iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; /** * Statement provider for service [eks](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelastickubernetesservice.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Eks extends PolicyStatement { servicePrefix: string; /** * Statement provider for service [eks](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelastickubernetesservice.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ constructor(sid?: string); /** * Grants permission to view Kubernetes objects via AWS EKS console * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/userguide/view-workloads.html */ toAccessKubernetesApi(): this; /** * Grants permission to associate an Amazon EKS access policy to an Amazon EKS access entry * * Access Level: Write * * Possible conditions: * - .ifPolicyArn() * - .ifNamespaces() * - .ifAccessScope() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_AssociateAccessPolicy.html */ toAssociateAccessPolicy(): this; /** * Grants permission to associate encryption configuration to a cluster * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_AssociateEncryptionConfig.html */ toAssociateEncryptionConfig(): this; /** * Grants permission to associate an identity provider configuration to a cluster * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifClientId() * - .ifIssuerUrl() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_AssociateIdentityProviderConfig.html */ toAssociateIdentityProviderConfig(): this; /** * Grants permission to create an Amazon EKS access entry * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifPrincipalArn() * - .ifKubernetesGroups() * - .ifUsername() * - .ifAccessEntryType() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateAccessEntry.html */ toCreateAccessEntry(): this; /** * Grants permission to create an Amazon EKS add-on * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateAddon.html */ toCreateAddon(): this; /** * Grants permission to create a capability for an Amazon EKS cluster * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateCapability.html */ toCreateCapability(): this; /** * Grants permission to create an Amazon EKS cluster * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifBootstrapClusterCreatorAdminPermissions() * - .ifBootstrapSelfManagedAddons() * - .ifAuthenticationMode() * - .ifSupportType() * - .ifComputeConfigEnabled() * - .ifElasticLoadBalancingEnabled() * - .ifBlockStorageEnabled() * - .ifLoggingType() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateCluster.html */ toCreateCluster(): this; /** * Grants permission to create an EKS Anywhere subscription * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateEksAnywhereSubscription.html */ toCreateEksAnywhereSubscription(): this; /** * Grants permission to create an AWS Fargate profile * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateFargateProfile.html */ toCreateFargateProfile(): this; /** * Grants permission to create an Amazon EKS Nodegroup * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateNodegroup.html */ toCreateNodegroup(): this; /** * Grants permission to create an EKS Pod Identity association * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_CreatePodIdentityAssociation.html */ toCreatePodIdentityAssociation(): this; /** * Grants permission to delete an Amazon EKS access entry * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteAccessEntry.html */ toDeleteAccessEntry(): this; /** * Grants permission to delete an Amazon EKS add-on * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteAddon.html */ toDeleteAddon(): this; /** * Grants permission to delete a capability from an Amazon EKS cluster * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteCapability.html */ toDeleteCapability(): this; /** * Grants permission to delete an Amazon EKS cluster * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteCluster.html */ toDeleteCluster(): this; /** * Grants permission to describe an EKS Anywhere subscription * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteEksAnywhereSubscription.html */ toDeleteEksAnywhereSubscription(): this; /** * Grants permission to delete an AWS Fargate profile * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteFargateProfile.html */ toDeleteFargateProfile(): this; /** * Grants permission to delete an Amazon EKS Nodegroup * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteNodegroup.html */ toDeleteNodegroup(): this; /** * Grants permission to delete an EKS Pod Identity association * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DeletePodIdentityAssociation.html */ toDeletePodIdentityAssociation(): this; /** * Grants permission to deregister an External cluster * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DeregisterCluster.html */ toDeregisterCluster(): this; /** * Grants permission to describe an Amazon EKS access entry * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAccessEntry.html */ toDescribeAccessEntry(): this; /** * Grants permission to retrieve descriptive information about an Amazon EKS add-on * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddon.html */ toDescribeAddon(): this; /** * Grants permission to list configuration options about an Amazon EKS add-on * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonConfiguration.html */ toDescribeAddonConfiguration(): this; /** * Grants permission to retrieve descriptive version information about the add-ons that Amazon EKS Add-ons supports * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html */ toDescribeAddonVersions(): this; /** * Grants permission to describe a capability for an Amazon EKS cluster * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeCapability.html */ toDescribeCapability(): this; /** * Grants permission to retrieve descriptive information about an Amazon EKS cluster * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeCluster.html */ toDescribeCluster(): this; /** * Grants permission to retrieve descriptive information about Kubernetes versions that Amazon EKS clusters support * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeClusterVersions.html */ toDescribeClusterVersions(): this; /** * Grants permission to describe an EKS Anywhere subscription * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeEksAnywhereSubscription.html */ toDescribeEksAnywhereSubscription(): this; /** * Grants permission to retrieve descriptive information about an AWS Fargate profile associated with a cluster * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeFargateProfile.html */ toDescribeFargateProfile(): this; /** * Grants permission to retrieve descriptive information about an Idp config associated with a cluster * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeIdentityProviderConfig.html */ toDescribeIdentityProviderConfig(): this; /** * Grants permission to retrieve descriptive information of a detected insight for a specified cluster * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeInsight.html */ toDescribeInsight(): this; /** * Grants permission to retrieve the status of the latest on-demand cluster insights refresh operation * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeInsightsRefresh.html */ toDescribeInsightsRefresh(): this; /** * Grants permission to retrieve descriptive information about an Amazon EKS nodegroup * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeNodegroup.html */ toDescribeNodegroup(): this; /** * Grants permission to describe an EKS Pod Identity association * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribePodIdentityAssociation.html */ toDescribePodIdentityAssociation(): this; /** * Grants permission to retrieve a given update for a given Amazon EKS cluster/nodegroup/add-on (in the specified or default region) * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeUpdate.html */ toDescribeUpdate(): this; /** * Grants permission to disassociate an Amazon EKS access policy from an Amazon EKS acces entry * * Access Level: Write * * Possible conditions: * - .ifPolicyArn() * - .ifNamespaces() * - .ifAccessScope() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DisassociateAccessPolicy.html */ toDisassociateAccessPolicy(): this; /** * Grants permission to delete an asssociated Idp config * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_DisassociateIdentityProviderConfig.html */ toDisassociateIdentityProviderConfig(): this; /** * Grants permission to list all Amazon EKS access entries * * Access Level: List * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListAccessEntries.html */ toListAccessEntries(): this; /** * Grants permission to list Amazon EKS access policies * * Access Level: List * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListAccessPolicies.html */ toListAccessPolicies(): this; /** * Grants permission to list the Amazon EKS add-ons in your AWS account (in the specified or default region) for a given cluster * * Access Level: List * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListAddons.html */ toListAddons(): this; /** * Grants permission to list associated access policy on and Amazon EKS access entry * * Access Level: List * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListAssociatedAccessPolicies.html */ toListAssociatedAccessPolicies(): this; /** * Grants permission to list capabilities for an Amazon EKS cluster * * Access Level: List * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListCapabilities.html */ toListCapabilities(): this; /** * Grants permission to list the Amazon EKS clusters in your AWS account (in the specified or default region) * * Access Level: List * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListClusters.html */ toListClusters(): this; /** * Grants permission to list dashboard data. The Amazon EKS Dashboard aggregates information about cluster resources across multiple accounts and regions. The dashboard includes information about EC2 Instances and EKS Cluster versions * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListDashboardData.html */ toListDashboardData(): this; /** * Grants permission to list dashboard resources. The Amazon EKS Dashboard aggregates information about cluster resources across multiple accounts and regions. The dashboard includes information about EC2 Instances and EKS Cluster versions * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListDashboardResources.html */ toListDashboardResources(): this; /** * Grants permission to list EKS Anywhere subscriptions * * Access Level: List * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListEksAnywhereSubscriptions.html */ toListEksAnywhereSubscriptions(): this; /** * Grants permission to list the AWS Fargate profiles in your AWS account (in the specified or default region) associated with a given cluster * * Access Level: List * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListFargateProfiles.html */ toListFargateProfiles(): this; /** * Grants permission to list the Idp configs in your AWS account (in the specified or default region) associated with a given cluster * * Access Level: List * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListIdentityProviderConfigs.html */ toListIdentityProviderConfigs(): this; /** * Grants permission to list all detected insights for a specified cluster * * Access Level: List * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListInsights.html */ toListInsights(): this; /** * Grants permission to list the Amazon EKS nodegroups in your AWS account (in the specified or default region) attached to given cluster * * Access Level: List * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListNodegroups.html */ toListNodegroups(): this; /** * Grants permission to list EKS Pod Identity associations * * Access Level: List * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListPodIdentityAssociations.html */ toListPodIdentityAssociations(): this; /** * Grants permission to list tags for the specified resource * * Access Level: Read * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to list the updates for a given Amazon EKS cluster/nodegroup/add-on (in the specified or default region) * * Access Level: List * * https://docs.aws.amazon.com/eks/latest/APIReference/API_ListUpdates.html */ toListUpdates(): this; /** * Grants permission to modify Kubernetes objects via AWS console * * Access Level: Write * * Dependent actions: * - eks:AccessKubernetesApi * * https://docs.aws.amazon.com/eks/latest/userguide/mutate-workloads.html */ toMutateViaKubernetesApi(): this; /** * Grants permission to register an External cluster * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_RegisterCluster.html */ toRegisterCluster(): this; /** * Grants permission to initiate an on-demand refresh operation for cluster insights, getting the latest analysis outside of the standard refresh schedule * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_StartInsightsRefresh.html */ toStartInsightsRefresh(): this; /** * Grants permission to tag the specified resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to untag the specified resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update an Amazon EKS access entry * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAccessEntry.html */ toUpdateAccessEntry(): this; /** * Grants permission to update Amazon EKS add-on configurations, such as the VPC-CNI version * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html */ toUpdateAddon(): this; /** * Grants permission to update a capability for an Amazon EKS cluster * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateCapability.html */ toUpdateCapability(): this; /** * Grants permission to update Amazon EKS cluster configurations (eg: API server endpoint access) * * Access Level: Write * * Possible conditions: * - .ifAuthenticationMode() * - .ifSupportType() * - .ifComputeConfigEnabled() * - .ifElasticLoadBalancingEnabled() * - .ifBlockStorageEnabled() * - .ifLoggingType() * * https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateClusterConfig.html */ toUpdateClusterConfig(): this; /** * Grants permission to update the Kubernetes version of an Amazon EKS cluster * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateClusterVersion.html */ toUpdateClusterVersion(): this; /** * Grants permission to update an EKS Anywhere subscription * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateEksAnywhereSubscription.html */ toUpdateEksAnywhereSubscription(): this; /** * Grants permission to update Amazon EKS nodegroup configurations (eg: min/max/desired capacity or labels) * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateNodegroupConfig.html */ toUpdateNodegroupConfig(): this; /** * Grants permission to update the Kubernetes version of an Amazon EKS nodegroup * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateNodegroupVersion.html */ toUpdateNodegroupVersion(): this; /** * Grants permission to update an EKS Pod Identity association * * Access Level: Write * * https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdatePodIdentityAssociation.html */ toUpdatePodIdentityAssociation(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type cluster to the statement * * https://docs.aws.amazon.com/eks/latest/userguide/clusters.html * * @param clusterName - Identifier for the clusterName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCluster(clusterName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type nodegroup to the statement * * https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html * * @param clusterName - Identifier for the clusterName. * @param nodegroupName - Identifier for the nodegroupName. * @param uUID - Identifier for the uUID. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onNodegroup(clusterName: string, nodegroupName: string, uUID: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type addon to the statement * * https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html * * @param clusterName - Identifier for the clusterName. * @param addonName - Identifier for the addonName. * @param uUID - Identifier for the uUID. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAddon(clusterName: string, addonName: string, uUID: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type fargateprofile to the statement * * https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html * * @param clusterName - Identifier for the clusterName. * @param fargateProfileName - Identifier for the fargateProfileName. * @param uUID - Identifier for the uUID. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFargateprofile(clusterName: string, fargateProfileName: string, uUID: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type identityproviderconfig to the statement * * https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html * * @param clusterName - Identifier for the clusterName. * @param identityProviderType - Identifier for the identityProviderType. * @param identityProviderConfigName - Identifier for the identityProviderConfigName. * @param uUID - Identifier for the uUID. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onIdentityproviderconfig(clusterName: string, identityProviderType: string, identityProviderConfigName: string, uUID: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type eks-anywhere-subscription to the statement * * https://anywhere.eks.amazonaws.com/docs/clustermgmt/support/cluster-license/ * * @param uUID - Identifier for the uUID. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onEksAnywhereSubscription(uUID: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type podidentityassociation to the statement * * https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html * * @param clusterName - Identifier for the clusterName. * @param uUID - Identifier for the uUID. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onPodidentityassociation(clusterName: string, uUID: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type access-entry to the statement * * https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html * * @param clusterName - Identifier for the clusterName. * @param iamIdentityType - Identifier for the iamIdentityType. * @param iamIdentityAccountID - Identifier for the iamIdentityAccountID. * @param iamIdentityName - Identifier for the iamIdentityName. * @param uUID - Identifier for the uUID. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() * - .ifAccessEntryType() * - .ifClusterName() * - .ifKubernetesGroups() * - .ifPrincipalArn() * - .ifUsername() */ onAccessEntry(clusterName: string, iamIdentityType: string, iamIdentityAccountID: string, iamIdentityName: string, uUID: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type access-policy to the statement * * https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html * * @param accessPolicyName - Identifier for the accessPolicyName. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onAccessPolicy(accessPolicyName: string, partition?: string): this; /** * Adds a resource of type dashboard to the statement * * https://docs.aws.amazon.com/eks/latest/userguide/cluster-dashboard.html * * @param dashboardName - Identifier for the dashboardName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDashboard(dashboardName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type capability to the statement * * https://docs.aws.amazon.com/eks/latest/userguide/capabilities.html * * @param clusterName - Identifier for the clusterName. * @param capabilityType - Identifier for the capabilityType. * @param capabilityName - Identifier for the capabilityName. * @param uUID - Identifier for the uUID. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCapability(clusterName: string, capabilityType: string, capabilityName: string, uUID: string, account?: string, region?: string, partition?: string): this; /** * Filters access by a key that is present in the request the user makes to the EKS service * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags * * Applies to actions: * - .toAssociateIdentityProviderConfig() * - .toCreateAccessEntry() * - .toCreateAddon() * - .toCreateCapability() * - .toCreateCluster() * - .toCreateEksAnywhereSubscription() * - .toCreateFargateProfile() * - .toCreateNodegroup() * - .toCreatePodIdentityAssociation() * - .toRegisterCluster() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by a tag key and value pair * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags * * Applies to resource types: * - cluster * - nodegroup * - addon * - fargateprofile * - identityproviderconfig * - eks-anywhere-subscription * - podidentityassociation * - access-entry * - dashboard * - capability * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the list of all the tag key names present in the request the user makes to the EKS service * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags * * Applies to actions: * - .toAssociateIdentityProviderConfig() * - .toCreateAccessEntry() * - .toCreateAddon() * - .toCreateCapability() * - .toCreateCluster() * - .toCreateEksAnywhereSubscription() * - .toCreateFargateProfile() * - .toCreateNodegroup() * - .toCreatePodIdentityAssociation() * - .toRegisterCluster() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by the access entry type present in the access entry requests the user makes to the EKS service * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toCreateAccessEntry() * * Applies to resource types: * - access-entry * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAccessEntryType(value: string | string[], operator?: Operator | string): this; /** * Filters access by the accessScope present in the associate / disassociate access policy requests the user makes to the EKS service * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toAssociateAccessPolicy() * - .toDisassociateAccessPolicy() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAccessScope(value: string | string[], operator?: Operator | string): this; /** * Filters access by the authenticationMode present in the create / update cluster request * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toCreateCluster() * - .toUpdateClusterConfig() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAuthenticationMode(value: string | string[], operator?: Operator | string): this; /** * Filters access by the block storage enabled parameter in the create / update cluster request * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toCreateCluster() * - .toUpdateClusterConfig() * * @param value `true` or `false`. **Default:** `true` */ ifBlockStorageEnabled(value?: boolean): this; /** * Filters access by the bootstrapClusterCreatorAdminPermissions present in the create cluster request * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toCreateCluster() * * @param value `true` or `false`. **Default:** `true` */ ifBootstrapClusterCreatorAdminPermissions(value?: boolean): this; /** * Filters access by the bootstrapSelfManagedAddons present in the create cluster request * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toCreateCluster() * * @param value `true` or `false`. **Default:** `true` */ ifBootstrapSelfManagedAddons(value?: boolean): this; /** * Filters access by the clientId present in the associateIdentityProviderConfig request the user makes to the EKS service * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toAssociateIdentityProviderConfig() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifClientId(value: string | string[], operator?: Operator | string): this; /** * Filters access by the clusterName present in the access entry requests the user makes to the EKS service * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to resource types: * - access-entry * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifClusterName(value: string | string[], operator?: Operator | string): this; /** * Filters access by the compute config enabled parameter in the create / update cluster request * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toCreateCluster() * - .toUpdateClusterConfig() * * @param value `true` or `false`. **Default:** `true` */ ifComputeConfigEnabled(value?: boolean): this; /** * Filters access by the elastic load balancing enabled parameter in the create / update cluster request * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toCreateCluster() * - .toUpdateClusterConfig() * * @param value `true` or `false`. **Default:** `true` */ ifElasticLoadBalancingEnabled(value?: boolean): this; /** * Filters access by the issuerUrl present in the associateIdentityProviderConfig request the user makes to the EKS service * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toAssociateIdentityProviderConfig() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifIssuerUrl(value: string | string[], operator?: Operator | string): this; /** * Filters access by the kubernetesGroups present in the access entry requests the user makes to the EKS service * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toCreateAccessEntry() * * Applies to resource types: * - access-entry * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifKubernetesGroups(value: string | string[], operator?: Operator | string): this; /** * Filters access by the cluster logging enabled and type parameter in the create / update cluster request * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toCreateCluster() * - .toUpdateClusterConfig() * * @param type The tag key to check * @param value `true` or `false`. **Default:** `true` */ ifLoggingType(type: string, value?: boolean): this; /** * Filters access by the namespaces present in the associate / disassociate access policy requests the user makes to the EKS service * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toAssociateAccessPolicy() * - .toDisassociateAccessPolicy() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifNamespaces(value: string | string[], operator?: Operator | string): this; /** * Filters access by the policyArn present in the access entry requests the user makes to the EKS service * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toAssociateAccessPolicy() * - .toDisassociateAccessPolicy() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifPolicyArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by the principalArn present in the access entry requests requests the user makes to the EKS service * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toCreateAccessEntry() * * Applies to resource types: * - access-entry * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifPrincipalArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by the supportType present in the create / update cluster request * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toCreateCluster() * - .toUpdateClusterConfig() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifSupportType(value: string | string[], operator?: Operator | string): this; /** * Filters access by the Kubernetes username present in the access entry requests the user makes to the EKS service * * https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies * * Applies to actions: * - .toCreateAccessEntry() * * Applies to resource types: * - access-entry * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifUsername(value: string | string[], operator?: Operator | string): this; }