cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,453 lines • 130 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.CognitoIdp = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [cognito-idp](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncognitouserpools.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class CognitoIdp extends shared_1.PolicyStatement {
/**
* Grants permission to add user attributes to the user pool schema
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AddCustomAttributes.html
*/
toAddCustomAttributes() {
return this.to('AddCustomAttributes');
}
/**
* Grants permission to add a new secret to a confidential client
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AddUserPoolClientSecret.html
*/
toAddUserPoolClientSecret() {
return this.to('AddUserPoolClientSecret');
}
/**
* Grants permission to add any user to any group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminAddUserToGroup.html
*/
toAdminAddUserToGroup() {
return this.to('AdminAddUserToGroup');
}
/**
* Grants permission to confirm any user's registration without a confirmation code
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminConfirmSignUp.html
*/
toAdminConfirmSignUp() {
return this.to('AdminConfirmSignUp');
}
/**
* Grants permission to create new users and send welcome messages via email or SMS
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html
*/
toAdminCreateUser() {
return this.to('AdminCreateUser');
}
/**
* Grants permission to delete any user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDeleteUser.html
*/
toAdminDeleteUser() {
return this.to('AdminDeleteUser');
}
/**
* Grants permission to delete attributes from any user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDeleteUserAttributes.html
*/
toAdminDeleteUserAttributes() {
return this.to('AdminDeleteUserAttributes');
}
/**
* Grants permission to unlink any user pool user from a third-party identity provider (IdP) user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDisableProviderForUser.html
*/
toAdminDisableProviderForUser() {
return this.to('AdminDisableProviderForUser');
}
/**
* Grants permission to deactivate any user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDisableUser.html
*/
toAdminDisableUser() {
return this.to('AdminDisableUser');
}
/**
* Grants permission to activate any user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminEnableUser.html
*/
toAdminEnableUser() {
return this.to('AdminEnableUser');
}
/**
* Grants permission to deregister any user's devices
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminForgetDevice.html
*/
toAdminForgetDevice() {
return this.to('AdminForgetDevice');
}
/**
* Grants permission to get information about any user's devices
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminGetDevice.html
*/
toAdminGetDevice() {
return this.to('AdminGetDevice');
}
/**
* Grants permission to look up any user by user name
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminGetUser.html
*/
toAdminGetUser() {
return this.to('AdminGetUser');
}
/**
* Grants permission to authenticate any user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html
*/
toAdminInitiateAuth() {
return this.to('AdminInitiateAuth');
}
/**
* Grants permission to link any user pool user to a third-party IdP user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html
*/
toAdminLinkProviderForUser() {
return this.to('AdminLinkProviderForUser');
}
/**
* Grants permission to list any user's remembered devices
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListDevices.html
*/
toAdminListDevices() {
return this.to('AdminListDevices');
}
/**
* Grants permission to list the groups that any user belongs to
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListGroupsForUser.html
*/
toAdminListGroupsForUser() {
return this.to('AdminListGroupsForUser');
}
/**
* Grants permission to lists sign-in events for any user
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListUserAuthEvents.html
*/
toAdminListUserAuthEvents() {
return this.to('AdminListUserAuthEvents');
}
/**
* Grants permission to remove any user from any group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRemoveUserFromGroup.html
*/
toAdminRemoveUserFromGroup() {
return this.to('AdminRemoveUserFromGroup');
}
/**
* Grants permission to reset any user's password
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminResetUserPassword.html
*/
toAdminResetUserPassword() {
return this.to('AdminResetUserPassword');
}
/**
* Grants permission to respond to an authentication challenge during the authentication of any user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html
*/
toAdminRespondToAuthChallenge() {
return this.to('AdminRespondToAuthChallenge');
}
/**
* Grants permission to set any user's preferred MFA method
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html
*/
toAdminSetUserMFAPreference() {
return this.to('AdminSetUserMFAPreference');
}
/**
* Grants permission to set any user's password
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html
*/
toAdminSetUserPassword() {
return this.to('AdminSetUserPassword');
}
/**
* Grants permission to set user settings for any user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserSettings.html
*/
toAdminSetUserSettings() {
return this.to('AdminSetUserSettings');
}
/**
* Grants permission to update advanced security feedback for any user's authentication event
