cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
692 lines (691 loc) • 26.6 kB
TypeScript
import { AccessLevelList } from '../../shared/access-level';
import { PolicyStatement, Operator } from '../../shared';
import { aws_iam as iam } from "aws-cdk-lib";
/**
* Statement provider for service [appconfig](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsappconfig.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
export declare class Appconfig extends PolicyStatement {
servicePrefix: string;
/**
* Grants permission to create an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_CreateApplication.html
*/
toCreateApplication(): this;
/**
* Grants permission to create a configuration profile
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_CreateConfigurationProfile.html
*/
toCreateConfigurationProfile(): this;
/**
* Grants permission to create a deployment strategy
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_CreateDeploymentStrategy.html
*/
toCreateDeploymentStrategy(): this;
/**
* Grants permission to create an environment
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_CreateEnvironment.html
*/
toCreateEnvironment(): this;
/**
* Grants permission to create an extension
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_CreateExtension.html
*/
toCreateExtension(): this;
/**
* Grants permission to create an extension association
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_CreateExtensionAssociation.html
*/
toCreateExtensionAssociation(): this;
/**
* Grants permission to create a hosted configuration version
*
* Access Level: Write
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_CreateHostedConfigurationVersion.html
*/
toCreateHostedConfigurationVersion(): this;
/**
* Grants permission to delete an application
*
* Access Level: Write
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_DeleteApplication.html
*/
toDeleteApplication(): this;
/**
* Grants permission to delete a configuration profile
*
* Access Level: Write
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_DeleteConfigurationProfile.html
*/
toDeleteConfigurationProfile(): this;
/**
* Grants permission to delete a deployment strategy
*
* Access Level: Write
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_DeleteDeploymentStrategy.html
*/
toDeleteDeploymentStrategy(): this;
/**
* Grants permission to delete an environment
*
* Access Level: Write
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_DeleteEnvironment.html
*/
toDeleteEnvironment(): this;
/**
* Grants permission to delete an extension
*
* Access Level: Write
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_DeleteExtension.html
*/
toDeleteExtension(): this;
/**
* Grants permission to delete an extension association
*
* Access Level: Write
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_DeleteExtensionAssociation.html
*/
toDeleteExtensionAssociation(): this;
/**
* Grants permission to delete a hosted configuration version
*
* Access Level: Write
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_DeleteHostedConfigurationVersion.html
*/
toDeleteHostedConfigurationVersion(): this;
/**
* Grants permission to view account-wide AppConfig settings
*
* Access Level: Read
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_GetAccountSettings.html
*/
toGetAccountSettings(): this;
/**
* Grants permission to view details about an application
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_GetApplication.html
*/
toGetApplication(): this;
/**
* Grants permission to view details about a configuration
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_GetConfiguration.html
*/
toGetConfiguration(): this;
/**
* Grants permission to view details about a configuration profile
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_GetConfigurationProfile.html
*/
toGetConfigurationProfile(): this;
/**
* Grants permission to view details about a deployment
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_GetDeployment.html
*/
toGetDeployment(): this;
/**
* Grants permission to view details about a deployment strategy
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_GetDeploymentStrategy.html
*/
toGetDeploymentStrategy(): this;
/**
* Grants permission to view details about an environment
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_GetEnvironment.html
*/
toGetEnvironment(): this;
/**
* Grants permission to view details about an extension
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_GetExtension.html
*/
toGetExtension(): this;
/**
* Grants permission to view details about an extension association
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_GetExtensionAssociation.html
*/
toGetExtensionAssociation(): this;
/**
* Grants permission to view details about a hosted configuration version
*
* Access Level: Read
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_GetHostedConfigurationVersion.html
*/
toGetHostedConfigurationVersion(): this;
/**
* Grants permission to retrieve a deployed configuration
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_appconfigdata_GetLatestConfiguration.html
*/
toGetLatestConfiguration(): this;
/**
* Grants permission to list the applications in your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_ListApplications.html
*/
toListApplications(): this;
/**
* Grants permission to list the configuration profiles for an application
*
* Access Level: List
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_ListConfigurationProfiles.html
*/
toListConfigurationProfiles(): this;
/**
* Grants permission to list the deployment strategies for your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_ListDeploymentStrategies.html
*/
toListDeploymentStrategies(): this;
/**
* Grants permission to list the deployments for an environment
*
* Access Level: List
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_ListDeployments.html
*/
toListDeployments(): this;
/**
* Grants permission to list the environments for an application
*
* Access Level: List
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_ListEnvironments.html
*/
toListEnvironments(): this;
/**
* Grants permission to list the extension associations in your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_ListExtensionAssociations.html
*/
toListExtensionAssociations(): this;
/**
* Grants permission to list the extensions in your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_ListExtensions.html
*/
toListExtensions(): this;
/**
* Grants permission to list the hosted configuration versions for a configuration profile
*
* Access Level: List
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_ListHostedConfigurationVersions.html
*/
toListHostedConfigurationVersions(): this;
/**
* Grants permission to view a list of resource tags for a specified resource
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource(): this;
/**
* Grants permission to start a configuration session
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_appconfigdata_StartConfigurationSession.html
*/
toStartConfigurationSession(): this;
/**
* Grants permission to initiate a deployment
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_StartDeployment.html
*/
toStartDeployment(): this;
/**
* Grants permission to stop a deployment
*
* Access Level: Write
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_StopDeployment.html
*/
toStopDeployment(): this;
/**
* Grants permission to tag an appconfig resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_TagResource.html
*/
toTagResource(): this;
/**
* Grants permission to untag an appconfig resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_UntagResource.html
*/
toUntagResource(): this;
/**
* Grants permission to modify account-wide AppConfig settings
*
* Access Level: Write
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_UpdateAccountSettings.html
*/
toUpdateAccountSettings(): this;
/**
* Grants permission to modify an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_UpdateApplication.html
*/
toUpdateApplication(): this;
/**
* Grants permission to modify a configuration profile
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_UpdateConfigurationProfile.html
*/
toUpdateConfigurationProfile(): this;
/**
* Grants permission to modify a deployment strategy
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_UpdateDeploymentStrategy.html
*/
toUpdateDeploymentStrategy(): this;
/**
* Grants permission to modify an environment
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_UpdateEnvironment.html
*/
toUpdateEnvironment(): this;
/**
* Grants permission to modify an extension
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_UpdateExtension.html
*/
toUpdateExtension(): this;
/**
* Grants permission to modify an extension association
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_UpdateExtensionAssociation.html
*/
toUpdateExtensionAssociation(): this;
/**
* Grants permission to validate a configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_ValidateConfiguration.html
*/
toValidateConfiguration(): this;
protected accessLevelList: AccessLevelList;
/**
* Adds a resource of type application to the statement
*
* https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-namespace.html
*
* @param applicationId - Identifier for the applicationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onApplication(applicationId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type environment to the statement
*
* https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-environment.html
*
* @param applicationId - Identifier for the applicationId.
