iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; /** * Statement provider for service [cloudtrail](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscloudtrail.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Cloudtrail extends PolicyStatement { servicePrefix: string; /** * Statement provider for service [cloudtrail](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscloudtrail.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ constructor(sid?: string); /** * Grants permission to add one or more tags to a trail, event data store, channel or dashboard, up to a limit of 50 * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AddTags.html */ toAddTags(): this; /** * Grants permission to cancel a running query * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CancelQuery.html */ toCancelQuery(): this; /** * Grants permission to create a channel * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - cloudtrail:AddTags * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateChannel.html */ toCreateChannel(): this; /** * Grants permission to create a dashboard * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - cloudtrail:AddTags * - cloudtrail:StartDashboardRefresh * - cloudtrail:StartQuery * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateDashboard.html */ toCreateDashboard(): this; /** * Grants permission to create an event data store * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - cloudtrail:AddTags * - iam:CreateServiceLinkedRole * - iam:GetRole * - kms:Decrypt * - kms:GenerateDataKey * - organizations:ListAWSServiceAccessForOrganization * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateEventDataStore.html */ toCreateEventDataStore(): this; /** * Grants permission to create a service-linked channel that specifies the settings for delivery of log data to an AWS service * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events */ toCreateServiceLinkedChannel(): this; /** * Grants permission to create a trail that specifies the settings for delivery of log data to an Amazon S3 bucket * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - cloudtrail:AddTags * - iam:CreateServiceLinkedRole * - iam:GetRole * - organizations:ListAWSServiceAccessForOrganization * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateTrail.html */ toCreateTrail(): this; /** * Grants permission to delete a channel * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteChannel.html */ toDeleteChannel(): this; /** * Grants permission to delete a dashboard * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteDashboard.html */ toDeleteDashboard(): this; /** * Grants permission to delete an event data store * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteEventDataStore.html */ toDeleteEventDataStore(): this; /** * Grants permission to delete a resource policy from the provided resource * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteResourcePolicy.html */ toDeleteResourcePolicy(): this; /** * Grants permission to delete a service-linked channel * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events */ toDeleteServiceLinkedChannel(): this; /** * Grants permission to delete a trail * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteTrail.html */ toDeleteTrail(): this; /** * Grants permission to deregister an AWS Organizations member account as a delegated administrator * * Access Level: Write * * Dependent actions: * - organizations:DeregisterDelegatedAdministrator * - organizations:ListAWSServiceAccessForOrganization * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeregisterOrganizationDelegatedAdmin.html */ toDeregisterOrganizationDelegatedAdmin(): this; /** * Grants permission to list details for the query * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DescribeQuery.html */ toDescribeQuery(): this; /** * Grants permission to list settings for the trails associated with the current region for your account * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DescribeTrails.html */ toDescribeTrails(): this; /** * Grants permission to disable federation of event data store data by using the AWS Glue Data Catalog * * Access Level: Write * * Dependent actions: * - glue:DeleteDatabase * - glue:DeleteTable * - glue:PassConnection * - lakeformation:DeregisterResource * - lakeformation:RegisterResource * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DisableFederation.html */ toDisableFederation(): this; /** * Grants permission to enable federation of event data store data by using the AWS Glue Data Catalog * * Access Level: Write * * Dependent actions: * - glue:CreateDatabase * - glue:CreateTable * - iam:GetRole * - iam:PassRole * - lakeformation:DeregisterResource * - lakeformation:RegisterResource * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_EnableFederation.html */ toEnableFederation(): this; /** * Grants permission to generate a query for a specified event data store using the CloudTrail Lake query generator * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-query-generator.html */ toGenerateQuery(): this; /** * Grants permission to generate a results summary for specified queries using the CloudTrail natural language generator * * Access Level: Read * * Dependent actions: * - cloudtrail:GetQueryResults * - kms:Decrypt * - kms:GenerateDataKey * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-results-summary.html */ toGenerateQueryResultsSummary(): this; /** * Grants permission to return information about a specific channel * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetChannel.html */ toGetChannel(): this; /** * Grants permission to list settings for the dashboard * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetDashboard.html */ toGetDashboard(): this; /** * Grants permission to list settings for the event data store * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetEventDataStore.html */ toGetEventDataStore(): this; /** * Grants permission to get data from an event data store by using the AWS Glue Data Catalog * * Access Level: Read * * Dependent actions: * - kms:Decrypt * - kms:GenerateDataKey * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html#query-federation-permissions */ toGetEventDataStoreData(): this; /** * Grants permission to list settings for event selectors configured for a trail * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetEventSelectors.html */ toGetEventSelectors(): this; /** * Grants permission to return information about a specific import * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetImport.html */ toGetImport(): this; /** * Grants permission to list CloudTrail Insights selectors that are configured for a trail or event data store * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetInsightSelectors.html */ toGetInsightSelectors(): this; /** * Grants permission to fetch results of a complete query * * Access Level: Read * * Dependent actions: * - kms:Decrypt * - kms:GenerateDataKey * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetQueryResults.html */ toGetQueryResults(): this; /** * Grants permission to get the resource policy attached to the provided resource * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetResourcePolicy.html */ toGetResourcePolicy(): this; /** * Grants permission to list settings for the service-linked channel * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events */ toGetServiceLinkedChannel(): this; /** * Grants permission to list settings for the trail * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetTrail.html */ toGetTrail(): this; /** * Grants permission to retrieve a JSON-formatted list of information about the specified trail * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetTrailStatus.html */ toGetTrailStatus(): this; /** * Grants permission to list the channels in the current account, and their source names * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListChannels.html */ toListChannels(): this; /** * Grants permission to list dashboards associated with the current region for your account * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListDashboards.html */ toListDashboards(): this; /** * Grants permission to list event data stores associated with the current region for your account * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListEventDataStores.html */ toListEventDataStores(): this; /** * Grants permission to return a list of failures for the specified import * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListImportFailures.html */ toListImportFailures(): this; /** * Grants permission to return information on all imports, or a select set of imports by ImportStatus or Destination * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListImports.html */ toListImports(): this; /** * Grants permission to list the public keys whose private keys were used to sign trail digest files within a specified time range * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListPublicKeys.html */ toListPublicKeys(): this; /** * Grants permission to list queries associated with an event data store * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListQueries.html */ toListQueries(): this; /** * Grants permission to list service-linked channels associated with the current region for a specified account * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events */ toListServiceLinkedChannels(): this; /** * Grants permission to list the tags for trails, event data stores, channels or dashboards in the current region * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListTags.html */ toListTags(): this; /** * Grants permission to list trails associated with the current region for your account * * Access Level: List * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListTrails.html */ toListTrails(): this; /** * Grants permission to look up and retrieve metric data for API activity events captured by CloudTrail that create, update, or delete resources in your account * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_LookupEvents.html */ toLookupEvents(): this; /** * Grants permission to create and update event selectors for a trail * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_PutEventSelectors.html */ toPutEventSelectors(): this; /** * Grants permission to create and update CloudTrail Insights selectors for a trail or event data store * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_PutInsightSelectors.html */ toPutInsightSelectors(): this; /** * Grants permission to attach a resource policy to the provided resource * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_PutResourcePolicy.html */ toPutResourcePolicy(): this; /** * Grants permission to register an AWS Organizations member account as a delegated administrator * * Access Level: Write * * Dependent actions: * - iam:CreateServiceLinkedRole * - iam:GetRole * - organizations:ListAWSServiceAccessForOrganization * - organizations:RegisterDelegatedAdministrator * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_RegisterOrganizationDelegatedAdmin.html */ toRegisterOrganizationDelegatedAdmin(): this; /** * Grants permission to remove tags from a trail, event data store, channel or dashboard * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_RemoveTags.html */ toRemoveTags(): this; /** * Grants permission to restore an event data store * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_RestoreEventDataStore.html */ toRestoreEventDataStore(): this; /** * Grants permission to perform semantic search for CloudTrail Lake sample queries * * Access Level: Read * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-console-queries.html */ toSearchSampleQueries(): this; /** * Grants permission to start a refresh on the specified dashboard * * Access Level: Write * * Dependent actions: * - cloudtrail:StartQuery * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartDashboardRefresh.html */ toStartDashboardRefresh(): this; /** * Grants permission to start ingestion on an event data store * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartEventDataStoreIngestion.html */ toStartEventDataStoreIngestion(): this; /** * Grants permission to start an import of logged trail events from a source S3 bucket to a destination event data store * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartImport.html */ toStartImport(): this; /** * Grants permission to start the recording of AWS API calls and log file delivery for a trail * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartLogging.html */ toStartLogging(): this; /** * Grants permission to start a new query on a specified event data store * * Access Level: Write * * Dependent actions: * - kms:Decrypt * - kms:GenerateDataKey * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartQuery.html */ toStartQuery(): this; /** * Grants permission to stop ingestion on an event data store * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StopEventDataStoreIngestion.html */ toStopEventDataStoreIngestion(): this; /** * Grants permission to stop a specified import * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StopImport.html */ toStopImport(): this; /** * Grants permission to stop the recording of AWS API calls and log file delivery for a trail * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StopLogging.html */ toStopLogging(): this; /** * Grants permission to update a channel * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateChannel.html */ toUpdateChannel(): this; /** * Grants permission to update a dashboard * * Access Level: Write * * Dependent actions: * - cloudtrail:StartDashboardRefresh * - cloudtrail:StartQuery * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateDashboard.html */ toUpdateDashboard(): this; /** * Grants permission to update an event data store * * Access Level: Write * * Dependent actions: * - iam:CreateServiceLinkedRole * - iam:GetRole * - kms:Decrypt * - kms:GenerateDataKey * - organizations:ListAWSServiceAccessForOrganization * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateEventDataStore.html */ toUpdateEventDataStore(): this; /** * Grants permission to update the service-linked channel settings for delivery of log data to an AWS service * * Access Level: Write * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events */ toUpdateServiceLinkedChannel(): this; /** * Grants permission to update the settings that specify delivery of log files * * Access Level: Write * * Dependent actions: * - iam:CreateServiceLinkedRole * - iam:GetRole * - organizations:ListAWSServiceAccessForOrganization * * https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateTrail.html */ toUpdateTrail(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type trail to the statement * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html#how-cloudtrail-works-trails * * @param trailName - Identifier for the trailName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onTrail(trailName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type eventdatastore to the statement * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html#how-cloudtrail-works-lake * * @param eventDataStoreId - Identifier for the eventDataStoreId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onEventdatastore(eventDataStoreId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type channel to the statement * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html#how-cloudtrail-works-channels * * @param channelId - Identifier for the channelId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onChannel(channelId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type dashboard to the statement * * https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-dashboard.html * * @param dashboardName - Identifier for the dashboardName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDashboard(dashboardName: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the tag key-value pairs in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toAddTags() * - .toCreateChannel() * - .toCreateDashboard() * - .toCreateEventDataStore() * - .toCreateTrail() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tags attached to the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - trail * - eventdatastore * - channel * - dashboard * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag keys in a request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toAddTags() * - .toCreateChannel() * - .toCreateDashboard() * - .toCreateEventDataStore() * - .toCreateTrail() * - .toRemoveTags() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; }