cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,527 lines (1,526 loc) • 265 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Ssm = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [ssm](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssystemsmanager.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Ssm extends shared_1.PolicyStatement {
/**
* Grants permission to add or overwrite one or more tags for a specified AWS resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_AddTagsToResource.html
*/
toAddTagsToResource() {
return this.to('AddTagsToResource');
}
/**
* Grants permission to associate RelatedItem to an OpsItem
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_AssociateOpsItemRelatedItem.html
*/
toAssociateOpsItemRelatedItem() {
return this.to('AssociateOpsItemRelatedItem');
}
/**
* Grants permission to cancel a specified Run Command command
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CancelCommand.html
*/
toCancelCommand() {
return this.to('CancelCommand');
}
/**
* Grants permission to cancel an in-progress maintenance window execution
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CancelMaintenanceWindowExecution.html
*/
toCancelMaintenanceWindowExecution() {
return this.to('CancelMaintenanceWindowExecution');
}
/**
* Grants permission to create an activation that is used to register on-premises servers and virtual machines (VMs) with Systems Manager
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateActivation.html
*/
toCreateActivation() {
return this.to('CreateActivation');
}
/**
* Grants permission to associate a specified Systems Manager document with specified instances or other targets
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateAssociation.html
*/
toCreateAssociation() {
return this.to('CreateAssociation');
}
/**
* Grants permission to combine entries for multiple CreateAssociation operations in a single command
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateAssociationBatch.html
*/
toCreateAssociationBatch() {
return this.to('CreateAssociationBatch');
}
/**
* Grants permission to create a Systems Manager SSM document
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifDocumentType()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateDocument.html
*/
toCreateDocument() {
return this.to('CreateDocument');
}
/**
* Grants permission to create a maintenance window
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateMaintenanceWindow.html
*/
toCreateMaintenanceWindow() {
return this.to('CreateMaintenanceWindow');
}
/**
* Grants permission to create an OpsItem in OpsCenter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateOpsItem.html
*/
toCreateOpsItem() {
return this.to('CreateOpsItem');
}
/**
* Grants permission to create an OpsMetadata object for an AWS resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateOpsMetadata.html
*/
toCreateOpsMetadata() {
return this.to('CreateOpsMetadata');
}
/**
* Grants permission to create a patch baseline
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreatePatchBaseline.html
*/
toCreatePatchBaseline() {
return this.to('CreatePatchBaseline');
}
/**
* Grants permission to create a resource data sync configuration, which regularly collects inventory data from managed instances and updates the data in an Amazon S3 bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifSyncType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateResourceDataSync.html
*/
toCreateResourceDataSync() {
return this.to('CreateResourceDataSync');
}
/**
* Grants permission to delete a specified activation for managed instances
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteActivation.html
*/
toDeleteActivation() {
return this.to('DeleteActivation');
}
/**
* Grants permission to disassociate a specified SSM document from a specified instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteAssociation.html
*/
toDeleteAssociation() {
return this.to('DeleteAssociation');
}
/**
* Grants permission to delete a specified SSM document and its instance associations
*
* Access Level: Write
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteDocument.html
*/
toDeleteDocument() {
return this.to('DeleteDocument');
}
/**
* Grants permission to delete a specified custom inventory type, or the data associated with a custom inventory type
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteInventory.html
*/
toDeleteInventory() {
return this.to('DeleteInventory');
}
/**
* Grants permission to delete a specified maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteMaintenanceWindow.html
*/
toDeleteMaintenanceWindow() {
return this.to('DeleteMaintenanceWindow');
}
/**
* Grants permission to delete an OpsItem
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteOpsItem.html
*/
toDeleteOpsItem() {
return this.to('DeleteOpsItem');
}
/**
* Grants permission to delete an OpsMetadata object
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteOpsMetadata.html
*/
toDeleteOpsMetadata() {
return this.to('DeleteOpsMetadata');
}
/**
* Grants permission to delete a specified SSM parameter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteParameter.html
*/
toDeleteParameter() {
return this.to('DeleteParameter');
}
/**
* Grants permission to delete multiple specified SSM parameters
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteParameters.html
*/
toDeleteParameters() {
return this.to('DeleteParameters');
}
/**
* Grants permission to delete a specified patch baseline
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeletePatchBaseline.html
