iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,287 lines • 126 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Dynamodb = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [dynamodb](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazondynamodb.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Dynamodb extends shared_1.PolicyStatement {
/**
* Statement provider for service [dynamodb](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazondynamodb.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'dynamodb';
this.accessLevelList = {
Read: [
'BatchGetItem',
'ConditionCheckItem',
'DescribeBackup',
'DescribeContinuousBackups',
'DescribeContributorInsights',
'DescribeEndpoints',
'DescribeExport',
'DescribeGlobalTable',
'DescribeGlobalTableSettings',
'DescribeImport',
'DescribeKinesisStreamingDestination',
'DescribeLimits',
'DescribeReservedCapacity',
'DescribeReservedCapacityOfferings',
'DescribeStream',
'DescribeTable',
'DescribeTableReplicaAutoScaling',
'DescribeTimeToLive',
'GetAbacStatus',
'GetItem',
'GetRecords',
'GetResourcePolicy',
'GetShardIterator',
'ListStreams',
'ListTagsOfResource',
'PartiQLSelect',
'Query',
'Scan'
],
Write: [
'BatchWriteItem',
'CreateBackup',
'CreateGlobalTable',
'CreateGlobalTableWitness',
'CreateTable',
'CreateTableReplica',
'DeleteBackup',
'DeleteGlobalTableWitness',
'DeleteItem',
'DeleteTable',
'DeleteTableReplica',
'DisableKinesisStreamingDestination',
'EnableKinesisStreamingDestination',
'ExportTableToPointInTime',
'ImportTable',
'PartiQLDelete',
'PartiQLInsert',
'PartiQLUpdate',
'PurchaseReservedCapacityOfferings',
'PutItem',
'RestoreTableFromAwsBackup',
'RestoreTableFromBackup',
'RestoreTableToPointInTime',
'StartAwsBackupJob',
'UpdateContinuousBackups',
'UpdateContributorInsights',
'UpdateGlobalTable',
'UpdateGlobalTableSettings',
'UpdateGlobalTableVersion',
'UpdateItem',
'UpdateKinesisStreamingDestination',
'UpdateTable',
'UpdateTableReplicaAutoScaling',
'UpdateTimeToLive'
],
'Permissions management': [
'DeleteResourcePolicy',
'PutResourcePolicy',
'UpdateAbacStatus'
],
List: [
'ListBackups',
'ListContributorInsights',
'ListExports',
'ListGlobalTables',
'ListImports',
'ListTables'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
/**
* Grants permission to return the attributes of one or more items from one or more tables
*
* Access Level: Read
*
* Possible conditions:
* - .ifAttributes()
* - .ifLeadingKeys()
* - .ifReturnConsumedCapacity()
* - .ifSelect()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_BatchGetItem.html
*/
toBatchGetItem() {
return this.to('BatchGetItem');
}
/**
* Grants permission to put or delete multiple items in one or more tables
*
* Access Level: Write
*
* Possible conditions:
* - .ifAttributes()
* - .ifLeadingKeys()
* - .ifReturnConsumedCapacity()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_BatchWriteItem.html
*/
toBatchWriteItem() {
return this.to('BatchWriteItem');
}
/**
* Grants permission to the ConditionCheckItem operation checks the existence of a set of attributes for the item with the given primary key
*
* Access Level: Read
*
* Possible conditions:
* - .ifAttributes()
* - .ifLeadingKeys()
* - .ifReturnConsumedCapacity()
* - .ifReturnValues()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ConditionCheck.html
*/
toConditionCheckItem() {
return this.to('ConditionCheckItem');
}
/**
* Grants permission to create a backup for an existing table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_CreateBackup.html
*/
toCreateBackup() {
return this.to('CreateBackup');
}
/**
* Grants permission to create a global table from an existing table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_CreateGlobalTable.html
*/
toCreateGlobalTable() {
return this.to('CreateGlobalTable');
}
/**
* Grants permission to add a Witness to a Global Table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2gt_IAM.html
*/
toCreateGlobalTableWitness() {
return this.to('CreateGlobalTableWitness');
}
/**
* Grants permission to the CreateTable operation adds a new table to your account
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_CreateTable.html
*/
toCreateTable() {
return this.to('CreateTable');
}
/**
* Grants permission to add a new replica table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2gt_IAM.html
*/
toCreateTableReplica() {
return this.to('CreateTableReplica');
}
/**
* Grants permission to delete an existing backup of a table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DeleteBackup.html
*/
toDeleteBackup() {
return this.to('DeleteBackup');
}
/**
* Grants permission to remove a Witness from a Global Table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2gt_IAM.html
*/
toDeleteGlobalTableWitness() {
return this.to('DeleteGlobalTableWitness');
}
/**
* Grants permission to deletes a single item in a table by primary key
*
* Access Level: Write
*
* Possible conditions:
* - .ifAttributes()
* - .ifEnclosingOperation()
