iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,423 lines • 199 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Elasticache = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [elasticache](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticache.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Elasticache extends shared_1.PolicyStatement {
/**
* Statement provider for service [elasticache](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticache.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'elasticache';
this.accessLevelList = {
Tagging: [
'AddTagsToResource',
'RemoveTagsFromResource'
],
Write: [
'AuthorizeCacheSecurityGroupIngress',
'BatchApplyUpdateAction',
'BatchStopUpdateAction',
'CompleteMigration',
'Connect',
'CopyServerlessCacheSnapshot',
'CopySnapshot',
'CreateCacheCluster',
'CreateCacheParameterGroup',
'CreateCacheSecurityGroup',
'CreateCacheSubnetGroup',
'CreateGlobalReplicationGroup',
'CreateReplicationGroup',
'CreateServerlessCache',
'CreateServerlessCacheSnapshot',
'CreateSnapshot',
'CreateUser',
'CreateUserGroup',
'DecreaseNodeGroupsInGlobalReplicationGroup',
'DecreaseReplicaCount',
'DeleteCacheCluster',
'DeleteCacheParameterGroup',
'DeleteCacheSecurityGroup',
'DeleteCacheSubnetGroup',
'DeleteGlobalReplicationGroup',
'DeleteReplicationGroup',
'DeleteServerlessCache',
'DeleteServerlessCacheSnapshot',
'DeleteSnapshot',
'DeleteUser',
'DeleteUserGroup',
'DisassociateGlobalReplicationGroup',
'ExportServerlessCacheSnapshot',
'FailoverGlobalReplicationGroup',
'IncreaseNodeGroupsInGlobalReplicationGroup',
'IncreaseReplicaCount',
'InterruptClusterAzPower',
'ModifyCacheCluster',
'ModifyCacheParameterGroup',
'ModifyCacheSubnetGroup',
'ModifyGlobalReplicationGroup',
'ModifyReplicationGroup',
'ModifyReplicationGroupShardConfiguration',
'ModifyServerlessCache',
'ModifyUser',
'ModifyUserGroup',
'PurchaseReservedCacheNodesOffering',
'RebalanceSlotsInGlobalReplicationGroup',
'RebootCacheCluster',
'ResetCacheParameterGroup',
'RevokeCacheSecurityGroupIngress',
'StartMigration',
'TestFailover',
'TestMigration'
],
List: [
'DescribeCacheClusters',
'DescribeCacheEngineVersions',
'DescribeCacheParameterGroups',
'DescribeCacheParameters',
'DescribeCacheSecurityGroups',
'DescribeCacheSubnetGroups',
'DescribeEngineDefaultParameters',
'DescribeEvents',
'DescribeGlobalReplicationGroups',
'DescribeReplicationGroups',
'DescribeReservedCacheNodes',
'DescribeReservedCacheNodesOfferings',
'DescribeServerlessCacheSnapshots',
'DescribeServerlessCaches',
'DescribeServiceUpdates',
'DescribeSnapshots',
'DescribeUpdateActions',
'DescribeUserGroups',
'DescribeUsers',
'ListAllowedNodeTypeModifications'
],
Read: [
'ListTagsForResource'
]
};
}
/**
* Grants permission to add tags to an ElastiCache resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_AddTagsToResource.html
*/
toAddTagsToResource() {
return this.to('AddTagsToResource');
}
/**
* Grants permission to authorize an EC2 security group on a ElastiCache security group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* Dependent actions:
* - ec2:AuthorizeSecurityGroupIngress
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_AuthorizeCacheSecurityGroupIngress.html
*/
toAuthorizeCacheSecurityGroupIngress() {
return this.to('AuthorizeCacheSecurityGroupIngress');
}
/**
* Grants permission to apply ElastiCache service updates to sets of clusters and replication groups
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* Dependent actions:
* - ec2:CreateNetworkInterface
* - ec2:DeleteNetworkInterface
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
* - s3:GetObject
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_BatchApplyUpdateAction.html
*/
toBatchApplyUpdateAction() {
return this.to('BatchApplyUpdateAction');
}
/**
* Grants permission to stop ElastiCache service updates from being executed on a set of clusters
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_BatchStopUpdateAction.html
*/
toBatchStopUpdateAction() {
return this.to('BatchStopUpdateAction');
}
/**
* Grants permission to complete an online migration of data from hosted Redis on Amazon EC2 to ElastiCache
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CompleteMigration.html
*/
toCompleteMigration() {
return this.to('CompleteMigration');
}
/**
* Grants permission to connect as a specified ElastiCache user to an ElastiCache Replication Group or ElastiCache serverless cache
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/auth-iam.html
*/
toConnect() {
return this.to('Connect');
}
/**
* Grants permission to make a copy of an existing serverless cache snapshot
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - elasticache:AddTagsToResource
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CopyServerlessCacheSnapshot.html
*/
toCopyServerlessCacheSnapshot() {
return this.to('CopyServerlessCacheSnapshot');
}
/**
* Grants permission to make a copy of an existing snapshot
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifKmsKeyId()
*
* Dependent actions:
* - elasticache:AddTagsToResource
* - s3:DeleteObject
* - s3:GetBucketAcl
* - s3:PutObject
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CopySnapshot.html
*/
toCopySnapshot() {
return this.to('CopySnapshot');
}
/**
* Grants permission to create a cache cluster
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* Dependent actions:
* - ec2:CreateNetworkInterface
* - ec2:DeleteNetworkInterface
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
* - elasticache:AddTagsToResource
* - s3:GetObject
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateCacheCluster.html
*/
toCreateCacheCluster() {
return this.to('CreateCacheCluster');
}
/**
* Grants permission to create a parameter group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifCacheParameterGroupName()
*
* Dependent actions:
* - elasticache:AddTagsToResource
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateCacheParameterGroup.html
*/
toCreateCacheParameterGroup() {
return this.to('CreateCacheParameterGroup');
}
/**
* Grants permission to create a cache security group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - elasticache:AddTagsToResource
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateCacheSecurityGroup.html
*/
toCreateCacheSecurityGroup() {
return this.to('CreateCacheSecurityGroup');
}
/**
* Grants permission to create a cache subnet group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - elasticache:AddTagsToResource
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateCacheSubnetGroup.html
*/
toCreateCacheSubnetGroup() {
return this.to('CreateCacheSubnetGroup');
}
/**
* Grants permission to create a global replication group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateGlobalReplicationGroup.html
*/
toCreateGlobalReplicationGroup() {
return this.to('CreateGlobalReplicationGroup');
}
/**
* Grants permission to create a replication group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* Dependent actions:
* - ec2:CreateNetworkInterface
* - ec2:DeleteNetworkInterface
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
* - elasticache:AddTagsToResource
* - s3:GetObject
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateReplicationGroup.html
*/
toCreateReplicationGroup() {
return this.to('CreateReplicationGroup');
}
/**
* Grants permission to create a serverless cache
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:CreateTags
* - ec2:CreateVpcEndpoint
* - ec2:DeleteVpcEndpoints
* - ec2:DescribeSecurityGroups
* - ec2:DescribeSubnets
* - ec2:DescribeTags
* - ec2:DescribeVpcEndpoints
* - ec2:DescribeVpcs
* - elasticache:AddTagsToResource
* - s3:GetObject
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateServerlessCache.html
*/
toCreateServerlessCache() {
return this.to('CreateServerlessCache');
}
/**
* Grants permission to create a copy of a serverless cache at a specific moment in time
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - elasticache:AddTagsToResource
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateServerlessCacheSnapshot.html
*/
toCreateServerlessCacheSnapshot() {
return this.to('CreateServerlessCacheSnapshot');
}
/**
* Grants permission to create a copy of an entire Redis cluster at a specific moment in time
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* Dependent actions:
* - elasticache:AddTagsToResource
* - s3:DeleteObject
* - s3:GetBucketAcl
* - s3:PutObject
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateSnapshot.html
*/
toCreateSnapshot() {
return this.to('CreateSnapshot');
}
/**
* Grants permission to create a user for Redis. Users are supported from Redis 6.0 onwards
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifUserAuthenticationMode()
*
* Dependent actions:
* - elasticache:AddTagsToResource
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateUser.html
*/
toCreateUser() {
return this.to('CreateUser');
}
/**
* Grants permission to create a user group for Redis. Groups are supported from Redis 6.0 onwards
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* Dependent actions:
* - elasticache:AddTagsToResource
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateUserGroup.html
*/
toCreateUserGroup() {
return this.to('CreateUserGroup');
}
/**
* Grants permission to decrease the number of node groups in global replication groups
*
* Access Level: Write
*
* Possible conditions:
* - .ifNumNodeGroups()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DecreaseNodeGroupsInGlobalReplicationGroup.html
*/
toDecreaseNodeGroupsInGlobalReplicationGroup() {
return this.to('DecreaseNodeGroupsInGlobalReplicationGroup');
}
/**
* Grants permission to decrease the number of replicas in a Redis (cluster mode disabled) replication group or the number of replica nodes in one or more node groups (shards) of a Redis (cluster mode enabled) replication group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifReplicasPerNodeGroup()
*
* Dependent actions:
* - ec2:CreateNetworkInterface
* - ec2:DeleteNetworkInterface
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DecreaseReplicaCount.html
*/
toDecreaseReplicaCount() {
return this.to('DecreaseReplicaCount');
}
/**
* Grants permission to delete a previously provisioned cluster
*
* Access Level: Write
*
* Dependent actions:
* - ec2:CreateNetworkInterface