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateAuthEventFeedback.html
*/
toAdminUpdateAuthEventFeedback() {
return this.to('AdminUpdateAuthEventFeedback');
}
/**
* Grants permission to update the status of any user's remembered devices
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateDeviceStatus.html
*/
toAdminUpdateDeviceStatus() {
return this.to('AdminUpdateDeviceStatus');
}
/**
* Grants permission to updates any user's standard or custom attributes
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
*/
toAdminUpdateUserAttributes() {
return this.to('AdminUpdateUserAttributes');
}
/**
* Grants permission to sign out any user from all sessions
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUserGlobalSignOut.html
*/
toAdminUserGlobalSignOut() {
return this.to('AdminUserGlobalSignOut');
}
/**
* Grants permission to return a unique generated shared secret key code for the user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html
*/
toAssociateSoftwareToken() {
return this.to('AssociateSoftwareToken');
}
/**
* Grants permission to associate the user pool with an AWS WAF web ACL
*
* Access Level: Write
*/
toAssociateWebACL() {
return this.to('AssociateWebACL');
}
/**
* Grants permission to change the password for a specified user in a user pool
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ChangePassword.html
*/
toChangePassword() {
return this.to('ChangePassword');
}
/**
* Grants permission to confirm tracking of the device. This API call is the call that begins device tracking
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html
*/
toConfirmDevice() {
return this.to('ConfirmDevice');
}
/**
* Grants permission to allow a user to enter a confirmation code to reset a forgotten password
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html
*/
toConfirmForgotPassword() {
return this.to('ConfirmForgotPassword');
}
/**
* Grants permission to confirm registration of a user and handles the existing alias from a previous user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmSignUp.html
*/
toConfirmSignUp() {
return this.to('ConfirmSignUp');
}
/**
* Grants permission to create new user pool groups
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html
*/
toCreateGroup() {
return this.to('CreateGroup');
}
/**
* Grants permission to add identity providers to user pools
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateIdentityProvider.html
*/
toCreateIdentityProvider() {
return this.to('CreateIdentityProvider');
}
/**
* Grants permission to create a branding settings for managed login and associate it with an app client
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateManagedLoginBranding.html
*/
toCreateManagedLoginBranding() {
return this.to('CreateManagedLoginBranding');
}
/**
* Grants permission to create and configure scopes for OAuth 2.0 resource servers
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateResourceServer.html
*/
toCreateResourceServer() {
return this.to('CreateResourceServer');
}
/**
* Grants permission to create terms and associate it with an app client
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateTerms.html
*/
toCreateTerms() {
return this.to('CreateTerms');
}
/**
* Grants permission to create user CSV import jobs
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserImportJob.html
*/
toCreateUserImportJob() {
return this.to('CreateUserImportJob');
}
/**
* Grants permission to create and set password policy for user pools
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html
*/
toCreateUserPool() {
return this.to('CreateUserPool');
}
/**
* Grants permission to create user pool app clients
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html
*/
toCreateUserPoolClient() {
return this.to('CreateUserPoolClient');
}
/**
* Grants permission to add user pool domains
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolDomain.html
*/
toCreateUserPoolDomain() {
return this.to('CreateUserPoolDomain');
}
/**
* Grants permission to delete any empty user pool group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteGroup.html
*/
toDeleteGroup() {
return this.to('DeleteGroup');
}
/**
* Grants permission to delete any identity provider from user pools
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteIdentityProvider.html
*/
toDeleteIdentityProvider() {
return this.to('DeleteIdentityProvider');
}
/**
* Grants permission to delete the managed login branding style for any app client
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteManagedLoginBranding.html
*/
toDeleteManagedLoginBranding() {
return this.to('DeleteManagedLoginBranding');
}
/**
* Grants permission to delete any OAuth 2.0 resource server from user pools
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteResourceServer.html
*/
toDeleteResourceServer() {
return this.to('DeleteResourceServer');
}
/**
* Grants permission to delete terms for an app client
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteTerms.html
*/
toDeleteTerms() {
return this.to('DeleteTerms');
}
/**
* Grants permission to allow a user to delete one's self
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUser.html
*/
toDeleteUser() {
return this.to('DeleteUser');
}
/**
* Grants permission to delete the attributes for a user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserAttributes.html
*/
toDeleteUserAttributes() {
return this.to('DeleteUserAttributes');
}
/**