* - .ifLeadingKeys()
* - .ifReturnConsumedCapacity()
* - .ifReturnValues()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DeleteItem.html
*/
toDeleteItem() {
return this.to('DeleteItem');
}
/**
* Grants permission to delete the resource-based policy attached to the resource
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DeleteResourcePolicy.html
*/
toDeleteResourcePolicy() {
return this.to('DeleteResourcePolicy');
}
/**
* Grants permission to the DeleteTable operation which deletes a table and all of its items
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DeleteTable.html
*/
toDeleteTable() {
return this.to('DeleteTable');
}
/**
* Grants permission to delete a replica table and all of its items
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2gt_IAM.html
*/
toDeleteTableReplica() {
return this.to('DeleteTableReplica');
}
/**
* Grants permission to describe an existing backup of a table
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeBackup.html
*/
toDescribeBackup() {
return this.to('DescribeBackup');
}
/**
* Grants permission to check the status of the backup restore settings on the specified table
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeContinuousBackups.html
*/
toDescribeContinuousBackups() {
return this.to('DescribeContinuousBackups');
}
/**
* Grants permission to describe the contributor insights status and related details for a given table or global secondary index
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeContributorInsights.html
*/
toDescribeContributorInsights() {
return this.to('DescribeContributorInsights');
}
/**
* Grants permission to return the regional endpoint information
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeEndpoints.html
*/
toDescribeEndpoints() {
return this.to('DescribeEndpoints');
}
/**
* Grants permission to describe an existing Export of a table
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeExport.html
*/
toDescribeExport() {
return this.to('DescribeExport');
}
/**
* Grants permission to return information about the specified global table
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeGlobalTable.html
*/
toDescribeGlobalTable() {
return this.to('DescribeGlobalTable');
}
/**
* Grants permission to return settings information about the specified global table
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeGlobalTableSettings.html
*/
toDescribeGlobalTableSettings() {
return this.to('DescribeGlobalTableSettings');
}
/**
* Grants permission to describe an existing import
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeImport.html
*/
toDescribeImport() {
return this.to('DescribeImport');
}
/**
* Grants permission to grant permission to describe the status of Kinesis streaming and related details for a given table
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeKinesisStreamingDestination.html
*/
toDescribeKinesisStreamingDestination() {
return this.to('DescribeKinesisStreamingDestination');
}
/**
* Grants permission to return the current provisioned-capacity limits for your AWS account in a region, both for the region as a whole and for any one DynamoDB table that you create there
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeLimits.html
*/
toDescribeLimits() {
return this.to('DescribeLimits');
}
/**
* Grants permission to describe one or more of the Reserved Capacity purchased
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/iam-policy-prevent-purchase-reserved-capacity.html
*/
toDescribeReservedCapacity() {
return this.to('DescribeReservedCapacity');
}
/**
* Grants permission to describe Reserved Capacity offerings that are available for purchase
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/iam-policy-prevent-purchase-reserved-capacity.html
*/
toDescribeReservedCapacityOfferings() {
return this.to('DescribeReservedCapacityOfferings');
}
/**
* Grants permission to return information about a stream, including the current status of the stream, its Amazon Resource Name (ARN), the composition of its shards, and its corresponding DynamoDB table
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_streams_DescribeStream.html
*/
toDescribeStream() {
return this.to('DescribeStream');
}
/**
* Grants permission to return information about the table
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeTable.html
*/
toDescribeTable() {
return this.to('DescribeTable');
}
/**
* Grants permission to describe the auto scaling settings across all replicas of the global table
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeTableReplicaAutoScaling.html
*/
toDescribeTableReplicaAutoScaling() {
return this.to('DescribeTableReplicaAutoScaling');
}
/**
* Grants permission to give a description of the Time to Live (TTL) status on the specified table
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeTimeToLive.html
*/
toDescribeTimeToLive() {
return this.to('DescribeTimeToLive');
}
/**
* Grants permission to grant permission to stop replication from the DynamoDB table to the Kinesis data stream
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DisableKinesisStreamingDestination.html
*/
toDisableKinesisStreamingDestination() {
return this.to('DisableKinesisStreamingDestination');
}
/**
* Grants permission to grant permission to start table data replication to the specified Kinesis data stream at a timestamp chosen during the enable workflow
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_EnableKinesisStreamingDestination.html
*/
toEnableKinesisStreamingDestination() {
return this.to('EnableKinesisStreamingDestination');
}
/**
* Grants permission to initiate an Export of a DynamoDB table to S3
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ExportTableToPointInTime.html
*/
toExportTableToPointInTime() {
return this.to('ExportTableToPointInTime');
}
/**
* Grants permission to view the status of Attribute Based Access Control for the account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/abac-enable-ddb.html
*/
toGetAbacStatus() {
return this.to('GetAbacStatus');
}
/**
* Grants permission to the GetItem operation that returns a set of attributes for the item with the given primary key
*
* Access Level: Read
*
* Possible conditions:
* - .ifAttributes()
* - .ifEnclosingOperation()
* - .ifLeadingKeys()
* - .ifReturnConsumedCapacity()
* - .ifSelect()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_GetItem.html
*/
toGetItem() {
return this.to('GetItem');
}
/**
* Grants permission to retrieve the stream records from a given shard
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_streams_GetRecords.html
*/
toGetRecords() {
return this.to('GetRecords');
}
/**
* Grants permission to view a resource-based policy for a resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_GetResourcePolicy.html
*/
toGetResourcePolicy() {
return this.to('GetResourcePolicy');
}
/**
* Grants permission to return a shard iterator
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_streams_GetShardIterator.html
*/
toGetShardIterator() {
return this.to('GetShardIterator');
}
/**
* Grants permission to initiate an import from S3 to a DynamoDB table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ImportTable.html
*/
toImportTable() {
return this.to('ImportTable');
}
/**
* Grants permission to list backups associated with the account and endpoint
*
* Access Level: List
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ListBackups.html
*/
toListBackups() {
return this.to('ListBackups');
}
/**
* Grants permission to list the ContributorInsightsSummary for all tables and global secondary indexes associated with the current account and endpoint
*
* Access Level: List
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ListContributorInsights.html
*/
toListContributorInsights() {
return this.to('ListContributorInsights');
}
/**
* Grants permission to list exports associated with the account and endpoint
*
* Access Level: List
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ListExports.html
*/
toListExports() {
return this.to('ListExports');
}
/**
* Grants permission to list all global tables that have a replica in the specified region
*
* Access Level: List
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ListGlobalTables.html
*/
toListGlobalTables() {
return this.to('ListGlobalTables');
}
/**
* Grants permission to list imports associated with the account and endpoint
*
* Access Level: List
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ListImports.html
*/
toListImports() {
return this.to('ListImports');
}
/**
* Grants permission to return an array of stream ARNs associated with the current account and endpoint
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_streams_ListStreams.html
*/
toListStreams() {
return this.to('ListStreams');
}
/**
* Grants permission to return an array of table names associated with the current account and endpoint
*
* Access Level: List
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ListTables.html
*/
toListTables() {
return this.to('ListTables');
}
/**
* Grants permission to list all tags on an Amazon DynamoDB resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ListTagsOfResource.html
*/
toListTagsOfResource() {
return this.to('ListTagsOfResource');
}
/**
* Grants permission to delete a single item in a table by primary key
*
* Access Level: Write
*
* Possible conditions:
* - .ifAttributes()
* - .ifEnclosingOperation()
* - .ifLeadingKeys()
* - .ifReturnValues()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ExecuteStatement.html
*/
toPartiQLDelete() {
return this.to('PartiQLDelete');
}
/**
* Grants permission to create a new item, if an item with same primary key does not exist in the table
*
* Access Level: Write
*
* Possible conditions:
* - .ifAttributes()
* - .ifEnclosingOperation()
* - .ifLeadingKeys()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ExecuteStatement.html
*/
toPartiQLInsert() {
return this.to('PartiQLInsert');
}
/**
* Grants permission to read a set of attributes for items from a table or index
*
* Access Level: Read
*
* Possible conditions:
* - .ifAttributes()
* - .ifEnclosingOperation()
* - .ifFullTableScan()
* - .ifLeadingKeys()
* - .ifSelect()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ExecuteStatement.html
*/
toPartiQLSelect() {
return this.to('PartiQLSelect');
}
/**
* Grants permission to edit an existing item's attributes
*
* Access Level: Write
*
* Possible conditions:
* - .ifAttributes()
* - .ifEnclosingOperation()
* - .ifLeadingKeys()
* - .ifReturnValues()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ExecuteStatement.html
*/
toPartiQLUpdate() {
return this.to('PartiQLUpdate');
}
/**
* Grants permission to purchases reserved capacity for use with your account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/iam-policy-prevent-purchase-reserved-capacity.html
*/
toPurchaseReservedCapacityOfferings() {
return this.to('PurchaseReservedCapacityOfferings');
}
/**
* Grants permission to create a new item, or replace an old item with a new item
*
* Access Level: Write
*
* Possible conditions:
* - .ifAttributes()
* - .ifEnclosingOperation()
* - .ifLeadingKeys()
* - .ifReturnConsumedCapacity()
* - .ifReturnValues()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_PutItem.html
*/
toPutItem() {
return this.to('PutItem');
}
/**
* Grants permission to attach a resource-based policy to the resource
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_PutResourcePolicy.html
*/
toPutResourcePolicy() {
return this.to('PutResourcePolicy');
}
/**
* Grants permission to use the primary key of a table or a secondary index to directly access items from that table or index
*
* Access Level: Read
*
* Possible conditions:
* - .ifAttributes()
* - .ifLeadingKeys()
* - .ifReturnConsumedCapacity()
* - .ifReturnValues()
* - .ifSelect()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_Query.html
*/
toQuery() {
return this.to('Query');
}
/**
* Grants permission to create a new table from recovery point on AWS Backup
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/UsageNotesAWS.html
*/
toRestoreTableFromAwsBackup() {
return this.to('RestoreTableFromAwsBackup');
}
/**
* Grants permission to create a new table from an existing backup
*
* Access Level: Write
*
* Dependent actions:
* - dynamodb:BatchWriteItem
* - dynamodb:DeleteItem
* - dynamodb:GetItem
* - dynamodb:PutItem
* - dynamodb:Query
* - dynamodb:Scan
* - dynamodb:UpdateItem
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_RestoreTableFromBackup.html
*/
toRestoreTableFromBackup() {
return this.to('RestoreTableFromBackup');
}
/**
* Grants permission to restore a table to a point in time
*
* Access Level: Write
*
* Dependent actions:
* - dynamodb:BatchWriteItem
* - dynamodb:DeleteItem
* - dynamodb:GetItem
* - dynamodb:PutItem
* - dynamodb:Query
* - dynamodb:Scan
* - dynamodb:UpdateItem
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_RestoreTableToPointInTime.html
*/
toRestoreTableToPointInTime() {
return this.to('RestoreTableToPointInTime');
}
/**
* Grants permission to return one or more items and item attributes by accessing every item in a table or a secondary index
*
* Access Level: Read
*
* Possible conditions:
* - .ifAttributes()
* - .ifReturnConsumedCapacity()
* - .ifReturnValues()
* - .ifSelect()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_Scan.html
*/
toScan() {
return this.to('Scan');
}
/**
* Grants permission to create a backup on AWS Backup with advanced features enabled
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/UsageNotesAWS.html
*/
toStartAwsBackupJob() {
return this.to('StartAwsBackupJob');
}
/**
* Grants permission to associate a set of tags with an Amazon DynamoDB resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to remove the association of tags from an Amazon DynamoDB resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update the status of Attribute Based Access Control for the account
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/abac-enable-ddb.html
*/
toUpdateAbacStatus() {
return this.to('UpdateAbacStatus');
}
/**
* Grants permission to enable or disable continuous backups
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateContinuousBackups.html
*/
toUpdateContinuousBackups() {
return this.to('UpdateContinuousBackups');
}
/**
* Grants permission to update the status for contributor insights for a specific table or global secondary index
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateContributorInsights.html
*/
toUpdateContributorInsights() {
return this.to('UpdateContributorInsights');
}
/**
* Grants permission to add or remove replicas in the specified global table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateGlobalTable.html
*/
toUpdateGlobalTable() {
return this.to('UpdateGlobalTable');
}
/**
* Grants permission to update settings of the specified global table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateGlobalTableSettings.html
*/
toUpdateGlobalTableSettings() {
return this.to('UpdateGlobalTableSettings');
}
/**
* Grants permission to update version of the specified global table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2globaltables_upgrade.html
*/
toUpdateGlobalTableVersion() {
return this.to('UpdateGlobalTableVersion');
}
/**
* Grants permission to edit an existing item's attributes, or adds a new item to the table if it does not already exist
*
* Access Level: Write
*
* Possible conditions:
* - .ifAttributes()
* - .ifEnclosingOperation()
* - .ifLeadingKeys()
* - .ifReturnConsumedCapacity()
* - .ifReturnValues()
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateItem.html
*/
toUpdateItem() {
return this.to('UpdateItem');
}
/**
* Grants permission to update data replication configurations for the specified Kinesis data stream
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateKinesisStreamingDestination.html
*/
toUpdateKinesisStreamingDestination() {
return this.to('UpdateKinesisStreamingDestination');
}
/**
* Grants permission to modify the provisioned throughput settings, global secondary indexes, or DynamoDB Streams settings for a given table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateTable.html
*/
toUpdateTable() {
return this.to('UpdateTable');
}
/**
* Grants permission to update auto scaling settings on your replica table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateTableReplicaAutoScaling.html
*/
toUpdateTableReplicaAutoScaling() {
return this.to('UpdateTableReplicaAutoScaling');
}
/**
* Grants permission to enable or disable TTL for the specified table
*
* Access Level: Write
*
* https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateTimeToLive.html
*/
toUpdateTimeToLive() {
return this.to('UpdateTimeToLive');
}
/**
* Adds a resource of type index to the statement
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.CoreComponents.html#HowItWorks.CoreComponents.PrimaryKey
*
* @param tableName - Identifier for the tableName.
* @param indexName - Identifier for the indexName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onIndex(tableName, indexName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:dynamodb:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:table/${tableName}/index/${indexName}`);
}
/**
* Adds a resource of type stream to the statement
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.CoreComponents.html#HowItWorks.CoreComponents.Streams
*
* @param tableName - Identifier for the tableName.
* @param streamLabel - Identifier for the streamLabel.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onStream(tableName, streamLabel, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:dynamodb:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:table/${tableName}/stream/${streamLabel}`);
}
/**
* Adds a resource of type table to the statement
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.CoreComponents.html#HowItWorks.CoreComponents.TablesItemsAttributes
*
* @param tableName - Identifier for the tableName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onTable(tableName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:dynamodb:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:table/${tableName}`);
}
/**
* Adds a resource of type backup to the statement
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/backuprestore_HowItWorks.html
*
* @param tableName - Identifier for the tableName.
* @param backupName - Identifier for the backupName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onBackup(tableName, backupName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:dynamodb:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:table/${tableName}/backup/${backupName}`);
}
/**
* Adds a resource of type export to the statement
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/S3DataExport.HowItWorks.html
*
* @param tableName - Identifier for the tableName.
* @param exportName - Identifier for the exportName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onExport(tableName, exportName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:dynamodb:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:table/${tableName}/export/${exportName}`);
}
/**
* Adds a resource of type global-table to the statement
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables_HowItWorks.html
*
* @param globalTableName - Identifier for the globalTableName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onGlobalTable(globalTableName, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:dynamodb::${account ?? this.defaultAccount}:global-table/${globalTableName}`);
}
/**
* Adds a resource of type import to the statement
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/S3DataImport.HowItWorks.html
*
* @param tableName - Identifier for the tableName.