* - ec2:DeleteNetworkInterface
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DeleteCacheCluster.html
*/
toDeleteCacheCluster() {
return this.to('DeleteCacheCluster');
}
/**
* Grants permission to delete the specified cache parameter group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifCacheParameterGroupName()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DeleteCacheParameterGroup.html
*/
toDeleteCacheParameterGroup() {
return this.to('DeleteCacheParameterGroup');
}
/**
* Grants permission to delete a cache security group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DeleteCacheSecurityGroup.html
*/
toDeleteCacheSecurityGroup() {
return this.to('DeleteCacheSecurityGroup');
}
/**
* Grants permission to delete a cache subnet group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* Dependent actions:
* - ec2:CreateNetworkInterface
* - ec2:DeleteNetworkInterface
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DeleteCacheSubnetGroup.html
*/
toDeleteCacheSubnetGroup() {
return this.to('DeleteCacheSubnetGroup');
}
/**
* Grants permission to delete an existing global replication group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DeleteGlobalReplicationGroup.html
*/
toDeleteGlobalReplicationGroup() {
return this.to('DeleteGlobalReplicationGroup');
}
/**
* Grants permission to delete an existing replication group
*
* Access Level: Write
*
* Dependent actions:
* - ec2:CreateNetworkInterface
* - ec2:DeleteNetworkInterface
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DeleteReplicationGroup.html
*/
toDeleteReplicationGroup() {
return this.to('DeleteReplicationGroup');
}
/**
* Grants permission to delete a serverless cache
*
* Access Level: Write
*
* Dependent actions:
* - ec2:DescribeTags
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DeleteServerlessCache.html
*/
toDeleteServerlessCache() {
return this.to('DeleteServerlessCache');
}
/**
* Grants permission to delete a serverless cache snapshot
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DeleteServerlessCacheSnapshot.html
*/
toDeleteServerlessCacheSnapshot() {
return this.to('DeleteServerlessCacheSnapshot');
}
/**
* Grants permission to delete an existing snapshot
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DeleteSnapshot.html
*/
toDeleteSnapshot() {
return this.to('DeleteSnapshot');
}
/**
* Grants permission to delete an existing user and thus remove it from all user groups and replication groups where it was assigned
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DeleteUser.html
*/
toDeleteUser() {
return this.to('DeleteUser');
}
/**
* Grants permission to delete an existing user group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DeleteUserGroup.html
*/
toDeleteUserGroup() {
return this.to('DeleteUserGroup');
}
/**
* Grants permission to list information about provisioned cache clusters
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeCacheClusters.html
*/
toDescribeCacheClusters() {
return this.to('DescribeCacheClusters');
}
/**
* Grants permission to list available cache engines and their versions
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeCacheEngineVersions.html
*/
toDescribeCacheEngineVersions() {
return this.to('DescribeCacheEngineVersions');
}
/**
* Grants permission to list cache parameter group descriptions
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeCacheParameterGroups.html
*/
toDescribeCacheParameterGroups() {
return this.to('DescribeCacheParameterGroups');
}
/**
* Grants permission to retrieve the detailed parameter list for a particular cache parameter group
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeCacheParameters.html
*/
toDescribeCacheParameters() {
return this.to('DescribeCacheParameters');
}
/**
* Grants permission to list cache security group descriptions
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeCacheSecurityGroups.html
*/
toDescribeCacheSecurityGroups() {
return this.to('DescribeCacheSecurityGroups');
}
/**
* Grants permission to list cache subnet group descriptions
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeCacheSubnetGroups.html
*/
toDescribeCacheSubnetGroups() {
return this.to('DescribeCacheSubnetGroups');
}
/**
* Grants permission to retrieve the default engine and system parameter information for the specified cache engine
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeEngineDefaultParameters.html
*/
toDescribeEngineDefaultParameters() {
return this.to('DescribeEngineDefaultParameters');
}
/**
* Grants permission to list events related to clusters, cache security groups, and cache parameter groups
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeEvents.html
*/
toDescribeEvents() {
return this.to('DescribeEvents');
}
/**
* Grants permission to list information about global replication groups
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeGlobalReplicationGroups.html
*/
toDescribeGlobalReplicationGroups() {
return this.to('DescribeGlobalReplicationGroups');
}
/**
* Grants permission to list information about provisioned replication groups
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeReplicationGroups.html
*/
toDescribeReplicationGroups() {
return this.to('DescribeReplicationGroups');
}
/**
* Grants permission to list information about purchased reserved cache nodes
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeReservedCacheNodes.html
*/
toDescribeReservedCacheNodes() {
return this.to('DescribeReservedCacheNodes');
}
/**
* Grants permission to list available reserved cache node offerings
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeReservedCacheNodesOfferings.html
*/
toDescribeReservedCacheNodesOfferings() {
return this.to('DescribeReservedCacheNodesOfferings');
}
/**
* Grants permission to list information about serverless cache snapshots
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeServerlessCacheSnapshots.html
*/
toDescribeServerlessCacheSnapshots() {
return this.to('DescribeServerlessCacheSnapshots');
}
/**
* Grants permission to list serverless caches
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeServerlessCaches.html
*/
toDescribeServerlessCaches() {
return this.to('DescribeServerlessCaches');
}
/**
* Grants permission to list details of the service updates
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeServiceUpdates.html
*/
toDescribeServiceUpdates() {
return this.to('DescribeServiceUpdates');
}
/**
* Grants permission to list information about cluster or replication group snapshots
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeSnapshots.html
*/
toDescribeSnapshots() {
return this.to('DescribeSnapshots');
}
/**
* Grants permission to list details of the update actions for a set of clusters or replication groups
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeUpdateActions.html
*/
toDescribeUpdateActions() {
return this.to('DescribeUpdateActions');
}
/**
* Grants permission to list information about Redis user groups
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeUserGroups.html
*/
toDescribeUserGroups() {
return this.to('DescribeUserGroups');
}
/**
* Grants permission to list information about Redis users
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeUsers.html
*/
toDescribeUsers() {
return this.to('DescribeUsers');
}
/**
* Grants permission to remove a secondary replication group from the global replication group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DisassociateGlobalReplicationGroup.html
*/
toDisassociateGlobalReplicationGroup() {
return this.to('DisassociateGlobalReplicationGroup');
}
/**
* Grants permission to export a copy of a serverless cache at a specific moment in time to s3 bucket
*
* Access Level: Write
*
* Dependent actions:
* - s3:DeleteObject
* - s3:ListAllMyBuckets
* - s3:PutObject
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ExportServerlessCacheSnapshot.html
*/
toExportServerlessCacheSnapshot() {
return this.to('ExportServerlessCacheSnapshot');
}
/**
* Grants permission to failover the primary region to a selected secondary region of a global replication group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_FailoverGlobalReplicationGroup.html
*/
toFailoverGlobalReplicationGroup() {
return this.to('FailoverGlobalReplicationGroup');
}
/**
* Grants permission to increase the number of node groups in a global replication group
*
* Access Level: Write
*
* Possible conditions:
* - .ifNumNodeGroups()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_IncreaseNodeGroupsInGlobalReplicationGroup.html
*/
toIncreaseNodeGroupsInGlobalReplicationGroup() {
return this.to('IncreaseNodeGroupsInGlobalReplicationGroup');
}
/**
* Grants permission to increase the number of replicas in a Redis (cluster mode disabled) replication group or the number of replica nodes in one or more node groups (shards) of a Redis (cluster mode enabled) replication group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifReplicasPerNodeGroup()
*
* Dependent actions:
* - ec2:CreateNetworkInterface
* - ec2:DeleteNetworkInterface
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_IncreaseReplicaCount.html
*/
toIncreaseReplicaCount() {
return this.to('IncreaseReplicaCount');
}
/**
* Grants permission to test an AZ power interruption for an ElastiCache resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/fis/latest/userguide/fis-actions-reference.html#elasticache-actions-reference
*/
toInterruptClusterAzPower() {
return this.to('InterruptClusterAzPower');
}
/**
* Grants permission to list available node type that can be used to scale a particular Redis cluster or replication group
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ListAllowedNodeTypeModifications.html
*/
toListAllowedNodeTypeModifications() {
return this.to('ListAllowedNodeTypeModifications');
}
/**
* Grants permission to list tags for an ElastiCache resource
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to modify settings for a cluster
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyCacheCluster.html
*/
toModifyCacheCluster() {
return this.to('ModifyCacheCluster');
}
/**
* Grants permission to modify parameters of a cache parameter group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifCacheParameterGroupName()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyCacheParameterGroup.html
