iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,462 lines • 82.7 kB
TypeScript
import { AccessLevelList } from '../../shared/access-level';
import { PolicyStatement, Operator } from '../../shared';
/**
* Statement provider for service [ssm](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssystemsmanager.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
export declare class Ssm extends PolicyStatement {
servicePrefix: string;
/**
* Statement provider for service [ssm](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssystemsmanager.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid?: string);
/**
* Grants permission to add or overwrite one or more tags for a specified AWS resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_AddTagsToResource.html
*/
toAddTagsToResource(): this;
/**
* Grants permission to associate RelatedItem to an OpsItem
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_AssociateOpsItemRelatedItem.html
*/
toAssociateOpsItemRelatedItem(): this;
/**
* Grants permission to cancel a specified Run Command command
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CancelCommand.html
*/
toCancelCommand(): this;
/**
* Grants permission to cancel an in-progress maintenance window execution
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CancelMaintenanceWindowExecution.html
*/
toCancelMaintenanceWindowExecution(): this;
/**
* Grants permission to create an activation that is used to register on-premises servers and virtual machines (VMs) with Systems Manager
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateActivation.html
*/
toCreateActivation(): this;
/**
* Grants permission to associate a specified Systems Manager document with specified instances or other targets
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateAssociation.html
*/
toCreateAssociation(): this;
/**
* Grants permission to combine entries for multiple CreateAssociation operations in a single command
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateAssociationBatch.html
*/
toCreateAssociationBatch(): this;
/**
* Grants permission to create a Systems Manager SSM document
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifDocumentType()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateDocument.html
*/
toCreateDocument(): this;
/**
* Grants permission to create a maintenance window
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateMaintenanceWindow.html
*/
toCreateMaintenanceWindow(): this;
/**
* Grants permission to create an OpsItem in OpsCenter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateOpsItem.html
*/
toCreateOpsItem(): this;
/**
* Grants permission to create an OpsMetadata object for an AWS resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateOpsMetadata.html
*/
toCreateOpsMetadata(): this;
/**
* Grants permission to create a patch baseline
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreatePatchBaseline.html
*/
toCreatePatchBaseline(): this;
/**
* Grants permission to create a resource data sync configuration, which regularly collects inventory data from managed instances and updates the data in an Amazon S3 bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifSyncType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateResourceDataSync.html
*/
toCreateResourceDataSync(): this;
/**
* Grants permission to delete a specified activation for managed instances
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteActivation.html
*/
toDeleteActivation(): this;
/**
* Grants permission to disassociate a specified SSM document from a specified instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteAssociation.html
*/
toDeleteAssociation(): this;
/**
* Grants permission to delete a specified SSM document and its instance associations
*
* Access Level: Write
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteDocument.html
*/
toDeleteDocument(): this;
/**
* Grants permission to delete a specified custom inventory type, or the data associated with a custom inventory type
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteInventory.html
*/
toDeleteInventory(): this;
/**
* Grants permission to delete a specified maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteMaintenanceWindow.html
*/
toDeleteMaintenanceWindow(): this;
/**
* Grants permission to delete an OpsItem
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteOpsItem.html
*/
toDeleteOpsItem(): this;
/**
* Grants permission to delete an OpsMetadata object
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteOpsMetadata.html
*/
toDeleteOpsMetadata(): this;
/**
* Grants permission to delete a specified SSM parameter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteParameter.html
*/
toDeleteParameter(): this;
/**
* Grants permission to delete multiple specified SSM parameters
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteParameters.html
*/
toDeleteParameters(): this;
/**
* Grants permission to delete a specified patch baseline
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeletePatchBaseline.html
*/
toDeletePatchBaseline(): this;
/**
* Grants permission to delete a specified resource data sync
*
* Access Level: Write
*
* Possible conditions:
* - .ifSyncType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteResourceDataSync.html
*/
toDeleteResourceDataSync(): this;
/**
* Grants permission to delete a Systems Manager resource policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteResourcePolicy.html