* @param environmentId - Identifier for the environmentId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onEnvironment(applicationId: string, environmentId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type configurationprofile to the statement
*
* https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-configuration-profile.html
*
* @param applicationId - Identifier for the applicationId.
* @param configurationProfileId - Identifier for the configurationProfileId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onConfigurationprofile(applicationId: string, configurationProfileId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type deploymentstrategy to the statement
*
* https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-deployment-strategy.html
*
* @param deploymentStrategyId - Identifier for the deploymentStrategyId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDeploymentstrategy(deploymentStrategyId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type deployment to the statement
*
* https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-deploying.html
*
* @param applicationId - Identifier for the applicationId.
* @param environmentId - Identifier for the environmentId.
* @param deploymentNumber - Identifier for the deploymentNumber.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDeployment(applicationId: string, environmentId: string, deploymentNumber: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type hostedconfigurationversion to the statement
*
* https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-configuration-profile.html
*
* @param applicationId - Identifier for the applicationId.
* @param configurationProfileId - Identifier for the configurationProfileId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onHostedconfigurationversion(applicationId: string, configurationProfileId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type configuration to the statement
*
* https://docs.aws.amazon.com/appconfig/latest/userguide/retrieving-feature-flags.html
*
* @param applicationId - Identifier for the applicationId.
* @param environmentId - Identifier for the environmentId.
* @param configurationProfileId - Identifier for the configurationProfileId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onConfiguration(applicationId: string, environmentId: string, configurationProfileId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type extension to the statement
*
* https://docs.aws.amazon.com/appconfig/latest/userguide/working-with-appconfig-extensions.html
*
* @param extensionId - Identifier for the extensionId.
* @param extensionVersionNumber - Identifier for the extensionVersionNumber.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onExtension(extensionId: string, extensionVersionNumber: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type extensionassociation to the statement
*
* https://docs.aws.amazon.com/appconfig/latest/userguide/working-with-appconfig-extensions.html
*
* @param extensionAssociationId - Identifier for the extensionAssociationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onExtensionassociation(extensionAssociationId: string, account?: string, region?: string, partition?: string): this;
/**
* Filters access by the allowed set of values for a specified tag
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags
*
* Applies to actions:
* - .toCreateApplication()
* - .toCreateConfigurationProfile()
* - .toCreateDeploymentStrategy()
* - .toCreateEnvironment()
* - .toCreateExtension()
* - .toCreateExtensionAssociation()
* - .toStartDeployment()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by a tag key-value pair assigned to the AWS resource
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags
*
* Applies to actions:
* - .toGetApplication()
* - .toGetConfiguration()
* - .toGetConfigurationProfile()
* - .toGetDeployment()
* - .toGetDeploymentStrategy()
* - .toGetEnvironment()
* - .toGetExtension()
* - .toGetExtensionAssociation()
* - .toGetLatestConfiguration()
* - .toListTagsForResource()
* - .toStartConfigurationSession()
* - .toTagResource()
* - .toUpdateApplication()
* - .toUpdateConfigurationProfile()
* - .toUpdateDeploymentStrategy()
* - .toUpdateEnvironment()
* - .toUpdateExtension()
* - .toUpdateExtensionAssociation()
*
* Applies to resource types:
* - application
* - environment
* - configurationprofile
* - deploymentstrategy
* - deployment
* - configuration
* - extension
* - extensionassociation
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by a list of tag keys that are allowed in the request
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags
*
* Applies to actions:
* - .toCreateApplication()
* - .toCreateConfigurationProfile()
* - .toCreateDeploymentStrategy()
* - .toCreateEnvironment()
* - .toCreateExtension()
* - .toCreateExtensionAssociation()
* - .toStartDeployment()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value: string | string[], operator?: Operator | string): this;
/**
* Statement provider for service [appconfig](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsappconfig.html).
*
*/
constructor(props?: iam.PolicyStatementProps);
}