iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,440 lines (1,439 loc) • 152 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Logs = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [logs](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatchlogs.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Logs extends shared_1.PolicyStatement {
/**
* Statement provider for service [logs](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatchlogs.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'logs';
this.accessLevelList = {
Write: [
'AssociateKmsKey',
'AssociateSourceToS3TableIntegration',
'CancelExportTask',
'CreateDelivery',
'CreateExportTask',
'CreateLogAnomalyDetector',
'CreateLogDelivery',
'CreateLogGroup',
'CreateLogStream',
'CreateScheduledQuery',
'DeleteAccountPolicy',
'DeleteDataProtectionPolicy',
'DeleteDelivery',
'DeleteDeliveryDestination',
'DeleteDeliveryDestinationPolicy',
'DeleteDeliverySource',
'DeleteDestination',
'DeleteIndexPolicy',
'DeleteIntegration',
'DeleteLogAnomalyDetector',
'DeleteLogDelivery',
'DeleteLogGroup',
'DeleteLogStream',
'DeleteMetricFilter',
'DeletePipelineRule',
'DeleteQueryDefinition',
'DeleteRetentionPolicy',
'DeleteScheduledQuery',
'DeleteSubscriptionFilter',
'DeleteTransformer',
'DisassociateKmsKey',
'DisassociateSourceFromS3TableIntegration',
'IntegrateWithS3Table',
'Link',
'ProcessWithPipeline',
'PutAccountPolicy',
'PutDataProtectionPolicy',
'PutDeliveryDestination',
'PutDeliveryDestinationPolicy',
'PutDeliverySource',
'PutDestination',
'PutDestinationPolicy',
'PutIndexPolicy',
'PutIntegration',
'PutLogEvents',
'PutLogGroupDeletionProtection',
'PutMetricFilter',
'PutPipelineRule',
'PutQueryDefinition',
'PutRetentionPolicy',
'PutSubscriptionFilter',
'PutTransformer',
'UpdateAnomaly',
'UpdateDeliveryConfiguration',
'UpdateLogAnomalyDetector',
'UpdateLogDelivery',
'UpdateScheduledQuery'
],
'Permissions management': [
'DeleteResourcePolicy',
'PutResourcePolicy'
],
List: [
'DescribeAccountPolicies',
'DescribeConfigurationTemplates',
'DescribeDeliveries',
'DescribeDeliveryDestinations',
'DescribeDeliverySources',
'DescribeDestinations',
'DescribeExportTasks',
'DescribeFieldIndexes',
'DescribeIndexPolicies',
'DescribeLogGroups',
'DescribeLogStreams',
'DescribeMetricFilters',
'DescribeQueries',
'DescribeQueryDefinitions',
'DescribeResourcePolicies',
'DescribeSubscriptionFilters',
'ListAggregateLogGroupSummaries',
'ListAnomalies',
'ListEntitiesForLogGroup',
'ListIntegrations',
'ListLogAnomalyDetectors',
'ListLogDeliveries',
'ListLogGroups',
'ListLogGroupsForEntity',
'ListLogGroupsForQuery',
'ListScheduledQueries',
'ListSourcesForS3TableIntegration',
'ListTagsForResource',
'ListTagsLogGroup'
],
Read: [
'FilterLogEvents',
'GetDataProtectionPolicy',
'GetDelivery',
'GetDeliveryDestination',
'GetDeliveryDestinationPolicy',
'GetDeliverySource',
'GetIntegration',
'GetLogAnomalyDetector',
'GetLogDelivery',
'GetLogEvents',
'GetLogFields',
'GetLogGroupFields',
'GetLogRecord',
'GetQueryResults',
'GetScheduledQuery',
'GetScheduledQueryHistory',
'GetTransformer',
'StartLiveTail',
'StartQuery',
'StopLiveTail',
'StopQuery',
'TestMetricFilter',
'TestTransformer',
'Unmask'
],
Tagging: [
'TagLogGroup',
'TagResource',
'UntagLogGroup',
'UntagResource'
]
};
}
/**
* Grants permission to associate the specified AWS Key Management Service (AWS KMS) customer master key (CMK) with the specified log group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_AssociateKmsKey.html
*/
toAssociateKmsKey() {
return this.to('AssociateKmsKey');
}
/**
* Grants permission to associate a log source to an S3 Tables integration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_AssociateSourceToS3TableIntegration.html
*/
toAssociateSourceToS3TableIntegration() {
return this.to('AssociateSourceToS3TableIntegration');
}
/**
* Grants permission to cancel an export task if it is in PENDING or RUNNING state
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CancelExportTask.html
*/
toCancelExportTask() {
return this.to('CancelExportTask');
}
/**
* Grants permission to create a delivery connecting a delivery source to a delivery destination
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html
*/
toCreateDelivery() {
return this.to('CreateDelivery');
}
/**
* Grants permission to create an ExportTask which allows you to efficiently export data from a Log Group to your Amazon S3 bucket
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateExportTask.html
*/
toCreateExportTask() {
return this.to('CreateExportTask');
}
/**
* Grants permission to create a log anomaly detector
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogAnomalyDetector.html
*/
toCreateLogAnomalyDetector() {
return this.to('CreateLogAnomalyDetector');
}
/**
* Grants permission to create the log delivery
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
*/
toCreateLogDelivery() {
return this.to('CreateLogDelivery');
}
/**
* Grants permission to create a new log group with the specified name
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogGroup.html
*/
toCreateLogGroup() {
return this.to('CreateLogGroup');
}
/**
* Grants permission to create a new log stream with the specified name
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogStream.html
*/
toCreateLogStream() {
return this.to('CreateLogStream');
}
/**
* Grants permission to create a scheduled query
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateScheduledQuery.html
*/
toCreateScheduledQuery() {
return this.to('CreateScheduledQuery');
}
/**
* Grants permission to delete an account policy
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteAccountPolicy.html
*/
toDeleteAccountPolicy() {
return this.to('DeleteAccountPolicy');
}
/**
* Grants permission to delete a data protection policy attached to a log group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDataProtectionPolicy.html
*/
toDeleteDataProtectionPolicy() {
return this.to('DeleteDataProtectionPolicy');
}
/**
* Grants permission to delete a delivery
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDelivery.html
*/
toDeleteDelivery() {
return this.to('DeleteDelivery');
}
/**
* Grants permission to delete a delivery destination after all associated deliveries are deleted
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDeliveryDestination.html
*/
toDeleteDeliveryDestination() {
return this.to('DeleteDeliveryDestination');
}
/**
* Grants permission to delete a delivery destination policy associated with a delivery destination
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDeliveryDestinationPolicy.html
*/
toDeleteDeliveryDestinationPolicy() {
return this.to('DeleteDeliveryDestinationPolicy');
}
/**
* Grants permission to delete a delivery source after all associated deliveries are deleted
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDeliverySource.html
*/
toDeleteDeliverySource() {
return this.to('DeleteDeliverySource');
}
/**
* Grants permission to delete the destination with the specified name
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDestination.html
*/
toDeleteDestination() {
return this.to('DeleteDestination');
}
/**
* Grants permission to delete an index policy attached to a log group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteIndexPolicy.html
*/
toDeleteIndexPolicy() {
return this.to('DeleteIndexPolicy');
}
/**
* Grants permission to delete the integration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteIntegration.html
*/
toDeleteIntegration() {
return this.to('DeleteIntegration');
}
/**
* Grants permission to delete a log anomaly detector
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteLogAnomalyDetector.html
*/
toDeleteLogAnomalyDetector() {
return this.to('DeleteLogAnomalyDetector');
}
/**
* Grants permission to delete the log delivery information for specified log delivery
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
*/
toDeleteLogDelivery() {
return this.to('DeleteLogDelivery');
}
/**
* Grants permission to delete the log group with the specified name
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteLogGroup.html
*/
toDeleteLogGroup() {
return this.to('DeleteLogGroup');
}
/**
* Grants permission to delete a log stream
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteLogStream.html
*/
toDeleteLogStream() {
return this.to('DeleteLogStream');
}
/**
* Grants permission to delete a metric filter associated with the specified log group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteMetricFilter.html
*/
toDeleteMetricFilter() {
return this.to('DeleteMetricFilter');
}
/**
* Grants permission to delete telemetry pipeline
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html
*/
toDeletePipelineRule() {
return this.to('DeletePipelineRule');
}
/**
* Grants permission to delete a saved CloudWatch Logs Insights query definition
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteQueryDefinition.html
*/
toDeleteQueryDefinition() {
return this.to('DeleteQueryDefinition');
}
/**
* Grants permission to delete a resource policy from this account
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteResourcePolicy.html
*/
toDeleteResourcePolicy() {
return this.to('DeleteResourcePolicy');
}
/**
* Grants permission to delete the retention policy of the specified log group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteRetentionPolicy.html
*/
toDeleteRetentionPolicy() {
return this.to('DeleteRetentionPolicy');
}
/**
* Grants permission to delete a scheduled query
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteScheduledQuery.html
*/
toDeleteScheduledQuery() {
return this.to('DeleteScheduledQuery');
}
/**
* Grants permission to delete a subscription filter associated with the specified log group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteSubscriptionFilter.html
*/
toDeleteSubscriptionFilter() {
return this.to('DeleteSubscriptionFilter');
}
/**
* Grants permission to delete a transformer associated with the specified log group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteTransformer.html
*/
toDeleteTransformer() {
return this.to('DeleteTransformer');
}
/**
* Grants permission to retrieve account policies
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeAccountPolicies.html
*/
toDescribeAccountPolicies() {
return this.to('DescribeAccountPolicies');
}
/**
* Grants permission to retrieve a list of configuration templates of available log types
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeConfigurationTemplates.html
