cdk-iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [athena](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonathena.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Athena extends PolicyStatement { servicePrefix: string; /** * Grants permission to get information about one or more named queries * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_BatchGetNamedQuery.html */ toBatchGetNamedQuery(): this; /** * Grants permission to get information about one or more prepared statements * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_BatchGetPreparedStatement.html */ toBatchGetPreparedStatement(): this; /** * Grants permission to get information about one or more query executions * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_BatchGetQueryExecution.html */ toBatchGetQueryExecution(): this; /** * Grants permission to cancel a capacity reservation * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_CancelCapacityReservation.html */ toCancelCapacityReservation(): this; /** * Grants permission to cancel query execution. Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use StopQueryExecution otherwise * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_StopQueryExecution.html */ toCancelQueryExecution(): this; /** * Grants permission to create a capacity reservation * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/athena/latest/APIReference/API_CreateCapacityReservation.html */ toCreateCapacityReservation(): this; /** * Grants permission to create a datacatalog * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/athena/latest/APIReference/API_CreateDataCatalog.html */ toCreateDataCatalog(): this; /** * Grants permission to create a named query * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_CreateNamedQuery.html */ toCreateNamedQuery(): this; /** * Grants permission to create a notebook * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_CreateNotebook.html */ toCreateNotebook(): this; /** * Grants permission to create a prepared statement * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_CreatePreparedStatement.html */ toCreatePreparedStatement(): this; /** * Grants permission to create a presigned notebook url * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_CreatePresignedNotebookUrl.html */ toCreatePresignedNotebookUrl(): this; /** * Grants permission to create a workgroup * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/athena/latest/APIReference/API_CreateWorkGroup.html */ toCreateWorkGroup(): this; /** * Grants permission to delete a capacity reservation * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_DeleteCapacityReservation.html */ toDeleteCapacityReservation(): this; /** * Grants permission to delete a datacatalog * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_DeleteDataCatalog.html */ toDeleteDataCatalog(): this; /** * Grants permission to delete a named query specified * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_DeleteNamedQuery.html */ toDeleteNamedQuery(): this; /** * Grants permission to delete a notebook * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_DeleteNotebook.html */ toDeleteNotebook(): this; /** * Grants permission to delete a prepared statement specified * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_DeletePreparedStatement.html */ toDeletePreparedStatement(): this; /** * Grants permission to delete a workgroup * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_DeleteWorkGroup.html */ toDeleteWorkGroup(): this; /** * Grants permission to export a notebook * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ExportNotebook.html */ toExportNotebook(): this; /** * Grants permission to get a calculation execution * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetCalculationExecution.html */ toGetCalculationExecution(): this; /** * Grants permission to get a calculation execution code * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetCalculationExecutionCode.html */ toGetCalculationExecutionCode(): this; /** * Grants permission to get a calculation execution status * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetCalculationExecutionStatus.html */ toGetCalculationExecutionStatus(): this; /** * Grants permission to get capacity assignment information for a capacity reservation * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetCapacityAssignmentConfiguration.html */ toGetCapacityAssignmentConfiguration(): this; /** * Grants permission to get a capacity reservation * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetCapacityReservation.html */ toGetCapacityReservation(): this; /** * Grants permission to enable access to databases and tables. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/ug/connect-with-previous-jdbc.html#jdbc-prev-version-policies */ toGetCatalogs(): this; /** * Grants permission to get a datacatalog * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetDataCatalog.html */ toGetDataCatalog(): this; /** * Grants permission to get a database for a given datacatalog * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetDatabase.html */ toGetDatabase(): this; /** * Grants permission to enable access to the specified database and table. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/ug/connect-with-previous-jdbc.html#jdbc-prev-version-policies */ toGetExecutionEngine(): this; /** * Grants permission to enable access to databases and tables. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/ug/connect-with-previous-jdbc.html#jdbc-prev-version-policies */ toGetExecutionEngines(): this; /** * Grants permission to get information about the specified named query * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetNamedQuery.html */ toGetNamedQuery(): this; /** * Grants permission to enable access to the specified database and table. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/ug/connect-with-previous-jdbc.html#jdbc-prev-version-policies */ toGetNamespace(): this; /** * Grants permission to enable access to databases and tables. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/ug/connect-with-previous-jdbc.html#jdbc-prev-version-policies */ toGetNamespaces(): this; /** * Grants permission to get notebook metadata * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetNotebookMetadata.html */ toGetNotebookMetadata(): this; /** * Grants permission to get information about the specified prepared statement * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetPreparedStatement.html */ toGetPreparedStatement(): this; /** * Grants permission to get information about the specified query execution * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetQueryExecution.html */ toGetQueryExecution(): this; /** * Grants permission to get query executions. Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use ListQueryExecutions otherwise * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListQueryExecutions.html */ toGetQueryExecutions(): this; /** * Grants permission to get the query results * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetQueryResults.html */ toGetQueryResults(): this; /** * Grants permission to get the query results stream * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/ug/jdbc-v3-driver.html#jdbc-v3-driver-download */ toGetQueryResultsStream(): this; /** * Grants permission to get runtime statistics for the specified query execution * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetQueryRuntimeStatistics.html */ toGetQueryRuntimeStatistics(): this; /** * Grants permission to get a Live UI/Persistence UI for a session * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetResourceDashboard.html */ toGetResourceDashboard(): this; /** * Grants permission to get a session * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetSession.html */ toGetSession(): this; /** * Grants permission to get a connection endpoint and authentication token for a given session Id * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetSessionEndpoint.html */ toGetSessionEndpoint(): this; /** * Grants permission to get a session status * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetSessionStatus.html */ toGetSessionStatus(): this; /** * Grants permission to enable access to the specified table. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/ug/connect-with-previous-jdbc.html#jdbc-prev-version-policies */ toGetTable(): this; /** * Grants permission to get a metadata about a table for a given datacatalog * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetTableMetadata.html */ toGetTableMetadata(): this; /** * Grants permission to enable access to tables. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/ug/connect-with-previous-jdbc.html#jdbc-prev-version-policies */ toGetTables(): this; /** * Grants permission to get a workgroup * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_GetWorkGroup.html */ toGetWorkGroup(): this; /** * Grants permission to import a notebook * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ImportNotebook.html */ toImportNotebook(): this; /** * Grants permission to return a list of ApplicationRuntimeIds * * Access Level: List * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListApplicationDPUSizes.html */ toListApplicationDPUSizes(): this; /** * Grants permission to return a list of calculation executions * * Access Level: List * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListCalculationExecutions.html */ toListCalculationExecutions(): this; /** * Grants permission to return a list of capacity reservations for the specified AWS account * * Access Level: List * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListCapacityReservations.html */ toListCapacityReservations(): this; /** * Grants permission to return a list of datacatalogs for the specified AWS account * * Access Level: List * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListDataCatalogs.html */ toListDataCatalogs(): this; /** * Grants permission to return a list of databases for a given datacatalog * * Access Level: List * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListDatabases.html */ toListDatabases(): this; /** * Grants permission to return a list of athena engine versions for the specified AWS account * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListEngineVersions.html */ toListEngineVersions(): this; /** * Grants permission to return a list of executors * * Access Level: List * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListExecutors.html */ toListExecutors(): this; /** * Grants permission to return a list of named queries in Amazon Athena for the specified AWS account * * Access Level: List * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListNamedQueries.html */ toListNamedQueries(): this; /** * Grants permission to return a list of notebooks for a given workgroup * * Access Level: List * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListNotebookMetadata.html */ toListNotebookMetadata(): this; /** * Grants permission to return a list of sessions for a given notebook * * Access Level: List * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListNotebookSessions.html */ toListNotebookSessions(): this; /** * Grants permission to return a list of prepared statements for the specified workgroup * * Access Level: List * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListPreparedStatements.html */ toListPreparedStatements(): this; /** * Grants permission to return a list of query executions for the specified AWS account * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListQueryExecutions.html */ toListQueryExecutions(): this; /** * Grants permission to return a list of sessions for a given