*/
toDeleteResourcePolicy(): this;
/**
* Grants permission to deregister a specified on-premises server or virtual machine (VM) from Systems Manager
*
* Access Level: Write
*
* Possible conditions:
* - .ifResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeregisterManagedInstance.html
*/
toDeregisterManagedInstance(): this;
/**
* Grants permission to deregister a specified patch baseline from being the default patch baseline for a specified patch group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeregisterPatchBaselineForPatchGroup.html
*/
toDeregisterPatchBaselineForPatchGroup(): this;
/**
* Grants permission to deregister a specified target from a maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeregisterTargetFromMaintenanceWindow.html
*/
toDeregisterTargetFromMaintenanceWindow(): this;
/**
* Grants permission to deregister a specified task from a maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeregisterTaskFromMaintenanceWindow.html
*/
toDeregisterTaskFromMaintenanceWindow(): this;
/**
* Grants permission to view details about a specified managed instance activation, such as when it was created and the number of instances registered using the activation
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeActivations.html
*/
toDescribeActivations(): this;
/**
* Grants permission to view details about the specified association for a specified instance or target
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAssociation.html
*/
toDescribeAssociation(): this;
/**
* Grants permission to view information about a specified association execution
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAssociationExecutionTargets.html
*/
toDescribeAssociationExecutionTargets(): this;
/**
* Grants permission to view all executions for a specified association
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAssociationExecutions.html
*/
toDescribeAssociationExecutions(): this;
/**
* Grants permission to view details about all active and terminated Automation executions
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAutomationExecutions.html
*/
toDescribeAutomationExecutions(): this;
/**
* Grants permission to view information about all active and terminated step executions in an Automation workflow
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAutomationStepExecutions.html
*/
toDescribeAutomationStepExecutions(): this;
/**
* Grants permission to view all patches eligible to include in a patch baseline
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAvailablePatches.html
*/
toDescribeAvailablePatches(): this;
/**
* Grants permission to view details about a specified SSM document
*
* Access Level: Read
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeDocument.html
*/
toDescribeDocument(): this;
/**
* Grants permission to display information about SSM document parameters in the Systems Manager console (internal Systems Manager action)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toDescribeDocumentParameters(): this;
/**
* Grants permission to view the permissions for a specified SSM document
*
* Access Level: Read
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeDocumentPermission.html
*/
toDescribeDocumentPermission(): this;
/**
* Grants permission to view all current associations for a specified instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeEffectiveInstanceAssociations.html
*/
toDescribeEffectiveInstanceAssociations(): this;
/**
* Grants permission to view details about the patches currently associated with the specified patch baseline (Windows only)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeEffectivePatchesForPatchBaseline.html
*/
toDescribeEffectivePatchesForPatchBaseline(): this;
/**
* Grants permission to view the status of the associations for a specified instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstanceAssociationsStatus.html
*/
toDescribeInstanceAssociationsStatus(): this;
/**
* Grants permission to view details about a specified instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstanceInformation.html
*/
toDescribeInstanceInformation(): this;
/**
* Grants permission to view status details about patches on a specified instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstancePatchStates.html
*/
toDescribeInstancePatchStates(): this;
/**
* Grants permission to describe the high-level patch state for the instances in the specified patch group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstancePatchStatesForPatchGroup.html
*/
toDescribeInstancePatchStatesForPatchGroup(): this;
/**
* Grants permission to view general details about the patches on a specified instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstancePatches.html
*/
toDescribeInstancePatches(): this;
/**
* Grants permission to user's Amazon EC2 console to render managed instances' nodes
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toDescribeInstanceProperties(): this;
/**
* Grants permission to view details about a specified inventory deletion
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInventoryDeletions.html
*/
toDescribeInventoryDeletions(): this;
/**
* Grants permission to view details of a specified task execution for a maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowExecutionTaskInvocations.html
*/
toDescribeMaintenanceWindowExecutionTaskInvocations(): this;
/**
* Grants permission to view details about the tasks that ran during a specified maintenance window execution
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowExecutionTasks.html
*/
toDescribeMaintenanceWindowExecutionTasks(): this;
/**
* Grants permission to view the executions of a specified maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowExecutions.html
*/
toDescribeMaintenanceWindowExecutions(): this;
/**
* Grants permission to view details about upcoming executions of a specified maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowSchedule.html
*/
toDescribeMaintenanceWindowSchedule(): this;
/**
* Grants permission to view a list of the targets associated with a specified maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowTargets.html
*/
toDescribeMaintenanceWindowTargets(): this;
/**
* Grants permission to view a list of the tasks associated with a specified maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowTasks.html
*/
toDescribeMaintenanceWindowTasks(): this;
/**
* Grants permission to view information about all or specified maintenance windows
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindows.html
*/
toDescribeMaintenanceWindows(): this;
/**
* Grants permission to view information about the maintenance window targets and tasks associated with a specified instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowsForTarget.html
*/
toDescribeMaintenanceWindowsForTarget(): this;
/**
* Grants permission to view details about specified OpsItems
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeOpsItems.html
*/
toDescribeOpsItems(): this;
/**
* Grants permission to view details about a specified SSM parameter
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeParameters.html
*/
toDescribeParameters(): this;
/**
* Grants permission to view information about patch baselines that meet the specified criteria
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchBaselines.html
*/
toDescribePatchBaselines(): this;
/**
* Grants permission to view aggregated status details for patches for a specified patch group
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchGroupState.html
*/
toDescribePatchGroupState(): this;
/**
* Grants permission to view information about the patch baseline for a specified patch group
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchGroups.html
*/
toDescribePatchGroups(): this;
/**
* Grants permission to view details of available patches for a specified operating system and patch property
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchProperties.html
*/
toDescribePatchProperties(): this;
/**
* Grants permission to view a list of recent Session Manager sessions that meet the specified search criteria
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeSessions.html
*/
toDescribeSessions(): this;
/**
* Grants permission to disassociate RelatedItem from an OpsItem
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DisassociateOpsItemRelatedItem.html
*/
toDisassociateOpsItemRelatedItem(): this;
/**
* Grants permission to a Systems Manager delegated administrator to view related resource details about OpsItems across multiple AWS accounts in the AWS Management Console
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html#systems-manager-namespace-other-API-operations
*/
toExecuteAPI(): this;
/**
* Grants permission to return a credentials set to be used with just-in-time node access
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetAccessToken.html
*/
toGetAccessToken(): this;
/**
* Grants permission to view details of a specified Automation execution
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_AutomationExecution.html
*/
toGetAutomationExecution(): this;
/**
* Grants permission to view details of a specific calendar
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar-prereqs.html
*/
toGetCalendar(): this;
/**
* Grants permission to view the calendar state for a change calendar or a list of change calendars
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetCalendarState.html
*/
toGetCalendarState(): this;
/**
* Grants permission to view details about the command execution of a specified invocation or plugin
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetCommandInvocation.html
*/
toGetCommandInvocation(): this;
/**
* Grants permission to view the Session Manager connection status for a specified managed instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifResourceTag()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetConnectionStatus.html
*/
toGetConnectionStatus(): this;
/**
* Grants permission to view the current default patch baseline for a specified operating system type
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetDefaultPatchBaseline.html
*/
toGetDefaultPatchBaseline(): this;
/**
* Grants permission to retrieve the current patch baseline snapshot for a specified instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetDeployablePatchSnapshotForInstance.html
*/
toGetDeployablePatchSnapshotForInstance(): this;
/**
* Grants permission to view the contents of a specified SSM document
*
* Access Level: Read
*
* Possible conditions:
* - .ifDocumentCategories()
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetDocument.html
*/
toGetDocument(): this;
/**
* Grants permission to retrieve an existing preview that shows the effects that running a specified Automation runbook would have on the targeted resources
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetExecutionPreview.html