* @param importName - Identifier for the importName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onImport(tableName, importName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:dynamodb:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:table/${tableName}/import/${importName}`);
}
/**
* Filters access by the tags that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateTable()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tags associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to resource types:
* - index
* - table
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tag keys that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateTable()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Filters access by attribute (field or column) names of the table
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html#FGAC_DDB.ConditionKeys
*
* Applies to actions:
* - .toBatchGetItem()
* - .toBatchWriteItem()
* - .toConditionCheckItem()
* - .toDeleteItem()
* - .toGetItem()
* - .toPartiQLDelete()
* - .toPartiQLInsert()
* - .toPartiQLSelect()
* - .toPartiQLUpdate()
* - .toPutItem()
* - .toQuery()
* - .toScan()
* - .toUpdateItem()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAttributes(value, operator) {
return this.if(`Attributes`, value, operator ?? 'StringLike');
}
/**
* Filters access by blocking Transactions APIs calls and allow the non-Transaction APIs calls and vice-versa
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html#FGAC_DDB.ConditionKeys
*
* Applies to actions:
* - .toDeleteItem()
* - .toGetItem()
* - .toPartiQLDelete()
* - .toPartiQLInsert()
* - .toPartiQLSelect()
* - .toPartiQLUpdate()
* - .toPutItem()
* - .toUpdateItem()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifEnclosingOperation(value, operator) {
return this.if(`EnclosingOperation`, value, operator ?? 'StringLike');
}
/**
* Filters access by the first partition key of the table
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html#FGAC_DDB.ConditionKeys
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifFirstPartitionKeyValues(value, operator) {
return this.if(`FirstPartitionKeyValues`, value, operator ?? 'StringLike');
}
/**
* Filters access by the forth partition key of the table
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html#FGAC_DDB.ConditionKeys
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifFourthPartitionKeyValues(value, operator) {
return this.if(`FourthPartitionKeyValues`, value, operator ?? 'StringLike');
}
/**
* Filters access by blocking full table scan
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ql-iam.html
*
* Applies to actions:
* - .toPartiQLSelect()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifFullTableScan(value) {
return this.if(`FullTableScan`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by the first partition key of the table
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html#FGAC_DDB.ConditionKeys
*
* Applies to actions:
* - .toBatchGetItem()
* - .toBatchWriteItem()
* - .toConditionCheckItem()
* - .toDeleteItem()
* - .toGetItem()
* - .toPartiQLDelete()
* - .toPartiQLInsert()
* - .toPartiQLSelect()
* - .toPartiQLUpdate()
* - .toPutItem()
* - .toQuery()
* - .toUpdateItem()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifLeadingKeys(value, operator) {
return this.if(`LeadingKeys`, value, operator ?? 'StringLike');
}
/**
* Filters access by the ReturnConsumedCapacity parameter of a request. Contains either "TOTAL" or "NONE"
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html#FGAC_DDB.ConditionKeys
*
* Applies to actions:
* - .toBatchGetItem()
* - .toBatchWriteItem()
* - .toConditionCheckItem()
* - .toDeleteItem()
* - .toGetItem()
* - .toPutItem()
* - .toQuery()
* - .toScan()
* - .toUpdateItem()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifReturnConsumedCapacity(value, operator) {
return this.if(`ReturnConsumedCapacity`, value, operator ?? 'StringLike');
}
/**
* Filters access by the ReturnValues parameter of request. Contains one of the following: "ALL_OLD", "UPDATED_OLD","ALL_NEW","UPDATED_NEW", or "NONE"
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html#FGAC_DDB.ConditionKeys
*
* Applies to actions:
* - .toConditionCheckItem()
* - .toDeleteItem()
* - .toPartiQLDelete()
* - .toPartiQLUpdate()
* - .toPutItem()
* - .toQuery()
* - .toScan()
* - .toUpdateItem()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifReturnValues(value, operator) {
return this.if(`ReturnValues`, value, operator ?? 'StringLike');
}
/**
* Filters access by the second partition key of the table
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html#FGAC_DDB.ConditionKeys
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSecondPartitionKeyValues(value, operator) {
return this.if(`SecondPartitionKeyValues`, value, operator ?? 'StringLike');
}
/**
* Filters access by the Select parameter of a Query or Scan request
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html#FGAC_DDB.ConditionKeys
*
* Applies to actions:
* - .toBatchGetItem()
* - .toGetItem()
* - .toPartiQLSelect()
* - .toQuery()
* - .toScan()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSelect(value, operator) {
return this.if(`Select`, value, operator ?? 'StringLike');
}
/**
* Filters access by the third partition key of the table
*
* https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html#FGAC_DDB.ConditionKeys
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifThirdPartitionKeyValues(value, operator) {
return this.if(`ThirdPartitionKeyValues`, value, operator ?? 'StringLike');
}
}
exports.Dynamodb = Dynamodb;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZHluYW1vZGIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJkeW5hbW9kYi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFDQSx5Q0FBeUQ7QUFFekQ7Ozs7R0FJRztBQUNILE1BQWEsUUFBUyxTQUFRLHdCQUFlO0lBRzNDOzs7O09BSUc7SUFDSCxZQUFZLEdBQVk7UUFDdEIsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBUk4sa0JBQWEsR0FBRyxVQUFVLENBQUM7UUE2NUJ4QixvQkFBZSxHQUFvQjtZQUMzQyxJQUFJLEVBQUU7Z0JBQ0osY0FBYztnQkFDZCxvQkFBb0I7Z0JBQ3BCLGdCQUFnQjtnQkFDaEIsMkJBQTJCO2dCQUMzQiw2QkFBNkI7Z0JBQzdCLG1CQUFtQjtnQkFDbkIsZ0JBQWdCO2dCQUNoQixxQkFBcUI7Z0JBQ3JCLDZCQUE2QjtnQkFDN0IsZ0JBQWdCO2dCQUNoQixxQ0FBcUM7Z0JBQ3JDLGdCQUFnQjtnQkFDaEIsMEJBQTBCO2dCQUMxQixtQ0FBbUM7Z0JBQ25DLGdCQUFnQjtnQkFDaEIsZUFBZTtnQkFDZixpQ0FBaUM7Z0JBQ2pDLG9CQUFvQjtnQkFDcEIsZUFBZTtnQkFDZixTQUFTO2dCQUNULFlBQVk7Z0JBQ1osbUJBQW1CO2dCQUNuQixrQkFBa0I7Z0JBQ2xCLGFBQWE7Z0JBQ2Isb0JBQW9CO2dCQUNwQixlQUFlO2dCQUNmLE9BQU87Z0JBQ1AsTUFBTTthQUNQO1lBQ0QsS0FBSyxFQUFFO2dCQUNMLGdCQUFnQjtnQkFDaEIsY0FBYztnQkFDZCxtQkFBbUI7Z0JBQ25CLDBCQUEwQjtnQkFDMUIsYUFBYTtnQkFDYixvQkFBb0I7Z0JBQ3BCLGNBQWM7Z0JBQ2QsMEJBQTBCO2dCQUMxQixZQUFZO2dCQUNaLGFBQWE7Z0JBQ2Isb0JBQW9CO2dCQUNwQixvQ0FBb0M7Z0JBQ3BDLG1DQUFtQztnQkFDbkMsMEJBQTBCO2dCQUMxQixhQUFhO2dCQUNiLGVBQWU7Z0JBQ2YsZUFBZTtnQkFDZixlQUFlO2dCQUNmLG1DQUFtQztnQkFDbkMsU0FBUztnQkFDVCwyQkFBMkI7Z0JBQzNCLHdCQUF3QjtnQkFDeEIsMkJBQTJCO2dCQUMzQixtQkFBbUI7Z0JBQ25CLHlCQUF5QjtnQkFDekIsMkJBQTJCO2dCQUMzQixtQkFBbUI7Z0JBQ25CLDJCQUEyQjtnQkFDM0IsMEJBQTBCO2dCQUMxQixZQUFZO2dCQUNaLG1DQUFtQztnQkFDbkMsYUFBYTtnQkFDYiwrQkFBK0I7Z0JBQy9CLGtCQUFrQjthQUNuQjtZQUNELHdCQUF3QixFQUFFO2dCQUN4QixzQkFBc0I7Z0JBQ3RCLG1CQUFtQjtnQkFDbkIsa0JBQWtCO2FBQ25CO1lBQ0QsSUFBSSxFQUFFO2dCQUNKLGFBQWE7Z0JBQ2IseUJBQXlCO2dCQUN6QixhQUFhO2dCQUNiLGtCQUFrQjtnQkFDbEIsYUFBYTtnQkFDYixZQUFZO2FBQ2I7WUFDRCxPQUFPLEVBQUU7Z0JBQ1AsYUFBYTtnQkFDYixlQUFlO2FBQ2hCO1NBQ0YsQ0FBQztJQXgrQkYsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7T0FZRztJQUNJLGNBQWM7UUFDbkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLGdCQUFnQjtRQUNyQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7OztPQVlHO0lBQ0ksb0JBQW9CO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksbU