UNPKG

cdk-iam-floyd

Version:

AWS IAM policy statement generator with fluent interface for AWS CDK

github.com/udondan/iam-floyd

udondan/iam-floyd

110 lines 13.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.Signin = void 0; const shared_1 = require("../../shared"); /** * Statement provider for service [signin](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssignin.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ class Signin extends shared_1.PolicyStatement { /** * Grants permission to authenticate through a browser and obtain an OAuth 2.0 authorization code for credential exchange * * Access Level: Read * * https://docs.aws.amazon.com/signin/latest/APIReference/API_AuthorizeOAuth2Access.html */ toAuthorizeOAuth2Access() { return this.to('AuthorizeOAuth2Access'); } /** * Grants permission to exchange an authorization code for OAuth 2.0 access token and refresh token that can be used to access AWS services from developer tools and applications * * Access Level: Read * * https://docs.aws.amazon.com/signin/latest/APIReference/API_CreateOAuth2Token.html */ toCreateOAuth2Token() { return this.to('CreateOAuth2Token'); } /** * Grants permission to create an Identity Center application that represents the AWS Management Console on an Identity Center organization instance * * Access Level: Write * * Dependent actions: * - sso:CreateApplication * - sso:GetSharedSsoConfiguration * - sso:ListApplications * - sso:PutApplicationAccessScope * - sso:PutApplicationAssignmentConfiguration * - sso:PutApplicationAuthenticationMethod * - sso:PutApplicationGrant * * https://docs.aws.amazon.com/signin/latest/APIReference/API_CreateTrustedIdentityPropagationApplicationForConsole.html */ toCreateTrustedIdentityPropagationApplicationForConsole() { return this.to('CreateTrustedIdentityPropagationApplicationForConsole'); } /** * Grants permission to list all Identity Center applications that represent the AWS Management Console * * Access Level: List * * Dependent actions: * - sso:GetSharedSsoConfiguration * - sso:ListApplications * * https://docs.aws.amazon.com/signin/latest/APIReference/API_ListTrustedIdentityPropagationApplicationsForConsole.html */ toListTrustedIdentityPropagationApplicationsForConsole() { return this.to('ListTrustedIdentityPropagationApplicationsForConsole'); } /** * Adds a resource of type oauth2-public-client-localhost to the statement * * https://docs.aws.amazon.com/signin/latest/APIReference * * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onOauth2PublicClientLocalhost(account, region, partition) { return this.on(`arn:${partition ?? this.defaultPartition}:signin:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:oauth2/public-client/localhost`); } /** * Adds a resource of type oauth2-public-client-remote to the statement * * https://docs.aws.amazon.com/signin/latest/APIReference * * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onOauth2PublicClientRemote(account, region, partition) { return this.on(`arn:${partition ?? this.defaultPartition}:signin:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:oauth2/public-client/remote`); } /** * Statement provider for service [signin](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssignin.html). * */ constructor(props) { super(props); this.servicePrefix = 'signin'; this.accessLevelList = { Read: [ 'AuthorizeOAuth2Access', 'CreateOAuth2Token' ], Write: [ 'CreateTrustedIdentityPropagationApplicationForConsole' ], List: [ 'ListTrustedIdentityPropagationApplicationsForConsole' ] }; } } exports.Signin = Signin; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2lnbmluLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsic2lnbmluLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLHlDQUErQztBQUcvQzs7OztHQUlHO0FBQ0gsTUFBYSxNQUFPLFNBQVEsd0JBQWU7SUFHekM7Ozs7OztPQU1HO0lBQ0ksdUJBQXVCO1FBQzVCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO0lBQzFDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7T0FlRztJQUNJLHVEQUF1RDtRQUM1RCxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsdURBQXVELENBQUMsQ0FBQztJQUMxRSxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLHNEQUFzRDtRQUMzRCxPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsc0RBQXNELENBQUMsQ0FBQztJQUN6RSxDQUFDO0lBZUQ7Ozs7Ozs7O09BUUc7SUFDSSw2QkFBNkIsQ0FBQyxPQUFnQixFQUFFLE1BQWUsRUFBRSxTQUFrQjtRQUN4RixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsT0FBUSxTQUFTLElBQUksSUFBSSxDQUFDLGdCQUFpQixXQUFZLE1BQU0sSUFBSSxJQUFJLENBQUMsYUFBYyxJQUFLLE9BQU8sSUFBSSxJQUFJLENBQUMsY0FBZSxpQ0FBaUMsQ0FBQyxDQUFDO0lBQzVLLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNJLDBCQUEwQixDQUFDLE9BQWdCLEVBQUUsTUFBZSxFQUFFLFNBQWtCO1FBQ3JGLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxPQUFRLFNBQVMsSUFBSSxJQUFJLENBQUMsZ0JBQWlCLFdBQVksTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFjLElBQUssT0FBTyxJQUFJLElBQUksQ0FBQyxjQUFlLDhCQUE4QixDQUFDLENBQUM7SUFDekssQ0FBQztJQUVEOzs7T0FHRztJQUNILFlBQVksS0FBZ0M7UUFDMUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBdkdSLGtCQUFhLEdBQUcsUUFBUSxDQUFDO1FBMkR0QixvQkFBZSxHQUFvQjtZQUMzQyxJQUFJLEVBQUU7Z0JBQ0osdUJBQXVCO2dCQUN2QixtQkFBbUI7YUFDcEI7WUFDRCxLQUFLLEVBQUU7Z0JBQ0wsdURBQXVEO2FBQ3hEO1lBQ0QsSUFBSSxFQUFFO2dCQUNKLHNEQUFzRDthQUN2RDtTQUNGLENBQUM7SUFrQ0YsQ0FBQztDQUNGO0FBMUdELHdCQTBHQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEFjY2Vzc0xldmVsTGlzdCB9IGZyb20gJy4uLy4uL3NoYXJlZC9hY2Nlc3MtbGV2ZWwnO1xuaW1wb3J0IHsgUG9saWN5U3RhdGVtZW50IH0gZnJvbSAnLi4vLi4vc2hhcmVkJztcbmltcG9ydCB7IGF3c19pYW0gYXMgaWFtIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5cbi8qKlxuICogU3RhdGVtZW50IHByb3ZpZGVyIGZvciBzZXJ2aWNlIFtzaWduaW5dKGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9zZXJ2aWNlLWF1dGhvcml6YXRpb24vbGF0ZXN0L3JlZmVyZW5jZS9saXN0X2F3c3NpZ25pbi5odG1sKS5cbiAqXG4gKiBAcGFyYW0gc2lkIFtTSURdKGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9JQU0vbGF0ZXN0L1VzZXJHdWlkZS9yZWZlcmVuY2VfcG9saWNpZXNfZWxlbWVudHNfc2lkLmh0bWwpIG9mIHRoZSBzdGF0ZW1lbnRcbiAqL1xuZXhwb3J0IGNsYXNzIFNpZ25pbiBleHRlbmRzIFBvbGljeVN0YXRlbWVudCB7XG4gIHB1YmxpYyBzZXJ2aWNlUHJlZml4ID0gJ3NpZ25pbic7XG5cbiAgLyoqXG4gICAqIEdyYW50cyBwZXJtaXNzaW9uIHRvIGF1dGhlbnRpY2F0ZSB0aHJvdWdoIGEgYnJvd3NlciBhbmQgb2J0YWluIGFuIE9BdXRoIDIuMCBhdXRob3JpemF0aW9uIGNvZGUgZm9yIGNyZWRlbnRpYWwgZXhjaGFuZ2VcbiAgICpcbiAgICogQWNjZXNzIExldmVsOiBSZWFkXG4gICAqXG4gICAqIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9zaWduaW4vbGF0ZXN0L0FQSVJlZmVyZW5jZS9BUElfQXV0aG9yaXplT0F1dGgyQWNjZXNzLmh0bWxcbiAgICovXG4gIHB1YmxpYyB0b0F1dGhvcml6ZU9BdXRoMkFjY2VzcygpIHtcbiAgICByZXR1cm4gdGhpcy50bygnQXV0aG9yaXplT0F1dGgyQWNjZXNzJyk7XG4gIH1cblxuICAvKipcbiAgICogR3JhbnRzIHBlcm1pc3Npb24gdG8gZXhjaGFuZ2UgYW4gYXV0aG9yaXphdGlvbiBjb2RlIGZvciBPQXV0aCAyLjAgYWNjZXNzIHRva2VuIGFuZCByZWZyZXNoIHRva2VuIHRoYXQgY2FuIGJlIHVzZWQgdG8gYWNjZXNzIEFXUyBzZXJ2aWNlcyBmcm9tIGRldmVsb3BlciB0b29scyBhbmQgYXBwbGljYXRpb25zXG4gICAqXG4gICAqIEFjY2VzcyBMZXZlbDogUmVhZFxuICAgKlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vc2lnbmluL2xhdGVzdC9BUElSZWZlcmVuY2UvQVBJX0NyZWF0ZU9BdXRoMlRva2VuLmh0bWxcbiAgICovXG4gIHB1YmxpYyB0b0NyZWF0ZU9BdXRoMlRva2VuKCkge1xuICAgIHJldHVybiB0aGlzLnRvKCdDcmVhdGVPQXV0aDJUb2tlbicpO1xuICB9XG5cbiAgLyoqXG4gICAqIEdyYW50cyBwZXJtaXNzaW9uIHRvIGNyZWF0ZSBhbiBJZGVudGl0eSBDZW50ZXIgYXBwbGljYXRpb24gdGhhdCByZXByZXNlbnRzIHRoZSBBV1MgTWFuYWdlbWVudCBDb25zb2xlIG9uIGFuIElkZW50aXR5IENlbnRlciBvcmdhbml6YXRpb24gaW5zdGFuY2VcbiAgICpcbiAgICogQWNjZXNzIExldmVsOiBXcml0ZVxuICAgKlxuICAgKiBEZXBlbmRlbnQgYWN0aW9uczpcbiAgICogLSBzc286Q3JlYXRlQXBwbGljYXRpb25cbiAgICogLSBzc286R2V0U2hhcmVkU3NvQ29uZmlndXJhdGlvblxuICAgKiAtIHNzbzpMaXN0QXBwbGljYXRpb25zXG4gICAqIC0gc3NvOlB1dEFwcGxpY2F0aW9uQWNjZXNzU2NvcGVcbiAgICogLSBzc286UHV0QXBwbGljYXRpb25Bc3NpZ25tZW50Q29uZmlndXJhdGlvblxuICAgKiAtIHNzbzpQdXRBcHBsaWNhdGlvbkF1dGhlbnRpY2F0aW9uTWV0aG9kXG4gICAqIC0gc3NvOlB1dEFwcGxpY2F0aW9uR3JhbnRcbiAgICpcbiAgICogaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL3NpZ25pbi9sYXRlc3QvQVBJUmVmZXJlbmNlL0FQSV9DcmVhdGVUcnVzdGVkSWRlbnRpdHlQcm9wYWdhdGlvbkFwcGxpY2F0aW9uRm9yQ29uc29sZS5odG1sXG4gICAqL1xuICBwdWJsaWMgdG9DcmVhdGVUcnVzdGVkSWRlbnRpdHlQcm9wYWdhdGlvbkFwcGxpY2F0aW9uRm9yQ29uc29sZSgpIHtcbiAgICByZXR1cm4gdGhpcy50bygnQ3JlYXRlVHJ1c3RlZElkZW50aXR5UHJvcGFnYXRpb25BcHBsaWNhdGlvbkZvckNvbnNvbGUnKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHcmFudHMgcGVybWlzc2lvbiB0byBsaXN0IGFsbCBJZGVudGl0eSBDZW50ZXIgYXBwbGljYXRpb25zIHRoYXQgcmVwcmVzZW50IHRoZSBBV1MgTWFuYWdlbWVudCBDb25zb2xlXG4gICAqXG4gICAqIEFjY2VzcyBMZXZlbDogTGlzdFxuICAgKlxuICAgKiBEZXBlbmRlbnQgYWN0aW9uczpcbiAgICogLSBzc286R2V0U2hhcmVkU3NvQ29uZmlndXJhdGlvblxuICAgKiAtIHNzbzpMaXN0QXBwbGljYXRpb25zXG4gICAqXG4gICAqIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9zaWduaW4vbGF0ZXN0L0FQSVJlZmVyZW5jZS9BUElfTGlzdFRydXN0ZWRJZGVudGl0eVByb3BhZ2F0aW9uQXBwbGljYXRpb25zRm9yQ29uc29sZS5odG1sXG4gICAqL1xuICBwdWJsaWMgdG9MaXN0VHJ1c3RlZElkZW50aXR5UHJvcGFnYXRpb25BcHBsaWNhdGlvbnNGb3JDb25zb2xlKCkge1xuICAgIHJldHVybiB0aGlzLnRvKCdMaXN0VHJ1c3RlZElkZW50aXR5UHJvcGFnYXRpb25BcHBsaWNhdGlvbnNGb3JDb25zb2xlJyk7XG4gIH1cblxuICBwcm90ZWN0ZWQgYWNjZXNzTGV2ZWxMaXN0OiBBY2Nlc3NMZXZlbExpc3QgPSB7XG4gICAgUmVhZDogW1xuICAgICAgJ0F1dGhvcml6ZU9BdXRoMkFjY2VzcycsXG4gICAgICAnQ3JlYXRlT0F1dGgyVG9rZW4nXG4gICAgXSxcbiAgICBXcml0ZTogW1xuICAgICAgJ0NyZWF0ZVRydXN0ZWRJZGVudGl0eVByb3BhZ2F0aW9uQXBwbGljYXRpb25Gb3JDb25zb2xlJ1xuICAgIF0sXG4gICAgTGlzdDogW1xuICAgICAgJ0xpc3RUcnVzdGVkSWRlbnRpdHlQcm9wYWdhdGlvbkFwcGxpY2F0aW9uc0ZvckNvbnNvbGUnXG4gICAgXVxuICB9O1xuXG4gIC8qKlxuICAgKiBBZGRzIGEgcmVzb3VyY2Ugb2YgdHlwZSBvYXV0aDItcHVibGljLWNsaWVudC1sb2NhbGhvc3QgdG8gdGhlIHN0YXRlbWVudFxuICAgKlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vc2lnbmluL2xhdGVzdC9BUElSZWZlcmVuY2VcbiAgICpcbiAgICogQHBhcmFtIGFjY291bnQgLSBBY2NvdW50IG9mIHRoZSByZXNvdXJjZTsgZGVmYXVsdHMgdG8gYCpgLCB1bmxlc3MgdXNpbmcgdGhlIENESywgd2hlcmUgdGhlIGRlZmF1bHQgaXMgdGhlIGN1cnJlbnQgU3RhY2sncyBhY2NvdW50LlxuICAgKiBAcGFyYW0gcmVnaW9uIC0gUmVnaW9uIG9mIHRoZSByZXNvdXJjZTsgZGVmYXVsdHMgdG8gYCpgLCB1bmxlc3MgdXNpbmcgdGhlIENESywgd2hlcmUgdGhlIGRlZmF1bHQgaXMgdGhlIGN1cnJlbnQgU3RhY2sncyByZWdpb24uXG4gICAqIEBwYXJhbSBwYXJ0aXRpb24gLSBQYXJ0aXRpb24gb2YgdGhlIEFXUyBhY2NvdW50IFthd3MsIGF3cy1jbiwgYXdzLXVzLWdvdl07IGRlZmF1bHRzIHRvIGBhd3NgLCB1bmxlc3MgdXNpbmcgdGhlIENESywgd2hlcmUgdGhlIGRlZmF1bHQgaXMgdGhlIGN1cnJlbnQgU3RhY2sncyBwYXJ0aXRpb24uXG4gICAqL1xuICBwdWJsaWMgb25PYXV0aDJQdWJsaWNDbGllbnRMb2NhbGhvc3QoYWNjb3VudD86IHN0cmluZywgcmVnaW9uPzogc3RyaW5nLCBwYXJ0aXRpb24/OiBzdHJpbmcpIHtcbiAgICByZXR1cm4gdGhpcy5vbihgYXJuOiR7IHBhcnRpdGlvbiA/PyB0aGlzLmRlZmF1bHRQYXJ0aXRpb24gfTpzaWduaW46JHsgcmVnaW9uID8/IHRoaXMuZGVmYXVsdFJlZ2lvbiB9OiR7IGFjY291bnQgPz8gdGhpcy5kZWZhdWx0QWNjb3VudCB9Om9hdXRoMi9wdWJsaWMtY2xpZW50L2xvY2FsaG9zdGApO1xuICB9XG5cbiAgLyoqXG4gICAqIEFkZHMgYSByZXNvdXJjZSBvZiB0eXBlIG9hdXRoMi1wdWJsaWMtY2xpZW50LXJlbW90ZSB0byB0aGUgc3RhdGVtZW50XG4gICAqXG4gICAqIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9zaWduaW4vbGF0ZXN0L0FQSVJlZmVyZW5jZVxuICAgKlxuICAgKiBAcGFyYW0gYWNjb3VudCAtIEFjY291bnQgb2YgdGhlIHJlc291cmNlOyBkZWZhdWx0cyB0byBgKmAsIHVubGVzcyB1c2luZyB0aGUgQ0RLLCB3aGVyZSB0aGUgZGVmYXVsdCBpcyB0aGUgY3VycmVudCBTdGFjaydzIGFjY291bnQuXG4gICAqIEBwYXJhbSByZWdpb24gLSBSZWdpb24gb2YgdGhlIHJlc291cmNlOyBkZWZhdWx0cyB0byBgKmAsIHVubGVzcyB1c2luZyB0aGUgQ0RLLCB3aGVyZSB0aGUgZGVmYXVsdCBpcyB0aGUgY3VycmVudCBTdGFjaydzIHJlZ2lvbi5cbiAgICogQHBhcmFtIHBhcnRpdGlvbiAtIFBhcnRpdGlvbiBvZiB0aGUgQVdTIGFjY291bnQgW2F3cywgYXdzLWNuLCBhd3MtdXMtZ292XTsgZGVmYXVsdHMgdG8gYGF3c2AsIHVubGVzcyB1c2luZyB0aGUgQ0RLLCB3aGVyZSB0aGUgZGVmYXVsdCBpcyB0aGUgY3VycmVudCBTdGFjaydzIHBhcnRpdGlvbi5cbiAgICovXG4gIHB1YmxpYyBvbk9hdXRoMlB1YmxpY0NsaWVudFJlbW90ZShhY2NvdW50Pzogc3RyaW5nLCByZWdpb24/OiBzdHJpbmcsIHBhcnRpdGlvbj86IHN0cmluZykge1xuICAgIHJldHVybiB0aGlzLm9uKGBhcm46JHsgcGFydGl0aW9uID8/IHRoaXMuZGVmYXVsdFBhcnRpdGlvbiB9OnNpZ25pbjokeyByZWdpb24gPz8gdGhpcy5kZWZhdWx0UmVnaW9uIH06JHsgYWNjb3VudCA/PyB0aGlzLmRlZmF1bHRBY2NvdW50IH06b2F1dGgyL3B1YmxpYy1jbGllbnQvcmVtb3RlYCk7XG4gIH1cblxuICAvKipcbiAgICogU3RhdGVtZW50IHByb3ZpZGVyIGZvciBzZXJ2aWNlIFtzaWduaW5dKGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9zZXJ2aWNlLWF1dGhvcml6YXRpb24vbGF0ZXN0L3JlZmVyZW5jZS9saXN0X2F3c3NpZ25pbi5odG1sKS5cbiAgICpcbiAgICovXG4gIGNvbnN0cnVjdG9yKHByb3BzPzogaWFtLlBvbGljeVN0YXRlbWVudFByb3BzKSB7XG4gICAgc3VwZXIocHJvcHMpO1xuICB9XG59XG4iXX0=