*/
toGetExecutionPreview(): this;
/**
* Grants permission to view instance inventory details per the specified criteria
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetInventory.html
*/
toGetInventory(): this;
/**
* Grants permission to view a list of inventory types or attribute names for a specified inventory item type
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetInventorySchema.html
*/
toGetInventorySchema(): this;
/**
* Grants permission to view details about a specified maintenance window
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindow.html
*/
toGetMaintenanceWindow(): this;
/**
* Grants permission to view details about a specified maintenance window execution
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindowExecution.html
*/
toGetMaintenanceWindowExecution(): this;
/**
* Grants permission to view details about a specified maintenance window execution task
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindowExecutionTask.html
*/
toGetMaintenanceWindowExecutionTask(): this;
/**
* Grants permission to view details about a specific maintenance window task running on a specific target
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindowExecutionTaskInvocation.html
*/
toGetMaintenanceWindowExecutionTaskInvocation(): this;
/**
* Grants permission to view details about tasks registered with a specified maintenance window
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindowTask.html
*/
toGetMaintenanceWindowTask(): this;
/**
* Grants permission to Systems Manager and SSM Agent to determine package installation requirements for an instance (internal Systems Manager call)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toGetManifest(): this;
/**
* Grants permission to view information about a specified OpsItem
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetOpsItem.html
*/
toGetOpsItem(): this;
/**
* Grants permission to retrieve an OpsMetadata object
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetOpsMetadata.html
*/
toGetOpsMetadata(): this;
/**
* Grants permission to view summary information about OpsItems based on specified filters and aggregators
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetOpsSummary.html
*/
toGetOpsSummary(): this;
/**
* Grants permission to view information about a specified parameter
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParameter.html
*/
toGetParameter(): this;
/**
* Grants permission to view details and changes for a specified parameter
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParameterHistory.html
*/
toGetParameterHistory(): this;
/**
* Grants permission to view information about multiple specified parameters
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParameters.html
*/
toGetParameters(): this;
/**
* Grants permission to view information about parameters in a specified hierarchy
*
* Access Level: Read
*
* Possible conditions:
* - .ifRecursive()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParametersByPath.html
*/
toGetParametersByPath(): this;
/**
* Grants permission to view information about a specified patch baseline
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetPatchBaseline.html
*/
toGetPatchBaseline(): this;
/**
* Grants permission to view the ID of the current patch baseline for a specified patch group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetPatchBaselineForPatchGroup.html
*/
toGetPatchBaselineForPatchGroup(): this;
/**
* Grants permission to retrieve lists of Systems Manager resource policies
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetResourcePolicies.html
*/
toGetResourcePolicies(): this;
/**
* Grants permission to view the account-level setting for an AWS service
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetServiceSetting.html
*/
toGetServiceSetting(): this;
/**
* Grants permission to apply an identifying label to a specified version of a parameter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_LabelParameterVersion.html
*/
toLabelParameterVersion(): this;
/**
* Grants permission to list versions of the specified association
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListAssociationVersions.html
*/
toListAssociationVersions(): this;
/**
* Grants permission to list the associations for a specified SSM document or managed instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListAssociations.html
*/
toListAssociations(): this;
/**
* Grants permission to list information about command invocations sent to a specified instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListCommandInvocations.html
*/
toListCommandInvocations(): this;
/**
* Grants permission to list the commands sent to a specified instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListCommands.html
*/
toListCommands(): this;
/**
* Grants permission to list compliance status for specified resource types on a specified resource
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListComplianceItems.html
*/
toListComplianceItems(): this;
/**
* Grants permission to list a summary count of compliant and noncompliant resources for a specified compliance type
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListComplianceSummaries.html
*/
toListComplianceSummaries(): this;
/**
* Grants permission to view metadata history about a specified SSM document
*
* Access Level: List
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListDocumentMetadataHistory.html
*/