*/
toModifyCacheParameterGroup() {
return this.to('ModifyCacheParameterGroup');
}
/**
* Grants permission to modify an existing cache subnet group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyCacheSubnetGroup.html
*/
toModifyCacheSubnetGroup() {
return this.to('ModifyCacheSubnetGroup');
}
/**
* Grants permission to modify settings for a global replication group
*
* Access Level: Write
*
* Possible conditions:
* - .ifCacheNodeType()
* - .ifEngineVersion()
* - .ifAutomaticFailoverEnabled()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyGlobalReplicationGroup.html
*/
toModifyGlobalReplicationGroup() {
return this.to('ModifyGlobalReplicationGroup');
}
/**
* Grants permission to modify the settings for a replication group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* Dependent actions:
* - ec2:CreateNetworkInterface
* - ec2:DeleteNetworkInterface
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyReplicationGroup.html
*/
toModifyReplicationGroup() {
return this.to('ModifyReplicationGroup');
}
/**
* Grants permission to add shards, remove shards, or rebalance the keyspaces among existing shards of a replication group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifNumNodeGroups()
*
* Dependent actions:
* - ec2:CreateNetworkInterface
* - ec2:DeleteNetworkInterface
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyReplicationGroupShardConfiguration.html
*/
toModifyReplicationGroupShardConfiguration() {
return this.to('ModifyReplicationGroupShardConfiguration');
}
/**
* Grants permission to modify parameters for a serverless cache
*
* Access Level: Write
*
* Dependent actions:
* - ec2:DescribeSecurityGroups
* - ec2:DescribeTags
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyServerlessCache.html
*/
toModifyServerlessCache() {
return this.to('ModifyServerlessCache');
}
/**
* Grants permission to change Redis user password(s) and/or access string
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifUserAuthenticationMode()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyUser.html
*/
toModifyUser() {
return this.to('ModifyUser');
}
/**
* Grants permission to change list of users that belong to the user group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyUserGroup.html
*/
toModifyUserGroup() {
return this.to('ModifyUserGroup');
}
/**
* Grants permission to purchase a reserved cache node offering
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - elasticache:AddTagsToResource
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_PurchaseReservedCacheNodesOffering.html
*/
toPurchaseReservedCacheNodesOffering() {
return this.to('PurchaseReservedCacheNodesOffering');
}
/**
* Grants permission to perform a key space rebalance operation to redistribute slots and ensure uniform key distribution across existing shards in a global replication group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_RebalanceSlotsInGlobalReplicationGroup.html
*/
toRebalanceSlotsInGlobalReplicationGroup() {
return this.to('RebalanceSlotsInGlobalReplicationGroup');
}
/**
* Grants permission to reboot some, or all, of the cache nodes within a provisioned cache cluster or replication group (cluster mode disabled)
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_RebootCacheCluster.html
*/
toRebootCacheCluster() {
return this.to('RebootCacheCluster');
}
/**
* Grants permission to remove tags from a ElastiCache resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_RemoveTagsFromResource.html
*/
toRemoveTagsFromResource() {
return this.to('RemoveTagsFromResource');
}
/**
* Grants permission to modify parameters of a cache parameter group back to their default values
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifCacheParameterGroupName()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ResetCacheParameterGroup.html
*/
toResetCacheParameterGroup() {
return this.to('ResetCacheParameterGroup');
}
/**
* Grants permission to remove an EC2 security group ingress from a ElastiCache security group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_RevokeCacheSecurityGroupIngress.html
*/
toRevokeCacheSecurityGroupIngress() {
return this.to('RevokeCacheSecurityGroupIngress');
}
/**
* Grants permission to start a migration of data from hosted Redis on Amazon EC2 to ElastiCache for Redis
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_StartMigration.html
*/
toStartMigration() {
return this.to('StartMigration');
}
/**
* Grants permission to test automatic failover on a specified node group in a replication group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* Dependent actions:
* - ec2:CreateNetworkInterface
* - ec2:DeleteNetworkInterface
* - ec2:DescribeNetworkInterfaces
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_TestFailover.html
*/
toTestFailover() {
return this.to('TestFailover');
}
/**
* Grants permission to test a migration of data from hosted Redis on Amazon EC2 to ElastiCache for Redis
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_TestMigration.html
*/
toTestMigration() {
return this.to('TestMigration');
}
/**
* Adds a resource of type parametergroup to the statement
