UNPKG

iam-floyd

Version:

AWS IAM policy statement generator with fluent interface

github.com/udondan/iam-floyd

udondan/iam-floyd

151 lines (150 loc) 6.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement } from '../../shared'; /** * Statement provider for service [identity-sync](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentitysync.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class IdentitySync extends PolicyStatement { servicePrefix: string; /** * Statement provider for service [identity-sync](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentitysync.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ constructor(sid?: string); /** * Grants permission to configure vended log delivery for a Sync Profile * * Access Level: Permissions management * * https://docs.aws.amazon.com/singlesignon/latest/userguide/logging-ad-sync-errors.html */ toAllowVendedLogDeliveryForResource(): this; /** * Grants permission to create a sync filter on the sync profile * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html */ toCreateSyncFilter(): this; /** * Grants permission to create a sync profile for the identity source * * Access Level: Write * * Dependent actions: * - ds:AuthorizeApplication * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html */ toCreateSyncProfile(): this; /** * Grants permission to create a sync target for the identity source * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html */ toCreateSyncTarget(): this; /** * Grants permission to delete a sync filter from the sync profile * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html */ toDeleteSyncFilter(): this; /** * Grants permission to delete a sync profile from the source * * Access Level: Write * * Dependent actions: * - ds:UnauthorizeApplication * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html */ toDeleteSyncProfile(): this; /** * Grants permission to delete a sync target from the source * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html */ toDeleteSyncTarget(): this; /** * Grants permission to retrieve a sync profile by using a sync profile name * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html */ toGetSyncProfile(): this; /** * Grants permission to retrieve a sync target from the sync profile * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html */ toGetSyncTarget(): this; /** * Grants permission to list the sync filters from the sync profile * * Access Level: List * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html */ toListSyncFilters(): this; /** * Grants permission to start a sync process or to resume a sync process that was previously paused * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html */ toStartSync(): this; /** * Grants permission to stop any planned sync process in the sync schedule from starting * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html */ toStopSync(): this; /** * Grants permission to update a sync target on the sync profile * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html */ toUpdateSyncTarget(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type SyncProfileResource to the statement * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html * * @param syncProfileName - Identifier for the syncProfileName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onSyncProfileResource(syncProfileName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type SyncTargetResource to the statement * * https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-groups-AD.html * * @param syncProfileName - Identifier for the syncProfileName. * @param syncTargetName - Identifier for the syncTargetName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onSyncTargetResource(syncProfileName: string, syncTargetName: string, account?: string, region?: string, partition?: string): this; }