*/
toDeletePatchBaseline() {
return this.to('DeletePatchBaseline');
}
/**
* Grants permission to delete a specified resource data sync
*
* Access Level: Write
*
* Possible conditions:
* - .ifSyncType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteResourceDataSync.html
*/
toDeleteResourceDataSync() {
return this.to('DeleteResourceDataSync');
}
/**
* Grants permission to delete a Systems Manager resource policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteResourcePolicy.html
*/
toDeleteResourcePolicy() {
return this.to('DeleteResourcePolicy');
}
/**
* Grants permission to deregister a specified on-premises server or virtual machine (VM) from Systems Manager
*
* Access Level: Write
*
* Possible conditions:
* - .ifResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeregisterManagedInstance.html
*/
toDeregisterManagedInstance() {
return this.to('DeregisterManagedInstance');
}
/**
* Grants permission to deregister a specified patch baseline from being the default patch baseline for a specified patch group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeregisterPatchBaselineForPatchGroup.html
*/
toDeregisterPatchBaselineForPatchGroup() {
return this.to('DeregisterPatchBaselineForPatchGroup');
}
/**
* Grants permission to deregister a specified target from a maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeregisterTargetFromMaintenanceWindow.html
*/
toDeregisterTargetFromMaintenanceWindow() {
return this.to('DeregisterTargetFromMaintenanceWindow');
}
/**
* Grants permission to deregister a specified task from a maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeregisterTaskFromMaintenanceWindow.html
*/
toDeregisterTaskFromMaintenanceWindow() {
return this.to('DeregisterTaskFromMaintenanceWindow');
}
/**
* Grants permission to view details about a specified managed instance activation, such as when it was created and the number of instances registered using the activation
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeActivations.html
*/
toDescribeActivations() {
return this.to('DescribeActivations');
}
/**
* Grants permission to view details about the specified association for a specified instance or target
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAssociation.html
*/
toDescribeAssociation() {
return this.to('DescribeAssociation');
}
/**
* Grants permission to view information about a specified association execution
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAssociationExecutionTargets.html
*/
toDescribeAssociationExecutionTargets() {
return this.to('DescribeAssociationExecutionTargets');
}
/**
* Grants permission to view all executions for a specified association
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAssociationExecutions.html
*/
toDescribeAssociationExecutions() {
return this.to('DescribeAssociationExecutions');
}
/**
* Grants permission to view details about all active and terminated Automation executions
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAutomationExecutions.html
*/
toDescribeAutomationExecutions() {
return this.to('DescribeAutomationExecutions');
}
/**
* Grants permission to view information about all active and terminated step executions in an Automation workflow
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAutomationStepExecutions.html
*/
toDescribeAutomationStepExecutions() {
return this.to('DescribeAutomationStepExecutions');
}
/**
* Grants permission to view all patches eligible to include in a patch baseline
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAvailablePatches.html
*/
toDescribeAvailablePatches() {
return this.to('DescribeAvailablePatches');
}
/**
* Grants permission to view details about a specified SSM document
*
* Access Level: Read
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeDocument.html
*/
toDescribeDocument() {
return this.to('DescribeDocument');
}
/**
* Grants permission to display information about SSM document parameters in the Systems Manager console (internal Systems Manager action)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toDescribeDocumentParameters() {
return this.to('DescribeDocumentParameters');
}
/**
* Grants permission to view the permissions for a specified SSM document
*
* Access Level: Read
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeDocumentPermission.html
*/
toDescribeDocumentPermission() {
return this.to('DescribeDocumentPermission');
}
/**
* Grants permission to view all current associations for a specified instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeEffectiveInstanceAssociations.html
*/
toDescribeEffectiveInstanceAssociations() {
return this.to('DescribeEffectiveInstanceAssociations');
}
/**
* Grants permission to view details about the patches currently associated with the specified patch baseline (Windows only)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeEffectivePatchesForPatchBaseline.html
*/
toDescribeEffectivePatchesForPatchBaseline() {
return this.to('DescribeEffectivePatchesForPatchBaseline');
}
/**
* Grants permission to view the status of the associations for a specified instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstanceAssociationsStatus.html
*/
toDescribeInstanceAssociationsStatus() {
return this.to('DescribeInstanceAssociationsStatus');
}
/**
* Grants permission to view details about a specified instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstanceInformation.html
*/
toDescribeInstanceInformation() {
return this.to('DescribeInstanceInformation');
}
/**
