cdk-iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [qldb](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonqldb.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Qldb extends PolicyStatement { servicePrefix: string; /** * Grants permission to cancel a journal kinesis stream * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_CancelJournalKinesisStream.html */ toCancelJournalKinesisStream(): this; /** * Grants permission to create a ledger * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_CreateLedger.html */ toCreateLedger(): this; /** * Grants permission to delete a ledger * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_DeleteLedger.html */ toDeleteLedger(): this; /** * Grants permission to describe information about a journal kinesis stream * * Access Level: Read * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_DescribeJournalKinesisStream.html */ toDescribeJournalKinesisStream(): this; /** * Grants permission to describe information about a journal export job * * Access Level: Read * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_DescribeJournalS3Export.html */ toDescribeJournalS3Export(): this; /** * Grants permission to describe a ledger * * Access Level: Read * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_DescribeLedger.html */ toDescribeLedger(): this; /** * Grants permission to send commands to a ledger via the console * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/console_QLDB.html */ toExecuteStatement(): this; /** * Grants permission to export journal contents to an Amazon S3 bucket * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_ExportJournalToS3.html */ toExportJournalToS3(): this; /** * Grants permission to retrieve a block from a ledger for a given BlockAddress * * Access Level: Read * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_GetBlock.html */ toGetBlock(): this; /** * Grants permission to retrieve a digest from a ledger for a given BlockAddress * * Access Level: Read * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_GetDigest.html */ toGetDigest(): this; /** * Grants permission to retrieve a revision for a given document ID and a given BlockAddress * * Access Level: Read * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_GetRevision.html */ toGetRevision(): this; /** * Grants permission to insert sample application data via the console * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/console_QLDB.html */ toInsertSampleData(): this; /** * Grants permission to list journal kinesis streams for a specified ledger * * Access Level: List * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_ListJournalKinesisStreamsForLedger.html */ toListJournalKinesisStreamsForLedger(): this; /** * Grants permission to list journal export jobs for all ledgers * * Access Level: List * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_ListJournalS3Exports.html */ toListJournalS3Exports(): this; /** * Grants permission to list journal export jobs for a specified ledger * * Access Level: List * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_ListJournalS3ExportsForLedger.html */ toListJournalS3ExportsForLedger(): this; /** * Grants permission to list existing ledgers * * Access Level: List * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_ListLedgers.html */ toListLedgers(): this; /** * Grants permission to list tags for a resource * * Access Level: Read * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to create an index on a table * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/ql-reference.create-index.html */ toPartiQLCreateIndex(): this; /** * Grants permission to create a table * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/qldb/latest/developerguide/ql-reference.create-table.html */ toPartiQLCreateTable(): this; /** * Grants permission to delete documents from a table * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/ql-reference.delete.html */ toPartiQLDelete(): this; /** * Grants permission to drop an index from a table * * Access Level: Write * * Possible conditions: * - .ifPurge() * * https://docs.aws.amazon.com/qldb/latest/developerguide/ql-reference.drop-index.html */ toPartiQLDropIndex(): this; /** * Grants permission to drop a table * * Access Level: Write * * Possible conditions: * - .ifPurge() * * https://docs.aws.amazon.com/qldb/latest/developerguide/ql-reference.drop-table.html */ toPartiQLDropTable(): this; /** * Grants permission to use the history function on a table * * Access Level: Read * * https://docs.aws.amazon.com/qldb/latest/developerguide/working.history.html */ toPartiQLHistoryFunction(): this; /** * Grants permission to insert documents into a table * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/ql-reference.insert.html */ toPartiQLInsert(): this; /** * Grants permission to redact historic revisions * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/ql-stored-procedures.redact_revision.html */ toPartiQLRedact(): this; /** * Grants permission to select documents from a table * * Access Level: Read * * https://docs.aws.amazon.com/qldb/latest/developerguide/ql-reference.select.html */ toPartiQLSelect(): this; /** * Grants permission to undrop a table * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/ql-reference.undrop-table.html */ toPartiQLUndropTable(): this; /** * Grants permission to update existing documents in a table * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/ql-reference.update.html */ toPartiQLUpdate(): this; /** * Grants permission to send commands to a ledger * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_QLDB-Session_SendCommand.html */ toSendCommand(): this; /** * Grants permission to view a ledger's catalog via the console * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/console_QLDB.html */ toShowCatalog(): this; /** * Grants permission to stream journal contents to a Kinesis Data Stream * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_StreamJournalToKinesis.html */ toStreamJournalToKinesis(): this; /** * Grants permission to add one or more tags to a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_TagResource.html */ toTagResource(): this; /** * Grants permission to remove one or more tags from a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update properties on a ledger * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_UpdateLedger.html */ toUpdateLedger(): this; /** * Grants permission to update the permissions mode on a ledger * * Access Level: Write * * https://docs.aws.amazon.com/qldb/latest/developerguide/API_UpdateLedgerPermissionsMode.html */ toUpdateLedgerPermissionsMode(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type ledger to the statement * * https://docs.aws.amazon.com/qldb/latest/developerguide/ledger-structure.html * * @param ledgerName - Identifier for the ledgerName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onLedger(ledgerName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type stream to the statement * * https://docs.aws.amazon.com/qldb/latest/developerguide/streams.html * * @param ledgerName - Identifier for the ledgerName. * @param streamId - Identifier for the streamId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onStream(ledgerName: string, streamId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type table to the statement * * https://docs.aws.amazon.com/qldb/latest/developerguide/working.manage-tables.html * * @param ledgerName - Identifier for the ledgerName. * @param tableId - Identifier for the tableId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onTable(ledgerName: string, tableId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type catalog to the statement * * https://docs.aws.amazon.com/qldb/latest/developerguide/working.catalog.html * * @param ledgerName - Identifier for the ledgerName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCatalog(ledgerName: string, account?: string, region?: string, partition?: string): this; /** * Filters access by a tag key and value pair that is allowed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateLedger() * - .toPartiQLCreateTable() * - .toStreamJournalToKinesis() * - .toTagResource() * - .toUntagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by a tag key and value pair of a resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - ledger * - stream * - table * - catalog * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by a list of tag keys that are allowed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateLedger() * - .toPartiQLCreateTable() * - .toStreamJournalToKinesis() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by the value of purge that is specified in a PartiQL DROP statement * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-purge * * Applies to actions: * - .toPartiQLDropIndex() * - .toPartiQLDropTable() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifPurge(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [qldb](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonqldb.html). * */ constructor(props?: iam.PolicyStatementProps); }