(): this;
/**
* Grants permission to list resource drifts that were detected while running an assessment
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListAppAssessmentResourceDrifts.html
*/
toListAppAssessmentResourceDrifts(): this;
/**
* Grants permission to list application assessment
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListAppAssessments.html
*/
toListAppAssessments(): this;
/**
* Grants permission to list app component compliances
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListAppComponentCompliances.html
*/
toListAppComponentCompliances(): this;
/**
* Grants permission to list app component recommendations
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListAppComponentRecommendations.html
*/
toListAppComponentRecommendations(): this;
/**
* Grants permission to list application input sources
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListAppInputSources.html
*/
toListAppInputSources(): this;
/**
* Grants permission to list application version app components
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListAppVersionAppComponents.html
*/
toListAppVersionAppComponents(): this;
/**
* Grants permission to application version resource mappings
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListAppVersionResourceMappings.html
*/
toListAppVersionResourceMappings(): this;
/**
* Grants permission to list application resources
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListAppVersionResources.html
*/
toListAppVersionResources(): this;
/**
* Grants permission to list application version
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListAppVersions.html
*/
toListAppVersions(): this;
/**
* Grants permission to list applications
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListApps.html
*/
toListApps(): this;
/**
* Grants permission to list metrics
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListMetrics.html
*/
toListMetrics(): this;
/**
* Grants permission to list recommendation templates
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListRecommendationTemplates.html
*/
toListRecommendationTemplates(): this;
/**
* Grants permission to list resiliency policies
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListResiliencyPolicies.html
*/
toListResiliencyPolicies(): this;
/**
* Grants permission to list resource grouping recommendations
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListResourceGroupingRecommendations.html
*/
toListResourceGroupingRecommendations(): this;
/**
* Grants permission to list SOP recommendations
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListSopRecommendations.html
*/
toListSopRecommendations(): this;
/**
* Grants permission to list suggested resiliency policies
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListSuggestedResiliencyPolicies.html
*/
toListSuggestedResiliencyPolicies(): this;
/**
* Grants permission to list tags for a resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource(): this;
/**
* Grants permission to list test recommendations
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListTestRecommendations.html
*/
toListTestRecommendations(): this;
/**
* Grants permission to list unsupported application version resources
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListUnsupportedAppVersionResources.html
*/
toListUnsupportedAppVersionResources(): this;
/**
* Grants permission to publish application version
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_PublishAppVersion.html
*/
toPublishAppVersion(): this;
/**
* Grants permission to put draft application version template
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_PutDraftAppVersionTemplate.html
*/
toPutDraftAppVersionTemplate(): this;
/**
* Grants permission to reject resource grouping recommendations
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_RejectResourceGroupingRecommendations.html
*/
toRejectResourceGroupingRecommendations(): this;
/**
* Grants permission to remove draft application version mappings
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_RemoveDraftAppVersionResourceMappings.html
*/
toRemoveDraftAppVersionResourceMappings(): this;
/**
* Grants permission to resolve application version resources
*
* Access Level: Write
*
* Dependent actions:
* - cloudformation:DescribeStacks
* - cloudformation:ListStackResources
* - resource-groups:GetGroup
* - resource-groups:ListGroupResources
* - servicecatalog:GetApplication
* - servicecatalog:ListAssociatedResources
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ResolveAppVersionResources.html
*/
toResolveAppVersionResources(): this;
/**
* Grants permission to create application assessment
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - cloudformation:DescribeStacks
* - cloudformation:ListStackResources
* - cloudwatch:DescribeAlarms
* - cloudwatch:GetMetricData
* - cloudwatch:GetMetricStatistics
* - cloudwatch:PutMetricData
* - ec2:DescribeRegions
* - fis:GetExperimentTemplate
* - fis:ListExperimentTemplates
* - fis:ListExperiments
* - resource-groups:GetGroup
* - resource-groups:ListGroupResources
* - servicecatalog:GetApplication
* - servicecatalog:ListAssociatedResources
* - ssm:GetParametersByPath
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_StartAppAssessment.html
*/
toStartAppAssessment(): this;
/**
* Grants permission to start the metrics export
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_StartMetricsExport.html
*/
toStartMetricsExport(): this;
/**
* Grants permission to start the grouping recommendation generation process
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_StartResourceGroupingRecommendationTask.html
*/
toStartResourceGroupingRecommendationTask(): this;
/**
* Grants permission to assign a resource tag
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_TagResource.html
*/
toTagResource(): this;
/**
* Grants permission to untag a resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_UntagResource.html
*/
toUntagResource(): this;
/**
* Grants permission to update application
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_UpdateApp.html
*/
toUpdateApp(): this;
/**
* Grants permission to update application version
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_UpdateAppVersion.html
*/
toUpdateAppVersion(): this;
/**
* Grants permission to update application app component
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_UpdateAppVersionAppComponent.html
*/
toUpdateAppVersionAppComponent(): this;
/**
* Grants permission to update application resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_UpdateAppVersionResource.html
*/
toUpdateAppVersionResource(): this;
/**
* Grants permission to update resiliency policy
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_UpdateResiliencyPolicy.html
*/
toUpdateResiliencyPolicy(): this;
protected accessLevelList: AccessLevelList;
/**
* Adds a resource of type resiliency-policy to the statement
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ResiliencyPolicy.html
*
* @param resiliencyPolicyId - Identifier for the resiliencyPolicyId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onResiliencyPolicy(resiliencyPolicyId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type application to the statement
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_App.html
*
* @param appId - Identifier for the appId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onApplication(appId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type app-assessment to the statement
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_AppAssessment.html
*
* @param appAssessmentId - Identifier for the appAssessmentId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onAppAssessment(appAssessmentId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type recommendation-template to the statement
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_RecommendationTemplate.html
*
* @param recommendationTemplateId - Identifier for the recommendationTemplateId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRecommendationTemplate(recommendationTemplateId: string, account?: string, region?: string, partition?: string): this;
/**
* Filters access by the presence of tag key-value pairs in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateApp()
* - .toCreateRecommendationTemplate()
* - .toCreateResiliencyPolicy()
* - .toStartAppAssessment()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by tag key-value pairs attached to the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to resource types:
* - resiliency-policy
* - application
* - app-assessment
* - recommendation-template
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the tag keys that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateApp()
* - .toCreateRecommendationTemplate()
* - .toCreateResiliencyPolicy()
* - .toStartAppAssessment()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value: string | string[], operator?: Operator | string): this;
/**
* Statement provider for service [resiliencehub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsresiliencehub.html).
*
*/
constructor(props?: iam.PolicyStatementProps);
}