* Grants permission to delete user pools
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserPool.html
*/
toDeleteUserPool() {
return this.to('DeleteUserPool');
}
/**
* Grants permission to delete any user pool app client
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserPoolClient.html
*/
toDeleteUserPoolClient() {
return this.to('DeleteUserPoolClient');
}
/**
* Grants permission to delete a secret from a list of secrets associated with a client
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserPoolClientSecret.html
*/
toDeleteUserPoolClientSecret() {
return this.to('DeleteUserPoolClientSecret');
}
/**
* Grants permission to delete any user pool domain
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserPoolDomain.html
*/
toDeleteUserPoolDomain() {
return this.to('DeleteUserPoolDomain');
}
/**
* Grants permission to describe any user pool identity provider
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeIdentityProvider.html
*/
toDescribeIdentityProvider() {
return this.to('DescribeIdentityProvider');
}
/**
* Grants permission to get the detailed information about the branding style of managed login
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBranding.html
*/
toDescribeManagedLoginBranding() {
return this.to('DescribeManagedLoginBranding');
}
/**
* Grants permission to get the detailed information about the branding style of managed login associated with an appclient
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBrandingByClient.html
*/
toDescribeManagedLoginBrandingByClient() {
return this.to('DescribeManagedLoginBrandingByClient');
}
/**
* Grants permission to describe any OAuth 2.0 resource server
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeResourceServer.html
*/
toDescribeResourceServer() {
return this.to('DescribeResourceServer');
}
/**
* Grants permission to describe the risk configuration settings of user pools and app clients
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html
*/
toDescribeRiskConfiguration() {
return this.to('DescribeRiskConfiguration');
}
/**
* Grants permission to get the detailed information about terms for an app client
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeTerms.html
*/
toDescribeTerms() {
return this.to('DescribeTerms');
}
/**
* Grants permission to describe any user import job
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserImportJob.html
*/
toDescribeUserImportJob() {
return this.to('DescribeUserImportJob');
}
/**
* Grants permission to describe user pools
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html
*/
toDescribeUserPool() {
return this.to('DescribeUserPool');
}
/**
* Grants permission to describe any user pool app client
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html
*/
toDescribeUserPoolClient() {
return this.to('DescribeUserPoolClient');
}
/**
* Grants permission to describe any user pool domain
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolDomain.html
*/
toDescribeUserPoolDomain() {
return this.to('DescribeUserPoolDomain');
}
/**
* Grants permission to disassociate the user pool with an AWS WAF web ACL
*
* Access Level: Write
*/
toDisassociateWebACL() {
return this.to('DisassociateWebACL');
}
/**
* Grants permission to forget the specified device
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgetDevice.html
*/
toForgetDevice() {
return this.to('ForgetDevice');
}
/**
* Grants permission to send a message to the end user with a confirmation code that is required to change the user's password
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html
*/
toForgotPassword() {
return this.to('ForgotPassword');
}
/**
* Grants permission to generate headers for a user import .csv file
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetCSVHeader.html
*/
toGetCSVHeader() {
return this.to('GetCSVHeader');
}
/**
* Grants permission to get the device
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetDevice.html
*/
toGetDevice() {
return this.to('GetDevice');
}
/**
* Grants permission to describe a user pool group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetGroup.html
*/
toGetGroup() {
return this.to('GetGroup');
}
/**
* Grants permission to correlate a user pool IdP identifier to the IdP Name
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetIdentityProviderByIdentifier.html
*/
toGetIdentityProviderByIdentifier() {
return this.to('GetIdentityProviderByIdentifier');
}
/**
* Grants permission to get the detailed activity logging configuration for a user pool
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetLogDeliveryConfiguration.html
*/
toGetLogDeliveryConfiguration() {
return this.to('GetLogDeliveryConfiguration');
}
/**
* Grants permission to look up signing certificates for user pools
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetSigningCertificate.html
*/
toGetSigningCertificate() {
return this.to('GetSigningCertificate');
}
/**
* Grants permission to update user tokens with refresh tokens
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetTokensFromRefreshToken.html
*/
toGetTokensFromRefreshToken() {
return this.to('GetTokensFromRefreshToken');
}
/**
* Grants permission to get UI customization information for the hosted UI of any app client
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUICustomization.html
*/
toGetUICustomization() {
return this.to('GetUICustomization');
}
/**
* Grants permission to get the user attributes and metadata for a user
