cdk-iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [logs](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatchlogs.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Logs extends PolicyStatement { servicePrefix: string; /** * Grants permission to associate the specified AWS Key Management Service (AWS KMS) customer master key (CMK) with the specified log group * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_AssociateKmsKey.html */ toAssociateKmsKey(): this; /** * Grants permission to associate a log source to an S3 Tables integration * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_AssociateSourceToS3TableIntegration.html */ toAssociateSourceToS3TableIntegration(): this; /** * Grants permission to authenticate requests using bearer token * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html */ toCallWithBearerToken(): this; /** * Grants permission to cancel an export task if it is in PENDING or RUNNING state * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CancelExportTask.html */ toCancelExportTask(): this; /** * Grants permission to cancel an import from CloudTrail Lake to CloudWatch * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CancelImportTask.html */ toCancelImportTask(): this; /** * Grants permission to create a delivery connecting a delivery source to a delivery destination * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html */ toCreateDelivery(): this; /** * Grants permission to create an ExportTask which allows you to efficiently export data from a Log Group to your Amazon S3 bucket * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateExportTask.html */ toCreateExportTask(): this; /** * Grants permission to start an asynchronous process to import data from a CloudTrail Lake event data store into a managed log group in CloudWatch * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateImportTask.html */ toCreateImportTask(): this; /** * Grants permission to create a log anomaly detector * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogAnomalyDetector.html */ toCreateLogAnomalyDetector(): this; /** * Grants permission to create the log delivery * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html */ toCreateLogDelivery(): this; /** * Grants permission to create a new log group with the specified name * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogGroup.html */ toCreateLogGroup(): this; /** * Grants permission to create a new log stream with the specified name * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogStream.html */ toCreateLogStream(): this; /** * Grants permission to create a lookup table * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLookupTable.html */ toCreateLookupTable(): this; /** * Grants permission to create a scheduled query * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateScheduledQuery.html */ toCreateScheduledQuery(): this; /** * Grants permission to delete an account policy * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteAccountPolicy.html */ toDeleteAccountPolicy(): this; /** * Grants permission to delete a data protection policy attached to a log group * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDataProtectionPolicy.html */ toDeleteDataProtectionPolicy(): this; /** * Grants permission to delete a delivery * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDelivery.html */ toDeleteDelivery(): this; /** * Grants permission to delete a delivery destination after all associated deliveries are deleted * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDeliveryDestination.html */ toDeleteDeliveryDestination(): this; /** * Grants permission to delete a delivery destination policy associated with a delivery destination * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDeliveryDestinationPolicy.html */ toDeleteDeliveryDestinationPolicy(): this; /** * Grants permission to delete a delivery source after all associated deliveries are deleted * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDeliverySource.html */ toDeleteDeliverySource(): this; /** * Grants permission to delete the destination with the specified name * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDestination.html */ toDeleteDestination(): this; /** * Grants permission to delete an index policy attached to a log group * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteIndexPolicy.html */ toDeleteIndexPolicy(): this; /** * Grants permission to delete the integration * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteIntegration.html */ toDeleteIntegration(): this; /** * Grants permission to delete a log anomaly detector * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteLogAnomalyDetector.html */ toDeleteLogAnomalyDetector(): this; /** * Grants permission to delete the log delivery information for specified log delivery * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html */ toDeleteLogDelivery(): this; /** * Grants permission to delete the log group with the specified name * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteLogGroup.html */ toDeleteLogGroup(): this; /** * Grants permission to delete a log stream * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteLogStream.html */ toDeleteLogStream(): this; /** * Grants permission to delete a lookup table * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteLookupTable.html */ toDeleteLookupTable(): this; /** * Grants permission to delete a metric filter associated with the specified log group * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteMetricFilter.html */ toDeleteMetricFilter(): this; /** * Grants permission to delete telemetry pipeline * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html */ toDeletePipelineRule(): this; /** * Grants permission to delete a saved CloudWatch Logs Insights query definition * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteQueryDefinition.html */ toDeleteQueryDefinition(): this; /** * Grants permission to delete a resource policy from this account * * Access Level: Permissions management * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteResourcePolicy.html */ toDeleteResourcePolicy(): this; /** * Grants permission to delete the retention policy of the specified log group * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteRetentionPolicy.html */ toDeleteRetentionPolicy(): this; /** * Grants permission to delete a scheduled query * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteScheduledQuery.html */ toDeleteScheduledQuery(): this; /** * Grants permission to delete a subscription filter associated with the specified log group * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteSubscriptionFilter.html */ toDeleteSubscriptionFilter(): this; /** * Grants permission to delete a transformer associated with the specified log group * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteTransformer.html */ toDeleteTransformer(): this; /** * Grants permission to retrieve account policies * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeAccountPolicies.html */ toDescribeAccountPolicies(): this; /** * Grants permission to retrieve a list of configuration templates of available log types * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeConfigurationTemplates.html */ toDescribeConfigurationTemplates(): this; /** * Grants permission to retrieve a list of deliveries an account * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html */ toDescribeDeliveries(): this; /** * Grants permission to retrieve a list of delivery destinations an account * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveryDestinations.html */ toDescribeDeliveryDestinations(): this; /** * Grants permission to retrieve a list of delivery sources in an account * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliverySources.html */ toDescribeDeliverySources(): this; /** * Grants permission to return all the destinations that are associated with the AWS account making the request * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDestinations.html */ toDescribeDestinations(): this; /** * Grants permission to return all the export tasks that are associated with the AWS account making the request * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeExportTasks.html */ toDescribeExportTasks(): this; /** * Grants permission to return all the indexing attributes that are attached with the log groups * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeFieldIndexes.html */ toDescribeFieldIndexes(): this; /** * Grants permission to return detailed information about the individual batches within an import task, including status and any error * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeImportTaskBatches.html */ toDescribeImportTaskBatches(): this; /** * Grants permission to return all the import tasks associated with the AWS account making the request * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeImportTasks.html */ toDescribeImportTasks(): this; /** * Grants permission to return all the index policies that are attached with the log groups * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeIndexPolicies.html */ toDescribeIndexPolicies(): this; /** * Grants permission to return all the log groups that are associated with the AWS account making the request * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html */ toDescribeLogGroups(): this; /** * Grants permission to return all the log streams that are associated with the specified log group * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogStreams.html */ toDescribeLogStreams(): this; /** * Grants permission to return all lookup tables * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLookupTables.html */ toDescribeLookupTables(): this; /** * Grants permission to return all the metrics filters associated with the specified log group * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeMetricFilters.html */ toDescribeMetricFilters(): this; /** * Grants permission to return a list of CloudWatch Logs Insights queries that are scheduled, executing, or have been executed recently in this account * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeQueries.html */ toDescribeQueries(): this; /** * Grants permission to return a paginated list of your saved CloudWatch Logs Insights query definitions * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeQueryDefinitions.html */ toDescribeQueryDefinitions(): this; /** * Grants permission to return all the resource policies in this account * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeResourcePolicies.html */ toDescribeResourcePolicies(): this; /** * Grants permission to return all the subscription filters associated with the specified log group * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeSubscriptionFilters.html */ toDescribeSubscriptionFilters(): this; /** * Grants permission to disassociate the associated AWS Key Management Service (AWS KMS) customer master key (CMK) from the specified log group * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DisassociateKmsKey.html */ toDisassociateKmsKey(): this; /** * Grants permission to disassociate a log source from an S3 Tables integration * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DisassociateSourceFromS3TableIntegration.html */ toDisassociateSourceFromS3TableIntegration(): this; /** * Grants permission to retrieve log events, optionally filtered by a filter pattern from the specified log group * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html */ toFilterLogEvents(): this; /** * Grants permission to retrieve a data protection policy attached to a log group * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetDataProtectionPolicy.html */ toGetDataProtectionPolicy(): this; /** * Grants permission to retrieve a single delivery * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetDelivery.html */ toGetDelivery(): this; /** * Grants permission to retrieve a single delivery destination * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetDeliveryDestination.html */ toGetDeliveryDestination(): this; /** * Grants permission to retrieve a delivery destination policy attached to a delivery destination * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetDeliveryDestinationPolicy.html */ toGetDeliveryDestinationPolicy(): this; /** * Grants permission to retrieve a single delivery source * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetDeliverySource.html */ toGetDeliverySource(): this; /** * Grants permission to retrieve a single integration * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetIntegration.html */ toGetIntegration(): this; /** * Grants permission to get a log anomaly detector * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogAnomalyDetector.html */ toGetLogAnomalyDetector(): this; /** * Grants permission to get the log delivery information for specified log delivery * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html */ toGetLogDelivery(): this; /** * Grants permission to retrieve log events from the specified log stream * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html */ toGetLogEvents(): this; /** * Grants permission to retrieve a list of log fields for a data source * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogFields.html */ toGetLogFields(): this; /** * Grants permission to return a list of the fields that are included in log events in the specified log group, along with the percentage of log events that contain each field * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogGroupFields.html */ toGetLogGroupFields(): this; /** * Grants permission to retrieve all the fields and values of a single log event * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogRecord.html */ toGetLogRecord(): this; /** * Grants permission to retrieve a lookup table * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLookupTable.html */ toGetLookupTable(): this; /** * Grants permission to return the results from the specified query * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetQueryResults.html */ toGetQueryResults(): this; /** * Grants permission to retrieve information about a specified scheduled query * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetScheduledQuery.html */ toGetScheduledQuery(): this; /** * Grants permission to return the execution history for a specified scheduled query * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetScheduledQueryHistory.html */ toGetScheduledQueryHistory(): this; /** * Grants permission to return transformer associated with the specified log group * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetTransformer.html */ toGetTransformer(): this; /** * Grants permission to deliver log events to S3 Tables * * Access