iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,516 lines (1,515 loc) • 257 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Redshift = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [redshift](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonredshift.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Redshift extends shared_1.PolicyStatement {
/**
* Statement provider for service [redshift](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonredshift.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'redshift';
this.accessLevelList = {
Write: [
'AcceptReservedNodeExchange',
'AddPartner',
'AssociateDataShareConsumer',
'AuthorizeClusterSecurityGroupIngress',
'AuthorizeInboundIntegration',
'BatchDeleteClusterSnapshots',
'BatchModifyClusterSnapshots',
'CancelQuery',
'CancelQuerySession',
'CancelResize',
'CopyClusterSnapshot',
'CreateAuthenticationProfile',
'CreateCluster',
'CreateClusterParameterGroup',
'CreateClusterSecurityGroup',
'CreateClusterSnapshot',
'CreateClusterSubnetGroup',
'CreateCustomDomainAssociation',
'CreateEndpointAccess',
'CreateEventSubscription',
'CreateHsmClientCertificate',
'CreateHsmConfiguration',
'CreateInboundIntegration',
'CreateIntegration',
'CreateQev2IdcApplication',
'CreateRedshiftIdcApplication',
'CreateSavedQuery',
'CreateScheduledAction',
'CreateSnapshotSchedule',
'CreateUsageLimit',
'DeleteAuthenticationProfile',
'DeleteCluster',
'DeleteClusterParameterGroup',
'DeleteClusterSecurityGroup',
'DeleteClusterSnapshot',
'DeleteClusterSubnetGroup',
'DeleteCustomDomainAssociation',
'DeleteEndpointAccess',
'DeleteEventSubscription',
'DeleteHsmClientCertificate',
'DeleteHsmConfiguration',
'DeleteIntegration',
'DeletePartner',
'DeleteQev2IdcApplication',
'DeleteRedshiftIdcApplication',
'DeleteSavedQueries',
'DeleteScheduledAction',
'DeleteSnapshotCopyGrant',
'DeleteSnapshotSchedule',
'DeleteUsageLimit',
'DeregisterNamespace',
'DisableLogging',
'DisableSnapshotCopy',
'DisassociateDataShareConsumer',
'EnableLogging',
'EnableSnapshotCopy',
'ExecuteQuery',
'FailoverPrimaryCompute',
'GetClusterCredentials',
'GetClusterCredentialsWithIAM',
'ModifyAquaConfiguration',
'ModifyAuthenticationProfile',
'ModifyCluster',
'ModifyClusterDbRevision',
'ModifyClusterMaintenance',
'ModifyClusterParameterGroup',
'ModifyClusterSnapshot',
'ModifyClusterSnapshotSchedule',
'ModifyClusterSubnetGroup',
'ModifyCustomDomainAssociation',
'ModifyEndpointAccess',
'ModifyEventSubscription',
'ModifyIntegration',
'ModifyQev2IdcApplication',
'ModifyRedshiftIdcApplication',
'ModifySavedQuery',
'ModifyScheduledAction',
'ModifySnapshotCopyRetentionPeriod',
'ModifySnapshotSchedule',
'ModifyUsageLimit',
'PauseCluster',
'PurchaseReservedNodeOffering',
'RebootCluster',
'RegisterNamespace',
'ResetClusterParameterGroup',
'ResizeCluster',
'RestoreFromClusterSnapshot',
'RestoreTableFromClusterSnapshot',
'ResumeCluster',
'RevokeClusterSecurityGroupIngress',
'RotateEncryptionKey',
'UpdatePartnerStatus'
],
'Permissions management': [
'AuthorizeDataShare',
'AuthorizeEndpointAccess',
'AuthorizeSnapshotAccess',
'CreateClusterUser',
'CreateSnapshotCopyGrant',
'DeauthorizeDataShare',
'DeleteResourcePolicy',
'JoinGroup',
'ModifyClusterIamRoles',
'PutResourcePolicy',
'RejectDataShare',
'RevokeEndpointAccess',
'RevokeSnapshotAccess'
],
Tagging: [
'CreateTags',
'DeleteTags'
],
Read: [
'DescribeAccountAttributes',
'DescribeAuthenticationProfiles',
'DescribeClusterParameterGroups',
'DescribeClusterParameters',
'DescribeClusterSecurityGroups',
'DescribeClusterSnapshots',
'DescribeClusterSubnetGroups',
'DescribeClusterVersions',
'DescribeDataShares',
'DescribeDataSharesForConsumer',
'DescribeDataSharesForProducer',
'DescribeDefaultClusterParameters',
'DescribeEndpointAccess',
'DescribeEventCategories',
'DescribeEventSubscriptions',
'DescribeHsmClientCertificates',
'DescribeHsmConfigurations',
'DescribeLoggingStatus',
'DescribeOrderableClusterOptions',
'DescribePartners',
'DescribeQuery',
'DescribeReservedNodeExchangeStatus',
'DescribeReservedNodeOfferings',
'DescribeReservedNodes',
'DescribeResize',
'DescribeSavedQueries',
'DescribeScheduledActions',
'DescribeSnapshotCopyGrants',
'DescribeSnapshotSchedules',
'DescribeStorage',
'DescribeTable',
'DescribeTableRestoreStatus',
'DescribeTags',
'DescribeUsageLimits',
'FetchResults',
'GetReservedNodeExchangeConfigurationOptions',
'GetReservedNodeExchangeOfferings',
'GetResourcePolicy'
],
List: [
'DescribeClusterDbRevisions',
'DescribeClusterTracks',
'DescribeClusters',
'DescribeCustomDomainAssociations',
'DescribeEndpointAuthorization',
'DescribeEvents',
'DescribeInboundIntegrations',
'DescribeIntegrations',
'DescribeNodeConfigurationOptions',
'DescribeQev2IdcApplications',
'DescribeRedshiftIdcApplications',
'ListDatabases',
'ListRecommendations',
'ListSavedQueries',
'ListSchemas',
'ListTables',
'ViewQueriesFromConsole',
'ViewQueriesInConsole'
]
};
}
/**
* Grants permission to exchange a DC1 reserved node for a DC2 reserved node with no changes to the configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_AcceptReservedNodeExchange.html
*/
toAcceptReservedNodeExchange() {
return this.to('AcceptReservedNodeExchange');
}
/**
* Grants permission to add a partner integration to a cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_AddPartner.html
*/
toAddPartner() {
return this.to('AddPartner');
}
/**
* Grants permission to associate a consumer to a datashare
*
* Access Level: Write
*
* Possible conditions:
* - .ifConsumerArn()
* - .ifAllowWrites()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_AssociateDataShareConsumer.html
*/
toAssociateDataShareConsumer() {
return this.to('AssociateDataShareConsumer');
}
/**
* Grants permission to add an inbound (ingress) rule to an Amazon Redshift security group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeClusterSecurityGroupIngress.html
*/
toAuthorizeClusterSecurityGroupIngress() {
return this.to('AuthorizeClusterSecurityGroupIngress');
}
/**
* Grants permission to authorize the specified datashare consumer to consume a datashare
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifConsumerIdentifier()
* - .ifAllowWrites()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeDataShare.html
*/
toAuthorizeDataShare() {
return this.to('AuthorizeDataShare');
}
/**
* Grants permission to authorize endpoint related activities for redshift-managed vpc endpoint
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeEndpointAccess.html
*/
toAuthorizeEndpointAccess() {
return this.to('AuthorizeEndpointAccess');
}
/**
* Grants permission to Amazon Redshift to continuously validate that the target data warehouse can receive data replicated from the source ARN
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/zero-etl-using.setting-up.html
*/
toAuthorizeInboundIntegration() {
return this.to('AuthorizeInboundIntegration');
}
/**
* Grants permission to the specified AWS account to restore a snapshot
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeSnapshotAccess.html
*/
toAuthorizeSnapshotAccess() {
return this.to('AuthorizeSnapshotAccess');
}
/**
* Grants permission to delete snapshots in a batch of size upto 100
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_BatchDeleteClusterSnapshots.html
*/
toBatchDeleteClusterSnapshots() {
return this.to('BatchDeleteClusterSnapshots');
}
/**
* Grants permission to modify settings for a list of snapshots
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_BatchModifyClusterSnapshots.html
*/
toBatchModifyClusterSnapshots() {
return this.to('BatchModifyClusterSnapshots');
}
/**
* Grants permission to cancel a query through the Amazon Redshift console
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html
*/
toCancelQuery() {
return this.to('CancelQuery');
}
/**
* Grants permission to see queries in the Amazon Redshift console
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html
*/
toCancelQuerySession() {
return this.to('CancelQuerySession');
}
/**
* Grants permission to cancel a resize operation
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CancelResize.html
*/
toCancelResize() {
return this.to('CancelResize');
}
/**
* Grants permission to copy a cluster snapshot
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CopyClusterSnapshot.html
*/
toCopyClusterSnapshot() {
return this.to('CopyClusterSnapshot');
}
/**
* Grants permission to create an Amazon Redshift authentication profile
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateAuthenticationProfile.html
*/
toCreateAuthenticationProfile() {
return this.to('CreateAuthenticationProfile');
}
/**
* Grants permission to create a cluster
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - kms:CreateGrant
