iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,345 lines • 156 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Imagebuilder = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [imagebuilder](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2imagebuilder.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Imagebuilder extends shared_1.PolicyStatement {
/**
* Statement provider for service [imagebuilder](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2imagebuilder.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'imagebuilder';
this.accessLevelList = {
Write: [
'CancelImageCreation',
'CancelLifecycleExecution',
'CreateComponent',
'CreateContainerRecipe',
'CreateDistributionConfiguration',
'CreateImage',
'CreateImagePipeline',
'CreateImageRecipe',
'CreateInfrastructureConfiguration',
'CreateLifecyclePolicy',
'CreateWorkflow',
'DeleteComponent',
'DeleteContainerRecipe',
'DeleteDistributionConfiguration',
'DeleteImage',
'DeleteImagePipeline',
'DeleteImageRecipe',
'DeleteInfrastructureConfiguration',
'DeleteLifecyclePolicy',
'DeleteWorkflow',
'DistributeImage',
'ImportComponent',
'ImportDiskImage',
'ImportVmImage',
'RetryImage',
'SendWorkflowStepAction',
'StartImagePipelineExecution',
'StartResourceStateUpdate',
'UpdateDistributionConfiguration',
'UpdateImagePipeline',
'UpdateInfrastructureConfiguration',
'UpdateLifecyclePolicy'
],
Read: [
'GetComponent',
'GetComponentPolicy',
'GetContainerRecipe',
'GetContainerRecipePolicy',
'GetDistributionConfiguration',
'GetImage',
'GetImagePipeline',
'GetImagePolicy',
'GetImageRecipe',
'GetImageRecipePolicy',
'GetInfrastructureConfiguration',
'GetLifecycleExecution',
'GetLifecyclePolicy',
'GetMarketplaceResource',
'GetWorkflow',
'GetWorkflowExecution',
'GetWorkflowStepExecution',
'ListTagsForResource'
],
List: [
'ListComponentBuildVersions',
'ListComponents',
'ListContainerRecipes',
'ListDistributionConfigurations',
'ListImageBuildVersions',
'ListImagePackages',
'ListImagePipelineImages',
'ListImagePipelines',
'ListImageRecipes',
'ListImageScanFindingAggregations',
'ListImageScanFindings',
'ListImages',
'ListInfrastructureConfigurations',
'ListLifecycleExecutionResources',
'ListLifecycleExecutions',
'ListLifecyclePolicies',
'ListWaitingWorkflowSteps',
'ListWorkflowBuildVersions',
'ListWorkflowExecutions',
'ListWorkflowStepExecutions',
'ListWorkflows'
],
'Permissions management': [
'PutComponentPolicy',
'PutContainerRecipePolicy',
'PutImagePolicy',
'PutImageRecipePolicy'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
/**
* Grants permission to cancel an image creation
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CancelImageCreation.html
*/
toCancelImageCreation() {
return this.to('CancelImageCreation');
}
/**
* Grants permission to cancel a lifecycle execution
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CancelLifecycleExecution.html
*/
toCancelLifecycleExecution() {
return this.to('CancelLifecycleExecution');
}
/**
* Grants permission to create a new component
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - imagebuilder:TagResource
* - kms:Encrypt
* - kms:GenerateDataKey
* - kms:GenerateDataKeyWithoutPlaintext
* - s3:GetObject
* - s3:ListBucket
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CreateComponent.html
*/
toCreateComponent() {
return this.to('CreateComponent');
}
/**
* Grants permission to create a new Container Recipe
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:DescribeImages
* - ecr:DescribeImages
* - ecr:DescribeRepositories
* - imagebuilder:GetComponent
* - imagebuilder:GetImage
* - imagebuilder:TagResource
* - kms:Encrypt
* - kms:GenerateDataKey
* - kms:GenerateDataKeyWithoutPlaintext
* - s3:GetObject
* - s3:ListBucket
* - ssm:GetParameter
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CreateContainerRecipe.html
*/
toCreateContainerRecipe() {
return this.to('CreateContainerRecipe');
}
/**
* Grants permission to create a new distribution configuration
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:CreateLaunchTemplateVersion
* - ec2:DescribeLaunchTemplates
* - ec2:ModifyLaunchTemplate
* - imagebuilder:TagResource
* - s3:ListBucket
* - ssm:GetParameter
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CreateDistributionConfiguration.html
*/
toCreateDistributionConfiguration() {
return this.to('CreateDistributionConfiguration');
}
/**
* Grants permission to create a new image
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ecr:BatchGetRepositoryScanningConfiguration
* - ecr:DescribeRepositories
* - iam:CreateServiceLinkedRole
* - iam:PassRole
* - imagebuilder:GetContainerRecipe
* - imagebuilder:GetDistributionConfiguration
* - imagebuilder:GetImageRecipe
* - imagebuilder:GetInfrastructureConfiguration
* - imagebuilder:GetWorkflow
* - imagebuilder:TagResource
* - inspector2:BatchGetAccountStatus
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CreateImage.html
*/
toCreateImage() {
return this.to('CreateImage');
}
/**
* Grants permission to create a new image pipeline
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ecr:BatchGetRepositoryScanningConfiguration
* - ecr:DescribeRepositories
* - iam:CreateServiceLinkedRole
* - iam:PassRole
* - imagebuilder:GetContainerRecipe
* - imagebuilder:GetDistributionConfiguration
* - imagebuilder:GetImageRecipe
* - imagebuilder:GetInfrastructureConfiguration
* - imagebuilder:GetWorkflow
* - imagebuilder:TagResource
* - inspector2:BatchGetAccountStatus
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CreateImagePipeline.html
*/
toCreateImagePipeline() {
return this.to('CreateImagePipeline');
}
/**
* Grants permission to create a new Image Recipe
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:DescribeImages
* - imagebuilder:GetComponent
* - imagebuilder:GetImage
* - imagebuilder:TagResource
* - ssm:GetParameter
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CreateImageRecipe.html
*/
toCreateImageRecipe() {
return this.to('CreateImageRecipe');
}
/**
* Grants permission to create a new infrastructure configuration
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifCreatedResourceTagKeys()
* - .ifCreatedResourceTag()
* - .ifEc2MetadataHttpTokens()
* - .ifStatusTopicArn()
*
* Dependent actions:
* - ec2:DescribeAvailabilityZones
* - ec2:DescribeHosts
* - iam:PassRole
* - imagebuilder:TagResource
* - resource-groups:GetGroup
* - sns:Publish
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CreateInfrastructureConfiguration.html
*/
toCreateInfrastructureConfiguration() {
return this.to('CreateInfrastructureConfiguration');
}
/**
* Grants permission to create a new lifecycle policy
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifLifecyclePolicyResourceType()
*
* Dependent actions:
* - iam:PassRole
* - imagebuilder:TagResource
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CreateLifecyclePolicy.html
*/
toCreateLifecyclePolicy() {
return this.to('CreateLifecyclePolicy');
}
/**
* Grants permission to create a new workflow
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - imagebuilder:TagResource
* - kms:Encrypt
* - kms:GenerateDataKey
* - kms:GenerateDataKeyWithoutPlaintext
* - s3:GetObject
* - s3:ListBucket
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CreateWorkflow.html
*/
toCreateWorkflow() {
return this.to('CreateWorkflow');
}
/**
* Grants permission to delete a component
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_DeleteComponent.html
*/
toDeleteComponent() {
return this.to('DeleteComponent');
}
/**
* Grants permission to delete a container recipe
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_DeleteContainerRecipe.html
*/
toDeleteContainerRecipe() {
return this.to('DeleteContainerRecipe');
}
/**
* Grants permission to delete a distribution configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_DeleteDistributionConfiguration.html
*/
toDeleteDistributionConfiguration() {
return this.to('DeleteDistributionConfiguration');
}
/**
* Grants permission to delete an image
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_DeleteImage.html
*/
toDeleteImage() {
return this.to('DeleteImage');
}
/**
* Grants permission to delete an image pipeline
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_DeleteImagePipeline.html
*/
toDeleteImagePipeline() {
return this.to('DeleteImagePipeline');
}
/**
* Grants permission to delete an image recipe
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_DeleteImageRecipe.html
*/
toDeleteImageRecipe() {
return this.to('DeleteImageRecipe');
}
/**
* Grants permission to delete an infrastructure configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_DeleteInfrastructureConfiguration.html
*/
toDeleteInfrastructureConfiguration() {
return this.to('DeleteInfrastructureConfiguration');
}
/**
* Grants permission to delete a lifecycle policy
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_DeleteLifecyclePolicy.html
*/
toDeleteLifecyclePolicy() {
return this.to('DeleteLifecyclePolicy');
}
/**
* Grants permission to delete a workflow
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_DeleteWorkflow.html
*/
toDeleteWorkflow() {
return this.to('DeleteWorkflow');
}
/**
* Grants permission to distribute an image
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:DescribeImages
* - iam:PassRole
* - imagebuilder:GetDistributionConfiguration
* - imagebuilder:GetImage
* - imagebuilder:TagResource
* - ssm:GetParameter
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_DistributeImage.html
*/
toDistributeImage() {