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html
*/
toGetUser() {
return this.to('GetUser');
}
/**
* Grants permission to get the user attribute verification code for the specified attribute name
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserAttributeVerificationCode.html
*/
toGetUserAttributeVerificationCode() {
return this.to('GetUserAttributeVerificationCode');
}
/**
* Grants permission to look up the MFA configuration of user pools
*
* Access Level: Read
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserPoolMfaConfig.html
*/
toGetUserPoolMfaConfig() {
return this.to('GetUserPoolMfaConfig');
}
/**
* Grants permission to get the AWS WAF web ACL that is associated with an Amazon Cognito user pool
*
* Access Level: Read
*/
toGetWebACLForResource() {
return this.to('GetWebACLForResource');
}
/**
* Grants permission to sign out users from all devices
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GlobalSignOut.html
*/
toGlobalSignOut() {
return this.to('GlobalSignOut');
}
/**
* Grants permission to initiate the authentication flow
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
*/
toInitiateAuth() {
return this.to('InitiateAuth');
}
/**
* Grants permission to list the devices
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListDevices.html
*/
toListDevices() {
return this.to('ListDevices');
}
/**
* Grants permission to list all groups in user pools
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListGroups.html
*/
toListGroups() {
return this.to('ListGroups');
}
/**
* Grants permission to list all identity providers in user pools
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListIdentityProviders.html
*/
toListIdentityProviders() {
return this.to('ListIdentityProviders');
}
/**
* Grants permission to list all resource servers in user pools
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListResourceServers.html
*/
toListResourceServers() {
return this.to('ListResourceServers');
}
/**
* Grants permission to list the user pools that are associated with an AWS WAF web ACL
*
* Access Level: List
*/
toListResourcesForWebACL() {
return this.to('ListResourcesForWebACL');
}
/**
* Grants permission to list the tags that are assigned to an Amazon Cognito user pool
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to list all terms for a user pool
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListTerms.html
*/
toListTerms() {
return this.to('ListTerms');
}
/**
* Grants permission to list all user import jobs
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserImportJobs.html
*/
toListUserImportJobs() {
return this.to('ListUserImportJobs');
}
/**
* Grants permission to list all secrets associated with a client
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserPoolClientSecrets.html
*/
toListUserPoolClientSecrets() {
return this.to('ListUserPoolClientSecrets');
}
/**
* Grants permission to list all app clients in user pools
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserPoolClients.html
*/
toListUserPoolClients() {
return this.to('ListUserPoolClients');
}
/**
* Grants permission to list all user pools
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserPools.html
*/
toListUserPools() {
return this.to('ListUserPools');
}
/**
* Grants permission to list all user pool users
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsers.html
*/
toListUsers() {
return this.to('ListUsers');
}
/**
* Grants permission to list the users in any group
*
* Access Level: List
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsersInGroup.html
*/
toListUsersInGroup() {
return this.to('ListUsersInGroup');
}
/**
* Grants permission to resend the confirmation (for confirmation of registration) to a specific user in the user pool
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ResendConfirmationCode.html
*/
toResendConfirmationCode() {
return this.to('ResendConfirmationCode');
}
/**
* Grants permission to respond to the authentication challenge
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html
*/
toRespondToAuthChallenge() {
return this.to('RespondToAuthChallenge');
}
/**
* Grants permission to revoke all of the access tokens generated by the specified refresh token
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
*/
toRevokeToken() {
return this.to('RevokeToken');
}
/**
* Grants permission to set up or modify the detailed activity logging configuration of a user pool
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetLogDeliveryConfiguration.html
*/
toSetLogDeliveryConfiguration() {
return this.to('SetLogDeliveryConfiguration');
}
/**
* Grants permission to set risk configuration for user pools and app clients
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html
*/
toSetRiskConfiguration() {
return this.to('SetRiskConfiguration');
}
/**
* Grants permission to customize the hosted UI for any app client
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUICustomization.html
*/
toSetUICustomization() {
return this.to('SetUICustomization');
}
/**
* Grants permission to set MFA preference for the user in the userpool
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html
*/
toSetUserMFAPreference() {
return this.to('SetUserMFAPreference');
}
/**
* Grants permission to set user pool MFA configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html
*/
toSetUserPoolMfaConfig() {
return this.to('SetUserPoolMfaConfig');
}
/**