toListDocumentMetadataHistory(): this;
/**
* Grants permission to list all versions of a specified document
*
* Access Level: List
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListDocumentVersions.html
*/
toListDocumentVersions(): this;
/**
* Grants permission to view information about a specified SSM document
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListDocuments.html
*/
toListDocuments(): this;
/**
* Grants permission to SSM Agent to check for new State Manager associations (internal Systems Manager call)
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toListInstanceAssociations(): this;
/**
* Grants permission to view a list of specified inventory types for a specified instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListInventoryEntries.html
*/
toListInventoryEntries(): this;
/**
* Grants permission to view details about managed nodes based on specified filters
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListNodes.html
*/
toListNodes(): this;
/**
* Grants permission to view summary information about managed nodes based on specified filters and aggregators
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListNodesSummary.html
*/
toListNodesSummary(): this;
/**
* Grants permission to view details about OpsItemEvents
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListOpsItemEvents.html
*/
toListOpsItemEvents(): this;
/**
* Grants permission to view details about OpsItem RelatedItems
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListOpsItemRelatedItems.html
*/
toListOpsItemRelatedItems(): this;
/**
* Grants permission to view a list of OpsMetadata objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListOpsMetadata.html
*/
toListOpsMetadata(): this;
/**
* Grants permission to list resource-level summary count
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListResourceComplianceSummaries.html
*/
toListResourceComplianceSummaries(): this;
/**
* Grants permission to list information about resource data sync configurations in an account
*
* Access Level: List
*
* Possible conditions:
* - .ifSyncType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListResourceDataSync.html
*/
toListResourceDataSync(): this;
/**
* Grants permission to view a list of resource tags for a specified resource
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource(): this;
/**
* Grants permission to share a custom SSM document publicly or privately with specified AWS accounts
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ModifyDocumentPermission.html
*/
toModifyDocumentPermission(): this;
/**
* Grants permission to create/edit a specific calendar
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar-prereqs.html
*/
toPutCalendar(): this;
/**
* Grants permission to register a compliance type and other compliance details on a specified resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifSourceInstanceARN()
* - .ifEc2SourceInstanceARN()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutComplianceItems.html
*/
toPutComplianceItems(): this;
/**
* Grants permission to SSM Agent to generate a report of the results of specific agent requests (internal Systems Manager call)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toPutConfigurePackageResult(): this;
/**
* Grants permission to add or update inventory items on multiple specified managed instances
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutInventory.html
*/
toPutInventory(): this;
/**
* Grants permission to create an SSM parameter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifOverwrite()
* - .ifPolicies()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html
*/
toPutParameter(): this;
/**
* Grants permission to create or update a Systems Manager resource policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutResourcePolicy.html
*/
toPutResourcePolicy(): this;
/**
* Grants permission to specify the default patch baseline for an operating system type
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_RegisterDefaultPatchBaseline.html
*/
toRegisterDefaultPatchBaseline(): this;
/**
* Grants permission to register a Systems Manager Agent
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toRegisterManagedInstance(): this;
/**
* Grants permission to specify the default patch baseline for a specified patch group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_RegisterPatchBaselineForPatchGroup.html
*/
toRegisterPatchBaselineForPatchGroup(): this;
/**
* Grants permission to register a target with a specified maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_RegisterTargetWithMaintenanceWindow.html
*/
toRegisterTargetWithMaintenanceWindow(): this;
/**
* Grants permission to register a task with a specified maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_RegisterTaskWithMaintenanceWindow.html
*/
toRegisterTaskWithMaintenanceWindow(): this;
/**
* Grants permission to remove a specified tag key from a specified resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_RemoveTagsFromResource.html
*/
toRemoveTagsFromResource(): this;
/**
* Grants permission to reset the service setting for an AWS account to the default value
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ResetServiceSetting.html
*/
toResetServiceSetting(): this;
/**
* Grants permission to reconnect a Session Manager session to a managed instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifResourceTagAws()
* - .ifResourceTagAws()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ResumeSession.html
*/
toResumeSession(): this;
/**
* Grants permission to send a signal to change the current behavior or status of a specified Automation execution
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_SendAutomationSignal.html
*/
toSendAutomationSignal(): this;
/**
* Grants permission to run commands on one or more specified managed instances
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_SendCommand.html
*/
toSendCommand(): this;
/**
* Grants permission to start the workflow for just-in-time node access sessions
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_StartAccessRequest.html
*/
toStartAccessRequest(): this;
/**
* Grants permission to run a specified association manually
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_StartAssociationsOnce.html
*/
toStartAssociationsOnce(): this;
/**
* Grants permission to initiate the execution of an Automation document
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_StartAutomationExecution.html
*/
toStartAutomationExecution(): this;
/**
* Grants permission to initiate the execution of an Automation Change Template document
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifAutoApprove()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_StartChangeRequestExecution.html
*/
toStartChangeRequestExecution(): this;
/**
* Grants permission to create a preview showing the effects that running a specified Automation runbook would have on the targeted resources
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_StartExecutionPreview.html
*/
toStartExecutionPreview(): this;
/**
* Grants permission to initiate a connection to a specified target for a Session Manager session
*
* Access Level: Write
*
* Possible conditions:
* - .ifResourceTag()
* - .ifAwsResourceTag()
* - .ifAccessRequestId()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_StartSession.html
*/
toStartSession(): this;
/**
* Grants permission to stop a specified Automation execution that is already in progress
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_StopAutomationExecution.html
*/
toStopAutomationExecution(): this;
/**
* Grants permission to permanently end a Session Manager connection to an instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifResourceTagAws()
* - .ifResourceTagAws()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_TerminateSession.html
*/
toTerminateSession(): this;
/**
* Grants permission to remove an identifying label from a specified version of a parameter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_UnlabelParameterVersion.html
*/
toUnlabelParameterVersion(): this;
/**
* Grants permission to update an association and immediately run the association on the specified targets
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_UpdateAssociation.html
*/
toUpdateAssociation(): this;
/**
* Grants permission to update the status of the SSM document associated with a specified instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifSourceInstanceARN()
* - .ifEc2SourceInstanceARN()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_UpdateAssociationStatus.html
*/
toUpdateAssociationStatus(): this;
/**
* Grants permission to update one or more values for an SSM document
*
* Access Level: Write
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_UpdateDocument.html
*/
toUpdateDocument(): this;
/**
* Grants permission to change the default version of an SSM document
*
* Access Level: Write
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_UpdateDocumentDefaultVersion.html
*/
toUpdateDocumentDefaultVersion(): this;
/**
* Grants permission to update the metadata of an SSM document
*
* Access Level: Write
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_UpdateDocumentMetadata.html
*/
toUpdateDocumentMetadata(): this;
/**
* Grants permission to SSM Agent to update the status of the association that it is currently running (internal Systems Manager call)
*
* Access Level: Write
*
* Possible conditions:
* - .ifSourceInstanceARN()
* - .ifEc2SourceInstanceARN()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toUpdateInstanceAssociationStatus(): this;
/**
* Grants permission to SSM Agent to send a heartbeat signal to the Systems Manager service in the cloud
*
* Access Level: Write
*
* Possible conditions:
* - .ifSourceInstanceARN()
* - .ifEc2SourceInstanceARN()
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toUpdateInstanceInformation(): this;
/**
* Grants permission to update a specified maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_UpdateMaintenanceWindow.html
*/
toUpdateMaintenanceWindow(): this;
/**
* Grants permission to update a specified maintenance window target
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_UpdateMaintenanceWindowTarget.html
*/
toUpdateMaintenanceWindowTarget(): this;
/**
* Grants permission to update a specified maintenance window task
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_UpdateMaintenanceWindowTask.html
*/
toUpdateMaintenanceWindowTask(): this;
/**
* Grants permission to assign or change the IAM role assigned to a specified managed instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_UpdateManagedInstanceRole.html
*/
toUpdateManagedInstanceRole(): this;
/**
* Grants permission to edit or change an OpsItem
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_UpdateOpsItem.html
*/
toUpdateOpsItem(): this;
/**
* Grants permission to update an