iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,289 lines • 146 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Eks = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [eks](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelastickubernetesservice.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Eks extends shared_1.PolicyStatement {
/**
* Statement provider for service [eks](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelastickubernetesservice.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'eks';
this.accessLevelList = {
Read: [
'AccessKubernetesApi',
'DescribeAccessEntry',
'DescribeAddon',
'DescribeAddonConfiguration',
'DescribeAddonVersions',
'DescribeCapability',
'DescribeCluster',
'DescribeClusterVersions',
'DescribeEksAnywhereSubscription',
'DescribeFargateProfile',
'DescribeIdentityProviderConfig',
'DescribeInsight',
'DescribeInsightsRefresh',
'DescribeNodegroup',
'DescribePodIdentityAssociation',
'DescribeUpdate',
'ListDashboardData',
'ListDashboardResources',
'ListTagsForResource'
],
Write: [
'AssociateAccessPolicy',
'AssociateEncryptionConfig',
'AssociateIdentityProviderConfig',
'CreateAccessEntry',
'CreateAddon',
'CreateCapability',
'CreateCluster',
'CreateEksAnywhereSubscription',
'CreateFargateProfile',
'CreateNodegroup',
'CreatePodIdentityAssociation',
'DeleteAccessEntry',
'DeleteAddon',
'DeleteCapability',
'DeleteCluster',
'DeleteEksAnywhereSubscription',
'DeleteFargateProfile',
'DeleteNodegroup',
'DeletePodIdentityAssociation',
'DeregisterCluster',
'DisassociateAccessPolicy',
'DisassociateIdentityProviderConfig',
'MutateViaKubernetesApi',
'RegisterCluster',
'StartInsightsRefresh',
'UpdateAccessEntry',
'UpdateAddon',
'UpdateCapability',
'UpdateClusterConfig',
'UpdateClusterVersion',
'UpdateEksAnywhereSubscription',
'UpdateNodegroupConfig',
'UpdateNodegroupVersion',
'UpdatePodIdentityAssociation'
],
List: [
'ListAccessEntries',
'ListAccessPolicies',
'ListAddons',
'ListAssociatedAccessPolicies',
'ListCapabilities',
'ListClusters',
'ListEksAnywhereSubscriptions',
'ListFargateProfiles',
'ListIdentityProviderConfigs',
'ListInsights',
'ListNodegroups',
'ListPodIdentityAssociations',
'ListUpdates'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
/**
* Grants permission to view Kubernetes objects via AWS EKS console
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/userguide/view-workloads.html
*/
toAccessKubernetesApi() {
return this.to('AccessKubernetesApi');
}
/**
* Grants permission to associate an Amazon EKS access policy to an Amazon EKS access entry
*
* Access Level: Write
*
* Possible conditions:
* - .ifPolicyArn()
* - .ifNamespaces()
* - .ifAccessScope()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_AssociateAccessPolicy.html
*/
toAssociateAccessPolicy() {
return this.to('AssociateAccessPolicy');
}
/**
* Grants permission to associate encryption configuration to a cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_AssociateEncryptionConfig.html
*/
toAssociateEncryptionConfig() {
return this.to('AssociateEncryptionConfig');
}
/**
* Grants permission to associate an identity provider configuration to a cluster
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifClientId()
* - .ifIssuerUrl()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_AssociateIdentityProviderConfig.html
*/
toAssociateIdentityProviderConfig() {
return this.to('AssociateIdentityProviderConfig');
}
/**
* Grants permission to create an Amazon EKS access entry
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifPrincipalArn()
* - .ifKubernetesGroups()
* - .ifUsername()
* - .ifAccessEntryType()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateAccessEntry.html
*/
toCreateAccessEntry() {
return this.to('CreateAccessEntry');
}
/**
* Grants permission to create an Amazon EKS add-on
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateAddon.html
*/
toCreateAddon() {
return this.to('CreateAddon');
}
/**
* Grants permission to create a capability for an Amazon EKS cluster
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateCapability.html
*/
toCreateCapability() {
return this.to('CreateCapability');
}
/**
* Grants permission to create an Amazon EKS cluster
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifBootstrapClusterCreatorAdminPermissions()
* - .ifBootstrapSelfManagedAddons()
* - .ifAuthenticationMode()
* - .ifSupportType()
* - .ifComputeConfigEnabled()
* - .ifElasticLoadBalancingEnabled()
* - .ifBlockStorageEnabled()
* - .ifLoggingType()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateCluster.html
*/
toCreateCluster() {
return this.to('CreateCluster');
}
/**
* Grants permission to create an EKS Anywhere subscription
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateEksAnywhereSubscription.html
*/
toCreateEksAnywhereSubscription() {
return this.to('CreateEksAnywhereSubscription');
}
/**
* Grants permission to create an AWS Fargate profile
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateFargateProfile.html
*/
toCreateFargateProfile() {
return this.to('CreateFargateProfile');
}
/**
* Grants permission to create an Amazon EKS Nodegroup
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateNodegroup.html
*/
toCreateNodegroup() {
return this.to('CreateNodegroup');
}
/**
* Grants permission to create an EKS Pod Identity association
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_CreatePodIdentityAssociation.html
*/
toCreatePodIdentityAssociation() {
return this.to('CreatePodIdentityAssociation');
}
/**
* Grants permission to delete an Amazon EKS access entry
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteAccessEntry.html
*/
toDeleteAccessEntry() {
return this.to('DeleteAccessEntry');
}
/**
* Grants permission to delete an Amazon EKS add-on
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteAddon.html
*/
toDeleteAddon() {
return this.to('DeleteAddon');
}
/**
* Grants permission to delete a capability from an Amazon EKS cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteCapability.html
*/
toDeleteCapability() {
return this.to('DeleteCapability');
}
/**
* Grants permission to delete an Amazon EKS cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteCluster.html
*/
toDeleteCluster() {
return this.to('DeleteCluster');
}
/**
* Grants permission to describe an EKS Anywhere subscription
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteEksAnywhereSubscription.html
*/
toDeleteEksAnywhereSubscription() {
return this.to('DeleteEksAnywhereSubscription');
}
/**
* Grants permission to delete an AWS Fargate profile
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteFargateProfile.html
*/
toDeleteFargateProfile() {
return this.to('DeleteFargateProfile');
}
/**
* Grants permission to delete an Amazon EKS Nodegroup
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteNodegroup.html
*/
toDeleteNodegroup() {
return this.to('DeleteNodegroup');
}
/**
* Grants permission to delete an EKS Pod Identity association
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DeletePodIdentityAssociation.html
*/
toDeletePodIdentityAssociation() {
return this.to('DeletePodIdentityAssociation');
}
/**
* Grants permission to deregister an External cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DeregisterCluster.html
*/
toDeregisterCluster() {
return this.to('DeregisterCluster');
}
/**
* Grants permission to describe an Amazon EKS access entry
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAccessEntry.html
*/
toDescribeAccessEntry() {
return this.to('DescribeAccessEntry');
}
/**
* Grants permission to retrieve descriptive information about an Amazon EKS add-on
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddon.html
*/
toDescribeAddon() {
return this.to('DescribeAddon');
}
/**
* Grants permission to list configuration options about an Amazon EKS add-on
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonConfiguration.html
*/
toDescribeAddonConfiguration() {
return this.to('DescribeAddonConfiguration');
}
/**
* Grants permission to retrieve descriptive version information about the add-ons that Amazon EKS Add-ons supports
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html
*/
toDescribeAddonVersions() {
return this.to('DescribeAddonVersions');
}
/**
* Grants permission to describe a capability for an Amazon EKS cluster
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeCapability.html
*/
toDescribeCapability() {
return this.to('DescribeCapability');
}
/**
* Grants permission to retrieve descriptive information about an Amazon EKS cluster
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeCluster.html
*/
toDescribeCluster() {
return this.to('DescribeCluster');
}
/**
* Grants permission to retrieve descriptive information about Kubernetes versions that Amazon EKS clusters support
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeClusterVersions.html
*/
toDescribeClusterVersions() {
return this.to('DescribeClusterVersions');
}
/**
* Grants permission to describe an EKS Anywhere subscription
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeEksAnywhereSubscription.html
*/
toDescribeEksAnywhereSubscription() {
return this.to('DescribeEksAnywhereSubscription');
}
/**
* Grants permission to retrieve descriptive information about an AWS Fargate profile associated with a cluster
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeFargateProfile.html
*/
toDescribeFargateProfile() {
return this.to('DescribeFargateProfile');
}
/**
* Grants permission to retrieve descriptive information about an Idp config associated with a cluster
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeIdentityProviderConfig.html
*/
toDescribeIdentityProviderConfig() {
return this.to('DescribeIdentityProviderConfig');
}
/**
* Grants permission to retrieve descriptive information of a detected insight for a specified cluster
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeInsight.html
*/
toDescribeInsight() {
return this.to('DescribeInsight');
}
/**
* Grants permission to retrieve the status of the latest on-demand cluster insights refresh operation
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeInsightsRefresh.html
*/
toDescribeInsightsRefresh() {
return this.to('DescribeInsightsRefresh');
}
/**
* Grants permission to retrieve descriptive information about an Amazon EKS nodegroup
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeNodegroup.html
*/
toDescribeNodegroup() {
return this.to('DescribeNodegroup');
}
/**
* Grants permission to describe an EKS Pod Identity association
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribePodIdentityAssociation.html
*/
toDescribePodIdentityAssociation() {
return this.to('DescribePodIdentityAssociation');
}
/**
* Grants permission to retrieve a given update for a given Amazon EKS cluster/nodegroup/add-on (in the specified or default region)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeUpdate.html
*/
toDescribeUpdate() {
return this.to('DescribeUpdate');
}
/**
* Grants permission to disassociate an Amazon EKS access policy from an Amazon EKS acces entry
*
* Access Level: Write
*
* Possible conditions:
* - .ifPolicyArn()
* - .ifNamespaces()
* - .ifAccessScope()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DisassociateAccessPolicy.html
*/
toDisassociateAccessPolicy() {
return this.to('DisassociateAccessPolicy');
}
/**
* Grants permission to delete an asssociated Idp config
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_DisassociateIdentityProviderConfig.html
*/
toDisassociateIdentityProviderConfig() {
return this.to('DisassociateIdentityProviderConfig');
}
/**
* Grants permission to list all Amazon EKS access entries
*
* Access Level: List
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListAccessEntries.html
*/
toListAccessEntries() {
return this.to('ListAccessEntries');
}
/**
* Grants permission to list Amazon EKS access policies
*
* Access Level: List
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListAccessPolicies.html
*/
toListAccessPolicies() {
return this.to('ListAccessPolicies');
}
/**
* Grants permission to list the Amazon EKS add-ons in your AWS account (in the specified or default region) for a given cluster
*
* Access Level: List
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListAddons.html
*/
toListAddons() {
return this.to('ListAddons');
}
/**
* Grants permission to list associated access policy on and Amazon EKS access entry
*
* Access Level: List
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListAssociatedAccessPolicies.html
*/
toListAssociatedAccessPolicies() {
return this.to('ListAssociatedAccessPolicies');
}
/**
* Grants permission to list capabilities for an Amazon EKS cluster
*
* Access Level: List
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListCapabilities.html
*/
toListCapabilities() {
return this.to('ListCapabilities');
}
/**
* Grants permission to list the Amazon EKS clusters in your AWS account (in the specified or default region)
*
* Access Level: List
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListClusters.html
*/
toListClusters() {
return this.to('ListClusters');
}
/**
* Grants permission to list dashboard data. The Amazon EKS Dashboard aggregates information about cluster resources across multiple accounts and regions. The dashboard includes information about EC2 Instances and EKS Cluster versions
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListDashboardData.html
*/
toListDashboardData() {
return this.to('ListDashboardData');
}
/**
* Grants permission to list dashboard resources. The Amazon EKS Dashboard aggregates information about cluster resources across multiple accounts and regions. The dashboard includes information about EC2 Instances and EKS Cluster versions
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListDashboardResources.html
*/
toListDashboardResources() {
return this.to('ListDashboardResources');
}
/**
* Grants permission to list EKS Anywhere subscriptions
*
* Access Level: List
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListEksAnywhereSubscriptions.html
*/
toListEksAnywhereSubscriptions() {
return this.to('ListEksAnywhereSubscriptions');
}
/**
* Grants permission to list the AWS Fargate profiles in your AWS account (in the specified or default region) associated with a given cluster
*
* Access Level: List
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListFargateProfiles.html
*/
toListFargateProfiles() {
return this.to('ListFargateProfiles');
}
/**
* Grants permission to list the Idp configs in your AWS account (in the specified or default region) associated with a given cluster
*
* Access Level: List
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListIdentityProviderConfigs.html
*/
toListIdentityProviderConfigs() {
return this.to('ListIdentityProviderConfigs');
}
/**
* Grants permission to list all detected insights for a specified cluster
*
* Access Level: List
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListInsights.html
*/
toListInsights() {
return this.to('ListInsights');
}
/**
* Grants permission to list the Amazon EKS nodegroups in your AWS account (in the specified or default region) attached to given cluster
*
* Access Level: List
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListNodegroups.html
*/
toListNodegroups() {
return this.to('ListNodegroups');
}
/**
* Grants permission to list EKS Pod Identity associations
*
* Access Level: List
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListPodIdentityAssociations.html
*/
toListPodIdentityAssociations() {
return this.to('ListPodIdentityAssociations');
}
/**
* Grants permission to list tags for the specified resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to list the updates for a given Amazon EKS cluster/nodegroup/add-on (in the specified or default region)
*
* Access Level: List
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_ListUpdates.html
*/
toListUpdates() {
return this.to('ListUpdates');
}
/**
* Grants permission to modify Kubernetes objects via AWS console
*
* Access Level: Write
*
* Dependent actions:
* - eks:AccessKubernetesApi
*
* https://docs.aws.amazon.com/eks/latest/userguide/mutate-workloads.html
*/
toMutateViaKubernetesApi() {
return this.to('MutateViaKubernetesApi');
}
/**
* Grants permission to register an External cluster
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_RegisterCluster.html
*/
toRegisterCluster() {
return this.to('RegisterCluster');
}
/**
* Grants permission to initiate an on-demand refresh operation for cluster insights, getting the latest analysis outside of the standard refresh schedule
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_StartInsightsRefresh.html
*/
toStartInsightsRefresh() {
return this.to('StartInsightsRefresh');
}
/**
* Grants permission to tag the specified resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to untag the specified resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update an Amazon EKS access entry
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAccessEntry.html
*/
toUpdateAccessEntry() {
return this.to('UpdateAccessEntry');
}
/**
* Grants permission to update Amazon EKS add-on configurations, such as the VPC-CNI version
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html
*/
toUpdateAddon() {
return this.to('UpdateAddon');
}
/**
* Grants permission to update a capability for an Amazon EKS cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateCapability.html
*/
toUpdateCapability() {
return this.to('UpdateCapability');
}
/**
* Grants permission to update Amazon EKS cluster configurations (eg: API server endpoint access)
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthenticationMode()
* - .ifSupportType()
* - .ifComputeConfigEnabled()
* - .ifElasticLoadBalancingEnabled()
* - .ifBlockStorageEnabled()
* - .ifLoggingType()
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateClusterConfig.html
*/
toUpdateClusterConfig() {
return this.to('UpdateClusterConfig');
}
/**
* Grants permission to update the Kubernetes version of an Amazon EKS cluster
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateClusterVersion.html
*/
toUpdateClusterVersion() {
return this.to('UpdateClusterVersion');
}
/**
* Grants permission to update an EKS Anywhere subscription
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateEksAnywhereSubscription.html
*/
toUpdateEksAnywhereSubscription() {
return this.to('UpdateEksAnywhereSubscription');
}
/**
* Grants permission to update Amazon EKS nodegroup configurations (eg: min/max/desired capacity or labels)
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateNodegroupConfig.html
*/
toUpdateNodegroupConfig() {
return this.to('UpdateNodegroupConfig');
}
/**
* Grants permission to update the Kubernetes version of an Amazon EKS nodegroup
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateNodegroupVersion.html
*/
toUpdateNodegroupVersion() {
return this.to('UpdateNodegroupVersion');
}
/**
* Grants permission to update an EKS Pod Identity association
*
* Access Level: Write
*
* https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdatePodIdentityAssociation.html
*/
toUpdatePodIdentityAssociation() {
return this.to('UpdatePodIdentityAssociation');
}
/**
* Adds a resource of type cluster to the statement
*
* https://docs.aws.amazon.com/eks/latest/userguide/clusters.html
*
* @param clusterName - Identifier for the clusterName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onCluster(clusterName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:eks:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:cluster/${clusterName}`);
}
/**
* Adds a resource of type nodegroup to the statement
*
* https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html
*
* @param clusterName - Identifier for the clusterName.
* @param nodegroupName - Identifier for the nodegroupName.
* @param uUID - Identifier for the uUID.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onNodegroup(clusterName, nodegroupName, uUID, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:eks:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:nodegroup/${clusterName}/${nodegroupName}/${uUID}`);
}
/**
* Adds a resource of type addon to the statement
*
* https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html
*
* @param clusterName - Identifier for the clusterName.
* @param addonName - Identifier for the addonName.
* @param uUID - Identifier for the uUID.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onAddon(clusterName, addonName, uUID, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:eks:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:addon/${clusterName}/${addonName}/${uUID}`);
}
/**
* Adds a resource of type fargateprofile to the statement
*
* https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html
*
* @param clusterName - Identifier for the clusterName.
* @param fargateProfileName - Identifier for the fargateProfileName.
* @param uUID - Identifier for the uUID.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onFargateprofile(clusterName, fargateProfileName, uUID, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:eks:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:fargateprofile/${clusterName}/${fargateProfileName}/${uUID}`);
}
/**
* Adds a resource of type identityproviderconfig to the statement
*
* https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html
*
* @param clusterName - Identifier for the clusterName.
* @param identityProviderType - Identifier for the identityProviderType.
* @param identityProviderConfigName - Identifier for the identityProviderConfigName.
* @param uUID - Identifier for the uUID.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onIdentityproviderconfig(clusterName, identityProviderType, identityProviderConfigName, uUID, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:eks:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:identityproviderconfig/${clusterName}/${identityProviderType}/${identityProviderConfigName}/${uUID}`);
}
/**
* Adds a resource of type eks-anywhere-subscription to the statement
*
* https://anywhere.eks.amazonaws.com/docs/clustermgmt/support/cluster-license/
*
* @param uUID - Identifier for the uUID.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onEksAnywhereSubscription(uUID, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:eks:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:eks-anywhere-subscription/${uUID}`);
}
/**
* Adds a resource of type podidentityassociation to the statement
*
* https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html
*
* @param clusterName - Identifier for the clusterName.
* @param uUID - Identifier for the uUID.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onPodidentityassociation(clusterName, uUID, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:eks:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:podidentityassociation/${clusterName}/${uUID}`);
}
/**
* Adds a resource of type access-entry to the statement
*
* https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
*
* @param clusterName - Identifier for the clusterName.
* @param iamIdentityType - Identifier for the iamIdentityType.
* @param iamIdentityAccountID - Identifier for the iamIdentityAccountID.
* @param iamIdentityName - Identifier for the iamIdentityName.
* @param uUID - Identifier for the uUID.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAccessEntryType()
* - .ifClusterName()
* - .ifKubernetesGroups()
* - .ifPrincipalArn()
* - .ifUsername()
*/
onAccessEntry(clusterName, iamIdentityType, iamIdentityAccountID, iamIdentityName, uUID, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:eks:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:access-entry/${clusterName}/${iamIdentityType}/${iamIdentityAccountID}/${iamIdentityName}/${uUID}`);
}
/**
* Adds a resource of type access-policy to the statement
*
* https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html
*
* @param accessPolicyName - Identifier for the accessPolicyName.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onAccessPolicy(accessPolicyName, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:eks::aws:cluster-access-policy/${accessPolicyName}`);
}
/**
* Adds a resource of type dashboard to the statement
*
* https://docs.aws.amazon.com/eks/latest/userguide/cluster-dashboard.html
*
* @param dashboardName - Identifier for the dashboardName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDashboard(dashboardName, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:eks:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:dashboard/${dashboardName}`);
}
/**
* Adds a resource of type capability to the statement
*
* https://docs.aws.amazon.com/eks/latest/userguide/capabilities.html
*
* @param clusterName - Identifier for the clusterName.
* @param capabilityType - Identifier for the capabilityType.
* @param capabilityName - Identifier for the capabilityName.
* @param uUID - Identifier for the uUID.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onCapability(clusterName, capabilityType, capabilityName, uUID, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:eks:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:capability/${clusterName}/${capabilityType}/${capabilityName}/${uUID}`);
}
/**
* Filters access by a key that is present in the request the user makes to the EKS service
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags
*
* Applies to actions:
* - .toAssociateIdentityProviderConfig()
* - .toCreateAccessEntry()
* - .toCreateAddon()
* - .toCreateCapability()
* - .toCreateCluster()
* - .toCreateEksAnywhereSubscription()
* - .toCreateFargateProfile()
* - .toCreateNodegroup()
* - .toCreatePodIdentityAssociation()
* - .toRegisterCluster()
* - .toTagResource()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by a tag key and value pair
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags
*
* Applies to resource types:
* - cluster
* - nodegroup
* - addon
* - fargateprofile
* - identityproviderconfig
* - eks-anywhere-subscription
* - podidentityassociation
* - access-entry
* - dashboard
* - capability
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the list of all the tag key names present in the request the user makes to the EKS service
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags
*
* Applies to actions:
* - .toAssociateIdentityProviderConfig()
* - .toCreateAccessEntry()
* - .toCreateAddon()
* - .toCreateCapability()
* - .toCreateCluster()
* - .toCreateEksAnywhereSubscription()
* - .toCreateFargateProfile()
* - .toCreateNodegroup()
* - .toCreatePodIdentityAssociation()
* - .toRegisterCluster()
* - .toTagResource()
* - .toUntagResource()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Filters access by the access entry type present in the access entry requests the user makes to the EKS service
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies
*
* Applies to actions:
* - .toCreateAccessEntry()
*
* Applies to resource types:
* - access-entry
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAccessEntryType(value, operator) {
return this.if(`accessEntryType`, value, operator ?? 'StringLike');
}
/**
* Filters access by the accessScope present in the associate / disassociate access policy requests the user makes to the EKS service
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies
*
* Applies to actions:
* - .toAssociateAccessPolicy()
* - .toDisassociateAccessPolicy()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAccessScope(value, operator) {
return this.if(`accessScope`, value, operator ?? 'StringLike');
}
/**
* Filters access by the authenticationMode present in the create / update cluster request
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies
*
* Applies to actions:
* - .toCreateCluster()
* - .toUpdateClusterConfig()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAuthenticationMode(value, operator) {
return this.if(`authenticationMode`, value, operator ?? 'StringLike');
}
/**
* Filters access by the block storage enabled parameter in the create / update cluster request
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies
*
* Applies to actions:
* - .toCreateCluster()
* - .toUpdateClusterConfig()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifBlockStorageEnabled(value) {
return this.if(`blockStorageEnabled`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by the bootstrapClusterCreatorAdminPermissions present in the create cluster request
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies
*
* Applies to actions:
* - .toCreateCluster()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifBootstrapClusterCreatorAdminPermissions(value) {
return this.if(`bootstrapClusterCreatorAdminPermissions`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by the bootstrapSelfManagedAddons present in the create cluster request
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies
*
* Applies to actions:
* - .toCreateCluster()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifBootstrapSelfManagedAddons(value) {
return this.if(`bootstrapSelfManagedAddons`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by the clientId present in the associateIdentityProviderConfig request the user makes to the EKS service
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies
*
* Applies to actions:
* - .toAssociateIdentityProviderConfig()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifClientId(value, operator) {
return this.if(`clientId`, value, operator ?? 'StringLike');
}
/**
* Filters access by the clusterName present in the access entry requests the user makes to the EKS service
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies
*
* Applies to resource types:
* - access-entry
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifClusterName(value, operator) {
return this.if(`clusterName`, value, operator ?? 'StringLike');
}
/**
* Filters access by the compute config enabled parameter in the create / update cluster request
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies
*
* Applies to actions:
* - .toCreateCluster()
* - .toUpdateClusterConfig()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifComputeConfigEnabled(value) {
return this.if(`computeConfigEnabled`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by the elastic load balancing enabled parameter in the create / update cluster request
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies
*
* Applies to actions:
* - .toCreateCluster()
* - .toUpdateClusterConfig()
*
* @param value `true` or `false`. **Default:** `true`
*/
ifElasticLoadBalancingEnabled(value) {
return this.if(`elasticLoadBalancingEnabled`, (typeof value !== 'undefined' ? value : true), 'Bool');
}
/**
* Filters access by the issuerUrl present in the associateIdentityProviderConfig request the user makes to the EKS service
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies
*
* Applies to actions:
* - .toAssociateIdentityProviderConfig()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifIssuerUrl(value, operator) {
return this.if(`issuerUrl`, value, operator ?? 'StringLike');
}
/**
* Filters access by the kubernetesGroups present in the access entry requests the user makes to the EKS service
*
* https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies
*
* Applie