return this.to('DistributeImage');
}
/**
* Grants permission to view details about a component
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetComponent.html
*/
toGetComponent() {
return this.to('GetComponent');
}
/**
* Grants permission to view the resource policy associated with a component
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetComponentPolicy.html
*/
toGetComponentPolicy() {
return this.to('GetComponentPolicy');
}
/**
* Grants permission to view details about a container recipe
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetContainerRecipe.html
*/
toGetContainerRecipe() {
return this.to('GetContainerRecipe');
}
/**
* Grants permission to view the resource policy associated with a container recipe
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetContainerRecipePolicy.html
*/
toGetContainerRecipePolicy() {
return this.to('GetContainerRecipePolicy');
}
/**
* Grants permission to view details about a distribution configuration
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetDistributionConfiguration.html
*/
toGetDistributionConfiguration() {
return this.to('GetDistributionConfiguration');
}
/**
* Grants permission to view details about an image
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetImage.html
*/
toGetImage() {
return this.to('GetImage');
}
/**
* Grants permission to view details about an image pipeline
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetImagePipeline.html
*/
toGetImagePipeline() {
return this.to('GetImagePipeline');
}
/**
* Grants permission to view the resource policy associated with an image
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetImagePolicy.html
*/
toGetImagePolicy() {
return this.to('GetImagePolicy');
}
/**
* Grants permission to view details about an image recipe
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetImageRecipe.html
*/
toGetImageRecipe() {
return this.to('GetImageRecipe');
}
/**
* Grants permission to view the resource policy associated with an image recipe
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetImageRecipePolicy.html
*/
toGetImageRecipePolicy() {
return this.to('GetImageRecipePolicy');
}
/**
* Grants permission to view details about an infrastructure configuration
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetInfrastructureConfiguration.html
*/
toGetInfrastructureConfiguration() {
return this.to('GetInfrastructureConfiguration');
}
/**
* Grants permission to view details about a lifecycle execution
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetLifecycleExecution.html
*/
toGetLifecycleExecution() {
return this.to('GetLifecycleExecution');
}
/**
* Grants permission to view details about a lifecycle policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetLifecyclePolicy.html
*/
toGetLifecyclePolicy() {
return this.to('GetLifecyclePolicy');
}
/**
* Grants permission to retrieve Marketplace provided resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetMarketplaceResource.html
*/
toGetMarketplaceResource() {
return this.to('GetMarketplaceResource');
}
/**
* Grants permission to view details about a workflow
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetWorkflow.html
*/
toGetWorkflow() {
return this.to('GetWorkflow');
}
/**
* Grants permission to view details about a workflow execution
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetWorkflowExecution.html
*/
toGetWorkflowExecution() {
return this.to('GetWorkflowExecution');
}
/**
* Grants permission to view details about a workflow step execution
*
* Access Level: Read
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetWorkflowStepExecution.html
*/
toGetWorkflowStepExecution() {
return this.to('GetWorkflowStepExecution');
}
/**
* Grants permission to import a new component
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - imagebuilder:TagResource
* - kms:Encrypt
* - kms:GenerateDataKey
* - kms:GenerateDataKeyWithoutPlaintext
* - s3:GetObject
* - s3:ListBucket
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ImportComponent.html
*/
toImportComponent() {
return this.to('ImportComponent');
}
/**
* Grants permission to import a disk image
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
* - iam:PassRole
* - imagebuilder:GetInfrastructureConfiguration
* - imagebuilder:GetWorkflow
* - imagebuilder:TagResource
* - s3:GetObject
* - s3:ListBucket
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ImportDiskImage.html
*/
toImportDiskImage() {
return this.to('ImportDiskImage');
}
/**
* Grants permission to import an image
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - ec2:DescribeImages
* - ec2:DescribeImportImageTasks
* - iam:CreateServiceLinkedRole
* - imagebuilder:TagResource
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ImportVmImage.html
*/
toImportVmImage() {
return this.to('ImportVmImage');
}
/**
* Grants permission to list the component build versions in your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListComponentBuildVersions.html
*/
toListComponentBuildVersions() {
return this.to('ListComponentBuildVersions');
}
/**
* Grants permission to list the component versions owned by or shared with your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListComponents.html
*/
toListComponents() {
return this.to('ListComponents');
}
/**
* Grants permission to list the container recipes owned by or shared with your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListContainerRecipes.html
*/
toListContainerRecipes() {
return this.to('ListContainerRecipes');
}
/**
* Grants permission to list the distribution configurations in your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListDistributionConfigurations.html
*/
toListDistributionConfigurations() {
return this.to('ListDistributionConfigurations');
}
/**
* Grants permission to list the image build versions in your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImageBuildVersions.html
*/
toListImageBuildVersions() {
return this.to('ListImageBuildVersions');
}
/**
* Grants permission to return a list of packages installed on the specified image
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImagePackages.html
*/
toListImagePackages() {
return this.to('ListImagePackages');
}
/**
* Grants permission to return a list of images created by the specified pipeline
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImagePipelineImages.html
*/
toListImagePipelineImages() {
return this.to('ListImagePipelineImages');
}
/**
* Grants permission to list the image pipelines in your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImagePipelines.html
*/
toListImagePipelines() {
return this.to('ListImagePipelines');
}
/**
* Grants permission to list the image recipes owned by or shared with your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImageRecipes.html
*/
toListImageRecipes() {
return this.to('ListImageRecipes');
}
/**
* Grants permission to list aggregations on the image scan findings in your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImageScanFindingAggregations.html
*/
toListImageScanFindingAggregations() {
return this.to('ListImageScanFindingAggregations');
}
/**
* Grants permission to list the image scan findings for the images in your account
*
* Access Level: List
*
* Dependent actions:
* - inspector2:ListFindings
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImageScanFindings.html
*/
toListImageScanFindings() {
return this.to('ListImageScanFindings');
}
/**
* Grants permission to list the image versions owned by or shared with your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImages.html
*/
toListImages() {
return this.to('ListImages');
}
/**
* Grants permission to list the infrastructure configurations in your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListInfrastructureConfigurations.html
*/
toListInfrastructureConfigurations() {
return this.to('ListInfrastructureConfigurations');
}
/**
* Grants permission to list resources for the specified lifecycle execution
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListLifecycleExecutionResources.html
*/
toListLifecycleExecutionResources() {
return this.to('ListLifecycleExecutionResources');
}
/**
* Grants permission to list lifecycle executions for the specified resource
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListLifecycleExecutions.html
*/
toListLifecycleExecutions() {
return this.to('ListLifecycleExecutions');
}
/**
* Grants permission to list the lifecycle policies in your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListLifecyclePolicies.html
*/
toListLifecyclePolicies() {
return this.to('ListLifecyclePolicies');
}
/**
* Grants permission to list tags for an Image Builder resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to list waiting workflow steps for the caller account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListWaitingWorkflowSteps.html
*/
toListWaitingWorkflowSteps() {
return this.to('ListWaitingWorkflowSteps');
}
/**
* Grants permission to list the workflow build versions in your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListWorkflowBuildVersions.html
*/
toListWorkflowBuildVersions() {
return this.to('ListWorkflowBuildVersions');
}
/**
* Grants permission to list workflow executions for the specified image
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListWorkflowExecutions.html
*/
toListWorkflowExecutions() {
return this.to('ListWorkflowExecutions');
}
/**
* Grants permission to list workflow step executions for the specified workflow
*
* Access Level: List
*
* Dependent actions:
* - kms:Decrypt
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListWorkflowStepExecutions.html
*/
toListWorkflowStepExecutions() {
return this.to('ListWorkflowStepExecutions');
}
/**
* Grants permission to list the workflow versions owned by or shared with your account
*
* Access Level: List
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListWorkflows.html
*/
toListWorkflows() {
return this.to('ListWorkflows');
}
/**
* Grants permission to set the resource policy associated with a component
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_PutComponentPolicy.html
*/
toPutComponentPolicy() {
return this.to('PutComponentPolicy');
}
/**
* Grants permission to set the resource policy associated with a container recipe
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_PutContainerRecipePolicy.html
*/
toPutContainerRecipePolicy() {
return this.to('PutContainerRecipePolicy');
}
/**
* Grants permission to set the resource policy associated with an image
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_PutImagePolicy.html
*/
toPutImagePolicy() {
return this.to('PutImagePolicy');
}
/**
* Grants permission to set the resource policy associated with an image recipe
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_PutImageRecipePolicy.html
*/
toPutImageRecipePolicy() {
return this.to('PutImageRecipePolicy');
}
/**
* Grants permission to retry an image creation
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_RetryImage.html
*/
toRetryImage() {
return this.to('RetryImage');
}
/**
* Grants permission to send an action to a workflow step
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_SendWorkflowStepAction.html
*/
toSendWorkflowStepAction() {
return this.to('SendWorkflowStepAction');
}
/**
* Grants permission to create a new image from a pipeline
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
* - imagebuilder:GetImagePipeline
* - imagebuilder:TagResource
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_StartImagePipelineExecution.html
*/
toStartImagePipelineExecution() {
return this.to('StartImagePipelineExecution');
}
/**
* Grants permission to start a state update for the specified resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_StartResourceStateUpdate.html
*/
toStartResourceStateUpdate() {
return this.to('StartResourceStateUpdate');
}
/**
* Grants permission to tag an Image Builder resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to untag an Image Builder resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update an existing distribution configuration
*
* Access Level: Write
*
* Dependent actions:
* - ec2:CreateLaunchTemplateVersion
* - ec2:DescribeLaunchTemplates
* - ec2:ModifyLaunchTemplate
* - s3:ListBucket
* - ssm:GetParameter
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_UpdateDistributionConfiguration.html
*/
toUpdateDistributionConfiguration() {
return this.to('UpdateDistributionConfiguration');
}
/**
* Grants permission to update an existing image pipeline
*
* Access Level: Write
*
* Dependent actions:
* - ecr:BatchGetRepositoryScanningConfiguration
* - ecr:DescribeRepositories
* - iam:CreateServiceLinkedRole
* - iam:PassRole
* - imagebuilder:GetContainerRecipe
* - imagebuilder:GetDistributionConfiguration
* - imagebuilder:GetImageRecipe
* - imagebuilder:GetInfrastructureConfiguration
* - imagebuilder:GetWorkflow
* - inspector2:BatchGetAccountStatus
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_UpdateImagePipeline.html
*/
toUpdateImagePipeline() {
return this.to('UpdateImagePipeline');
}
/**
* Grants permission to update an existing infrastructure configuration
*
* Access Level: Write
*
* Possible conditions:
* - .ifCreatedResourceTagKeys()
* - .ifCreatedResourceTag()
* - .ifEc2MetadataHttpTokens()
* - .ifStatusTopicArn()
*
* Dependent actions:
* - ec2:DescribeAvailabilityZones
* - ec2:DescribeHosts
* - iam:PassRole
* - resource-groups:GetGroup
* - sns:Publish
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_UpdateInfrastructureConfiguration.html
*/
toUpdateInfrastructureConfiguration() {
return this.to('UpdateInfrastructureConfiguration');
}
/**
* Grants permission to update an existing lifecycle policy
*
* Access Level: Write
*
* Possible conditions:
* - .ifLifecyclePolicyResourceType()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_UpdateLifecyclePolicy.html
*/
toUpdateLifecyclePolicy() {
return this.to('UpdateLifecyclePolicy');
}
/**
* Adds a resource of type component to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_Component.html
*
* @param componentName - Identifier for the componentName.
* @param componentVersion - Identifier for the componentVersion.
