UNPKG

cdk-iam-floyd

Version:

AWS IAM policy statement generator with fluent interface for AWS CDK

github.com/udondan/iam-floyd

udondan/iam-floyd

83 lines (82 loc) 4.03 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [signin](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssignin.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Signin extends PolicyStatement { servicePrefix: string; /** * Grants permission to authenticate through a browser and obtain an OAuth 2.0 authorization code for credential exchange * * Access Level: Read * * https://docs.aws.amazon.com/signin/latest/APIReference/API_AuthorizeOAuth2Access.html */ toAuthorizeOAuth2Access(): this; /** * Grants permission to exchange an authorization code for OAuth 2.0 access token and refresh token that can be used to access AWS services from developer tools and applications * * Access Level: Read * * https://docs.aws.amazon.com/signin/latest/APIReference/API_CreateOAuth2Token.html */ toCreateOAuth2Token(): this; /** * Grants permission to create an Identity Center application that represents the AWS Management Console on an Identity Center organization instance * * Access Level: Write * * Dependent actions: * - sso:CreateApplication * - sso:GetSharedSsoConfiguration * - sso:ListApplications * - sso:PutApplicationAccessScope * - sso:PutApplicationAssignmentConfiguration * - sso:PutApplicationAuthenticationMethod * - sso:PutApplicationGrant * * https://docs.aws.amazon.com/signin/latest/APIReference/API_CreateTrustedIdentityPropagationApplicationForConsole.html */ toCreateTrustedIdentityPropagationApplicationForConsole(): this; /** * Grants permission to list all Identity Center applications that represent the AWS Management Console * * Access Level: List * * Dependent actions: * - sso:GetSharedSsoConfiguration * - sso:ListApplications * * https://docs.aws.amazon.com/signin/latest/APIReference/API_ListTrustedIdentityPropagationApplicationsForConsole.html */ toListTrustedIdentityPropagationApplicationsForConsole(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type oauth2-public-client-localhost to the statement * * https://docs.aws.amazon.com/signin/latest/APIReference * * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onOauth2PublicClientLocalhost(account?: string, region?: string, partition?: string): this; /** * Adds a resource of type oauth2-public-client-remote to the statement * * https://docs.aws.amazon.com/signin/latest/APIReference * * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onOauth2PublicClientRemote(account?: string, region?: string, partition?: string): this; /** * Statement provider for service [signin](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssignin.html). * */ constructor(props?: iam.PolicyStatementProps); }