*/
toDescribeConfigurationTemplates() {
return this.to('DescribeConfigurationTemplates');
}
/**
* Grants permission to retrieve a list of deliveries an account
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html
*/
toDescribeDeliveries() {
return this.to('DescribeDeliveries');
}
/**
* Grants permission to retrieve a list of delivery destinations an account
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveryDestinations.html
*/
toDescribeDeliveryDestinations() {
return this.to('DescribeDeliveryDestinations');
}
/**
* Grants permission to retrieve a list of delivery sources in an account
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliverySources.html
*/
toDescribeDeliverySources() {
return this.to('DescribeDeliverySources');
}
/**
* Grants permission to return all the destinations that are associated with the AWS account making the request
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDestinations.html
*/
toDescribeDestinations() {
return this.to('DescribeDestinations');
}
/**
* Grants permission to return all the export tasks that are associated with the AWS account making the request
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeExportTasks.html
*/
toDescribeExportTasks() {
return this.to('DescribeExportTasks');
}
/**
* Grants permission to return all the indexing attributes that are attached with the log groups
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeFieldIndexes.html
*/
toDescribeFieldIndexes() {
return this.to('DescribeFieldIndexes');
}
/**
* Grants permission to return all the index policies that are attached with the log groups
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeIndexPolicies.html
*/
toDescribeIndexPolicies() {
return this.to('DescribeIndexPolicies');
}
/**
* Grants permission to return all the log groups that are associated with the AWS account making the request
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html
*/
toDescribeLogGroups() {
return this.to('DescribeLogGroups');
}
/**
* Grants permission to return all the log streams that are associated with the specified log group
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogStreams.html
*/
toDescribeLogStreams() {
return this.to('DescribeLogStreams');
}
/**
* Grants permission to return all the metrics filters associated with the specified log group
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeMetricFilters.html
*/
toDescribeMetricFilters() {
return this.to('DescribeMetricFilters');
}
/**
* Grants permission to return a list of CloudWatch Logs Insights queries that are scheduled, executing, or have been executed recently in this account
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeQueries.html
*/
toDescribeQueries() {
return this.to('DescribeQueries');
}
/**
* Grants permission to return a paginated list of your saved CloudWatch Logs Insights query definitions
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeQueryDefinitions.html
*/
toDescribeQueryDefinitions() {
return this.to('DescribeQueryDefinitions');
}
/**
* Grants permission to return all the resource policies in this account
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeResourcePolicies.html
*/
toDescribeResourcePolicies() {
return this.to('DescribeResourcePolicies');
}
/**
* Grants permission to return all the subscription filters associated with the specified log group
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeSubscriptionFilters.html
*/
toDescribeSubscriptionFilters() {
return this.to('DescribeSubscriptionFilters');
}
/**
* Grants permission to disassociate the associated AWS Key Management Service (AWS KMS) customer master key (CMK) from the specified log group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DisassociateKmsKey.html
*/
toDisassociateKmsKey() {
return this.to('DisassociateKmsKey');
}
/**
* Grants permission to disassociate a log source from an S3 Tables integration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DisassociateSourceFromS3TableIntegration.html
*/
toDisassociateSourceFromS3TableIntegration() {
return this.to('DisassociateSourceFromS3TableIntegration');
}
/**
* Grants permission to retrieve log events, optionally filtered by a filter pattern from the specified log group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
*/
toFilterLogEvents() {
return this.to('FilterLogEvents');
}
/**
* Grants permission to retrieve a data protection policy attached to a log group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetDataProtectionPolicy.html
*/
toGetDataProtectionPolicy() {
return this.to('GetDataProtectionPolicy');
}
/**
* Grants permission to retrieve a single delivery
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetDelivery.html
*/
toGetDelivery() {
return this.to('GetDelivery');
}
/**
* Grants permission to retrieve a single delivery destination
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetDeliveryDestination.html
*/
toGetDeliveryDestination() {
return this.to('GetDeliveryDestination');
}
/**
* Grants permission to retrieve a delivery destination policy attached to a delivery destination
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetDeliveryDestinationPolicy.html
*/
toGetDeliveryDestinationPolicy() {
