cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,628 lines • 191 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Sso = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [sso](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiamidentitycenter.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Sso extends shared_1.PolicyStatement {
/**
* Grants permission to add a region to an IAM Identity Center instance
*
* Access Level: Write
*
* Dependent actions:
* - identitystore:AddRegion
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AddRegion.html
*/
toAddRegion() {
return this.to('AddRegion');
}
/**
* Grants permission to connect a directory to be used by AWS IAM Identity Center
*
* Access Level: Write
*
* Dependent actions:
* - ds:AuthorizeApplication
* - identitystore:CreateIdentityStore
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toAssociateDirectory() {
return this.to('AssociateDirectory');
}
/**
* Grants permission to create an association between a directory user or group and a profile
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toAssociateProfile() {
return this.to('AssociateProfile');
}
/**
* Grants permission to attach a customer managed policy reference to a permission set
*
* Access Level: Permissions management
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachCustomerManagedPolicyReferenceToPermissionSet.html
*/
toAttachCustomerManagedPolicyReferenceToPermissionSet() {
return this.to('AttachCustomerManagedPolicyReferenceToPermissionSet');
}
/**
* Grants permission to attach an AWS managed policy to a permission set
*
* Access Level: Permissions management
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachManagedPolicyToPermissionSet.html
*/
toAttachManagedPolicyToPermissionSet() {
return this.to('AttachManagedPolicyToPermissionSet');
}
/**
* Grants permission to assign access to a Principal for a specified AWS account using a specified permission set
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateAccountAssignment.html
*/
toCreateAccountAssignment() {
return this.to('CreateAccountAssignment');
}
/**
* Grants permission to create an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplication.html
*/
toCreateApplication() {
return this.to('CreateApplication');
}
/**
* Grants permission to create an application assignment
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplicationAssignment.html
*/
toCreateApplicationAssignment() {
return this.to('CreateApplicationAssignment');
}
/**
* Grants permission to add an application instance to AWS IAM Identity Center
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toCreateApplicationInstance() {
return this.to('CreateApplicationInstance');
}
/**
* Grants permission to add a new certificate for an application instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toCreateApplicationInstanceCertificate() {
return this.to('CreateApplicationInstanceCertificate');
}
/**
* Grants permission to create an identity center instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
* - identitystore:CreateIdentityStore
* - organizations:DescribeOrganization
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateInstance.html
*/
toCreateInstance() {
return this.to('CreateInstance');
}
/**
* Grants permission to enable the instance for ABAC and specify the attributes
*
* Access Level: Write
*
* Dependent actions:
* - iam:AttachRolePolicy
* - iam:CreateRole
* - iam:DeleteRole
* - iam:DeleteRolePolicy
* - iam:DetachRolePolicy
* - iam:GetRole
* - iam:ListAttachedRolePolicies
* - iam:ListRolePolicies
* - iam:PutRolePolicy
* - iam:UpdateAssumeRolePolicy
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateInstanceAccessControlAttributeConfiguration.html
*/
toCreateInstanceAccessControlAttributeConfiguration() {
return this.to('CreateInstanceAccessControlAttributeConfiguration');
}
/**
* Grants permission to add a managed application instance to AWS IAM Identity Center
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toCreateManagedApplicationInstance() {
return this.to('CreateManagedApplicationInstance');
}
/**
* Grants permission to create a permission set
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreatePermissionSet.html
*/
toCreatePermissionSet() {
return this.to('CreatePermissionSet');
}
/**
* Grants permission to create a profile for an application instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toCreateProfile() {
return this.to('CreateProfile');
}
/**
* Grants permission to create a federation trust in a target account
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toCreateTrust() {
return this.to('CreateTrust');
}
/**
* Grants permission to create a trusted token issuer for an instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateTrustedTokenIssuer.html
*/
toCreateTrustedTokenIssuer() {
return this.to('CreateTrustedTokenIssuer');
}
/**