* - kms:Decrypt
* - kms:DescribeKey
* - kms:GenerateDataKey
* - kms:RetireGrant
* - secretsmanager:CreateSecret
* - secretsmanager:DeleteSecret
* - secretsmanager:DescribeSecret
* - secretsmanager:GetRandomPassword
* - secretsmanager:RotateSecret
* - secretsmanager:TagResource
* - secretsmanager:UpdateSecret
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateCluster.html
*/
toCreateCluster() {
return this.to('CreateCluster');
}
/**
* Grants permission to create an Amazon Redshift parameter group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterParameterGroup.html
*/
toCreateClusterParameterGroup() {
return this.to('CreateClusterParameterGroup');
}
/**
* Grants permission to create an Amazon Redshift security group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterSecurityGroup.html
*/
toCreateClusterSecurityGroup() {
return this.to('CreateClusterSecurityGroup');
}
/**
* Grants permission to create a manual snapshot of the specified cluster
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterSnapshot.html
*/
toCreateClusterSnapshot() {
return this.to('CreateClusterSnapshot');
}
/**
* Grants permission to create an Amazon Redshift subnet group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterSubnetGroup.html
*/
toCreateClusterSubnetGroup() {
return this.to('CreateClusterSubnetGroup');
}
/**
* Grants permission to automatically create the specified Amazon Redshift user if it does not exist
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifDbUser()
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/generating-iam-credentials-role-permissions.html
*/
toCreateClusterUser() {
return this.to('CreateClusterUser');
}
/**
* Grants permission to create a custom domain name for a cluster
*
* Access Level: Write
*
* Dependent actions:
* - acm:DescribeCertificate
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateCustomDomainAssociation.html
*/
toCreateCustomDomainAssociation() {
return this.to('CreateCustomDomainAssociation');
}
/**
* Grants permission to create a redshift-managed vpc endpoint
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateEndpointAccess.html
*/
toCreateEndpointAccess() {
return this.to('CreateEndpointAccess');
}
/**
* Grants permission to create an Amazon Redshift event notification subscription
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateEventSubscription.html
*/
toCreateEventSubscription() {
return this.to('CreateEventSubscription');
}
/**
* Grants permission to create an HSM client certificate that a cluster uses to connect to an HSM
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateHsmClientCertificate.html
*/
toCreateHsmClientCertificate() {
return this.to('CreateHsmClientCertificate');
}
/**
* Grants permission to create an HSM configuration that contains information required by a cluster to store and use database encryption keys in a hardware security module (HSM)
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateHsmConfiguration.html
*/
toCreateHsmConfiguration() {
return this.to('CreateHsmConfiguration');
}
/**
* Grants permission to the source principal to create an inbound integration for data to be replicated from the source into the target data warehouse
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/zero-etl-using.setting-up.html
*/
toCreateInboundIntegration() {
return this.to('CreateInboundIntegration');
}
/**
* Grants permission to create an Amazon Redshift zero-ETL integration
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifIntegrationSourceArn()
* - .ifIntegrationTargetArn()
*
* Dependent actions:
* - kms:CreateGrant
* - kms:DescribeKey
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateIntegration.html
*/
toCreateIntegration() {
return this.to('CreateIntegration');
}
/**
* Grants permission to create a qev2 idc application
*
* Access Level: Write
*
* Dependent actions:
* - sso:CreateApplication
* - sso:PutApplicationAccessScope
* - sso:PutApplicationAuthenticationMethod
* - sso:PutApplicationGrant
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html
*/
toCreateQev2IdcApplication() {
return this.to('CreateQev2IdcApplication');
}
/**
* Grants permission to create a redshift idc application
*
* Access Level: Write
*
* Dependent actions:
* - sso:CreateApplication
* - sso:PutApplicationAccessScope