return this.to('GetDeliveryDestinationPolicy');
}
/**
* Grants permission to retrieve a single delivery source
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetDeliverySource.html
*/
toGetDeliverySource() {
return this.to('GetDeliverySource');
}
/**
* Grants permission to retrieve a single integration
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetIntegration.html
*/
toGetIntegration() {
return this.to('GetIntegration');
}
/**
* Grants permission to get a log anomaly detector
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogAnomalyDetector.html
*/
toGetLogAnomalyDetector() {
return this.to('GetLogAnomalyDetector');
}
/**
* Grants permission to get the log delivery information for specified log delivery
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
*/
toGetLogDelivery() {
return this.to('GetLogDelivery');
}
/**
* Grants permission to retrieve log events from the specified log stream
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html
*/
toGetLogEvents() {
return this.to('GetLogEvents');
}
/**
* Grants permission to retrieve a list of log fields for a data source
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogFields.html
*/
toGetLogFields() {
return this.to('GetLogFields');
}
/**
* Grants permission to return a list of the fields that are included in log events in the specified log group, along with the percentage of log events that contain each field
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogGroupFields.html
*/
toGetLogGroupFields() {
return this.to('GetLogGroupFields');
}
/**
* Grants permission to retrieve all the fields and values of a single log event
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogRecord.html
*/
toGetLogRecord() {
return this.to('GetLogRecord');
}
/**
* Grants permission to return the results from the specified query
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetQueryResults.html
*/
toGetQueryResults() {
return this.to('GetQueryResults');
}
/**
* Grants permission to retrieve information about a specified scheduled query
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetScheduledQuery.html
*/
toGetScheduledQuery() {
return this.to('GetScheduledQuery');
}
/**
* Grants permission to return the execution history for a specified scheduled query
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetScheduledQueryHistory.html
*/
toGetScheduledQueryHistory() {
return this.to('GetScheduledQueryHistory');
}
/**
* Grants permission to return transformer associated with the specified log group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetTransformer.html
*/
toGetTransformer() {
return this.to('GetTransformer');
}
/**
* Grants permission to deliver log events to S3 Tables
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html
*/
toIntegrateWithS3Table() {
return this.to('IntegrateWithS3Table');
}
/**
* Grants permission to share CloudWatch resources with a monitoring account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account-Setup.html#CloudWatch-Unified-Cross-Account-Setup-permissions
*/
toLink() {
return this.to('Link');
}
/**
* Grants permission to return an aggregate summary of all log groups in the region grouped by specified data-source characteristics
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListAggregateLogGroupSummaries.html
*/
toListAggregateLogGroupSummaries() {
return this.to('ListAggregateLogGroupSummaries');
}
/**
* Grants permission to list all anomalies detected in the AWS account making the request
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListAnomalies.html
*/
toListAnomalies() {
return this.to('ListAnomalies');
}
/**
* Grants permission to retrieve all the entities that are associated with log group
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html
*/
toListEntitiesForLogGroup() {
return this.to('ListEntitiesForLogGroup');
}
/**
* Grants permission to list all integrations associated with the AWS account making the request
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListIntegrations.html
*/
toListIntegrations() {
return this.to('ListIntegrations');
}
/**
* Grants permission to return all the anomaly detectors that are associated with the AWS account making the request
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListLogAnomalyDetectors.html
*/
toListLogAnomalyDetectors() {
return this.to('ListLogAnomalyDetectors');
}
/**
* Grants permission to list all the log deliveries for specified account and/or log source
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
*/
toListLogDeliveries() {
return this.to('ListLogDeliveries');
}
/**
* Grants permission to return all the log groups that are associated with the AWS account making the request
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListLogGroups.html
*/
toListLogGroups() {
return this.to('ListLogGroups');
}
/**
* Grants permission to retrieve all the log groups that are associated with entity
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html
*/
toListLogGroupsForEntity() {
return this.to('ListLogGroupsForEntity');
}
/**
* Grants permission to return all the log groups that are associated with the specified query
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListLogGroupsForQuery.html
*/
toListLogGroupsForQuery() {
return this.to('ListLogGroupsForQuery');
}
/**
* Grants permission to return all scheduled queries that are associated with the AWS account making the request
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListScheduledQueries.html
*/
toListScheduledQueries() {
return this.to('ListScheduledQueries');
}
/**
* Grants permission to return all log sources associated with an S3 Tables integration
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListSourcesForS3TableIntegration.html
*/
toListSourcesForS3TableIntegration() {
return this.to('ListSourcesForS3TableIntegration');
}
/**
* Grants permission to list the tags for the specified resource
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to list the tags for the specified log group
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsLogGroup.html
*/
toListTagsLogGroup() {
return this.to('ListTagsLogGroup');
}
/**
* Grants permission to process and transform log events through pipeline transformers before storage
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html
*/
toProcessWithPipeline() {
return this.to('ProcessWithPipeline');
}
/**
* Grants permission to attach an account policy
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
*/
toPutAccountPolicy() {
return this.to('PutAccountPolicy');
}
/**
* Grants permission to attach a data protection policy to detect and redact sensitive information from log events
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html
*/
toPutDataProtectionPolicy() {
return this.to('PutDataProtectionPolicy');
}
/**
* Grants permission to create/update a delivery destination
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifDeliveryDestinationResourceArn()
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
*/
toPutDeliveryDestination() {
return this.to('PutDeliveryDestination');
}
/**
* Grants permission to attach a delivery destination policy to a delivery destination
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html
*/
toPutDeliveryDestinationPolicy() {
return this.to('PutDeliveryDestinationPolicy');
}
/**
* Grants permission to create/update a delivery source
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifLogGeneratingResourceArns()
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
*/
toPutDeliverySource() {
return this.to('PutDeliverySource');
}
/**
* Grants permission to create or update a Destination
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html
*/
toPutDestination() {
return this.to('PutDestination');
}
/**
* Grants permission to create or update an access policy associated with an existing Destination
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestinationPolicy.html
*/
toPutDestinationPolicy() {
return this.to('PutDestinationPolicy');
}
/**
* Grants permission to attach an index policy at log group level to optimize search and query
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
*/
toPutIndexPolicy() {
return this.to('PutIndexPolicy');
}
/**
* Grants permission to create integration between cloudwatch logs and opensearch
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIntegration.html
*/
toPutIntegration() {
return this.to('PutIntegration');
}
/**
* Grants permission to upload a batch of log events to the specified log stream
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html
*/
toPutLogEvents() {
return this.to('PutLogEvents');
}
/**
* Grants permission to enable or disable deletion protection for the specified log group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogGroupDeletionProtection.html
*/
toPutLogGroupDeletionProtection() {
return this.to('PutLogGroupDeletionProtection');
}
/**
* Grants permission to create or update a metric filter and associates it with the specified log group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutMetricFilter.html
*/
toPutMetricFilter() {
return this.to('PutMetricFilter');
}
/**
* Grants permission to create telemetry pipeline
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html
*/
toPutPipelineRule() {
return this.to('PutPipelineRule');
}
/**
* Grants permission to create or update a query definition
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutQueryDefinition.html
*/
toPutQueryDefinition() {
return this.to('PutQueryDefinition');
}
/**
* Grants permission to create or update a resource policy allowing other AWS services to put log events to this account
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutResourcePolicy.html
*/
toPutResourcePolicy() {
return this.to('PutResourcePolicy');
}
/**
* Grants permission to set the retention of the specified log group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html
*/
toPutRetentionPolicy() {
return this.to('PutRetentionPolicy');
}
/**
* Grants permission to create or update a subscription filter and associates it with the specified log group
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutSubscriptionFilter.html
*/
toPutSubscriptionFilter() {
return this.to('PutSubscriptionFilter');
}
/**
* Grants permission to create or update a transformer and associates it with the specified log group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html
*/
toPutTransformer() {