* Grants permission to set the user settings like multi-factor authentication (MFA)
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserSettings.html
*/
toSetUserSettings() {
return this.to('SetUserSettings');
}
/**
* Grants permission to register the user in the specified user pool and creates a user name, password, and user attributes
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html
*/
toSignUp() {
return this.to('SignUp');
}
/**
* Grants permission to start any user import job
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_StartUserImportJob.html
*/
toStartUserImportJob() {
return this.to('StartUserImportJob');
}
/**
* Grants permission to stop any user import job
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_StopUserImportJob.html
*/
toStopUserImportJob() {
return this.to('StopUserImportJob');
}
/**
* Grants permission to tag a user pool
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to untag a user pool
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update the feedback for the user authentication event
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateAuthEventFeedback.html
*/
toUpdateAuthEventFeedback() {
return this.to('UpdateAuthEventFeedback');
}
/**
* Grants permission to update the device status
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html
*/
toUpdateDeviceStatus() {
return this.to('UpdateDeviceStatus');
}
/**
* Grants permission to update the configuration of any group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateGroup.html
*/
toUpdateGroup() {
return this.to('UpdateGroup');
}
/**
* Grants permission to update the configuration of any user pool IdP
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateIdentityProvider.html
*/
toUpdateIdentityProvider() {
return this.to('UpdateIdentityProvider');
}
/**
* Grants permission to update the branding settings of a managed login
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateManagedLoginBranding.html
*/
toUpdateManagedLoginBranding() {
return this.to('UpdateManagedLoginBranding');
}
/**
* Grants permission to update the configuration of any OAuth 2.0 resource server
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateResourceServer.html
*/
toUpdateResourceServer() {
return this.to('UpdateResourceServer');
}
/**
* Grants permission to update terms for an app client
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateTerms.html
*/
toUpdateTerms() {
return this.to('UpdateTerms');
}
/**
* Grants permission to allow a user to update a specific attribute (one at a time)
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html
*/
toUpdateUserAttributes() {
return this.to('UpdateUserAttributes');
}
/**
* Grants permission to updates the configuration of user pools
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html
*/
toUpdateUserPool() {
return this.to('UpdateUserPool');
}
/**
* Grants permission to update any user pool client
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolClient.html
*/
toUpdateUserPoolClient() {
return this.to('UpdateUserPoolClient');
}
/**
* Grants permission to replace the certificate for any custom domain
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolDomain.html
*/
toUpdateUserPoolDomain() {
return this.to('UpdateUserPoolDomain');
}
/**
* Grants permission to register a user's entered TOTP code and mark the user's software token MFA status as verified if successful
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html
*/
toVerifySoftwareToken() {
return this.to('VerifySoftwareToken');
}
/**
* Grants permission to verify a user attribute using a one time verification code
*
* Access Level: Write
*
* https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html
*/
toVerifyUserAttribute() {
return this.to('VerifyUserAttribute');
}
/**
* Adds a resource of type userpool to the statement
*
* https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html
*
* @param userPoolId - Identifier for the userPoolId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onUserpool(userPoolId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:cognito-idp:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:userpool/${userPoolId}`);
}
/**
* Adds a resource of type webacl to the statement
*
* https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html
*
* @param scope - Identifier for the scope.
* @param name - Identifier for the name.
* @param id - Identifier for the id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onWebacl(scope, name, id, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:wafv2:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:${scope}/webacl/${name}/${id}`);
}
/**
* Filters access by the presence of tag key-value pairs in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateUserPool()
* - .toTagResource()
* - .toUpdateUserPool()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by tag key-value pairs attached to the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to actions:
* - .toCreateUserPool()
*
* Applies to resource types:
* - userpool
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by a key that is present in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateUserPool()
* - .toTagResource()
* - .toUntagResource()
* - .toUpdateUserPool()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Statement provider for service [cognito-idp](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncognitouserpools.html).