* - sso:PutApplicationAuthenticationMethod
* - sso:PutApplicationGrant
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateRedshiftIdcApplication.html
*/
toCreateRedshiftIdcApplication() {
return this.to('CreateRedshiftIdcApplication');
}
/**
* Grants permission to create saved SQL queries through the Amazon Redshift console
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html
*/
toCreateSavedQuery() {
return this.to('CreateSavedQuery');
}
/**
* Grants permission to create an Amazon Redshift scheduled action
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateScheduledAction.html
*/
toCreateScheduledAction() {
return this.to('CreateScheduledAction');
}
/**
* Grants permission to create a snapshot copy grant and encrypt copied snapshots in a destination AWS Region
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateSnapshotCopyGrant.html
*/
toCreateSnapshotCopyGrant() {
return this.to('CreateSnapshotCopyGrant');
}
/**
* Grants permission to create a snapshot schedule
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateSnapshotSchedule.html
*/
toCreateSnapshotSchedule() {
return this.to('CreateSnapshotSchedule');
}
/**
* Grants permission to add one or more tags to a specified resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateTags.html
*/
toCreateTags() {
return this.to('CreateTags');
}
/**
* Grants permission to create a usage limit
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateUsageLimit.html
*/
toCreateUsageLimit() {
return this.to('CreateUsageLimit');
}
/**
* Grants permission to remove permission from the specified datashare consumer to consume a datashare
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifConsumerIdentifier()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeauthorizeDataShare.html
*/
toDeauthorizeDataShare() {
return this.to('DeauthorizeDataShare');
}
/**
* Grants permission to delete an Amazon Redshift authentication profile
*
* Access Level: Write
*/
toDeleteAuthenticationProfile() {
return this.to('DeleteAuthenticationProfile');
}
/**
* Grants permission to delete a previously provisioned cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteCluster.html
*/
toDeleteCluster() {
return this.to('DeleteCluster');
}
/**
* Grants permission to delete an Amazon Redshift parameter group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterParameterGroup.html
*/
toDeleteClusterParameterGroup() {
return this.to('DeleteClusterParameterGroup');
}
/**
* Grants permission to delete an Amazon Redshift security group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterSecurityGroup.html
*/
toDeleteClusterSecurityGroup() {
return this.to('DeleteClusterSecurityGroup');
}
/**
* Grants permission to delete a manual snapshot
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterSnapshot.html
*/
toDeleteClusterSnapshot() {
return this.to('DeleteClusterSnapshot');
}
/**
* Grants permission to delete a cluster subnet group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterSubnetGroup.html
*/
toDeleteClusterSubnetGroup() {
return this.to('DeleteClusterSubnetGroup');
}
/**
* Grants permission to delete a custom domain name for a cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteCustomDomainAssociation.html
*/
toDeleteCustomDomainAssociation() {
return this.to('DeleteCustomDomainAssociation');
}
/**
* Grants permission to delete a redshift-managed vpc endpoint
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteEndpointAccess.html
*/
toDeleteEndpointAccess() {
return this.to('DeleteEndpointAccess');
}
/**
* Grants permission to delete an Amazon Redshift event notification subscription
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteEventSubscription.html
*/
toDeleteEventSubscription() {
return this.to('DeleteEventSubscription');
}
/**
* Grants permission to delete an HSM client certificate
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteHsmClientCertificate.html
*/
toDeleteHsmClientCertificate() {
return this.to('DeleteHsmClientCertificate');
}
/**
* Grants permission to delete an Amazon Redshift HSM configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteHsmConfiguration.html
*/
toDeleteHsmConfiguration() {
return this.to('DeleteHsmConfiguration');
}
/**
* Grants permission to delete an Amazon Redshift zero-ETL integration
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteIntegration.html