return this.to('PutTransformer');
}
/**
* Grants permission to start a Live Tail session in CloudWatch Logs
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartLiveTail.html
*/
toStartLiveTail() {
return this.to('StartLiveTail');
}
/**
* Grants permission to schedule a query of a log group using CloudWatch Logs Insights
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
*/
toStartQuery() {
return this.to('StartQuery');
}
/**
* Grants permission to stop a Live Tail session that is in progress
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs_LiveTail.html
*/
toStopLiveTail() {
return this.to('StopLiveTail');
}
/**
* Grants permission to stop a CloudWatch Logs Insights query that is in progress
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StopQuery.html
*/
toStopQuery() {
return this.to('StopQuery');
}
/**
* Grants permission to add or update the specified tags for the specified log group
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagLogGroup.html
*/
toTagLogGroup() {
return this.to('TagLogGroup');
}
/**
* Grants permission to add or update the specified tags for the specified resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to test the filter pattern of a metric filter against a sample of log event messages
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TestMetricFilter.html
*/
toTestMetricFilter() {
return this.to('TestMetricFilter');
}
/**
* Grants permission to test the transformer against a sample of log event messages
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TestTransformer.html
*/
toTestTransformer() {
return this.to('TestTransformer');
}
/**
* Grants permission to fetch unmasked log events that have been redacted with a data protection policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
*/
toUnmask() {
return this.to('Unmask');
}
/**
* Grants permission to remove the specified tags from the specified log group
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagLogGroup.html
*/
toUntagLogGroup() {
return this.to('UntagLogGroup');
}
/**
* Grants permission to remove the specified tags from the specified resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update an anomaly reported by a log anomaly detector
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateAnomaly.html
*/
toUpdateAnomaly() {
return this.to('UpdateAnomaly');
}
/**
* Grants permission to update configuration related to a delivery
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateDeliveryConfiguration.html
*/
toUpdateDeliveryConfiguration() {
return this.to('UpdateDeliveryConfiguration');
}
/**
* Grants permission to update a log anomaly detector
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateLogAnomalyDetector.html
*/
toUpdateLogAnomalyDetector() {
return this.to('UpdateLogAnomalyDetector');
}
/**
* Grants permission to update the log delivery information for specified log delivery
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
*/
toUpdateLogDelivery() {
return this.to('UpdateLogDelivery');
}
/**
* Grants permission to update a scheduled query
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateScheduledQuery.html
*/
toUpdateScheduledQuery() {
return this.to('UpdateScheduledQuery');
}
/**
* Adds a resource of type log-group to the statement
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LogGroup.html
*
* @param logGroupName - Identifier for the logGroupName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onLogGroup(logGroupName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:logs:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:log-group:${logGroupName}`);
}
/**
* Adds a resource of type log-stream to the statement
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LogStream.html
*
* @param logGroupName - Identifier for the logGroupName.
* @param logStreamName - Identifier for the logStreamName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onLogStream(logGroupName, logStreamName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:logs:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:log-group:${logGroupName}:log-stream:${logStreamName}`);
}
/**
* Adds a resource of type destination to the statement
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_Destination.html
*
* @param destinationName - Identifier for the destinationName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDestination(destinationName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:logs:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:destination:${destinationName}`);
}
/**
* Adds a resource of type delivery-source to the statement
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeliverySource.html
*
* @param deliverySourceName - Identifier for the deliverySourceName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDeliverySource(deliverySourceName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:logs:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:delivery-source:${deliverySourceName}`);
}
/**
* Adds a resource of type delivery to the statement
*
* https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_Delivery.html
*
* @param deliveryName - Identifier for the deliveryName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/