workgroup * * Access Level: List * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListSessions.html */ toListSessions(): this; /** * Grants permission to return a list of table metadata in a database for a given datacatalog * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListTableMetadata.html */ toListTableMetadata(): this; /** * Grants permission to return a list of tags for a resource * * Access Level: Read * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to return a list of workgroups for the specified AWS account * * Access Level: List * * https://docs.aws.amazon.com/athena/latest/APIReference/API_ListWorkGroups.html */ toListWorkGroups(): this; /** * Grants permission to assign capacity from a capacity reservation to queries * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_PutCapacityAssignmentConfiguration.html */ toPutCapacityAssignmentConfiguration(): this; /** * Grants permission to run a query. Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use StartQueryExecution otherwise * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_StartQueryExecution.html */ toRunQuery(): this; /** * Grants permission to start a calculation execution * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_StartCalculationExecution.html */ toStartCalculationExecution(): this; /** * Grants permission to start a query execution using an SQL query provided as a string * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_StartQueryExecution.html */ toStartQueryExecution(): this; /** * Grants permission to start a session * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/athena/latest/APIReference/API_StartSession.html */ toStartSession(): this; /** * Grants permission to stop a calculation execution * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_StopCalculationExecution.html */ toStopCalculationExecution(): this; /** * Grants permission to stop the specified query execution * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_StopQueryExecution.html */ toStopQueryExecution(): this; /** * Grants permission to add a tag to a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/athena/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to terminate a session * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_TerminateSession.html */ toTerminateSession(): this; /** * Grants permission to remove a tag from a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/athena/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update a capacity reservation * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_UpdateCapacityReservation.html */ toUpdateCapacityReservation(): this; /** * Grants permission to update a datacatalog * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_UpdateDataCatalog.html */ toUpdateDataCatalog(): this; /** * Grants permission to update a named query specified * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_UpdateNamedQuery.html */ toUpdateNamedQuery(): this; /** * Grants permission to update a notebook * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_UpdateNotebook.html */ toUpdateNotebook(): this; /** * Grants permission to update notebook metadata * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_UpdateNotebookMetadata.html */ toUpdateNotebookMetadata(): this; /** * Grants permission to update a prepared statement * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_UpdatePreparedStatement.html */ toUpdatePreparedStatement(): this; /** * Grants permission to update a workgroup * * Access Level: Write * * https://docs.aws.amazon.com/athena/latest/APIReference/API_UpdateWorkGroup.html */ toUpdateWorkGroup(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type datacatalog to the statement * * https://docs.aws.amazon.com/athena/latest/ug/datacatalogs-example-policies.html * * @param dataCatalogName - Identifier for the dataCatalogName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDatacatalog(dataCatalogName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type workgroup to the statement * * https://docs.aws.amazon.com/athena/latest/ug/example-policies-workgroup.html * * @param workGroupName - Identifier for the workGroupName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onWorkgroup(workGroupName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type capacity-reservation to the statement * * https://docs.aws.amazon.com/athena/latest/ug/example-policies-capacity-reservations.html * * @param capacityReservationName - Identifier for the capacityReservationName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCapacityReservation(capacityReservationName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type session to the statement * * https://docs.aws.amazon.com/athena/latest/ug/example-policies-workgroup.html * * @param workGroupName - Identifier for the workGroupName. * @param sessionId - Identifier for the sessionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSession(workGroupName: string, sessionId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the presence of tag key-value pairs in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateCapacityReservation() * - .toCreateDataCatalog() * - .toCreateWorkGroup() * - .toStartSession() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag key-value pairs attached to the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - datacatalog * - workgroup * - capacity-reservation * - session * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the the presence of tag keys in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateCapacityReservation() * - .toCreateDataCatalog() * - .toCreateWorkGroup() * - .toStartSession() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [athena](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonathena.html). * */ constructor(props?: iam.PolicyStatementProps); }