*/
toDeleteIntegration() {
return this.to('DeleteIntegration');
}
/**
* Grants permission to delete a partner integration from a cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeletePartner.html
*/
toDeletePartner() {
return this.to('DeletePartner');
}
/**
* Grants permission to delete a qev2 idc application
*
* Access Level: Write
*
* Dependent actions:
* - sso:DeleteApplication
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html
*/
toDeleteQev2IdcApplication() {
return this.to('DeleteQev2IdcApplication');
}
/**
* Grants permission to delete a redshift idc application
*
* Access Level: Write
*
* Dependent actions:
* - sso:DeleteApplication
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteRedshiftIdcApplication.html
*/
toDeleteRedshiftIdcApplication() {
return this.to('DeleteRedshiftIdcApplication');
}
/**
* Grants permission to delete the resource policy for a specified resource
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteResourcePolicy.html
*/
toDeleteResourcePolicy() {
return this.to('DeleteResourcePolicy');
}
/**
* Grants permission to delete saved SQL queries through the Amazon Redshift console
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html
*/
toDeleteSavedQueries() {
return this.to('DeleteSavedQueries');
}
/**
* Grants permission to delete an Amazon Redshift scheduled action
*
* Access Level: Write
*/
toDeleteScheduledAction() {
return this.to('DeleteScheduledAction');
}
/**
* Grants permission to delete a snapshot copy grant
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteSnapshotCopyGrant.html
*/
toDeleteSnapshotCopyGrant() {
return this.to('DeleteSnapshotCopyGrant');
}
/**
* Grants permission to delete a snapshot schedule
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteSnapshotSchedule.html
*/
toDeleteSnapshotSchedule() {
return this.to('DeleteSnapshotSchedule');
}
/**
* Grants permission to delete a tag or tags from a resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteTags.html
*/
toDeleteTags() {
return this.to('DeleteTags');
}
/**
* Grants permission to delete a usage limit
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteUsageLimit.html
*/
toDeleteUsageLimit() {
return this.to('DeleteUsageLimit');
}
/**
* Grants permission to deregister the specified namespace from a consumer
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeregisterNamespace.html
*/
toDeregisterNamespace() {
return this.to('DeregisterNamespace');
}
/**
* Grants permission to describe attributes attached to the specified AWS account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeAccountAttributes.html
*/
toDescribeAccountAttributes() {
return this.to('DescribeAccountAttributes');
}
/**
* Grants permission to describe created Amazon Redshift authentication profiles
*
* Access Level: Read
*/
toDescribeAuthenticationProfiles() {
return this.to('DescribeAuthenticationProfiles');
}
/**
* Grants permission to describe database revisions for a cluster
*
* Access Level: List
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterDbRevisions.html
*/
toDescribeClusterDbRevisions() {
return this.to('DescribeClusterDbRevisions');
}
/**
* Grants permission to describe Amazon Redshift parameter groups, including parameter groups you created and the default parameter group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterParameterGroups.html
*/
toDescribeClusterParameterGroups() {
return this.to('DescribeClusterParameterGroups');
}
/**
* Grants permission to describe parameters contained within an Amazon Redshift parameter group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterParameters.html
*/
toDescribeClusterParameters() {
return this.to('DescribeClusterParameters');
}
/**
* Grants permission to describe Amazon Redshift security groups
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterSecurityGroups.html
*/
toDescribeClusterSecurityGroups() {
return this.to('DescribeClusterSecurityGroups');
}
/**
* Grants permission to describe one or more snapshot objects, which contain metadata about your cluster snapshots
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterSnapshots.html
*/
toDescribeClusterSnapshots() {
return this.to('DescribeClusterSnapshots');
}
/**
* Grants permission to describe one or more cluster subnet group objects, which contain metadata about your cluster subnet groups