Level: Write * * Possible conditions: * - .ifDataSourceName() * - .ifDataSourceType() * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html */ toIntegrateWithS3Table(): this; /** * Grants permission to share CloudWatch resources with a monitoring account * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account-Setup.html#CloudWatch-Unified-Cross-Account-Setup-permissions */ toLink(): this; /** * Grants permission to return an aggregate summary of all log groups in the region grouped by specified data-source characteristics * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListAggregateLogGroupSummaries.html */ toListAggregateLogGroupSummaries(): this; /** * Grants permission to list all anomalies detected in the AWS account making the request * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListAnomalies.html */ toListAnomalies(): this; /** * Grants permission to retrieve all the entities that are associated with log group * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html */ toListEntitiesForLogGroup(): this; /** * Grants permission to list all integrations associated with the AWS account making the request * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListIntegrations.html */ toListIntegrations(): this; /** * Grants permission to return all the anomaly detectors that are associated with the AWS account making the request * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListLogAnomalyDetectors.html */ toListLogAnomalyDetectors(): this; /** * Grants permission to list all the log deliveries for specified account and/or log source * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html */ toListLogDeliveries(): this; /** * Grants permission to return all the log groups that are associated with the AWS account making the request * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListLogGroups.html */ toListLogGroups(): this; /** * Grants permission to retrieve all the log groups that are associated with entity * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html */ toListLogGroupsForEntity(): this; /** * Grants permission to return all the log groups that are associated with the specified query * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListLogGroupsForQuery.html */ toListLogGroupsForQuery(): this; /** * Grants permission to return all scheduled queries that are associated with the AWS account making the request * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListScheduledQueries.html */ toListScheduledQueries(): this; /** * Grants permission to return all log sources associated with an S3 Tables integration * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListSourcesForS3TableIntegration.html */ toListSourcesForS3TableIntegration(): this; /** * Grants permission to list the tags for the specified resource * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to list the tags for the specified log group * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsLogGroup.html */ toListTagsLogGroup(): this; /** * Grants permission to process and transform log events through pipeline transformers before storage * * Access Level: Write * * Possible conditions: * - .ifDataSourceName() * - .ifDataSourceType() * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html */ toProcessWithPipeline(): this; /** * Grants permission to attach an account policy * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html */ toPutAccountPolicy(): this; /** * Grants permission to enable or disable bearer token based authentication for the specified log group * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutBearerTokenAuthentication.html */ toPutBearerTokenAuthentication(): this; /** * Grants permission to attach a data protection policy to detect and redact sensitive information from log events * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html */ toPutDataProtectionPolicy(): this; /** * Grants permission to create/update a delivery destination * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * - .ifDeliveryDestinationResourceArn() * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html */ toPutDeliveryDestination(): this; /** * Grants permission to attach a delivery destination policy to a delivery destination * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html */ toPutDeliveryDestinationPolicy(): this; /** * Grants permission to create/update a delivery source * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * - .ifLogGeneratingResourceArns() * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html */ toPutDeliverySource(): this; /** * Grants permission to create or update a Destination * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html */ toPutDestination(): this; /** * Grants permission to create or update an access policy associated with an existing Destination * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestinationPolicy.html */ toPutDestinationPolicy(): this; /** * Grants permission to attach an index policy at log group level to optimize search and query * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html */ toPutIndexPolicy(): this; /** * Grants permission to create integration between cloudwatch logs and opensearch * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIntegration.html */ toPutIntegration(): this; /** * Grants permission to upload a batch of log events to the specified log stream * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html */ toPutLogEvents(): this; /** * Grants permission to enable or disable deletion protection for the specified log group * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogGroupDeletionProtection.html */ toPutLogGroupDeletionProtection(): this; /** * Grants permission to create or update a metric filter and associates it with the specified log group * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutMetricFilter.html */ toPutMetricFilter(): this; /** * Grants permission to create telemetry pipeline * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html */ toPutPipelineRule(): this; /** * Grants permission to create or update a query definition * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutQueryDefinition.html */ toPutQueryDefinition(): this; /** * Grants permission to create or update a resource policy allowing other AWS services to put log events to this account * * Access Level: Permissions management * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutResourcePolicy.html */ toPutResourcePolicy(): this; /** * Grants permission to set the retention of the specified log group * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html */ toPutRetentionPolicy(): this; /** * Grants permission to create or update a subscription filter and associates it with the specified log group * * Access Level: Write * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutSubscriptionFilter.html */ toPutSubscriptionFilter(): this; /** * Grants permission to create or update a transformer and associates it with the specified log group * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html */ toPutTransformer(): this; /** * Grants permission to start a Live Tail session in CloudWatch Logs * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartLiveTail.html */ toStartLiveTail(): this; /** * Grants permission to schedule a query of a log group using CloudWatch Logs Insights * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html */ toStartQuery(): this; /** * Grants permission to stop a Live Tail session that is in progress * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs_LiveTail.html */ toStopLiveTail(): this; /** * Grants permission to stop a CloudWatch Logs Insights query that is in progress * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StopQuery.html */ toStopQuery(): this; /** * Grants permission to add or update the specified tags for the specified log group * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagLogGroup.html */ toTagLogGroup(): this; /** * Grants permission to add or update the specified tags for the specified resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to test the filter pattern of a metric filter against a sample of log event messages * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TestMetricFilter.html */ toTestMetricFilter(): this; /** * Grants permission to test the transformer against a sample of log event messages * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TestTransformer.html */ toTestTransformer(): this; /** * Grants permission to fetch unmasked log events that have been redacted with a data protection policy * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html */ toUnmask(): this; /** * Grants permission to remove the specified tags from the specified log group * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagLogGroup.html */ toUntagLogGroup(): this; /** * Grants permission to remove the specified tags from the specified resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update an anomaly reported by a log anomaly detector * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateAnomaly.html */ toUpdateAnomaly(): this; /** * Grants permission to update configuration related to a delivery * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateDeliveryConfiguration.html */ toUpdateDeliveryConfiguration(): this; /** * Grants permission to update a log anomaly detector * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateLogAnomalyDetector.html */ toUpdateLogAnomalyDetector(): this; /** * Grants permission to update the log delivery information for specified log delivery * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html */ toUpdateLogDelivery(): this; /** * Grants permission to update a lookup table * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateLookupTable.html */ toUpdateLookupTable(): this; /** * Grants permission to update a scheduled query * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateScheduledQuery.html */ toUpdateScheduledQuery(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type log-group to the statement * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LogGroup.html * * @param logGroupName - Identifier for the logGroupName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onLogGroup(logGroupName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type log-stream to the statement * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LogStream.html * * @param logGroupName - Identifier for the logGroupName. * @param logStreamName - Identifier for the logStreamName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onLogStream(logGroupName: string, logStreamName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type destination to the statement * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_Destination.html * * @param destinationName - Identifier for the destinationName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDestination(destinationName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type delivery-source to the statement * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeliverySource.html * * @param deliverySourceName - Identifier for the deliverySourceName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDeliverySource(deliverySourceName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type delivery to the statement * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_Delivery.html * * @param deliveryName - Identifier for the deliveryName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDelivery(deliveryName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type delivery-destination to the statement * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeliveryDestination.html * * @param deliveryDestinationName - Identifier for the deliveryDestinationName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDeliveryDestination(deliveryDestinationName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type anomaly-detector to the statement * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_AnomalyDetector.html * * @param detectorId - Identifier for the detectorId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAnomalyDetector(detectorId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type scheduled-query to the statement * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ScheduledQuery.html * * @param scheduledQueryId - Identifier for the scheduledQueryId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onScheduledQuery(scheduledQueryId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type lookup-table to the statement * * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LookupTable.html * * @param lookupTableName - Identifier for the lookupTableName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onLookupTable(lookupTableName: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the tags that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateDelivery() * - .toCreateLogAnomalyDetector() * - .toCreateLogGroup() * - .toCreateLookupTable() * - .toCreateScheduledQuery() * - .toPutDeliveryDestination() * - .toPutDeliverySource() * - .toPutDestination() * - .toTagLogGroup() * - .toTagResource() * - .toUpdateDeliveryConfiguration() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tags associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - log-group * - log-stream * - destination * - delivery-source * - delivery * - delivery-destination * - anomaly-detector * - scheduled-query * - lookup-table * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag keys that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateDelivery() * - .toCreateLogAnomalyDetector() * - .toCreateLogGroup() * - .toCreateLookupTable() * - .toCreateScheduledQuery() * - .toPutDeliveryDestination() * - .toPutDeliverySource() * - .toPutDestination() * - .toTagLogGroup() * - .toTagResource() * - .toUntagLogGroup() * - .toUntagResource() * - .toUpdateDeliveryConfiguration() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by the Log Destination ARN passed in the request * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-identity-based-access-control-cwl.html * * Applies to actions: * - .toPutDeliveryDestination() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifDeliveryDestinationResourceArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by the Log Generating Resource ARNs passed in the request * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-identity-based-access-control-cwl.html * * Applies to actions: * - .toPutDeliverySource() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifLogGeneratingResourceArns(value: string | string[], operator?: Operator | string): this; /** * Filters access by the data source name pass