iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,528 lines • 160 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Backup = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [backup](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsbackup.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Backup extends shared_1.PolicyStatement {
/**
* Statement provider for service [backup](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsbackup.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'backup';
this.accessLevelList = {
Write: [
'AssociateBackupVaultMpaApprovalTeam',
'CancelLegalHold',
'CopyFromBackupVault',
'CopyIntoBackupVault',
'CreateBackupAccessPoint',
'CreateBackupPlan',
'CreateBackupSelection',
'CreateBackupVault',
'CreateFramework',
'CreateLegalHold',
'CreateLogicallyAirGappedBackupVault',
'CreateReportPlan',
'CreateRestoreAccessBackupVault',
'CreateRestoreTestingPlan',
'CreateRestoreTestingSelection',
'CreateTieringConfiguration',
'DeleteBackupAccessPoint',
'DeleteBackupPlan',
'DeleteBackupSelection',
'DeleteBackupVault',
'DeleteBackupVaultLockConfiguration',
'DeleteBackupVaultNotifications',
'DeleteFramework',
'DeleteRecoveryPoint',
'DeleteReportPlan',
'DeleteRestoreTestingPlan',
'DeleteRestoreTestingSelection',
'DeleteTieringConfiguration',
'DisassociateBackupVaultMpaApprovalTeam',
'DisassociateRecoveryPoint',
'DisassociateRecoveryPointFromParent',
'PutBackupVaultLockConfiguration',
'PutBackupVaultNotifications',
'PutRestoreValidationResult',
'RevokeRestoreAccessBackupVault',
'StartBackupJob',
'StartCopyJob',
'StartReportJob',
'StartRestoreJob',
'StartScanJob',
'StopBackupJob',
'UpdateBackupPlan',
'UpdateFramework',
'UpdateGlobalSettings',
'UpdateRecoveryPointIndexSettings',
'UpdateRecoveryPointLifecycle',
'UpdateRegionSettings',
'UpdateReportPlan',
'UpdateRestoreTestingPlan',
'UpdateRestoreTestingSelection',
'UpdateTieringConfiguration'
],
'Permissions management': [
'DeleteBackupVaultAccessPolicy',
'DeleteBackupVaultSharingPolicy',
'ListIndexedRecoveryPointsForSearch',
'PutBackupVaultAccessPolicy',
'PutBackupVaultSharingPolicy',
'SearchRecoveryPoint'
],
Read: [
'DescribeBackupAccessPoint',
'DescribeBackupJob',
'DescribeBackupVault',
'DescribeCopyJob',
'DescribeFramework',
'DescribeGlobalSettings',
'DescribeProtectedResource',
'DescribeRecoveryPoint',
'DescribeRegionSettings',
'DescribeReportJob',
'DescribeReportPlan',
'DescribeRestoreJob',
'DescribeScanJob',
'ExportBackupPlanTemplate',
'GetBackupPlan',
'GetBackupPlanFromJSON',
'GetBackupPlanFromTemplate',
'GetBackupSelection',
'GetBackupVaultAccessPolicy',
'GetBackupVaultNotifications',
'GetBackupVaultSharingPolicy',
'GetLegalHold',
'GetRecoveryPointIndexDetails',
'GetRecoveryPointRestoreMetadata',
'GetRestoreJobMetadata',
'GetRestoreTestingInferredMetadata',
'GetRestoreTestingPlan',
'GetRestoreTestingSelection',
'GetSupportedResourceTypes',
'GetTieringConfiguration',
'ListTags'
],
List: [
'ListBackupJobSummaries',
'ListBackupJobs',
'ListBackupPlanTemplates',
'ListBackupPlanVersions',
'ListBackupPlans',
'ListBackupSelections',
'ListBackupVaults',
'ListCopyJobSummaries',
'ListCopyJobs',
'ListFrameworks',
'ListIndexedRecoveryPoints',
'ListLegalHolds',
'ListProtectedResources',
'ListProtectedResourcesByBackupVault',
'ListRecoveryPointsByBackupVault',
'ListRecoveryPointsByLegalHold',
'ListRecoveryPointsByResource',
'ListReportJobs',
'ListReportPlans',
'ListRestoreAccessBackupVaults',
'ListRestoreJobSummaries',
'ListRestoreJobs',
'ListRestoreJobsByProtectedResource',
'ListRestoreTestingPlans',
'ListRestoreTestingSelections',
'ListScanJobSummaries',
'ListScanJobs',
'ListTieringConfigurations'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
/**
* Grants permission to associate an MPA approval team with a backup vault
*
* Access Level: Write
*
* Possible conditions:
* - .ifMpaApprovalTeamArn()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_AssociateBackupVaultMpaApprovalTeam.html
*/
toAssociateBackupVaultMpaApprovalTeam() {
return this.to('AssociateBackupVaultMpaApprovalTeam');
}
/**
* Grants permission to cancel a legal hold
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_CancelLegalHold.html
*/
toCancelLegalHold() {
return this.to('CancelLegalHold');
}
/**
* Grants permission to copy from a backup vault
*
* Access Level: Write
*
* Possible conditions:
* - .ifCopyTargets()
* - .ifCopyTargetOrgPaths()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/vaults.html.html
*/
toCopyFromBackupVault() {
return this.to('CopyFromBackupVault');
}
/**
* Grants permission to copy into a backup vault
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/vaults.html
*/
toCopyIntoBackupVault() {
