iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,599 lines • 504 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.S3 = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [s3](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class S3 extends shared_1.PolicyStatement {
/**
* Statement provider for service [s3](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 's3';
this.accessLevelList = {
Write: [
'AbortMultipartUpload',
'CreateAccessPoint',
'CreateAccessPointForObjectLambda',
'CreateBucket',
'CreateBucketMetadataTableConfiguration',
'CreateJob',
'CreateMultiRegionAccessPoint',
'CreateStorageLensGroup',
'DeleteAccessPoint',
'DeleteAccessPointForObjectLambda',
'DeleteBucket',
'DeleteBucketMetadataTableConfiguration',
'DeleteBucketWebsite',
'DeleteMultiRegionAccessPoint',
'DeleteObject',
'DeleteObjectVersion',
'DeleteStorageLensConfiguration',
'DeleteStorageLensGroup',
'InitiateReplication',
'PauseReplication',
'PutAccelerateConfiguration',
'PutAccessPointConfigurationForObjectLambda',
'PutAnalyticsConfiguration',
'PutBucketAbac',
'PutBucketCORS',
'PutBucketLogging',
'PutBucketNotification',
'PutBucketObjectLockConfiguration',
'PutBucketRequestPayment',
'PutBucketVersioning',
'PutBucketWebsite',
'PutEncryptionConfiguration',
'PutIntelligentTieringConfiguration',
'PutInventoryConfiguration',
'PutLifecycleConfiguration',
'PutMetricsConfiguration',
'PutObject',
'PutObjectLegalHold',
'PutObjectRetention',
'PutReplicationConfiguration',
'PutStorageLensConfiguration',
'ReplicateDelete',
'ReplicateObject',
'RestoreObject',
'SubmitMultiRegionAccessPointRoutes',
'UpdateBucketMetadataInventoryTableConfiguration',
'UpdateBucketMetadataJournalTableConfiguration',
'UpdateJobPriority',
'UpdateJobStatus',
'UpdateStorageLensGroup'
],
'Permissions management': [
'AssociateAccessGrantsIdentityCenter',
'BypassGovernanceRetention',
'CreateAccessGrant',
'CreateAccessGrantsInstance',
'CreateAccessGrantsLocation',
'DeleteAccessGrant',
'DeleteAccessGrantsInstance',
'DeleteAccessGrantsInstanceResourcePolicy',
'DeleteAccessGrantsLocation',
'DeleteAccessPointPolicy',
'DeleteAccessPointPolicyForObjectLambda',
'DeleteBucketPolicy',
'DissociateAccessGrantsIdentityCenter',
'ObjectOwnerOverrideToBucketOwner',
'PutAccessGrantsInstanceResourcePolicy',
'PutAccessPointPolicy',
'PutAccessPointPolicyForObjectLambda',
'PutAccessPointPublicAccessBlock',
'PutAccountPublicAccessBlock',
'PutBucketAcl',
'PutBucketOwnershipControls',
'PutBucketPolicy',
'PutBucketPublicAccessBlock',
'PutMultiRegionAccessPointPolicy',
'PutObjectAcl',
'PutObjectVersionAcl',
'UpdateAccessGrantsLocation'
],
Tagging: [
'DeleteJobTagging',
'DeleteObjectTagging',
'DeleteObjectVersionTagging',
'DeleteStorageLensConfigurationTagging',
'PutBucketTagging',
'PutJobTagging',
'PutObjectTagging',
'PutObjectVersionTagging',
'PutStorageLensConfigurationTagging',
'ReplicateTags',
'TagResource',
'UntagResource'
],
Read: [
'DescribeJob',
'DescribeMultiRegionAccessPointOperation',
'GetAccelerateConfiguration',
'GetAccessGrant',
'GetAccessGrantsInstance',
'GetAccessGrantsInstanceForPrefix',
'GetAccessGrantsInstanceResourcePolicy',
'GetAccessGrantsLocation',
'GetAccessPoint',
'GetAccessPointConfigurationForObjectLambda',
'GetAccessPointForObjectLambda',
'GetAccessPointPolicy',
'GetAccessPointPolicyForObjectLambda',
'GetAccessPointPolicyStatus',
'GetAccessPointPolicyStatusForObjectLambda',
'GetAccountPublicAccessBlock',
'GetAnalyticsConfiguration',
'GetBucketAbac',
'GetBucketAcl',
'GetBucketCORS',
'GetBucketLocation',
'GetBucketLogging',
'GetBucketMetadataTableConfiguration',
'GetBucketNotification',
'GetBucketObjectLockConfiguration',
'GetBucketOwnershipControls',
'GetBucketPolicy',
'GetBucketPolicyStatus',
'GetBucketPublicAccessBlock',
'GetBucketRequestPayment',
'GetBucketTagging',
'GetBucketVersioning',
'GetBucketWebsite',
'GetDataAccess',
'GetEncryptionConfiguration',
'GetIntelligentTieringConfiguration',
'GetInventoryConfiguration',
'GetJobTagging',
'GetLifecycleConfiguration',
'GetMetricsConfiguration',
'GetMultiRegionAccessPoint',
'GetMultiRegionAccessPointPolicy',
'GetMultiRegionAccessPointPolicyStatus',
'GetMultiRegionAccessPointRoutes',
'GetObject',
'GetObjectAcl',
'GetObjectAttributes',
'GetObjectLegalHold',
'GetObjectRetention',
'GetObjectTagging',
'GetObjectTorrent',
'GetObjectVersion',
'GetObjectVersionAcl',
'GetObjectVersionAttributes',
'GetObjectVersionForReplication',
'GetObjectVersionTagging',
'GetObjectVersionTorrent',
'GetReplicationConfiguration',
'GetStorageLensConfiguration',
'GetStorageLensConfigurationTagging',
'GetStorageLensDashboard',
'GetStorageLensGroup'
],
List: [
'ListAccessGrants',
'ListAccessGrantsInstances',
'ListAccessGrantsLocations',
'ListAccessPoints',
'ListAccessPointsForObjectLambda',
'ListAllMyBuckets',
'ListBucket',
'ListBucketMultipartUploads',
'ListBucketVersions',
'ListCallerAccessGrants',
'ListJobs',
'ListMultiRegionAccessPoints',
'ListMultipartUploadParts',
'ListStorageLensConfigurations',
'ListStorageLensGroups',
