UNPKG

cdk-iam-floyd

Version:

AWS IAM policy statement generator with fluent interface for AWS CDK

github.com/udondan/iam-floyd

udondan/iam-floyd

119 lines (118 loc) 5.69 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
import { AccessLevelList } from '../access-level'; import { PolicyStatementWithCondition } from './2-conditions'; import { aws_iam as _iam } from "aws-cdk-lib"; export interface Action { url: string; description: string; accessLevel: string; resourceTypes?: any; conditions?: string[]; dependentActions?: string[]; } /** * Adds "action" functionality to the Policy Statement */ export declare class PolicyStatementWithActions extends PolicyStatementWithCondition { protected accessLevelList: AccessLevelList; private useNotAction; protected floydActions: string[]; private cdkActionsApplied; private isCompact; /** * Injects actions into the statement. * * Only relevant for the main package. In CDK mode this only calls super. */ toJSON(): any; toStatementJson(): any; freeze(): _iam.PolicyStatement; private cdkApplyActions; /** * Switches the statement to use [`NotAction`](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html). */ notAction(): this; /** * Checks weather actions have been applied to the policy. */ hasActions(): boolean; /** * Adds actions by name. * * Depending on the "mode", actions will be either added to the list of [`Actions`](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html) or [`NotAction`](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html). * * The mode can be switched by calling `notAction()`. * * If the action does not contain a colon, the action will be prefixed with the service prefix of the class, e.g. `ec2:` * * @param action Actions that will be added to the statement. */ to(action: string): this; /** * Adds all actions of the statement provider to the statement, e.g. `actions: 'ec2:*'` */ allActions(): this; /** * Adds all actions that match one of the given regular expressions. * * @param expressions One or more regular expressions. The regular expressions need to be in [Perl/JavaScript literal style](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions) and need to be passed as strings, * For example: * ```typescript * allMatchingActions('/vpn/i') * ``` */ allMatchingActions(...expressions: string[]): this; /** * Adds all actions with [access level](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html#access_policies_access-level) LIST to the statement * * Permission to list resources within the service to determine whether an object exists. * * Actions with this level of access can list objects but cannot see the contents of a resource. * * For example, the Amazon S3 action `ListBucket` has the List access level. */ allListActions(): this; /** * Adds all actions with [access level](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html#access_policies_access-level) READ to the statement * * Permission to read but not edit the contents and attributes of resources in the service. * * For example, the Amazon S3 actions `GetObject` and `GetBucketLocation` have the Read access level. */ allReadActions(): this; /** * Adds all actions with [access level](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html#access_policies_access-level) WRITE to the statement * * Permission to create, delete, or modify resources in the service. * * For example, the Amazon S3 actions `CreateBucket`, `DeleteBucket` and `PutObject` have the Write access level. * * Write actions might also allow modifying a resource tag. However, an action that allows only changes to tags has the Tagging access level. */ allWriteActions(): this; /** * Adds all actions with [access level](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html#access_policies_access-level) PERMISSION MANAGEMENT to the statement * * Permission to grant or modify resource permissions in the service. * * For example, most IAM and AWS Organizations actions, as well as actions like the Amazon S3 actions `PutBucketPolicy` and `DeleteBucketPolicy` have the Permissions management access level. */ allPermissionManagementActions(): this; /** * Adds all actions with [access level](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html#access_policies_access-level) TAGGING to the statement * * Permission to perform actions that only change the state of resource tags. * * For example, the IAM actions `TagRole` and `UntagRole` have the Tagging access level because they allow only tagging or untagging a role. However, the `CreateRole` action allows tagging a role resource when you create that role. Because the action does not only add a tag, it has the Write access level. */ allTaggingActions(): this; private addAccessLevel; /** * Condense action list down to a list of patterns. * * Using this method can help to reduce the policy size. * * For example, all actions with access level `list` could be reduced to a small pattern `List*`. */ compact(): this; private compactActions; }