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterSubnetGroups.html
*/
toDescribeClusterSubnetGroups() {
return this.to('DescribeClusterSubnetGroups');
}
/**
* Grants permission to describe available maintenance tracks
*
* Access Level: List
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterTracks.html
*/
toDescribeClusterTracks() {
return this.to('DescribeClusterTracks');
}
/**
* Grants permission to describe available Amazon Redshift cluster versions
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterVersions.html
*/
toDescribeClusterVersions() {
return this.to('DescribeClusterVersions');
}
/**
* Grants permission to describe properties of provisioned clusters
*
* Access Level: List
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusters.html
*/
toDescribeClusters() {
return this.to('DescribeClusters');
}
/**
* Grants permission to describe custom domain names for a cluster
*
* Access Level: List
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeCustomDomainAssociations.html
*/
toDescribeCustomDomainAssociations() {
return this.to('DescribeCustomDomainAssociations');
}
/**
* Grants permission to describe datashares created and consumed by your clusters
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDataShares.html
*/
toDescribeDataShares() {
return this.to('DescribeDataShares');
}
/**
* Grants permission to describe only datashares consumed by your clusters
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDataSharesForConsumer.html
*/
toDescribeDataSharesForConsumer() {
return this.to('DescribeDataSharesForConsumer');
}
/**
* Grants permission to describe only datashares created by your clusters
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDataSharesForProducer.html
*/
toDescribeDataSharesForProducer() {
return this.to('DescribeDataSharesForProducer');
}
/**
* Grants permission to describe parameter settings for a parameter group family
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDefaultClusterParameters.html
*/
toDescribeDefaultClusterParameters() {
return this.to('DescribeDefaultClusterParameters');
}
/**
* Grants permission to describe redshift-managed vpc endpoints
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEndpointAccess.html
*/
toDescribeEndpointAccess() {
return this.to('DescribeEndpointAccess');
}
/**
* Grants permission to authorize describe activity for redshift-managed vpc endpoint
*
* Access Level: List
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEndpointAuthorization.html
*/
toDescribeEndpointAuthorization() {
return this.to('DescribeEndpointAuthorization');
}
/**
* Grants permission to describe event categories for all event source types, or for a specified source type
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEventCategories.html
*/
toDescribeEventCategories() {
return this.to('DescribeEventCategories');
}
/**
* Grants permission to describe Amazon Redshift event notification subscriptions for the specified AWS account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEventSubscriptions.html
*/
toDescribeEventSubscriptions() {
return this.to('DescribeEventSubscriptions');
}
/**
* Grants permission to describe events related to clusters, security groups, snapshots, and parameter groups for the past 14 days
*
* Access Level: List
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEvents.html
*/
toDescribeEvents() {
return this.to('DescribeEvents');
}
/**
* Grants permission to describe HSM client certificates
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeHsmClientCertificates.html
*/
toDescribeHsmClientCertificates() {
return this.to('DescribeHsmClientCertificates');
}
/**
* Grants permission to describe Amazon Redshift HSM configurations
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeHsmConfigurations.html
*/
toDescribeHsmConfigurations() {
return this.to('DescribeHsmConfigurations');
}
/**
* Grants permission to list the inbound integrations
*
* Access Level: List
*
* Possible conditions:
* - .ifInboundIntegrationArn()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeInboundIntegrations.html
*/
toDescribeInboundIntegrations() {
return this.to('DescribeInboundIntegrations');
}
/**
* Grants permission to describe an Amazon Redshift zero-ETL integration
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeIntegrations.html
*/
toDescribeIntegrations() {
return this.to('DescribeIntegrations');
}
/**
* Grants permission to describe whether information, such as queries and connection attempts, is being logged for a cluster
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeLoggingStatus.html
*/
toDescribeLoggingStatus() {
return this.to('DescribeLoggingStatus');
}
/**
* Grants permission to describe properties of possible node configurations such as node type, number of nodes, and disk usage for the specified action type
*
* Access Level: List
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeNodeConfigurationOptions.html
*/
toDescribeNodeConfigurationOptions() {
return this.to('DescribeNodeConfigurationOptions');
}
/**
* Grants permission to describe orderable cluster options
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeOrderableClusterOptions.html
*/
toDescribeOrderableClusterOptions() {
return this.to('DescribeOrderableClusterOptions');
}
/**
* Grants permission to retrieve information about the partner integrations defined for a cluster
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribePartners.html
*/
toDescribePartners() {
return this.to('DescribePartners');
}
/**
* Grants permission to describe qev2 idc applications
*
* Access Level: List
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html
*/
toDescribeQev2IdcApplications() {
return this.to('DescribeQev2IdcApplications');
}
/**
* Grants permission to describe a query through the Amazon Redshift console
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html
*/
toDescribeQuery() {
return this.to('DescribeQuery');
}
/**
* Grants permission to describe redshift idc applications
*
* Access Level: List
*
* Dependent actions:
* - sso:GetApplicationGrant
* - sso:ListApplicationAccessScopes
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeRedshiftIdcApplications.html
*/
toDescribeRedshiftIdcApplications() {
return this.to('DescribeRedshiftIdcApplications');
}
/**
* Grants permission to describe exchange status details and associated metadata for a reserved-node exchange. Statuses include such values as in progress and requested
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeReservedNodeExchangeStatus.html
*/
toDescribeReservedNodeExchangeStatus() {
return this.to('DescribeReservedNodeExchangeStatus');
}
/**
* Grants permission to describe available reserved node offerings by Amazon Redshift
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeReservedNodeOfferings.html
*/
toDescribeReservedNodeOfferings() {
return this.to('DescribeReservedNodeOfferings');
}
/**
* Grants permission to describe the reserved nodes
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeReservedNodes.html
*/
toDescribeReservedNodes() {
return this.to('DescribeReservedNodes');
}
/**
* Grants permission to describe the last resize operation for a cluster
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeResize.html
*/
toDescribeResize() {
return this.to('DescribeResize');
}
/**
* Grants permission to describe saved queries through the Amazon Redshift console
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html
*/
toDescribeSavedQueries() {
return this.to('DescribeSavedQueries');
}
/**
* Grants permission to describe created Amazon Redshift scheduled actions
*
* Access Level: Read
*/
toDescribeScheduledActions() {
return this.to('DescribeScheduledActions');
}
/**
* Grants permission to describe snapshot copy grants owned by the specified AWS account in the destination AWS Region
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeSnapshotCopyGrants.html
*/
toDescribeSnapshotCopyGrants() {
return this.to('DescribeSnapshotCopyGrants');
}
/**
* Grants permission to describe snapshot schedules
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeSnapshotSchedules.html
*/
toDescribeSnapshotSchedules() {
return this.to('DescribeSnapshotSchedules');
}
/**
* Grants permission to describe account level backups storage size and provisional storage
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeStorage.html
*/
toDescribeStorage() {
return this.to('DescribeStorage');
}
/**
* Grants permission to describe a table through the Amazon Redshift console
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html
*/
toDescribeTable() {
return this.to('DescribeTable');
}
/**
* Grants permission to describe status of one or more table restore requests made using the RestoreTableFromClusterSnapshot API action
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeTableRestoreStatus.html
*/
toDescribeTableRestoreStatus() {
return this.to('DescribeTableRestoreStatus');
}
/**
* Grants permission to describe tags
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeTags.html
*/
toDescribeTags() {
return this.to('DescribeTags');
}
/**
* Grants permission to describe usage limits
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeUsageLimits.html
*/
toDescribeUsageLimits() {
return this.to('DescribeUsageLimits');
}
/**
* Grants permission to disable logging information, such as queries and connection attempts, for a cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DisableLogging.html
*/
toDisableLogging() {
return this.to('DisableLogging');
}
/**
* Grants permission to disable the automatic copy of snapshots for a cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DisableSnapshotCopy.html
*/
toDisableSnapshotCopy() {
return this.to('DisableSnapshotCopy');
}
/**
* Grants permission to disassociate a consumer from a datashare
*
* Access Level: Write
*
* Possible conditions:
* - .ifConsumerArn()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_DisassociateDataShareConsumer.html
*/
toDisassociateDataShareConsumer() {
return this.to('DisassociateDataShareConsumer');
}
/**
* Grants permission to enable logging information, such as queries and connection attempts, for a cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_EnableLogging.html
*/
toEnableLogging() {
return this.to('EnableLogging');
}
/**
* Grants permission to enable the automatic copy of snapshots for a cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_EnableSnapshotCopy.html
*/
toEnableSnapshotCopy() {
return this.to('EnableSnapshotCopy');
}
/**
* Grants permission to execute a query through the Amazon Redshift console
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html
*/
toExecuteQuery() {
return this.to('ExecuteQuery');
}
/**
* Grants permission to failover the primary compute of an Multi-AZ cluster to another AZ
*
* Access Level: Write
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_FailoverPrimaryCompute.html
*/
toFailoverPrimaryCompute() {
return this.to('FailoverPrimaryCompute');
}
/**
* Grants permission to fetch query results through the Amazon Redshift console
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html
*/
toFetchResults() {
return this.to('FetchResults');
}
/**
* Grants permission to get temporary credentials to access an Amazon Redshift database by the specified AWS account
*
* Access Level: Write
*
* Possible conditions:
* - .ifDbName()
* - .ifDbUser()
* - .ifDurationSeconds()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html
*/
toGetClusterCredentials() {
return this.to('GetClusterCredentials');
}
/**
* Grants permission to get enhanced temporary credentials to access an Amazon Redshift database by the specified AWS account
*
* Access Level: Write
*
* Possible conditions:
* - .ifDbName()
* - .ifDurationSeconds()
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentialsWithIAM.html
*/
toGetClusterCredentialsWithIAM() {
return this.to('GetClusterCredentialsWithIAM');
}
/**
* Grants permission to get the configuration options for the reserved-node exchange
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetReservedNodeExchangeConfigurationOptions.html
*/
toGetReservedNodeExchangeConfigurationOptions() {
return this.to('GetReservedNodeExchangeConfigurationOptions');
}
/**
* Grants permission to get an array of DC2 ReservedNodeOfferings that matches the payment type, term, and usage price of the given DC1 reserved node
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetReservedNodeExchangeOfferings.html
*/
toGetReservedNodeExchangeOfferings() {
return this.to('GetReservedNodeExchangeOfferings');
}
/**
* Grants permission to get the resource policy for a specified resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetResourcePolicy.html
*/
toGetResourcePolicy() {
return this.to('GetResourcePolicy');
}
/**
* Grants permission to join the specified Amazon Redshift group
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html
*/
toJoinGroup() {
return this.to('JoinGroup');
}