'ListTagsForResource'
]
};
}
/**
* Grants permission to abort a multipart upload
*
* Access Level: Write
*
* Possible conditions:
* - .ifAccessGrantsInstanceArn()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
*/
toAbortMultipartUpload() {
return this.to('AbortMultipartUpload');
}
/**
* Grants permission to associate Access Grants identity center
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_AssociateAccessGrantsIdentityCenter.html
*/
toAssociateAccessGrantsIdentityCenter() {
return this.to('AssociateAccessGrantsIdentityCenter');
}
/**
* Grants permission to allow circumvention of governance-mode object retention settings
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifRequestObjectTag()
* - .ifRequestObjectTagKeys()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzAcl()
* - .ifXAmzContentSha256()
* - .ifXAmzCopySource()
* - .ifXAmzGrantFullControl()
* - .ifXAmzGrantRead()
* - .ifXAmzGrantReadAcp()
* - .ifXAmzGrantWrite()
* - .ifXAmzGrantWriteAcp()
* - .ifXAmzMetadataDirective()
* - .ifXAmzServerSideEncryption()
* - .ifXAmzServerSideEncryptionAwsKmsKeyId()
* - .ifXAmzServerSideEncryptionCustomerAlgorithm()
* - .ifXAmzStorageClass()
* - .ifXAmzWebsiteRedirectLocation()
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-managing-bypass
*/
toBypassGovernanceRetention() {
return this.to('BypassGovernanceRetention');
}
/**
* Grants permission to create Access Grant
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAccessGrantScope()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessGrant.html
*/
toCreateAccessGrant() {
return this.to('CreateAccessGrant');
}
/**
* Grants permission to Create Access Grants Instance
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessGrantsInstance.html
*/
toCreateAccessGrantsInstance() {
return this.to('CreateAccessGrantsInstance');
}
/**
* Grants permission to create Access Grants location
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAccessGrantsLocationScope()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessGrantsLocation.html
*/
toCreateAccessGrantsLocation() {
return this.to('CreateAccessGrantsLocation');
}
/**
* Grants permission to create a new access point
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifLocationconstraint()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzAcl()
* - .ifXAmzContentSha256()
* - .ifAccessPointTag()
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPoint.html
*/
toCreateAccessPoint() {
return this.to('CreateAccessPoint');
}
/**
* Grants permission to create an object lambda enabled accesspoint
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPointForObjectLambda.html
*/
toCreateAccessPointForObjectLambda() {
return this.to('CreateAccessPointForObjectLambda');
}
/**
* Grants permission to create a new bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifLocationconstraint()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzAcl()
* - .ifXAmzContentSha256()
* - .ifXAmzGrantFullControl()
* - .ifXAmzGrantRead()
* - .ifXAmzGrantReadAcp()
* - .ifXAmzGrantWrite()
* - .ifXAmzGrantWriteAcp()
* - .ifXAmzObjectOwnership()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
*/
toCreateBucket() {
return this.to('CreateBucket');
}
/**
* Grants permission to create a new S3 Metadata configuration for a specified general purpose bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* Dependent actions:
* - kms:DescribeKey
* - s3tables:CreateNamespace
* - s3tables:CreateTable
* - s3tables:CreateTableBucket
* - s3tables:GetTable
* - s3tables:PutTableBucketPolicy
* - s3tables:PutTableEncryption
* - s3tables:PutTablePolicy
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html
*/
toCreateBucketMetadataTableConfiguration() {
return this.to('CreateBucketMetadataTableConfiguration');
}
/**
* Grants permission to create a new Amazon S3 Batch Operations job
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifRequestJobPriority()
* - .ifRequestJobOperation()
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html
*/
toCreateJob() {
return this.to('CreateJob');
}
/**
* Grants permission to create a new Multi-Region Access Point
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifSignatureAge()
* - .ifTlsVersion()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateMultiRegionAccessPoint.html
*/
toCreateMultiRegionAccessPoint() {
return this.to('CreateMultiRegionAccessPoint');
}
/**
* Grants permission to create an Amazon S3 Storage Lens group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateStorageLensGroup.html
*/
toCreateStorageLensGroup() {
return this.to('CreateStorageLensGroup');
}
/**
* Grants permission to delete Access Grant
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAccessGrantScope()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrant.html
*/
toDeleteAccessGrant() {
return this.to('DeleteAccessGrant');
}
/**
* Grants permission to Delete Access Grants Instance
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrantsInstance.html
*/
toDeleteAccessGrantsInstance() {
return this.to('DeleteAccessGrantsInstance');
}
/**
* Grants permission to read Access grants instance resource policy
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrantsInstanceResourcePolicy.html
*/
toDeleteAccessGrantsInstanceResourcePolicy() {
return this.to('DeleteAccessGrantsInstanceResourcePolicy');
}
/**
* Grants permission to delete Access Grants location
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAccessGrantsLocationScope()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrantsLocation.html
*/
toDeleteAccessGrantsLocation() {
return this.to('DeleteAccessGrantsLocation');
}
/**
* Grants permission to delete the access point named in the URI
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointArn()
* - .ifDataAccessPointAccount()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAccessPointTag()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPoint.html
*/
toDeleteAccessPoint() {
return this.to('DeleteAccessPoint');
}
/**
* Grants permission to delete the object lambda enabled access point named in the URI
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointArn()
* - .ifDataAccessPointAccount()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointForObjectLambda.html
*/
toDeleteAccessPointForObjectLambda() {
return this.to('DeleteAccessPointForObjectLambda');
}
/**
* Grants permission to delete the policy on a specified access point
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifDataAccessPointArn()
* - .ifDataAccessPointAccount()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAccessPointTag()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointPolicy.html
*/
toDeleteAccessPointPolicy() {
return this.to('DeleteAccessPointPolicy');
}
/**
* Grants permission to delete the policy on a specified object lambda enabled access point
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifDataAccessPointArn()
* - .ifDataAccessPointAccount()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointPolicyForObjectLambda.html
*/
toDeleteAccessPointPolicyForObjectLambda() {
return this.to('DeleteAccessPointPolicyForObjectLambda');
}
/**
* Grants permission to delete the bucket named in the URI
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html
*/
toDeleteBucket() {
return this.to('DeleteBucket');
}
/**
* Grants permission to delete the S3 Metadata configuration for a specified general purpose bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetadataConfiguration.html
*/
toDeleteBucketMetadataTableConfiguration() {
return this.to('DeleteBucketMetadataTableConfiguration');
}
/**
* Grants permission to delete the policy on a specified bucket
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketPolicy.html
*/
toDeleteBucketPolicy() {
return this.to('DeleteBucketPolicy');
}
/**
* Grants permission to remove the website configuration for a bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html
*/
toDeleteBucketWebsite() {
return this.to('DeleteBucketWebsite');
}
/**
* Grants permission to remove tags from an existing Amazon S3 Batch Operations job
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifExistingJobPriority()
* - .ifExistingJobOperation()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteJobTagging.html
*/
toDeleteJobTagging() {
return this.to('DeleteJobTagging');
}
/**
* Grants permission to delete the Multi-Region Access Point named in the URI
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifSignatureAge()
* - .ifTlsVersion()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteMultiRegionAccessPoint.html
*/
toDeleteMultiRegionAccessPoint() {
return this.to('DeleteMultiRegionAccessPoint');
}
/**
* Grants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the object
*
* Access Level: Write
*
* Possible conditions:
* - .ifAccessGrantsInstanceArn()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifIfMatch()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
*/
toDeleteObject() {
return this.to('DeleteObject');
}
/**
* Grants permission to use the tagging subresource to remove the entire tag set from the specified object
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifExistingObjectTag()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html
*/
toDeleteObjectTagging() {
return this.to('DeleteObjectTagging');
}
/**
* Grants permission to remove a specific version of an object
*
* Access Level: Write
*
* Possible conditions:
* - .ifAccessGrantsInstanceArn()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifVersionid()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
*/
toDeleteObjectVersion() {
return this.to('DeleteObjectVersion');
}
/**
* Grants permission to remove the entire tag set for a specific version of the object
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifExistingObjectTag()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifVersionid()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html
*/
toDeleteObjectVersionTagging() {
return this.to('DeleteObjectVersionTagging');
}
/**
* Grants permission to delete an existing Amazon S3 Storage Lens configuration
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteStorageLensConfiguration.html
*/
toDeleteStorageLensConfiguration() {
return this.to('DeleteStorageLensConfiguration');
}
/**
* Grants permission to remove tags from an existing Amazon S3 Storage Lens configuration
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteStorageLensConfigurationTagging.html
*/
toDeleteStorageLensConfigurationTagging() {
return this.to('DeleteStorageLensConfigurationTagging');
}
/**
* Grants permission to delete an existing S3 Storage Lens group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteStorageLensGroup.html
*/
toDeleteStorageLensGroup() {
return this.to('DeleteStorageLensGroup');
}
/**
* Grants permission to retrieve the configuration parameters and status for a batch operations job
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html
*/
toDescribeJob() {
return this.to('DescribeJob');
}
/**
* Grants permission to retrieve the configurations for a Multi-Region Access Point
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureversion()
* - .ifSignatureAge()
* - .ifTlsVersion()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeMultiRegionAccessPointOperation.html
*/
toDescribeMultiRegionAccessPointOperation() {
return this.to('DescribeMultiRegionAccessPointOperation');
}
/**
* Grants permission to disassociate Access Grants identity center
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DissociateAccessGrantsIdentityCenter.html
*/
toDissociateAccessGrantsIdentityCenter() {
return this.to('DissociateAccessGrantsIdentityCenter');
}
/**
* Grants permission to uses the accelerate subresource to return the Transfer Acceleration state of a bucket, which is either Enabled or Suspended
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html
*/
toGetAccelerateConfiguration() {
return this.to('GetAccelerateConfiguration');
}
/**
* Grants permission to read Access Grant
*
* Access Level: Read
*
* Possible conditions:
* - .ifAccessGrantScope()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessGrant.html
*/
toGetAccessGrant() {
return this.to('GetAccessGrant');
}
/**
* Grants permission to Read Access Grants Instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessGrantsInstance.html
*/
toGetAccessGrantsInstance() {
return this.to('GetAccessGrantsInstance');
}
/**
* Grants permission to Read Access Grants Instance by prefix
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessGrantsInstanceForPrefix.html
*/
toGetAccessGrantsInstanceForPrefix() {
return this.to('GetAccessGrantsInstanceForPrefix');
}
/**
* Grants permission to read Access grants instance resource policy
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessGrantsInstanceResourcePolicy.html
*/
toGetAccessGrantsInstanceResourcePolicy() {
return this.to('GetAccessGrantsInstanceResourcePolicy');
}
/**
* Grants permission to read Access Grants location
*
* Access Level: Read
*
* Possible conditions:
* - .ifAccessGrantsLocationScope()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessGrantsLocation.html
*/
toGetAccessGrantsLocation() {
return this.to('GetAccessGrantsLocation');
}
/**
* Grants permission to return configuration information about the specified access point
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAccessPointTag()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPoint.html
*/
toGetAccessPoint() {
return this.to('GetAccessPoint');
}
/**
* Grants permission to retrieve the configuration of the object lambda enabled access point
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointArn()
* - .ifDataAccessPointAccount()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointConfigurationForObjectLambda.html
*/
toGetAccessPointConfigurationForObjectLambda() {
return this.to('GetAccessPointConfigurationForObjectLambda');
}
/**
* Grants permission to create an object lambda enabled accesspoint
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointForObjectLambda.html
*/
toGetAccessPointForObjectLambda() {
return this.to('GetAccessPointForObjectLambda');
}
/**
* Grants permission to return the access point policy associated with the specified access point
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAccessPointTag()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointPolicy.html
*/
toGetAccessPointPolicy() {
return this.to('GetAccessPointPolicy');
}
/**
* Grants permission to return the access point policy associated with the specified object lambda enabled access point
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointPolicyForObjectLambda.html
*/
toGetAccessPointPolicyForObjectLambda() {
return this.to('GetAccessPointPolicyForObjectLambda');
}
/**
* Grants permission to return the policy status for a specific access point policy
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAccessPointTag()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointPolicyStatus.html
*/
toGetAccessPointPolicyStatus() {
return this.to('GetAccessPointPolicyStatus');
}
/**
* Grants permission to return the policy status for a specific object lambda access point policy
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointPolicyStatusForObjectLambda.html
*/
toGetAccessPointPolicyStatusForObjectLambda() {
return this.to('GetAccessPointPolicyStatusForObjectLambda');
}
/**
* Grants permission to retrieve the PublicAccessBlock configuration for an AWS account
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetPublicAccessBlock.html
*/
toGetAccountPublicAccessBlock() {
return this.to('GetAccountPublicAccessBlock');
}
/**
* Grants permission to get an analytics configuration from an Amazon S3 bucket, identified by the analytics configuration ID
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html
*/
toGetAnalyticsConfiguration() {
return this.to('GetAnalyticsConfiguration');
}
/**
* Grants permission to retrieve ABAC configuration for a general purpose bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAbac.html
*/
toGetBucketAbac() {
return this.to('GetBucketAbac');
}
/**
* Grants permission to use the acl subresource to return the access control list (ACL) of an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html
*/
toGetBucketAcl() {
return this.to('GetBucketAcl');
}
/**
* Grants permission to return the CORS configuration information set for an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html
*/
toGetBucketCORS() {
return this.to('GetBucketCORS');
}
/**
* Grants permission to return the Region that an Amazon S3 bucket resides in
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLocation.html
*/
toGetBucketLocation() {
return this.to('GetBucketLocation');
}
/**
* Grants permission to return the logging status of an Amazon S3 bucket and the permissions users have to view or modify that status
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html
*/
toGetBucketLogging() {
return this.to('GetBucketLogging');
}
/**
* Grants permission to return the S3 Metadata configuration for a specified general purpose bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetadataConfiguration.html
*/
toGetBucketMetadataTableConfiguration() {
return this.to('GetBucketMetadataTableConfiguration');
}
/**
* Grants permission to get the notification configuration of an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotification.html
*/
toGetBucketNotification() {
return this.to('GetBucketNotification');
}
/**
* Grants permission to get the Object Lock configuration of an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifSignatureversion()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html
*/
toGetBucketObjectLockConfiguration() {
return this.to('GetBucketObjectLockConfiguration');
}
/**
* Grants permission to retrieve ownership controls on a bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketOwnershipControls.html
*/
toGetBucketOwnershipControls() {
return this.to('GetBucketOwnershipControls');
}
/**
* Grants permission to return the policy of the specified bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicy.html
*/
toGetBucketPolicy() {
return this.to('GetBucketPolicy');
}
/**
* Grants permission to retrieve the policy status for a specific Amazon S3 bucket, which indicates whether the bucket is public
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html
*/
toGetBucketPolicyStatus() {
return this.to('GetBucketPolicyStatus');
}
/**
* Grants permission to retrieve the PublicAccessBlock configuration for an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html
*/
toGetBucketPublicAccessBlock() {
return this.to('GetBucketPublicAccessBlock');
}
/**
* Grants permission to return the request payment configuration for an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html
*/
toGetBucketRequestPayment() {
return this.to('GetBucketRequestPayment');
}
/**
* Grants permission to return the tag set associated with an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html
*/
toGetBucketTagging() {
return this.to('GetBucketTagging');
}
/**
* Grants permission to return the versioning state of an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html
*/
toGetBucketVersioning() {
return this.to('GetBucketVersioning');
}
/**
* Grants permission to return the website configuration for an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html
*/
toGetBucketWebsite() {
return this.to('GetBucketWebsite');
}
/**
* Grants permission to get Access
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetDataAccess.html
*/
toGetDataAccess() {
return this.to('GetDataAccess');
}
/**
* Grants permission to return the default encryption configuration an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifResourceAccount()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifTlsVersion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
*/
toGetEncryptionConfiguration() {
return this.to('GetEncryptionConfiguration');
}
/**
* Grants permission to get an or