* Grants permission to view status details about patches on a specified instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstancePatchStates.html
*/
toDescribeInstancePatchStates() {
return this.to('DescribeInstancePatchStates');
}
/**
* Grants permission to describe the high-level patch state for the instances in the specified patch group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstancePatchStatesForPatchGroup.html
*/
toDescribeInstancePatchStatesForPatchGroup() {
return this.to('DescribeInstancePatchStatesForPatchGroup');
}
/**
* Grants permission to view general details about the patches on a specified instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstancePatches.html
*/
toDescribeInstancePatches() {
return this.to('DescribeInstancePatches');
}
/**
* Grants permission to user's Amazon EC2 console to render managed instances' nodes
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toDescribeInstanceProperties() {
return this.to('DescribeInstanceProperties');
}
/**
* Grants permission to view details about a specified inventory deletion
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInventoryDeletions.html
*/
toDescribeInventoryDeletions() {
return this.to('DescribeInventoryDeletions');
}
/**
* Grants permission to view details of a specified task execution for a maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowExecutionTaskInvocations.html
*/
toDescribeMaintenanceWindowExecutionTaskInvocations() {
return this.to('DescribeMaintenanceWindowExecutionTaskInvocations');
}
/**
* Grants permission to view details about the tasks that ran during a specified maintenance window execution
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowExecutionTasks.html
*/
toDescribeMaintenanceWindowExecutionTasks() {
return this.to('DescribeMaintenanceWindowExecutionTasks');
}
/**
* Grants permission to view the executions of a specified maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowExecutions.html
*/
toDescribeMaintenanceWindowExecutions() {
return this.to('DescribeMaintenanceWindowExecutions');
}
/**
* Grants permission to view details about upcoming executions of a specified maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowSchedule.html
*/
toDescribeMaintenanceWindowSchedule() {
return this.to('DescribeMaintenanceWindowSchedule');
}
/**
* Grants permission to view a list of the targets associated with a specified maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowTargets.html
*/
toDescribeMaintenanceWindowTargets() {
return this.to('DescribeMaintenanceWindowTargets');
}
/**
* Grants permission to view a list of the tasks associated with a specified maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowTasks.html
*/
toDescribeMaintenanceWindowTasks() {
return this.to('DescribeMaintenanceWindowTasks');
}
/**
* Grants permission to view information about all or specified maintenance windows
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindows.html
*/
toDescribeMaintenanceWindows() {
return this.to('DescribeMaintenanceWindows');
}
/**
* Grants permission to view information about the maintenance window targets and tasks associated with a specified instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowsForTarget.html
*/
toDescribeMaintenanceWindowsForTarget() {
return this.to('DescribeMaintenanceWindowsForTarget');
}
/**
* Grants permission to view details about specified OpsItems
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeOpsItems.html
*/
toDescribeOpsItems() {
return this.to('DescribeOpsItems');
}
/**
* Grants permission to view details about a specified SSM parameter
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeParameters.html
*/
toDescribeParameters() {
return this.to('DescribeParameters');
}
/**
* Grants permission to view information about patch baselines that meet the specified criteria
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchBaselines.html
*/
toDescribePatchBaselines() {
return this.to('DescribePatchBaselines');
}
/**
* Grants permission to view aggregated status details for patches for a specified patch group
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchGroupState.html
*/
toDescribePatchGroupState() {
return this.to('DescribePatchGroupState');
}
/**
* Grants permission to view information about the patch baseline for a specified patch group
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchGroups.html
*/
toDescribePatchGroups() {
return this.to('DescribePatchGroups');
}
/**
* Grants permission to view details of available patches for a specified operating system and patch property
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchProperties.html
*/
toDescribePatchProperties() {
return this.to('DescribePatchProperties');
}
/**
* Grants permission to view a list of recent Session Manager sessions that meet the specified search criteria
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeSessions.html
*/
toDescribeSessions() {
return this.to('DescribeSessions');
}
/**
* Grants permission to disassociate RelatedItem from an OpsItem
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DisassociateOpsItemRelatedItem.html
*/
toDisassociateOpsItemRelatedItem() {
return this.to('DisassociateOpsItemRelatedItem');
}
/**
* Grants permission to a Systems Manager delegated administrator to view related resource details about OpsItems across multiple AWS accounts in the AWS Management Console
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html#systems-manager-namespace-other-API-operations
*/
toExecuteAPI() {
return this.to('ExecuteAPI');
}
/**
* Grants permission to return a credentials set to be used with just-in-time node access
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetAccessToken.html
*/
toGetAccessToken() {
return this.to('GetAccessToken');
}
/**
* Grants permission to view details of a specified Automation execution
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_AutomationExecution.html
*/
toGetAutomationExecution() {
return this.to('GetAutomationExecution');
}
/**
* Grants permission to view details of a specific calendar
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar-prereqs.html
*/
toGetCalendar() {
return this.to('GetCalendar');
}
/**
* Grants permission to view the calendar state for a change calendar or a list of change calendars
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetCalendarState.html
*/
toGetCalendarState() {
return this.to('GetCalendarState');
}
/**
* Grants permission to view details about the command execution of a specified invocation or plugin
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetCommandInvocation.html
*/
toGetCommandInvocation() {
return this.to('GetCommandInvocation');
}
/**
* Grants permission to view the Session Manager connection status for a specified managed instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifResourceTag()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetConnectionStatus.html
*/
toGetConnectionStatus() {
return this.to('GetConnectionStatus');
}
/**
* Grants permission to view the current default patch baseline for a specified operating system type
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetDefaultPatchBaseline.html
*/
toGetDefaultPatchBaseline() {
return this.to('GetDefaultPatchBaseline');
}
/**
* Grants permission to retrieve the current patch baseline snapshot for a specified instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetDeployablePatchSnapshotForInstance.html
*/
toGetDeployablePatchSnapshotForInstance() {
return this.to('GetDeployablePatchSnapshotForInstance');
}
/**
* Grants permission to view the contents of a specified SSM document
*
* Access Level: Read
*
* Possible conditions:
* - .ifDocumentCategories()
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetDocument.html
*/
toGetDocument() {
return this.to('GetDocument');
}
/**
* Grants permission to retrieve an existing preview that shows the effects that running a specified Automation runbook would have on the targeted resources
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetExecutionPreview.html
*/
toGetExecutionPreview() {
return this.to('GetExecutionPreview');
}
/**
* Grants permission to view instance inventory details per the specified criteria
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetInventory.html
*/
toGetInventory() {
return this.to('GetInventory');
}
/**
* Grants permission to view a list of inventory types or attribute names for a specified inventory item type
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetInventorySchema.html
*/
toGetInventorySchema() {
return this.to('GetInventorySchema');
}
/**
* Grants permission to view details about a specified maintenance window
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindow.html
*/
toGetMaintenanceWindow() {
return this.to('GetMaintenanceWindow');
}
/**
* Grants permission to view details about a specified maintenance window execution
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindowExecution.html
*/
toGetMaintenanceWindowExecution() {
return this.to('GetMaintenanceWindowExecution');
}
/**
* Grants permission to view details about a specified maintenance window execution task
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindowExecutionTask.html
*/
toGetMaintenanceWindowExecutionTask() {
return this.to('GetMaintenanceWindowExecutionTask');
}
/**
* Grants permission to view details about a specific maintenance window task running on a specific target
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindowExecutionTaskInvocation.html
*/
toGetMaintenanceWindowExecutionTaskInvocation() {
return this.to('GetMaintenanceWindowExecutionTaskInvocation');
}
/**
* Grants permission to view details about tasks registered with a specified maintenance window
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindowTask.html
*/
toGetMaintenanceWindowTask() {
return this.to('GetMaintenanceWindowTask');
}
/**
* Grants permission to Systems Manager and SSM Agent to determine package installation requirements for an instance (internal Systems Manager call)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toGetManifest() {
return this.to('GetManifest');
}
/**
* Grants permission to view information about a specified OpsItem
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetOpsItem.html
*/
toGetOpsItem() {
return this.to('GetOpsItem');
}
/**
* Grants permission to retrieve an OpsMetadata object
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetOpsMetadata.html
*/
toGetOpsMetadata() {
return this.to('GetOpsMetadata');
}
/**
* Grants permission to view summary information about OpsItems based on specified filters and aggregators
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetOpsSummary.html
*/
toGetOpsSummary() {
return this.to('GetOpsSummary');
}
/**
* Grants permission to view information about a specified parameter
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParameter.html
*/
toGetParameter() {
return this.to('GetParameter');
}
/**
* Grants permission to view details and changes for a specified parameter
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParameterHistory.html
*/
toGetParameterHistory() {
return this.to('GetParameterHistory');
}
/**
* Grants permission to view information about multiple specified parameters
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParameters.html
*/
toGetParameters() {
return this.to('GetParameters');
}
/**
* Grants permission to view information about parameters in a specified hierarchy
*
* Access Level: Read
*
* Possible conditions:
* - .ifRecursive()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParametersByPath.html
*/
toGetParametersByPath() {
return this.to('GetParametersByPath');
}
/**
* Grants permission to view information about a specified patch baseline
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetPatchBaseline.html
*/
toGetPatchBaseline() {
return this.to('GetPatchBaseline');
}
/**
* Grants permission to view the ID of the current patch baseline for a specified patch group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetPatchBaselineForPatchGroup.html
*/
toGetPatchBaselineForPatchGroup() {
return this.to('GetPatchBaselineForPatchGroup');
}
/**
* Grants permission to retrieve lists of Systems Manager resource policies
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetResourcePolicies.html
*/
toGetResourcePolicies() {
return this.to('GetResourcePolicies');
}
/**
* Grants permission to view the account-level setting for an AWS service
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetServiceSetting.html
*/
toGetServiceSetting() {
return this.to('GetServiceSetting');
}
/**
* Grants permission to apply an identifying label to a specified version of a parameter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_LabelParameterVersion.html
*/
toLabelParameterVersion() {
return this.to('LabelParameterVersion');
}
/**
* Grants permission to list versions of the specified association
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListAssociationVersions.html
*/
toListAssociationVersions() {
return this.to('ListAssociationVersions');
}
/**
* Grants permission to list the associations for a specified SSM document or managed instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListAssociations.html
*/
toListAssociations() {
return this.to('ListAssociations');
}
/**
* Grants permission to list information about command invocations sent to a specified instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListCommandInvocations.html
*/
toListCommandInvocations() {
return this.to('ListCommandInvocations');
}
/**
* Grants permission to list the commands sent to a specified instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListCommands.html
*/
toListCommands() {
return this.to('ListCommands');
}
/**
* Grants permission to list compliance status for specified resource types on a specified resource
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListComplianceItems.html
*/
toListComplianceItems() {
return this.to('ListComplianceItems');
}
/**
* Grants permission to list a summary count of compliant and noncompliant resources for a specified compliance type
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListComplianceSummaries.html
*/
toListComplianceSummaries() {
return this.to('ListComplianceSummaries');
}
/**
* Grants permission to view metadata history about a specified SSM document
*
* Access Level: List
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListDocumentMetadataHistory.html
*/
toListDocumentMetadataHistory() {
return this.to('ListDocumentMetadataHistory');
}
/**
* Grants permission to list all versions of a specified document
*
* Access Level: List
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListDocumentVersions.html
*/
toListDocumentVersions() {
return this.to('ListDocumentVersions');
}
/**
* Grants permission to view information about a specified SSM document
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListDocuments.html
*/
toListDocuments() {
return this.to('ListDocuments');
}
/**
* Grants permission to SSM Agent to check for new State Manager associations (internal Systems Manager call)
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toListInstanceAssociations() {
return this.to('ListInstanceAssociations');
}
/**
* Grants permission to view a list of specified inventory types for a specified instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListInventoryEntries.html
*/
toListInventoryEntries() {
return this.to('ListInventoryEntries');
}
/**
* Grants permission to view details about managed nodes based on specified filters
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListNodes.html
*/
toListNodes() {
return this.to('ListNodes');
}
/**
* Grants permission to view summary information about managed nodes based on specified filters and aggregators
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListNodesSummary.html
*/
toListNodesSummary() {
return this.to('ListNodesSummary');
}
/**
* Grants permission to view details about OpsItemEvents
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListOpsItemEvents.html
*/
toListOpsItemEvents() {
return this.to('ListOpsItemEvents');
}
/**
* Grants permission to view details about OpsItem RelatedItems
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListOpsItemRelatedItems.html
*/
toListOpsItemRelatedItems() {
return this.to('ListOpsItemRelatedItems');
}
/**
* Grants permission to view a list of OpsMetadata objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListOpsMetadata.html
*/
toListOpsMetadata() {
return this.to('ListOpsMetadata');
}
/**
* Grants permission to list resource-level summary count
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListResourceComplianceSummaries.html
*/
toListResourceComplianceSummaries() {
return this.to('ListResourceComplianceSummaries');
}
/**
* Grants permission to list information about resource data sync configurations in an account
*
* Access Level: List
*
* Possible conditions:
* - .ifSyncType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListResourceDataSync.html
*/
toListResourceDataSync() {
return this.to('ListResourceDataSync');
}
/**
* Grants permission to view a list of resource tags for a specified resource
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to share a custom SSM document publicly or privately with specified AWS accounts
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ModifyDocumentPermission.html
*/
toModifyDocumentPermission() {
return this.to('ModifyDocumentPermission');
}
/**
* Grants permission to create/edit a specific calendar
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar-prereqs.html
*/
toPutCalendar() {
return this.to('PutCalendar');
}
/**
* Grants permission to register a compliance type and other compliance details on a specified resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifSourceInstanceARN()
* - .ifEc2SourceInstanceARN()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutComplianceItems.html
*/
toPutComplianceItems() {
return this.to('PutComplianceItems');
}
/**
* Grants permission to SSM Agent to generate a report of the results of specific agent requests (internal Systems Manager call)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toPutConfigurePackageResult() {
return this.to('PutConfigurePackageResult');
}
/**
* Grants permission to add or update inventory items on multiple specified managed instances
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutInventory.html
*/
toPutInventory() {
return this.to('PutInventory');
}
/**
* Grants permission to create an SSM parameter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifOverwrite()
* - .ifPolicies()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html
*/
toPutParameter() {
return this.to('PutParameter');
}
/**
* Grants permission to create or update a Systems Manager resource policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutResourcePolicy.html
*/
toPutResourcePolicy() {
return this.to('PutResourcePolicy');
}
/**
* Grants permission to specify the default patch baseline for an operating system type
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_RegisterDefaultPatchBaseline.html
*/
toRegisterDefaultPatchBaseline() {
return this.to('RegisterDefaultPatchBaseline');
}
/**
* Grants permission to register a Systems Manager Agent
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toRegisterManagedInstance() {
return this.to('RegisterManagedInstance');
}
/**
* Grants permission to specify the default patch baseline for a specified patch group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_RegisterPatchBaselineForPatchGroup.html
*/
toRegisterPatchBaselineForPatchGroup() {
return this.to('RegisterPatchBaselineForPatchGroup');
}
/**
* Grants permission to register a target with a specified maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_RegisterTargetWithMaintenanceWindow.html
*/
toRegisterTargetWithMaintenanceWindow() {
return this.to('RegisterTargetWithMaintenanceWindow');
}
/**
* Grants permission to register a task with a specified maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_RegisterTaskWithMaintenanceWindow.html
*/
toRegisterTaskWithMaintenanceWindow() {
return this.to('RegisterTaskWithMaintenanceWindow');
}
/**
* Grants permission to remove a specified tag key from a specified resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_RemoveTagsFromResource.html
*/
toRemoveTagsFromResource() {
return this.to('RemoveTagsFromResource');
}
/**
* Grants permission to reset the service setting for an AWS account to the default value
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ResetServiceSetting.html
*/
toResetServiceSetting() {
return this.to('ResetServiceSetting');
}
/**
* Grants permission to reconnect a Session Manager session to a managed instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifResourceTagAws()
* - .ifResourceTagAws()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ResumeSession.html
*/
toResumeSession() {
return this.to('ResumeSession');
}
/**
* Grants permission to send a signal to change the current behavior or status of a specified Automation execution
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_SendAutomationSignal.html
*/
toSendAutomationSignal() {
return this.to('SendAutomationSignal');
}
/**
* Grants permission to run commands on one or more specified managed instances
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_SendCommand.html
*/
toSendCommand() {
return this.to('SendCommand');
}
/**
* Grants permission to start the workflow for just-in-time node access sessions
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_StartAccessRequest.html
*/
toStartAccessRequest() {
return this.to('StartAccessRequest');
}
/**
* Grants permission to run a specified association manually
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_StartAssociationsOnce.html
*/
toStartAssociationsOnce() {
return this.to('StartAssociationsOnce');
}
/**
* Grants permission to initiate the execution of an Automation document
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_StartAutomationExecution.html