*
*/
constructor(props) {
super(props);
this.servicePrefix = 'cognito-idp';
this.accessLevelList = {
Write: [
'AddCustomAttributes',
'AddUserPoolClientSecret',
'AdminAddUserToGroup',
'AdminConfirmSignUp',
'AdminCreateUser',
'AdminDeleteUser',
'AdminDeleteUserAttributes',
'AdminDisableProviderForUser',
'AdminDisableUser',
'AdminEnableUser',
'AdminForgetDevice',
'AdminInitiateAuth',
'AdminLinkProviderForUser',
'AdminRemoveUserFromGroup',
'AdminResetUserPassword',
'AdminRespondToAuthChallenge',
'AdminSetUserMFAPreference',
'AdminSetUserPassword',
'AdminSetUserSettings',
'AdminUpdateAuthEventFeedback',
'AdminUpdateDeviceStatus',
'AdminUpdateUserAttributes',
'AdminUserGlobalSignOut',
'AssociateSoftwareToken',
'AssociateWebACL',
'ChangePassword',
'ConfirmDevice',
'ConfirmForgotPassword',
'ConfirmSignUp',
'CreateGroup',
'CreateIdentityProvider',
'CreateManagedLoginBranding',
'CreateResourceServer',
'CreateTerms',
'CreateUserImportJob',
'CreateUserPool',
'CreateUserPoolClient',
'CreateUserPoolDomain',
'DeleteGroup',
'DeleteIdentityProvider',
'DeleteManagedLoginBranding',
'DeleteResourceServer',
'DeleteTerms',
'DeleteUser',
'DeleteUserAttributes',
'DeleteUserPool',
'DeleteUserPoolClient',
'DeleteUserPoolClientSecret',
'DeleteUserPoolDomain',
'DisassociateWebACL',
'ForgetDevice',
'ForgotPassword',
'GetTokensFromRefreshToken',
'GlobalSignOut',
'InitiateAuth',
'ResendConfirmationCode',
'RespondToAuthChallenge',
'RevokeToken',
'SetLogDeliveryConfiguration',
'SetRiskConfiguration',
'SetUICustomization',
'SetUserMFAPreference',
'SetUserPoolMfaConfig',
'SetUserSettings',
'SignUp',
'StartUserImportJob',
'StopUserImportJob',
'UpdateAuthEventFeedback',
'UpdateDeviceStatus',
'UpdateGroup',
'UpdateIdentityProvider',
'UpdateManagedLoginBranding',
'UpdateResourceServer',
'UpdateTerms',
'UpdateUserAttributes',
'UpdateUserPool',
'UpdateUserPoolClient',
'UpdateUserPoolDomain',
'VerifySoftwareToken',
'VerifyUserAttribute'
],
Read: [
'AdminGetDevice',
'AdminGetUser',
'AdminListUserAuthEvents',
'DescribeIdentityProvider',
'DescribeManagedLoginBranding',
'DescribeManagedLoginBrandingByClient',
'DescribeResourceServer',
'DescribeRiskConfiguration',
'DescribeTerms',
'DescribeUserImportJob',
'DescribeUserPool',
'DescribeUserPoolClient',
'DescribeUserPoolDomain',
'GetCSVHeader',
'GetDevice',
'GetGroup',
'GetIdentityProviderByIdentifier',
'GetLogDeliveryConfiguration',
'GetSigningCertificate',
'GetUICustomization',
'GetUser',
'GetUserAttributeVerificationCode',
'GetUserPoolMfaConfig',
'GetWebACLForResource'
],
List: [
'AdminListDevices',
'AdminListGroupsForUser',
'ListDevices',
'ListGroups',
'ListIdentityProviders',
'ListResourceServers',
'ListResourcesForWebACL',
'ListTagsForResource',
'ListTerms',
'ListUserImportJobs',
'ListUserPoolClientSecrets',
'ListUserPoolClients',
'ListUserPools',
'ListUsers',
'ListUsersInGroup'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
}
exports.CognitoIdp = CognitoIdp;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29nbml0b3VzZXJwb29scy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbImNvZ25pdG91c2VycG9vbHMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQ0EseUNBQXlEO0FBR3pEOzs7O0dBSUc7QUFDSCxNQUFhLFVBQVcsU0FBUSx3QkFBZTtJQUc3Qzs7Ozs7O09BTUc7SUFDSSxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLHlCQUF5QjtRQUM5QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0kscUJBQXFCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxvQkFBb0I7UUFDekIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG9CQUFvQixDQUFDLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSwyQkFBMkI7UUFDaEMsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLDJCQUEyQix