cdk-iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [aidevops](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsdevopsagentservice.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Aidevops extends PolicyStatement { servicePrefix: string; /** * Grants permission to authorize vended logs * * Access Level: Permissions management * * https://docs.aws.amazon.com/devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-vended-logs-and-metrics.html */ toAllowVendedLogDeliveryForResource(): this; /** * Grants permission to associate service * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_AssociateService.html */ toAssociateService(): this; /** * Grants permission to create agentspace * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsResourceTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_CreateAgentSpace.html */ toCreateAgentSpace(): this; /** * Grants permission to create an asset * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_CreateAsset.html */ toCreateAsset(): this; /** * Grants permission to create an asset file * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_CreateAssetFile.html */ toCreateAssetFile(): this; /** * Grants permission to create a new backlog task * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_CreateBacklogTask.html */ toCreateBacklogTask(): this; /** * Grants permission to create a chat * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_CreateChat.html */ toCreateChat(): this; /** * Grants permission to create a new knowledge item * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_CreateKnowledgeItem.html */ toCreateKnowledgeItem(): this; /** * Grants permission to generate secure one-time session for initiating off-console Application login * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/what-is.html */ toCreateOneTimeLoginSession(): this; /** * Grants permission to create a private connection * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsResourceTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_CreatePrivateConnection.html */ toCreatePrivateConnection(): this; /** * Grants permission to delete agentspace * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_DeleteAgentSpace.html */ toDeleteAgentSpace(): this; /** * Grants permission to delete an asset * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_DeleteAsset.html */ toDeleteAsset(): this; /** * Grants permission to delete an asset file * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_DeleteAssetFile.html */ toDeleteAssetFile(): this; /** * Grants permission to delete a knowledge item * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/what-is.html */ toDeleteKnowledgeItem(): this; /** * Grants permission to delete a private connection * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_DeletePrivateConnection.html */ toDeletePrivateConnection(): this; /** * Grants permission to deregister a service * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_DeregisterService.html */ toDeregisterService(): this; /** * Grants permission to describe a private connection * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_DescribePrivateConnection.html */ toDescribePrivateConnection(): this; /** * Grants permission to describe support services * * Access Level: Read * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/what-is.html */ toDescribeServices(): this; /** * Grants permission to describe customer support level * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/what-is.html */ toDescribeSupportLevel(): this; /** * Grants permission to disable the Operator App access to the given AgentSpace * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_DisableOperatorApp.html */ toDisableOperatorApp(): this; /** * Grants permission to disassociate service * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_DisassociateService.html */ toDisassociateService(): this; /** * Grants permission to discover topology information * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/what-is.html */ toDiscoverTopology(): this; /** * Grants permission to enable the Operator App to access the given AgentSpace * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_EnableOperatorApp.html */ toEnableOperatorApp(): this; /** * Grants permission to end a chat for a case * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/what-is.html */ toEndChatForCase(): this; /** * Grants permission to retrieve account usage information * * Access Level: Read * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_GetAccountUsage.html */ toGetAccountUsage(): this; /** * Grants permission to get agentspace * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_GetAgentSpace.html */ toGetAgentSpace(): this; /** * Grants permission to get an asset * * Access Level: Read * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_GetAsset.html */ toGetAsset(): this; /** * Grants permission to get asset content * * Access Level: Read * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_GetAssetContent.html */ toGetAssetContent(): this; /** * Grants permission to get an asset file * * Access Level: Read * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_GetAssetFile.html */ toGetAssetFile(): this; /** * Grants permission to get association * * Access Level: Read * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_GetAssociation.html */ toGetAssociation(): this; /** * Grants permission to get a backlog task * * Access Level: Read * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_GetBacklogTask.html */ toGetBacklogTask(): this; /** * Grants permission to get a knowledge item * * Access Level: Read * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/what-is.html */ toGetKnowledgeItem(): this; /** * Grants permission to get operator auth config for any enabled auth flow * * Access Level: Read * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_GetOperatorApp.html */ toGetOperatorApp(): this; /** * Grants permission to get a recommendation * * Access Level: Read * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_GetRecommendation.html */ toGetRecommendation(): this; /** * Grants permission to get services * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_GetService.html */ toGetService(): this; /** * Grants permission to initiate a chat for a case * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/what-is.html */ toInitiateChatForCase(): this; /** * Grants permission to list agentspace * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListAgentSpaces.html */ toListAgentSpaces(): this; /** * Grants permission to list asset files * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListAssetFiles.html */ toListAssetFiles(): this; /** * Grants permission to list asset types * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListAssetTypes.html */ toListAssetTypes(): this; /** * Grants permission to list asset versions * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListAssetVersions.html */ toListAssetVersions(): this; /** * Grants permission to list assets * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListAssets.html */ toListAssets(): this; /** * Grants permission to list associations * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListAssociations.html */ toListAssociations(): this; /** * Grants permission to list backlog tasks * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListBacklogTasks.html */ toListBacklogTasks(): this; /** * Grants permission to list chats * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListChats.html */ toListChats(): this; /** * Grants permission to list executions * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListExecutions.html */ toListExecutions(): this; /** * Grants permission to list goals * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListGoals.html */ toListGoals(): this; /** * Grants permission to list journal records * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListJournalRecords.html */ toListJournalRecords(): this; /** * Grants permission to list knowledge item versions * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/what-is.html */ toListKnowledgeItemVersions(): this; /** * Grants permission to list knowledge items * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/what-is.html */ toListKnowledgeItems(): this; /** * Grants permission to list pending messages * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListPendingMessages.html */ toListPendingMessages(): this; /** * Grants permission to list private connections * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListPrivateConnections.html */ toListPrivateConnections(): this; /** * Grants permission to list recommendations * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListRecommendations.html */ toListRecommendations(): this; /** * Grants permission to list services * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListServices.html */ toListServices(): this; /** * Grants permission to list tags for a resource * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to list webhooks for association * * Access Level: List * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ListWebhooks.html */ toListWebhooks(): this; /** * Grants permission to register specific service * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsResourceTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_RegisterService.html */ toRegisterService(): this; /** * Grants permission to look up a registered service accessible resources * * Access Level: Read * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/what-is.html */ toSearchServiceAccessibleResource(): this; /** * Grants permission to send chat messages * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_SendMessage.html */ toSendMessage(): this; /** * Grants permission to tag a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsResourceTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to untag a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsResourceTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update agentspace * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_UpdateAgentSpace.html */ toUpdateAgentSpace(): this; /** * Grants permission to update an asset * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_UpdateAsset.html */ toUpdateAsset(): this; /** * Grants permission to update an asset file * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_UpdateAssetFile.html */ toUpdateAssetFile(): this; /** * Grants permission to update association * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_UpdateAssociation.html */ toUpdateAssociation(): this; /** * Grants permission to update a task * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_UpdateBacklogTask.html */ toUpdateBacklogTask(): this; /** * Grants permission to update a goal * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_UpdateGoal.html */ toUpdateGoal(): this; /** * Grants permission to update a knowledge item * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/what-is.html */ toUpdateKnowledgeItem(): this; /** * Grants permission to update the external Identity Provider configuration for the Operator App * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_UpdateOperatorAppIdpConfig.html */ toUpdateOperatorAppIdpConfig(): this; /** * Grants permission to update a private connection certificate * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_UpdatePrivateConnectionCertificate.html */ toUpdatePrivateConnectionCertificate(): this; /** * Grants permission to update a recommendation * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_UpdateRecommendation.html */ toUpdateRecommendation(): this; /** * Grants permission to validate aws association * * Access Level: Write * * https://docs.aws.amazon.com/devopsagent/latest/APIReference/API_ValidateAwsAssociations.html */ toValidateAwsAssociations(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type agentspace to the statement * * https://docs.aws.amazon.com/devopsagent/latest/userguide/ * * @param agentSpaceId - Identifier for the agentSpaceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAgentspace(agentSpaceId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type associations to the statement * * https://docs.aws.amazon.com/devopsagent/latest/userguide/ * * @param agentSpaceId - Identifier for the agentSpaceId. * @param associationId - Identifier for the associationId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onAssociations(agentSpaceId: string, associationId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type private-connection to the statement * * https://docs.aws.amazon.com/devopsagent/latest/userguide/ * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onPrivateConnection(name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type service to the statement * * https://docs.aws.amazon.com/devopsagent/latest/userguide/ * * @param serviceId - Identifier for the serviceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onService(serviceId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the tags that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateAgentSpace() * - .toCreatePrivateConnection() * - .toListTagsForResource() * - .toRegisterService() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tags associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to actions: * - .toCreateAgentSpace() * - .toCreatePrivateConnection() * - .toDeleteAgentSpace() * - .toDeletePrivateConnection() * - .toDeregisterService() * - .toDescribePrivateConnection() * - .toGetAgentSpace() * - .toGetService() * - .toListTagsForResource() * - .toRegisterService() * - .toTagResource() * - .toUntagResource() * - .toUpdateAgentSpace() * - .toUpdatePrivateConnectionCertificate() * * Applies to resource types: * - agentspace * - private-connection * - service * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag keys that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateAgentSpace() * - .toCreatePrivateConnection() * - .toListTagsForResource() * - .toRegisterService() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [aidevops](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsdevopsagentservice.html). * */ constructor(props?: iam.PolicyStatementProps); }