* Grants permission to delete a Principal's access from a specified AWS account using a specified permission set
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteAccountAssignment.html
*/
toDeleteAccountAssignment() {
return this.to('DeleteAccountAssignment');
}
/**
* Grants permission to delete an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplication.html
*/
toDeleteApplication() {
return this.to('DeleteApplication');
}
/**
* Grants permission to delete an access scope to an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAccessScope.html
*/
toDeleteApplicationAccessScope() {
return this.to('DeleteApplicationAccessScope');
}
/**
* Grants permission to delete an application assignment
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAssignment.html
*/
toDeleteApplicationAssignment() {
return this.to('DeleteApplicationAssignment');
}
/**
* Grants permission to delete an authentication method to an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAuthenticationMethod.html
*/
toDeleteApplicationAuthenticationMethod() {
return this.to('DeleteApplicationAuthenticationMethod');
}
/**
* Grants permission to delete a grant from an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationGrant.html
*/
toDeleteApplicationGrant() {
return this.to('DeleteApplicationGrant');
}
/**
* Grants permission to delete the application instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDeleteApplicationInstance() {
return this.to('DeleteApplicationInstance');
}
/**
* Grants permission to delete an inactive or expired certificate from the application instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDeleteApplicationInstanceCertificate() {
return this.to('DeleteApplicationInstanceCertificate');
}
/**
* Grants permission to delete the inline policy from a specified permission set
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInlinePolicyFromPermissionSet.html
*/
toDeleteInlinePolicyFromPermissionSet() {
return this.to('DeleteInlinePolicyFromPermissionSet');
}
/**
* Grants permission to delete an identity center instance
*
* Access Level: Write
*
* Dependent actions:
* - identitystore:DeleteIdentityStore
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInstance.html
*/
toDeleteInstance() {
return this.to('DeleteInstance');
}
/**
* Grants permission to disable ABAC and remove the attributes list for the instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInstanceAccessControlAttributeConfiguration.html
*/
toDeleteInstanceAccessControlAttributeConfiguration() {
return this.to('DeleteInstanceAccessControlAttributeConfiguration');
}
/**
* Grants permission to delete the managed application instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDeleteManagedApplicationInstance() {
return this.to('DeleteManagedApplicationInstance');
}
/**
* Grants permission to delete a permission set
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeletePermissionSet.html
*/
toDeletePermissionSet() {
return this.to('DeletePermissionSet');
}
/**
* Grants permission to remove permissions boundary from a permission set
*
* Access Level: Permissions management
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeletePermissionsBoundaryFromPermissionSet.html
*/
toDeletePermissionsBoundaryFromPermissionSet() {
return this.to('DeletePermissionsBoundaryFromPermissionSet');
}
/**
* Grants permission to delete the profile for an application instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDeleteProfile() {
return this.to('DeleteProfile');
}
/**
* Grants permission to delete a trusted token issuer for an instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteTrustedTokenIssuer.html
*/
toDeleteTrustedTokenIssuer() {
return this.to('DeleteTrustedTokenIssuer');
}
/**
* Grants permission to describe the status of the assignment creation request
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeAccountAssignmentCreationStatus.html
*/
toDescribeAccountAssignmentCreationStatus() {
return this.to('DescribeAccountAssignmentCreationStatus');
}
/**
* Grants permission to describe the status of an assignment deletion request
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeAccountAssignmentDeletionStatus.html
*/
toDescribeAccountAssignmentDeletionStatus() {
return this.to('DescribeAccountAssignmentDeletionStatus');
}
/**
* Grants permission to obtain information about an application
*
* Access Level: Read
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplication.html
*/
toDescribeApplication() {
return this.to('DescribeApplication');
}
/**
* Grants permission to retrieve an application assignment
*
* Access Level: Read
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplicationAssignment.html
*/
toDescribeApplicationAssignment() {
return this.to('DescribeApplicationAssignment');
}
/**
* Grants permission to describe an application provider
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplicationProvider.html
*/
toDescribeApplicationProvider() {
return this.to('DescribeApplicationProvider');
}
/**
* Grants permission to obtain information about an identity center instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeInstance.html
*/
toDescribeInstance() {
return this.to('DescribeInstance');
}
/**
* Grants permission to get the list of attributes used by the instance for ABAC
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeInstanceAccessControlAttributeConfiguration.html
*/
toDescribeInstanceAccessControlAttributeConfiguration() {
return this.to('DescribeInstanceAccessControlAttributeConfiguration');
}
/**
* Grants permission to describe a permission set
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribePermissionSet.html
*/
toDescribePermissionSet() {
return this.to('DescribePermissionSet');
}
/**
* Grants permission to describe the status for the given Permission Set Provisioning request
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribePermissionSetProvisioningStatus.html
*/
toDescribePermissionSetProvisioningStatus() {
return this.to('DescribePermissionSetProvisioningStatus');
}
/**
* Grants permission to retrieve configuration details for a specific IAM Identity Center instance region
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeRegion.html
*/
toDescribeRegion() {
return this.to('DescribeRegion');
}
/**
* Grants permission to obtain the regions where your organization has enabled AWS IAM Identity Center
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDescribeRegisteredRegions() {
return this.to('DescribeRegisteredRegions');
}
/**
* Grants permission to describe a trusted token issuer for an instance
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeTrustedTokenIssuer.html
*/
toDescribeTrustedTokenIssuer() {
return this.to('DescribeTrustedTokenIssuer');
}
/**
* Grants permission to detach a customer managed policy reference from a permission set
*
* Access Level: Permissions management
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DetachCustomerManagedPolicyReferenceFromPermissionSet.html
*/
toDetachCustomerManagedPolicyReferenceFromPermissionSet() {
return this.to('DetachCustomerManagedPolicyReferenceFromPermissionSet');
}
/**
* Grants permission to detach the attached AWS managed policy from the specified permission set
*
* Access Level: Permissions management
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DetachManagedPolicyFromPermissionSet.html
*/
toDetachManagedPolicyFromPermissionSet() {
return this.to('DetachManagedPolicyFromPermissionSet');
}
/**
* Grants permission to disassociate a directory to be used by AWS IAM Identity Center
*
* Access Level: Write
*
* Dependent actions:
* - ds:UnauthorizeApplication
* - identitystore:DeleteIdentityStore
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDisassociateDirectory() {
return this.to('DisassociateDirectory');
}
/**
* Grants permission to disassociate a directory user or group from a profile
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toDisassociateProfile() {
return this.to('DisassociateProfile');
}
/**
* Grants permission to get an access scope to an application
*
* Access Level: Read
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAccessScope.html
*/
toGetApplicationAccessScope() {
return this.to('GetApplicationAccessScope');
}
/**
* Grants permission to read assignment configurations for an application
*
* Access Level: Read
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAssignmentConfiguration.html
*/
toGetApplicationAssignmentConfiguration() {
return this.to('GetApplicationAssignmentConfiguration');
}
/**
* Grants permission to get an authentication method to an application
*
* Access Level: Read
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAuthenticationMethod.html
*/
toGetApplicationAuthenticationMethod() {
return this.to('GetApplicationAuthenticationMethod');
}
/**
* Grants permission to obtain details about a grant belonging to an application
*
* Access Level: Read
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationGrant.html
*/
toGetApplicationGrant() {
return this.to('GetApplicationGrant');
}
/**
* Grants permission to retrieve details for an application instance
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetApplicationInstance() {
return this.to('GetApplicationInstance');
}
/**
* Grants permission to get session configuration for an application
*
* Access Level: Read
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationSessionConfiguration.html
*/
toGetApplicationSessionConfiguration() {
return this.to('GetApplicationSessionConfiguration');
}
/**
* Grants permission to retrieve application template details
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetApplicationTemplate() {
return this.to('GetApplicationTemplate');
}
/**
* Grants permission to obtain the inline policy assigned to the permission set
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetInlinePolicyForPermissionSet.html
*/
toGetInlinePolicyForPermissionSet() {
return this.to('GetInlinePolicyForPermissionSet');
}
/**
* Grants permission to retrieve details for an application instance
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetManagedApplicationInstance() {
return this.to('GetManagedApplicationInstance');
}
/**
* Grants permission to retrieve Mfa Device Management settings for the directory
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetMfaDeviceManagementForDirectory() {
return this.to('GetMfaDeviceManagementForDirectory');
}
/**
* Grants permission to retrieve details of a permission set
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetPermissionSet() {
return this.to('GetPermissionSet');
}
/**
* Grants permission to get permissions boundary for a permission set
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetPermissionsBoundaryForPermissionSet.html
*/
toGetPermissionsBoundaryForPermissionSet() {
return this.to('GetPermissionsBoundaryForPermissionSet');
}
/**
* Grants permission to retrieve a profile for an application instance
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetProfile() {
return this.to('GetProfile');
}
/**
* Grants permission to check if AWS IAM Identity Center is enabled
*
* Access Level: Read
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetSSOStatus() {
return this.to('GetSSOStatus');
}
/**
* Grants permission to retrieve shared configuration for the current SSO instance
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetSharedSsoConfiguration() {
return this.to('GetSharedSsoConfiguration');
}
/**
* Grants permission to retrieve configuration for the current SSO instance
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetSsoConfiguration() {
return this.to('GetSsoConfiguration');
}
/**
* Grants permission to retrieve the federation trust in a target account
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toGetTrust() {
return this.to('GetTrust');
}
/**
* Grants permission to update the application instance by uploading an application SAML metadata file provided by the service provider
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toImportApplicationInstanceServiceProviderMetadata() {
return this.to('ImportApplicationInstanceServiceProviderMetadata');
}
/**
* Grants permission to list the status of the AWS account assignment creation requests for a specified SSO instance
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentCreationStatus.html
*/
toListAccountAssignmentCreationStatus() {
return this.to('ListAccountAssignmentCreationStatus');
}
/**
* Grants permission to list the status of the AWS account assignment deletion requests for a specified SSO instance
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentDeletionStatus.html
*/
toListAccountAssignmentDeletionStatus() {
return this.to('ListAccountAssignmentDeletionStatus');
}
/**
* Grants permission to list the assignee of the specified AWS account with the specified permission set
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignments.html
*/
toListAccountAssignments() {
return this.to('ListAccountAssignments');
}
/**
* Grants permission to list accounts assigned to user or group
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentsForPrincipal.html
*/
toListAccountAssignmentsForPrincipal() {
return this.to('ListAccountAssignmentsForPrincipal');
}
/**
* Grants permission to list all the AWS accounts where the specified permission set is provisioned
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountsForProvisionedPermissionSet.html
*/
toListAccountsForProvisionedPermissionSet() {
return this.to('ListAccountsForProvisionedPermissionSet');
}
/**
* Grants permission to list access scopes to an application
*
* Access Level: List
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAccessScopes.html
*/
toListApplicationAccessScopes() {
return this.to('ListApplicationAccessScopes');
}
/**
* Grants permission to list application assignments
*
* Access Level: List
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAssignments.html
*/
toListApplicationAssignments() {
return this.to('ListApplicationAssignments');
}
/**
* Grants permission to list applications assigned to user or group
*
* Access Level: List
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAssignmentsForPrincipal.html
*/
toListApplicationAssignmentsForPrincipal() {
return this.to('ListApplicationAssignmentsForPrincipal');
}
/**
* Grants permission to list authentication methods to an application
*
* Access Level: List
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAuthenticationMethods.html
*/
toListApplicationAuthenticationMethods() {
return this.to('ListApplicationAuthenticationMethods');
}
/**
* Grants permission to list grants from an application
*
* Access Level: List
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationGrants.html
*/
toListApplicationGrants() {
return this.to('ListApplicationGrants');
}
/**
* Grants permission to retrieve all of the certificates for a given application instance
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toListApplicationInstanceCertificates() {
return this.to('ListApplicationInstanceCertificates');
}
/**
* Grants permission to retrieve all application instances
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
* - sso:GetApplicationInstance
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toListApplicationInstances() {
return this.to('ListApplicationInstances');
}
/**
* Grants permission to list application providers
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationProviders.html
*/
toListApplicationProviders() {
return this.to('ListApplicationProviders');
}
/**
* Grants permission to retrieve all supported application templates
*
* Access Level: List
*
* Dependent actions:
* - sso:GetApplicationTemplate
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toListApplicationTemplates() {
return this.to('ListApplicationTemplates');
}
/**
* Grants permission to retrieve all applications associated with the instance of IAM Identity Center
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplications.html
*/
toListApplications() {
return this.to('ListApplications');
}
/**
* Grants permission to list the customer managed policy references that are attached to a permission set
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListCustomerManagedPolicyReferencesInPermissionSet.html
*/
toListCustomerManagedPolicyReferencesInPermissionSet() {
return this.to('ListCustomerManagedPolicyReferencesInPermissionSet');
}
/**
* Grants permission to retrieve details about the directory connected to AWS IAM Identity Center
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toListDirectoryAssociations() {
return this.to('ListDirectoryAssociations');
}
/**
* Grants permission to list the SSO Instances that the caller has access to
*
* Access Level: List
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html
*/
toListInstances() {
return this.to('ListInstances');
}
/**
* Grants permission to list the AWS managed policies that are attached to a specified permission set
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListManagedPoliciesInPermissionSet.html
*/
toListManagedPoliciesInPermissionSet() {
return this.to('ListManagedPoliciesInPermissionSet');
}
/**
* Grants permission to list the status of the Permission Set Provisioning requests for a specified SSO instance
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSetProvisioningStatus.html
*/
toListPermissionSetProvisioningStatus() {
return this.to('ListPermissionSetProvisioningStatus');
}
/**
* Grants permission to retrieve all permission sets
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSets.html
*/
toListPermissionSets() {
return this.to('ListPermissionSets');
}
/**
* Grants permission to list all the permission sets that are provisioned to a specified AWS account
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSetsProvisionedToAccount.html
*/
toListPermissionSetsProvisionedToAccount() {
return this.to('ListPermissionSetsProvisionedToAccount');
}
/**
* Grants permission to retrieve the directory user or group associated with the profile
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toListProfileAssociations() {
return this.to('ListProfileAssociations');
}
/**
* Grants permission to retrieve all profiles for an application instance
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
* - sso:GetProfile
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toListProfiles() {
return this.to('ListProfiles');
}
/**
* Grants permission to list all regions configured for an IAM Identity Center instance
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListRegions.html
*/
toListRegions() {
return this.to('ListRegions');
}
/**
* Grants permission to list the tags that are attached to a specified resource
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to list trusted token issuers for an instance
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListTrustedTokenIssuers.html
*/
toListTrustedTokenIssuers() {
return this.to('ListTrustedTokenIssuers');
}
/**
* Grants permission to provision a specified permission set to the specified target
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ProvisionPermissionSet.html
*/
toProvisionPermissionSet() {
return this.to('ProvisionPermissionSet');
}
/**
* Grants permission to create/update an access scope to an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAccessScope.html
*/
toPutApplicationAccessScope() {
return this.to('PutApplicationAccessScope');
}
/**
* Grants permission to add assignment configurations to an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAssignmentConfiguration.html
*/
toPutApplicationAssignmentConfiguration() {
return this.to('PutApplicationAssignmentConfiguration');
}
/**
* Grants permission to create/update an authentication method to an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAuthenticationMethod.html
*/
toPutApplicationAuthenticationMethod() {
return this.to('PutApplicationAuthenticationMethod');
}
/**
* Grants permission to create/update a grant to an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationGrant.html
*/
toPutApplicationGrant() {
return this.to('PutApplicationGrant');
}
/**
* Grants permission to put session configuration for an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationSessionConfiguration.html
*/
toPutApplicationSessionConfiguration() {
return this.to('PutApplicationSessionConfiguration');
}
/**
* Grants permission to attach an IAM inline policy to a permission set
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutInlinePolicyToPermissionSet.html
*/
toPutInlinePolicyToPermissionSet() {
return this.to('PutInlinePolicyToPermissionSet');
}
/**
* Grants permission to put Mfa Device Management settings for the directory
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toPutMfaDeviceManagementForDirectory() {
return this.to('PutMfaDeviceManagementForDirectory');
}
/**
* Grants permission to add permissions boundary to a permission set
*
* Access Level: Permissions management
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutPermissionsBoundaryToPermissionSet.html
*/
toPutPermissionsBoundaryToPermissionSet() {
return this.to('PutPermissionsBoundaryToPermissionSet');
}
/**
* Grants permission to add a policy to a permission set
*
* Access Level: Permissions management
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toPutPermissionsPolicy() {
return this.to('PutPermissionsPolicy');
}
/**
* Grants permission to remove a region from an IAM Identity Center instance
*
* Access Level: Write
*
* Dependent actions:
* - identitystore:RemoveRegion
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_RemoveRegion.html
*/
toRemoveRegion() {
return this.to('RemoveRegion');
}
/**
* Grants permission to search for groups within the associated directory
*
* Access Level: Read
*
* Dependent actions:
* - ds:DescribeDirectories
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toSearchGroups() {
return this.to('SearchGroups');
}
/**
* Grants permission to search for users within the associated directory
*
* Access Level: Read
*
* Dependent actions:
* - ds:DescribeDirectories
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toSearchUsers() {
return this.to('SearchUsers');
}
/**
* Grants permission to initialize AWS IAM Identity Center
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
* - kms:DescribeKey
* - kms:Encrypt
* - kms:GenerateDataKeyWithoutPlaintext
* - organizations:DescribeOrganization
* - organizations:EnableAWSServiceAccess
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toStartSSO() {
return this.to('StartSSO');
}
/**
* Grants permission to associate a set of tags with a specified resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to disassociate a set of tags from a specified resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update an application
*
* Access Level: Write
*
* Possible conditions:
* - .ifApplicationAccount()
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateApplication.html
*/
toUpdateApplication() {
return this.to('UpdateApplication');
}
/**
* Grants permission to set a certificate as the active one for this application instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateApplicationInstanceActiveCertificate() {
return this.to('UpdateApplicationInstanceActiveCertificate');
}
/**
* Grants permission to update display data of an application instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateApplicationInstanceDisplayData() {
return this.to('UpdateApplicationInstanceDisplayData');
}
/**
* Grants permission to update federation response configuration for the application instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateApplicationInstanceResponseConfiguration() {
return this.to('UpdateApplicationInstanceResponseConfiguration');
}
/**
* Grants permission to update federation response schema configuration for the application instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateApplicationInstanceResponseSchemaConfiguration() {
return this.to('UpdateApplicationInstanceResponseSchemaConfiguration');
}
/**
* Grants permission to update security details for the application instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample
*/
toUpdateApplicationInstanceSecurityConfiguration() {
return this.to('UpdateApplicationInstanceSecurityConfiguration');
}
/**
* Grants permission to update service provider related configuration for the application instance
*
* Access Level: Write
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/singlesignon/latest/us