* @param componentBuildVersion - Identifier for the componentBuildVersion.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onComponent(componentName, componentVersion, componentBuildVersion, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:component/${componentName}/${componentVersion}/${componentBuildVersion}`);
}
/**
* Adds a resource of type distributionConfiguration to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_DistributionConfiguration.html
*
* @param distributionConfigurationName - Identifier for the distributionConfigurationName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDistributionConfiguration(distributionConfigurationName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:distribution-configuration/${distributionConfigurationName}`);
}
/**
* Adds a resource of type image to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_Image.html
*
* @param imageName - Identifier for the imageName.
* @param imageVersion - Identifier for the imageVersion.
* @param imageBuildVersion - Identifier for the imageBuildVersion.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onImage(imageName, imageVersion, imageBuildVersion, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:image/${imageName}/${imageVersion}/${imageBuildVersion}`);
}
/**
* Adds a resource of type imageVersion to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ImageVersion.html
*
* @param imageName - Identifier for the imageName.
* @param imageVersion - Identifier for the imageVersion.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onImageVersion(imageName, imageVersion, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:image/${imageName}/${imageVersion}`);
}
/**
* Adds a resource of type imageRecipe to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ImageRecipe.html
*
* @param imageRecipeName - Identifier for the imageRecipeName.
* @param imageRecipeVersion - Identifier for the imageRecipeVersion.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onImageRecipe(imageRecipeName, imageRecipeVersion, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:image-recipe/${imageRecipeName}/${imageRecipeVersion}`);
}
/**
* Adds a resource of type containerRecipe to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ContainerRecipe.html
*
* @param containerRecipeName - Identifier for the containerRecipeName.
* @param containerRecipeVersion - Identifier for the containerRecipeVersion.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onContainerRecipe(containerRecipeName, containerRecipeVersion, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:container-recipe/${containerRecipeName}/${containerRecipeVersion}`);
}
/**
* Adds a resource of type imagePipeline to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ImagePipeline.html
*
* @param imagePipelineName - Identifier for the imagePipelineName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onImagePipeline(imagePipelineName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:image-pipeline/${imagePipelineName}`);
}
/**
* Adds a resource of type infrastructureConfiguration to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_InfrastructureConfiguration.html
*
* @param resourceId - Identifier for the resourceId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onInfrastructureConfiguration(resourceId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:infrastructure-configuration/${resourceId}`);
}
/**
* Adds a resource of type lifecycleExecution to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_LifecycleExecution.html
*
* @param lifecycleExecutionId - Identifier for the lifecycleExecutionId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onLifecycleExecution(lifecycleExecutionId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:lifecycle-execution/${lifecycleExecutionId}`);
}
/**
* Adds a resource of type lifecyclePolicy to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_LifecyclePolicy.html
*
* @param lifecyclePolicyName - Identifier for the lifecyclePolicyName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onLifecyclePolicy(lifecyclePolicyName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:lifecycle-policy/${lifecyclePolicyName}`);
}
/**
* Adds a resource of type workflow to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_Workflow.html
*
* @param workflowType - Identifier for the workflowType.
* @param workflowName - Identifier for the workflowName.
* @param workflowVersion - Identifier for the workflowVersion.
* @param workflowBuildVersion - Identifier for the workflowBuildVersion.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onWorkflow(workflowType, workflowName, workflowVersion, workflowBuildVersion, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:workflow/${workflowType}/${workflowName}/${workflowVersion}/${workflowBuildVersion}`);
}
/**
* Adds a resource of type workflowExecution to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_WorkflowExecutionMetadata.html
*
* @param workflowExecutionId - Identifier for the workflowExecutionId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onWorkflowExecution(workflowExecutionId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:workflow-execution/${workflowExecutionId}`);
}
/**
* Adds a resource of type workflowStepExecution to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_WorkflowStepMetadata.html
*
* @param workflowStepExecutionId - Identifier for the workflowStepExecutionId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onWorkflowStepExecution(workflowStepExecutionId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:workflow-step-execution/${workflowStepExecutionId}`);
}
/**
* Adds a resource of type allComponentBuildVersions to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_Component.html
*
* @param componentName - Identifier for the componentName.
* @param componentVersion - Identifier for the componentVersion.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onAllComponentBuildVersions(componentName, componentVersion, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:imagebuilder:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:component/${componentName}/${componentVersion}/*`);
}
/**
* Adds a resource of type allImageBuildVersions to the statement
*
* https://docs.aws.amazon.com/imagebuilder/latest/APIR