return this.to('CopyIntoBackupVault');
}
/**
* Grants permission to create a new access point for backup instant access
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/backup-instant-access.html
*/
toCreateBackupAccessPoint() {
return this.to('CreateBackupAccessPoint');
}
/**
* Grants permission to create a new backup plan
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_CreateBackupPlan.html
*/
toCreateBackupPlan() {
return this.to('CreateBackupPlan');
}
/**
* Grants permission to create a new resource assignment in a backup plan
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_CreateBackupSelection.html
*/
toCreateBackupSelection() {
return this.to('CreateBackupSelection');
}
/**
* Grants permission to create a new backup vault
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_CreateBackupVault.html
*/
toCreateBackupVault() {
return this.to('CreateBackupVault');
}
/**
* Grants permission to create a new framework
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_CreateFramework.html
*/
toCreateFramework() {
return this.to('CreateFramework');
}
/**
* Grants permission to create a new legal hold
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_CreateLegalHold.html
*/
toCreateLegalHold() {
return this.to('CreateLegalHold');
}
/**
* Grants permission to create a new logically air-gapped backup vault, a logical container where backups are stored
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifMinRetentionDays()
* - .ifMaxRetentionDays()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_CreateLogicallyAirGappedBackupVault.html
*/
toCreateLogicallyAirGappedBackupVault() {
return this.to('CreateLogicallyAirGappedBackupVault');
}
/**
* Grants permission to create a new report plan
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifFrameworkArns()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_CreateReportPlan.html
*/
toCreateReportPlan() {
return this.to('CreateReportPlan');
}
/**
* Grants permission to create a restore access backup vault
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_CreateRestoreAccessBackupVault.html
*/
toCreateRestoreAccessBackupVault() {
return this.to('CreateRestoreAccessBackupVault');
}
/**
* Grants permission to create a new restore testing plan
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_CreateRestoreTestingPlan.html
*/
toCreateRestoreTestingPlan() {
return this.to('CreateRestoreTestingPlan');
}
/**
* Grants permission to create a new resource assignment in a restore testing plan
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_CreateRestoreTestingSelection.html
*/
toCreateRestoreTestingSelection() {
return this.to('CreateRestoreTestingSelection');
}
/**
* Grants permission to create a new tiering configuration
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_CreateTieringConfiguration.html
*/
toCreateTieringConfiguration() {
return this.to('CreateTieringConfiguration');
}
/**
* Grants permission to delete the access point
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/backup-instant-access.html
*/
toDeleteBackupAccessPoint() {
return this.to('DeleteBackupAccessPoint');
}
/**
* Grants permission to delete a backup plan
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteBackupPlan.html
*/
toDeleteBackupPlan() {
return this.to('DeleteBackupPlan');
}
/**
* Grants permission to delete a resource assignment from a backup plan
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteBackupSelection.html
*/
toDeleteBackupSelection() {
return this.to('DeleteBackupSelection');
}
/**
* Grants permission to delete a backup vault
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteBackupVault.html
*/
toDeleteBackupVault() {
return this.to('DeleteBackupVault');
}
/**
* Grants permission to delete backup vault access policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteBackupVaultAccessPolicy.html
*/
toDeleteBackupVaultAccessPolicy() {
return this.to('DeleteBackupVaultAccessPolicy');
}
/**
* Grants permission to remove the lock configuration from a backup vault
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteBackupVaultLockConfiguration.html
*/
toDeleteBackupVaultLockConfiguration() {
return this.to('DeleteBackupVaultLockConfiguration');
}
/**
* Grants permission to remove the notifications from a backup vault
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteBackupVaultNotifications.html
*/
toDeleteBackupVaultNotifications() {
return this.to('DeleteBackupVaultNotifications');
}
/**
* Grants permission to delete backup vault sharing policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/logicallyairgappedvault.html
*/
toDeleteBackupVaultSharingPolicy() {
return this.to('DeleteBackupVaultSharingPolicy');
}
/**
* Grants permission to delete a framework
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteFramework.html
*/
toDeleteFramework() {
return this.to('DeleteFramework');
}
/**
* Grants permission to delete a recovery point from a backup vault
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteRecoveryPoint.html
*/
toDeleteRecoveryPoint() {
return this.to('DeleteRecoveryPoint');
}
/**
* Grants permission to delete a report plan
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteReportPlan.html
*/
toDeleteReportPlan() {
return this.to('DeleteReportPlan');
}
/**
* Grants permission to delete a restore testing plan
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteRestoreTestingPlan.html
*/
toDeleteRestoreTestingPlan() {
return this.to('DeleteRestoreTestingPlan');
}
/**
* Grants permission to delete a resource assignment from a restore testing plan
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteRestoreTestingSelection.html
*/
toDeleteRestoreTestingSelection() {
return this.to('DeleteRestoreTestingSelection');
}
/**
* Grants permission to delete a tiering configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteTieringConfiguration.html
*/
toDeleteTieringConfiguration() {
return this.to('DeleteTieringConfiguration');
}
/**
* Grants permission to return information about the specified access point
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/backup-instant-access.html
*/
toDescribeBackupAccessPoint() {
return this.to('DescribeBackupAccessPoint');
}
/**
* Grants permission to describe a backup job
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DescribeBackupJob.html
*/
toDescribeBackupJob() {
return this.to('DescribeBackupJob');
}
/**
* Grants permission to describe a new backup vault with the specified name
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DescribeBackupVault.html
*/
toDescribeBackupVault() {
return this.to('DescribeBackupVault');
}
/**
* Grants permission to describe a copy job
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DescribeCopyJob.html
*/
toDescribeCopyJob() {
return this.to('DescribeCopyJob');
}
/**
* Grants permission to describe a framework with the specified name
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DescribeFramework.html
*/
toDescribeFramework() {
return this.to('DescribeFramework');
}
/**
* Grants permission to describe global settings
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DescribeGlobalSettings.html
*/
toDescribeGlobalSettings() {
return this.to('DescribeGlobalSettings');
}
/**
* Grants permission to describe a protected resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DescribeProtectedResource.html
*/
toDescribeProtectedResource() {
return this.to('DescribeProtectedResource');
}
/**
* Grants permission to describe a recovery point
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DescribeRecoveryPoint.html
*/
toDescribeRecoveryPoint() {
return this.to('DescribeRecoveryPoint');
}
/**
* Grants permission to describe region settings
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DescribeRegionSettings.html
*/
toDescribeRegionSettings() {
return this.to('DescribeRegionSettings');
}
/**
* Grants permission to describe a report job
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DescribeReportJob.html
*/
toDescribeReportJob() {
return this.to('DescribeReportJob');
}
/**
* Grants permission to describe a report plan with the specified name
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DescribeReportPlan.html
*/
toDescribeReportPlan() {
return this.to('DescribeReportPlan');
}
/**
* Grants permission to describe a restore job
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DescribeRestoreJob.html
*/
toDescribeRestoreJob() {
return this.to('DescribeRestoreJob');
}
/**
* Grants permission to describe a scan job
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DescribeScanJob.html
*/
toDescribeScanJob() {
return this.to('DescribeScanJob');
}
/**
* Grants permission to disassociate an MPA approval team from a backup vault
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DisassociateBackupVaultMpaApprovalTeam.html
*/
toDisassociateBackupVaultMpaApprovalTeam() {
return this.to('DisassociateBackupVaultMpaApprovalTeam');
}
/**
* Grants permission to disassociate a recovery point from a backup vault
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DisassociateRecoveryPoint.html
*/
toDisassociateRecoveryPoint() {
return this.to('DisassociateRecoveryPoint');
}
/**
* Grants permission to disassociate a recovery point from its parent
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DisassociateRecoveryPointFromParent.html
*/
toDisassociateRecoveryPointFromParent() {
return this.to('DisassociateRecoveryPointFromParent');
}
/**
* Grants permission to export a backup plan as a JSON
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ExportBackupPlanTemplate.html
*/
toExportBackupPlanTemplate() {
return this.to('ExportBackupPlanTemplate');
}
/**
* Grants permission to get a backup plan
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetBackupPlan.html
*/
toGetBackupPlan() {
return this.to('GetBackupPlan');
}
/**
* Grants permission to transform a JSON to a backup plan
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetBackupPlanFromJSON.html
*/
toGetBackupPlanFromJSON() {
return this.to('GetBackupPlanFromJSON');
}
/**
* Grants permission to transform a template to a backup plan
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetBackupPlanFromTemplate.html
*/
toGetBackupPlanFromTemplate() {
return this.to('GetBackupPlanFromTemplate');
}
/**
* Grants permission to get a backup plan resource assignment
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetBackupSelection.html
*/
toGetBackupSelection() {
return this.to('GetBackupSelection');
}
/**
* Grants permission to get backup vault access policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetBackupVaultAccessPolicy.html
*/
toGetBackupVaultAccessPolicy() {
return this.to('GetBackupVaultAccessPolicy');
}
/**
* Grants permission to get backup vault notifications
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetBackupVaultNotifications.html
*/
toGetBackupVaultNotifications() {
return this.to('GetBackupVaultNotifications');
}
/**
* Grants permission to get backup vault sharing policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/logicallyairgappedvault.html
*/
toGetBackupVaultSharingPolicy() {
return this.to('GetBackupVaultSharingPolicy');
}
/**
* Grants permission to get a legal hold
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetLegalHold.html
*/
toGetLegalHold() {
return this.to('GetLegalHold');
}
/**
* Grants permission to get indexing details for a recovery point
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetRecoveryPointIndexDetails.html
*/
toGetRecoveryPointIndexDetails() {
return this.to('GetRecoveryPointIndexDetails');
}
/**
* Grants permission to get recovery point restore metadata
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetRecoveryPointRestoreMetadata.html
*/
toGetRecoveryPointRestoreMetadata() {
return this.to('GetRecoveryPointRestoreMetadata');
}
/**
* Grants permission to get the restore metadata associated with a restore job
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetRestoreJobMetadata.html
*/
toGetRestoreJobMetadata() {
return this.to('GetRestoreJobMetadata');
}
/**
* Grants permission to get inferred metadata generated by restore testing
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetRestoreTestingInferredMetadata.html
*/
toGetRestoreTestingInferredMetadata() {
return this.to('GetRestoreTestingInferredMetadata');
}
/**
* Grants permission to get a restore testing plan
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetRestoreTestingPlan.html
*/
toGetRestoreTestingPlan() {
return this.to('GetRestoreTestingPlan');
}
/**
* Grants permission to get a restore testing plan resource assignment
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetRestoreTestingSelection.html
*/
toGetRestoreTestingSelection() {
return this.to('GetRestoreTestingSelection');
}
/**
* Grants permission to get supported resource types
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetSupportedResourceTypes.html
*/
toGetSupportedResourceTypes() {
return this.to('GetSupportedResourceTypes');
}
/**
* Grants permission to describe a tiering configuration
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_GetTieringConfiguration.html
*/
toGetTieringConfiguration() {
return this.to('GetTieringConfiguration');
}
/**
* Grants permission to list backup job summaries
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListBackupJobSummaries.html
*/
toListBackupJobSummaries() {
return this.to('ListBackupJobSummaries');
}
/**
* Grants permission to list backup jobs
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListBackupJobs.html
*/
toListBackupJobs() {
return this.to('ListBackupJobs');
}
/**
* Grants permission to list backup plan templates provided by AWS Backup
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListBackupPlanTemplates.html
*/
toListBackupPlanTemplates() {
return this.to('ListBackupPlanTemplates');
}
/**
* Grants permission to list backup plan versions
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListBackupPlanVersions.html
*/
toListBackupPlanVersions() {
return this.to('ListBackupPlanVersions');
}
/**
* Grants permission to list backup plans
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListBackupPlans.html
*/
toListBackupPlans() {
return this.to('ListBackupPlans');
}
/**
* Grants permission to list resource assignments for a specific backup plan
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListBackupSelections.html
*/
toListBackupSelections() {
return this.to('ListBackupSelections');
}
/**
* Grants permission to list backup vaults
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListBackupVaults.html
*/
toListBackupVaults() {
return this.to('ListBackupVaults');
}
/**
* Grants permission to list copy job summaries
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListCopyJobSummaries.html
*/
toListCopyJobSummaries() {
return this.to('ListCopyJobSummaries');
}
/**
* Grants permission to list copy jobs
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListCopyJobs.html
*/
toListCopyJobs() {
return this.to('ListCopyJobs');
}
/**
* Grants permission to list frameworks
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListFrameworks.html
*/
toListFrameworks() {
return this.to('ListFrameworks');
}
/**
* Grants permission to get list indexed recovery points
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListIndexedRecoveryPoints.html
*/
toListIndexedRecoveryPoints() {
return this.to('ListIndexedRecoveryPoints');
}
/**
* Grants permission to list indexed recovery points to search
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListIndexedRecoveryPointsForSearch.html
*/
toListIndexedRecoveryPointsForSearch() {
return this.to('ListIndexedRecoveryPointsForSearch');
}
/**
* Grants permission to list legal holds
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListLegalHolds.html
*/
toListLegalHolds() {
return this.to('ListLegalHolds');
}
/**
* Grants permission to list protected resources by AWS Backup
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListProtectedResources.html
*/
toListProtectedResources() {
return this.to('ListProtectedResources');
}
/**
* Grants permission to list protected resources inside a backup vault
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListProtectedResourcesByBackupVault.html
*/
toListProtectedResourcesByBackupVault() {
return this.to('ListProtectedResourcesByBackupVault');
}
/**
* Grants permission to list recovery points inside a backup vault
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListRecoveryPointsByBackupVault.html
*/
toListRecoveryPointsByBackupVault() {
return this.to('ListRecoveryPointsByBackupVault');
}
/**
* Grants permission to list recovery points by legal hold
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListRecoveryPointsByLegalHold.html
*/
toListRecoveryPointsByLegalHold() {
return this.to('ListRecoveryPointsByLegalHold');
}
/**
* Grants permission to list recovery points for a resource
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListRecoveryPointsByResource.html
*/
toListRecoveryPointsByResource() {
return this.to('ListRecoveryPointsByResource');
}
/**
* Grants permission to list report jobs
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListReportJobs.html
*/
toListReportJobs() {
return this.to('ListReportJobs');
}
/**
* Grants permission to list report plans
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListReportPlans.html
*/
toListReportPlans() {
return this.to('ListReportPlans');
}
/**
* Grants permission to list a restore access backup vaults associated with a backup vault
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListRestoreAccessBackupVaults.html
*/
toListRestoreAccessBackupVaults() {
return this.to('ListRestoreAccessBackupVaults');
}
/**
* Grants permission to list restore job summaries
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListRestoreJobSummaries.html
*/
toListRestoreJobSummaries() {
return this.to('ListRestoreJobSummaries');
}
/**
* Grants permission to list restore jobs
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListRestoreJobs.html
*/
toListRestoreJobs() {
return this.to('ListRestoreJobs');
}
/**
* Grants permission to list restore jobs for a protected resource
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListRestoreJobsByProtectedResource.html
*/
toListRestoreJobsByProtectedResource() {
return this.to('ListRestoreJobsByProtectedResource');
}
/**
* Grants permission to list restore testing plans
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListRestoreTestingPlans.html
*/
toListRestoreTestingPlans() {
return this.to('ListRestoreTestingPlans');
}
/**
* Grants permission to list resource assignments for a specific restore testing plan
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListRestoreTestingSelections.html
*/
toListRestoreTestingSelections() {
return this.to('ListRestoreTestingSelections');
}
/**
* Grants permission to list scan job summaries
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListScanJobSummaries.html
*/
toListScanJobSummaries() {
return this.to('ListScanJobSummaries');
}
/**
* Grants permission to list scan jobs
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListScanJobs.html
*/
toListScanJobs() {
return this.to('ListScanJobs');
}
/**
* Grants permission to list tags for a resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListTags.html
*/
toListTags() {
return this.to('ListTags');
}
/**
* Grants permission to list tiering configurations
*
* Access Level: List
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListTieringConfigurations.html
*/
toListTieringConfigurations() {
return this.to('ListTieringConfigurations');
}
/**
* Grants permission to add an access policy to the backup vault
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_PutBackupVaultAccessPolicy.html
*/
toPutBackupVaultAccessPolicy() {
return this.to('PutBackupVaultAccessPolicy');
}
/**
* Grants permission to add a lock configuration to the backup vault
*
* Access Level: Write
*
* Possible conditions:
* - .ifChangeableForDays()
* - .ifMinRetentionDays()
* - .ifMaxRetentionDays()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_PutBackupVaultLockConfiguration.html
*/
toPutBackupVaultLockConfiguration() {
return this.to('PutBackupVaultLockConfiguration');
}
/**
* Grants permission to add an SNS topic to the backup vault
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_PutBackupVaultNotifications.html
*/
toPutBackupVaultNotifications() {
return this.to('PutBackupVaultNotifications');
}
/**
* Grants permission to add a sharing policy to the backup vault
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/logicallyairgappedvault.html
*/
toPutBackupVaultSharingPolicy() {
return this.to('PutBackupVaultSharingPolicy');
}
/**
* Grants permission to put a restore validation result
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_PutRestoreValidationResult.html
*/
toPutRestoreValidationResult() {
return this.to('PutRestoreValidationResult');
}
/**
* Grants permission to revoke a restore access backup vault
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_RevokeRestoreAccessBackupVault.html
*/
toRevokeRestoreAccessBackupVault() {
return this.to('RevokeRestoreAccessBackupVault');
}
/**
* Grants permission to search a recovery point
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_SearchRecoveryPoint.html
*/
toSearchRecoveryPoint() {
return this.to('SearchRecoveryPoint');
}
/**
* Grants permission to start a new backup job
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_StartBackupJob.html
*/
toStartBackupJob() {
return this.to('StartBackupJob');
}
/**
* Grants permission to copy a backup from a source backup vault to a destination backup vault
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_StartCopyJob.html
*/
toStartCopyJob() {
return this.to('StartCopyJob');
}
/**
* Grants permission to start a new report job
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_StartReportJob.html
*/
toStartReportJob() {
return this.to('StartReportJob');
}
/**
* Grants permission to start a new restore job
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_StartRestoreJob.html
*/
toStartRestoreJob() {
return this.to('StartRestoreJob');
}
/**
* Grants permission to start a new scan job
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_StartScanJob.html
*/
toStartScanJob() {
return this.to('StartScanJob');
}
/**
* Grants permission to stop a backup job
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_StopBackupJob.html
*/
toStopBackupJob() {
return this.to('StopBackupJob');
}
/**
* Grants permission to tag a resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to untag a resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update a backup plan
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_UpdateBackupPlan.html
*/
toUpdateBackupPlan() {
return this.to('UpdateBackupPlan');
}
/**
* Grants permission to update a framework
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_UpdateFramework.html
*/
toUpdateFramework() {
return this.to('UpdateFramework');
}
/**
* Grants permission to update the current global settings for the AWS Account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_UpdateGlobalSettings.html
*/
toUpdateGlobalSettings() {
return this.to('UpdateGlobalSettings');
}
/**
* Grants permission to update recovery point index settings
*
* Access Level: Write
*
* Possible conditions:
* - .ifIndex()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_UpdateRecoveryPointIndexSettings.html
*/
toUpdateRecoveryPointIndexSettings() {
return this.to('UpdateRecoveryPointIndexSettings');
}
/**
* Grants permission to update the lifecycle of the recovery point
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_UpdateRecoveryPointLifecycle.html
*/
toUpdateRecoveryPointLifecycle() {
return this.to('UpdateRecoveryPointLifecycle');
}
/**
* Grants permission to update the current service opt-in settings for the Region
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_UpdateRegionSettings.html
*/
toUpdateRegionSettings() {
return this.to('UpdateRegionSettings');
}
/**
* Grants permission to update a report plan
*
* Access Level: Write
*
* Possible conditions:
* - .ifFrameworkArns()
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_UpdateReportPlan.html
*/
toUpdateReportPlan() {
return this.to('UpdateReportPlan');
}
/**
* Grants permission to update a restore testing plan
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_UpdateRestoreTestingPlan.html
*/
toUpdateRestoreTestingPlan() {
return this.to('UpdateRestoreTestingPlan');
}
/**
* Grants permission to update a resource assignment in a restore testing plan
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_UpdateRestoreTestingSelection.html
*/
toUpdateRestoreTestingSelection() {
return this.to('UpdateRestoreTestingSelection');
}
/**
* Grants permission to update a tiering configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/API_UpdateTieringConfiguration.html
*/
toUpdateTieringConfiguration() {
return this.to('UpdateTieringConfiguration');
}
/**
* Adds a resource of type backupVault to the statement
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/vaults.html
*
* @param backupVaultName - Identifier for the backupVaultName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onBackupVault(backupVaultName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:backup:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:backup-vault:${backupVaultName}`);
}
/**
* Adds a resource of type backupPlan to the statement
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/about-backup-plans.html
*
* @param backupPlanId - Identifier for the backupPlanId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onBackupPlan(backupPlanId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:backup:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:backup-plan:${backupPlanId}`);
}
/**
* Adds a resource of type recoveryPoint to the statement
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/recovery-points.html
*
* @param recoveryPointId - Identifier for the recoveryPointId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRecoveryPoint(recoveryPointId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:backup:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:recovery-point:${recoveryPointId}`);
}
/**
* Adds a resource of type framework to the statement
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/working-with-audit-frameworks.html
*
* @param frameworkName - Identifier for the frameworkName.
* @param frameworkId - Identifier for the frameworkId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onFramework(frameworkName, frameworkId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:backup:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:framework:${frameworkName}-${frameworkId}`);
}
/**
* Adds a resource of type reportPlan to the statement
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/create-report-plan-api.html
*
* @param reportPlanName - Identifier for the reportPlanName.
* @param reportPlanId - Identifier for the reportPlanId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onReportPlan(reportPlanName, reportPlanId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:backup:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:report-plan:${reportPlanName}-${reportPlanId}`);
}
/**
* Adds a resource of type legalHold to the statement
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/legalhold.html
*
* @param legalHoldId - Identifier for the legalHoldId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onLegalHold(legalHoldId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:backup:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:legal-hold:${legalHoldId}`);
}
/**
* Adds a resource of type restoreTestingPlan to the statement
*
* https://docs.aws.amazon.com/aws-backup/latest/devguide/restore-testing.html
*
* @param restoreTestingPlanName - Identifier for the restoreTestingPlanName.
* @param restoreT