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.Components.html#WhatIs.Components.ParameterGroups
*
* @param cacheParameterGroupName - Identifier for the cacheParameterGroupName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifCacheParameterGroupName()
*/
onParametergroup(cacheParameterGroupName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:elasticache:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:parametergroup:${cacheParameterGroupName}`);
}
/**
* Adds a resource of type securitygroup to the statement
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.Components.html#WhatIs.Components.SecurityGroups
*
* @param cacheSecurityGroupName - Identifier for the cacheSecurityGroupName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
*/
onSecuritygroup(cacheSecurityGroupName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:elasticache:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:securitygroup:${cacheSecurityGroupName}`);
}
/**
* Adds a resource of type subnetgroup to the statement
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.Components.html#WhatIs.Components.SubnetGroups
*
* @param cacheSubnetGroupName - Identifier for the cacheSubnetGroupName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
*/
onSubnetgroup(cacheSubnetGroupName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:elasticache:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:subnetgroup:${cacheSubnetGroupName}`);
}
/**
* Adds a resource of type replicationgroup to the statement
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.Components.html#WhatIs.Components.ReplicationGroups
*
* @param replicationGroupId - Identifier for the replicationGroupId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifAtRestEncryptionEnabled()
* - .ifAuthTokenEnabled()
* - .ifAutomaticFailoverEnabled()
* - .ifCacheNodeType()
* - .ifCacheParameterGroupName()
* - .ifClusterModeEnabled()
* - .ifEngineType()
* - .ifEngineVersion()
* - .ifKmsKeyId()
* - .ifMultiAZEnabled()
* - .ifNumNodeGroups()
* - .ifReplicasPerNodeGroup()
* - .ifSnapshotRetentionLimit()
* - .ifTransitEncryptionEnabled()
*/
onReplicationgroup(replicationGroupId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:elasticache:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:replicationgroup:${replicationGroupId}`);
}
/**
* Adds a resource of type cluster to the statement
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.Components.html#WhatIs.Components.Clusters
*
* @param cacheClusterId - Identifier for the cacheClusterId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifAuthTokenEnabled()
* - .ifCacheNodeType()
* - .ifCacheParameterGroupName()
* - .ifEngineType()
* - .ifEngineVersion()
* - .ifMultiAZEnabled()
* - .ifSnapshotRetentionLimit()
*/
onCluster(cacheClusterId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:elasticache:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:cluster:${cacheClusterId}`);
}
/**
* Adds a resource of type reserved-instance to the statement
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/reserved-nodes.html
*
* @param reservedCacheNodeId - Identifier for the reservedCacheNodeId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
*/
onReservedInstance(reservedCacheNodeId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:elasticache:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:reserved-instance:${reservedCacheNodeId}`);
}
/**
* Adds a resource of type snapshot to the statement
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.Components.html#WhatIs.Components.Snapshots
*
* @param snapshotName - Identifier for the snapshotName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifKmsKeyId()
*/
onSnapshot(snapshotName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:elasticache:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:snapshot:${snapshotName}`);
}
/**
* Adds a resource of type globalreplicationgroup to the statement
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Redis-Global-Datastore.html
*
* @param globalReplicationGroupId - Identifier for the globalReplicationGroupId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAtRestEncryptionEnabled()
* - .ifAuthTokenEnabled()
* - .ifAutomaticFailoverEnabled()
* - .ifCacheNodeType()
* - .ifCacheParameterGroupName()
* - .ifClusterModeEnabled()
* - .ifEngineType()
* - .ifEngineVersion()
* - .ifKmsKeyId()
* - .ifMultiAZEnabled()
* - .ifNumNodeGroups()
* - .ifReplicasPerNodeGroup()
* - .ifSnapshotRetentionLimit()
* - .ifTransitEncryptionEnabled()
*/
onGlobalreplicationgroup(globalReplicationGroupId, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:elasticache::${account ?? this.defaultAccount}:globalreplicationgroup:${globalReplicationGroupId}`);
}
/**
* Adds a resource of type user to the statement
*
* https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html
*
* @param userId - Identifier for the userId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifUserAuthenticationMode()
*/
onUser(userId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:elasticache:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:user:$