iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,415 lines • 157 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Securityhub = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [securityhub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Securityhub extends shared_1.PolicyStatement {
/**
* Statement provider for service [securityhub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'securityhub';
this.accessLevelList = {
Write: [
'AcceptAdministratorInvitation',
'AcceptInvitation',
'BatchDeleteAutomationRules',
'BatchDisableStandards',
'BatchEnableStandards',
'BatchImportFindings',
'BatchUpdateAutomationRules',
'BatchUpdateFindings',
'BatchUpdateStandardsControlAssociations',
'ConnectorRegistrationsV2',
'CreateActionTarget',
'CreateAggregatorV2',
'CreateAutomationRule',
'CreateAutomationRuleV2',
'CreateConfigurationPolicy',
'CreateConnectorV2',
'CreateFindingAggregator',
'CreateInsight',
'CreateMembers',
'CreateTicketV2',
'DeclineInvitations',
'DeleteActionTarget',
'DeleteAggregatorV2',
'DeleteAutomationRuleV2',
'DeleteConfigurationPolicy',
'DeleteConnectorV2',
'DeleteFindingAggregator',
'DeleteInsight',
'DeleteInvitations',
'DeleteMembers',
'DisableImportFindingsForProduct',
'DisableOrganizationAdminAccount',
'DisableSecurityHub',
'DisableSecurityHubV2',
'DisassociateFromAdministratorAccount',
'DisassociateFromMasterAccount',
'DisassociateMembers',
'EnableImportFindingsForProduct',
'EnableOrganizationAdminAccount',
'EnableSecurityHub',
'EnableSecurityHubV2',
'InviteMembers',
'StartConfigurationPolicyAssociation',
'StartConfigurationPolicyDisassociation',
'UpdateActionTarget',
'UpdateAggregatorV2',
'UpdateAutomationRuleV2',
'UpdateConfigurationPolicy',
'UpdateConnectorV2',
'UpdateFindingAggregator',
'UpdateFindings',
'UpdateInsight',
'UpdateOrganizationConfiguration',
'UpdateSecurityControl',
'UpdateSecurityHubConfiguration',
'UpdateStandardsControl'
],
Read: [
'BatchGetAutomationRules',
'BatchGetConfigurationPolicyAssociations',
'BatchGetControlEvaluations',
'BatchGetSecurityControls',
'BatchGetStandardsControlAssociations',
'DescribeActionTargets',
'DescribeHub',
'DescribeOrganizationConfiguration',
'DescribeProducts',
'DescribeProductsV2',
'DescribeSecurityHubV2',
'DescribeStandards',
'DescribeStandardsControls',
'GetAdhocInsightResults',
'GetAdministratorAccount',
'GetAggregatorV2',
'GetAutomationRuleV2',
'GetConfigurationPolicy',
'GetConfigurationPolicyAssociation',
'GetConnectorV2',
'GetControlFindingSummary',
'GetFindingAggregator',
'GetFindingHistory',
'GetFindings',
'GetFindingsTrendsV2',
'GetFreeTrialEndDate',
'GetFreeTrialUsage',
'GetInsightFindingTrend',
'GetInsightResults',
'GetInvitationsCount',
'GetMasterAccount',
'GetMembers',
'GetResourcesStatisticsV2',
'GetResourcesTrendsV2',
'GetResourcesV2',
'GetSecurityControlDefinition',
'GetUsage',
'ListControlEvaluationSummaries',
'ListTagsForResource',
'SendFindingEvents',
'SendInsightEvents'
],
List: [
'GetEnabledStandards',
'GetInsights',
'ListAggregatorsV2',
'ListAutomationRules',
'ListAutomationRulesV2',
'ListConfigurationPolicies',
'ListConfigurationPolicyAssociations',
'ListConnectorsV2',
'ListEnabledProductsForImport',
'ListFindingAggregators',
'ListInvitations',
'ListMembers',
'ListOrganizationAdminAccounts',
'ListSecurityControlDefinitions',
'ListStandardsControlAssociations'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
/**
* Grants permission to accept Security Hub invitations to become a member account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AcceptAdministratorInvitation.html
*/
toAcceptAdministratorInvitation() {
return this.to('AcceptAdministratorInvitation');
}
/**
* Grants permission to accept Security Hub invitations to become a member account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AcceptInvitation.html
*/
toAcceptInvitation() {
return this.to('AcceptInvitation');
}
/**
* Grants permission to delete one or more automation rules in Security Hub
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
*/
toBatchDeleteAutomationRules() {
return this.to('BatchDeleteAutomationRules');
}
/**
* Grants permission to disable standards in Security Hub
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchDisableStandards.html
*/
toBatchDisableStandards() {
return this.to('BatchDisableStandards');
}
/**
* Grants permission to enable standards in Security Hub
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchEnableStandards.html
*/
toBatchEnableStandards() {
return this.to('BatchEnableStandards');
}
/**
* Grants permission to retrieve a list of details for automation rules from Security Hub based on rule Amazon Resource Names (ARNs)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
*/
toBatchGetAutomationRules() {
return this.to('BatchGetAutomationRules');
}
/**
* Grants permission to retrieve information about configuration policies associated with a specific list of member accounts and organizational units of the calling account's organization
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchGetConfigurationPolicyAssociations.html
*/
toBatchGetConfigurationPolicyAssociations() {
return this.to('BatchGetConfigurationPolicyAssociations');
}
/**
* Grants permission to get the enablement and compliance status of controls, the findings count for controls, and the overall security score for controls on the Security Hub console
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/iam-permissions-controls-standards.html
*/
toBatchGetControlEvaluations() {
return this.to('BatchGetControlEvaluations');
}
/**
* Grants permission to get details about specific security controls identified by ID or ARN
*
* Access Level: Read
*
* Dependent actions:
* - securityhub:DescribeStandardsControls
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchGetSecurityControls.html
*/
toBatchGetSecurityControls() {
return this.to('BatchGetSecurityControls');
}
/**
* Grants permission to get the enablement status of a batch of security controls in standards
*
* Access Level: Read
*
* Dependent actions:
* - securityhub:DescribeStandardsControls
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchGetStandardsControlAssociations.html
*/
toBatchGetStandardsControlAssociations() {
return this.to('BatchGetStandardsControlAssociations');
}
/**
* Grants permission to import findings into Security Hub from an integrated product
*
* Access Level: Write
*
* Possible conditions:
* - .ifTargetAccount()
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html
*/
toBatchImportFindings() {
return this.to('BatchImportFindings');
}
/**
* Grants permission to update one or more automation rules from Security Hub based on rule Amazon Resource Names (ARNs) and input parameters
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
*/
toBatchUpdateAutomationRules() {
return this.to('BatchUpdateAutomationRules');
}
/**
* Grants permission to update customer-controlled fields for a selected set of Security Hub findings
*
* Access Level: Write
*
* Possible conditions:
* - .ifASFFSyntaxPath()
* - .ifOCSFSyntaxPath()
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindingsV2.html
*/
toBatchUpdateFindings() {
return this.to('BatchUpdateFindings');
}
/**
* Grants permission to update the enablement status of a batch of security controls in standards
*
* Access Level: Write
*
* Dependent actions:
* - securityhub:UpdateStandardsControl
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
*/
toBatchUpdateStandardsControlAssociations() {
return this.to('BatchUpdateStandardsControlAssociations');
}
/**
* Grants permission to complete the OAuth 2.0 authorization code flow based on input parameters
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ConnectorRegistrationsV2.html
*/
toConnectorRegistrationsV2() {
return this.to('ConnectorRegistrationsV2');
}
/**
* Grants permission to create custom actions in Security Hub
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateActionTarget.html
*/
toCreateActionTarget() {
return this.to('CreateActionTarget');
}
/**
* Grants permission to create an aggregatorV2, which configures data aggregation across Regions
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateAggregatorV2.html
*/
toCreateAggregatorV2() {
return this.to('CreateAggregatorV2');
}
/**
* Grants permission to create an automation rule based on input parameters
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
*/
toCreateAutomationRule() {
return this.to('CreateAutomationRule');
}
/**
* Grants permission to create an automation rule V2 based on input parameters
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
*/
toCreateAutomationRuleV2() {
return this.to('CreateAutomationRuleV2');
}
/**
* Grants permission to create a configuration policy to manage organization member settings in Security Hub
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateConfigurationPolicy.html
*/
toCreateConfigurationPolicy() {
return this.to('CreateConfigurationPolicy');
}
/**
* Grants permission to create a connector V2 based on input parameters
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateConnectorV2.html
*/
toCreateConnectorV2() {
return this.to('CreateConnectorV2');
}
/**
* Grants permission to create a finding aggregator, which contains the cross-Region finding aggregation configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateFindingAggregator.html
*/
toCreateFindingAggregator() {
return this.to('CreateFindingAggregator');
}
/**
* Grants permission to create insights in Security Hub. Insights are collections of related findings
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateInsight.html
*/
toCreateInsight() {
return this.to('CreateInsight');
}
/**
* Grants permission to create member accounts in Security Hub
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateMembers.html
*/
toCreateMembers() {
return this.to('CreateMembers');
}
/**
* Grants permission to create ticket for a selected OCSF finding
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateTicketV2.html
*/
toCreateTicketV2() {
return this.to('CreateTicketV2');
}
/**
* Grants permission to decline Security Hub invitations to become a member account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeclineInvitations.html
*/
toDeclineInvitations() {
return this.to('DeclineInvitations');
}
/**
* Grants permission to delete custom actions in Security Hub
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteActionTarget.html
*/
toDeleteActionTarget() {
return this.to('DeleteActionTarget');
}
/**
* Grants permission to delete an aggregatorV2, which configures data aggregation across Regions
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteAggregatorV2.html
*/
toDeleteAggregatorV2() {
return this.to('DeleteAggregatorV2');
}
/**
* Grants permission to delete an automation rule V2 in Security Hub
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
*/
toDeleteAutomationRuleV2() {
return this.to('DeleteAutomationRuleV2');
}
/**
* Grants permission to delete an existing configuration policy
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteConfigurationPolicy.html
*/
toDeleteConfigurationPolicy() {
return this.to('DeleteConfigurationPolicy');
}
/**
* Grants permission to delete a connector V2 in Security Hub
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteConnectorV2.html
*/
toDeleteConnectorV2() {
return this.to('DeleteConnectorV2');
}
/**
* Grants permission to delete a finding aggregator, which disables finding aggregation across Regions
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteFindingAggregator.html
*/
toDeleteFindingAggregator() {
return this.to('DeleteFindingAggregator');
}
/**
* Grants permission to delete insights from Security Hub
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteInsight.html
*/
toDeleteInsight() {
return this.to('DeleteInsight');
}
/**
* Grants permission to delete Security Hub invitations to become a member account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteInvitations.html
*/
toDeleteInvitations() {
return this.to('DeleteInvitations');
}
/**
* Grants permission to delete Security Hub member accounts
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteMembers.html
*/
toDeleteMembers() {
return this.to('DeleteMembers');
}
/**
* Grants permission to retrieve a list of custom actions using the API
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeActionTargets.html
*/
toDescribeActionTargets() {
return this.to('DescribeActionTargets');
}
/**
* Grants permission to retrieve information about the hub resource in your account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeHub.html
*/
toDescribeHub() {
return this.to('DescribeHub');
}
/**
* Grants permission to describe the organization configuration for Security Hub
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeOrganizationConfiguration.html
*/
toDescribeOrganizationConfiguration() {
return this.to('DescribeOrganizationConfiguration');
}
/**
* Grants permission to retrieve information about the available Security Hub product integrations
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeProducts.html
*/
toDescribeProducts() {
return this.to('DescribeProducts');
}
/**
* Grants permission to retrieve information about the available Security Hub V2 product integrations
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeProductsV2.html
*/
toDescribeProductsV2() {
return this.to('DescribeProductsV2');
}
/**
* Grants permission to retrieve information about the hub V2 resource in your account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeSecurityHubV2.html
*/
toDescribeSecurityHubV2() {
return this.to('DescribeSecurityHubV2');
}
/**
* Grants permission to retrieve information about Security Hub standards
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html
*/
toDescribeStandards() {
return this.to('DescribeStandards');
}
/**
* Grants permission to retrieve information about Security Hub standards controls
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandardsControls.html
*/
toDescribeStandardsControls() {
return this.to('DescribeStandardsControls');
}
/**
* Grants permission to disable the findings importing for a Security Hub integrated product
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableImportFindingsForProduct.html
*/
toDisableImportFindingsForProduct() {
return this.to('DisableImportFindingsForProduct');
}
/**
* Grants permission to remove the Security Hub administrator account for your organization
*
* Access Level: Write
*
* Dependent actions:
* - organizations:DeregisterDelegatedAdministrator
* - organizations:DescribeOrganization
* - organizations:ListDelegatedAdministrators
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableOrganizationAdminAccount.html
*/
toDisableOrganizationAdminAccount() {
return this.to('DisableOrganizationAdminAccount');
}
/**
* Grants permission to disable Security Hub
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableSecurityHub.html
*/
toDisableSecurityHub() {
return this.to('DisableSecurityHub');
}
/**
* Grants permission to disable Security Hub V2
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableSecurityHubV2.html
*/
toDisableSecurityHubV2() {
return this.to('DisableSecurityHubV2');
}
/**
* Grants permission to a Security Hub member account to disassociate from the associated administrator account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisassociateFromAdministratorAccount.html
*/
toDisassociateFromAdministratorAccount() {
return this.to('DisassociateFromAdministratorAccount');
}
/**
* Grants permission to a Security Hub member account to disassociate from the associated master account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisassociateFromMasterAccount.html
*/
toDisassociateFromMasterAccount() {
return this.to('DisassociateFromMasterAccount');
}
/**
* Grants permission to disassociate Security Hub member accounts from the associated administrator account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisassociateMembers.html
*/
toDisassociateMembers() {
return this.to('DisassociateMembers');
}
/**
* Grants permission to enable the findings importing for a Security Hub integrated product
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableImportFindingsForProduct.html
*/
toEnableImportFindingsForProduct() {
return this.to('EnableImportFindingsForProduct');
}
/**
* Grants permission to designate a Security Hub administrator account for your organization
*
* Access Level: Write
*
* Dependent actions:
* - organizations:DescribeOrganization
* - organizations:EnableAWSServiceAccess
* - organizations:ListAWSServiceAccessForOrganization
* - organizations:ListDelegatedAdministrators
* - organizations:RegisterDelegatedAdministrator
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableOrganizationAdminAccount.html
*/
toEnableOrganizationAdminAccount() {
return this.to('EnableOrganizationAdminAccount');
}
/**
* Grants permission to enable Security Hub
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableSecurityHub.html
*/
toEnableSecurityHub() {
return this.to('EnableSecurityHub');
}
/**
* Grants permission to enable Security Hub V2
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableSecurityHubV2.html
*/
toEnableSecurityHubV2() {
return this.to('EnableSecurityHubV2');
}
/**
* Grants permission to retrieve aggregated statistical data about the findings
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingStatisticsV2.html
*/
toGetAdhocInsightResults() {
return this.to('GetAdhocInsightResults');
}
/**
* Grants permission to retrieve details about the Security Hub administrator account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetAdministratorAccount.html
*/
toGetAdministratorAccount() {
return this.to('GetAdministratorAccount');
}
/**
* Grants permission to retrieve details for an aggregatorV2, which configures data aggregation across Regions
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetAggregatorV2.html
*/
toGetAggregatorV2() {
return this.to('GetAggregatorV2');
}
/**
* Grants permission to retrieve details for an automation rule V2 from Security Hub based on rule Amazon Resource Name (ARN)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
*/
toGetAutomationRuleV2() {
return this.to('GetAutomationRuleV2');
}
/**
* Grants permission to get a complete overview of one configuration policy created by the calling account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetConfigurationPolicy.html
*/
toGetConfigurationPolicy() {
return this.to('GetConfigurationPolicy');
}
/**
* Grants permission to retrieve information about a configuration policy associated with a member account or organizational unit of the calling account's organization
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetConfigurationPolicyAssociation.html
*/
toGetConfigurationPolicyAssociation() {
return this.to('GetConfigurationPolicyAssociation');
}
/**
* Grants permission to retrieve details for a connector V2 from Security Hub based on connector id
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetConnectorV2.html
*/
toGetConnectorV2() {
return this.to('GetConnectorV2');
}
/**
* Grants permission to retrieve a security score and counts of finding and control statuses for a security standard
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetControlFindingSummary.html
*/
toGetControlFindingSummary() {
return this.to('GetControlFindingSummary');
}
/**
* Grants permission to retrieve a list of the standards that are enabled in Security Hub
*
* Access Level: List
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetEnabledStandards.html
*/
toGetEnabledStandards() {
return this.to('GetEnabledStandards');
}
/**
* Grants permission to retrieve details for a finding aggregator, which configures finding aggregation across Regions
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingAggregator.html
*/
toGetFindingAggregator() {
return this.to('GetFindingAggregator');
}
/**
* Grants permission to retrieve a list of finding history from Security Hub
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingHistory.html
*/
toGetFindingHistory() {
return this.to('GetFindingHistory');
}
/**
* Grants permission to retrieve a list of findings from Security Hub
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingsV2.html
*/
toGetFindings() {
return this.to('GetFindings');
}
/**
* Grants permission to retrieve findings trends
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingsTrendsV2.html
*/
toGetFindingsTrendsV2() {
return this.to('GetFindingsTrendsV2');
}
/**
* Grants permission to retrieve the end date for an account's free trial of Security Hub
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFreeTrialEndDate.html
*/
toGetFreeTrialEndDate() {
return this.to('GetFreeTrialEndDate');
}
/**
* Grants permission to retrieve information about Security Hub usage during the free trial period
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFreeTrialUsage.html
*/
toGetFreeTrialUsage() {
return this.to('GetFreeTrialUsage');
}
/**
* Grants permission to retrieve an insight finding trend from Security Hub in order to generate a graph
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInsightFindingTrend.html
*/
toGetInsightFindingTrend() {
return this.to('GetInsightFindingTrend');
}
/**
* Grants permission to retrieve insight results from Security Hub
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInsightResults.html
*/
toGetInsightResults() {
return this.to('GetInsightResults');
}
/**
* Grants permission to retrieve Security Hub insights
*
* Access Level: List
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInsights.html
*/
toGetInsights() {
return this.to('GetInsights');
}
/**
* Grants permission to retrieve the count of Security Hub membership invitations sent to the account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInvitationsCount.html
*/
toGetInvitationsCount() {
return this.to('GetInvitationsCount');
}
/**
* Grants permission to retrieve details about the Security Hub master account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetMasterAccount.html
*/
toGetMasterAccount() {
return this.to('GetMasterAccount');
}
/**
* Grants permission to retrieve the details of Security Hub member accounts
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetMembers.html
*/
toGetMembers() {
return this.to('GetMembers');
}
/**
* Grants permission to retrieve aggregate statistics about resources
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetResourcesStatisticsV2.html
*/
toGetResourcesStatisticsV2() {
return this.to('GetResourcesStatisticsV2');
}
/**
* Grants permission to retrieve resources trends
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetResourcesTrendsV2.html
*/
toGetResourcesTrendsV2() {
return this.to('GetResourcesTrendsV2');
}
/**
* Grants permission to retrieve a list of resources
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetResourcesV2.html
*/
toGetResourcesV2() {
return this.to('GetResourcesV2');
}
/**
* Grants permission to get the definition details of a specific security control identified by ID
*
* Access Level: Read
*
* Dependent actions:
* - securityhub:DescribeStandardsControls
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetSecurityControlDefinition.html
*/
toGetSecurityControlDefinition() {
return this.to('GetSecurityControlDefinition');
}
/**
* Grants permission to retrieve information about Security Hub usage by accounts
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetUsage.html
*/
toGetUsage() {
return this.to('GetUsage');
}
/**
* Grants permission to invite other AWS accounts to become Security Hub member accounts
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_InviteMembers.html
*/
toInviteMembers() {
return this.to('InviteMembers');
}
/**
* Grants permission to retrieve a list of aggregatorsV2, which configures data aggregation across Regions
*
* Access Level: List
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListAggregatorsV2.html
*/
toListAggregatorsV2() {
return this.to('ListAggregatorsV2');
}
/**
* Grants permission to retrieve a list of automation rules and their metadata for the calling account from Security Hub
*
* Access Level: List
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
*/
toListAutomationRules() {
return this.to('ListAutomationRules');
}
/**
* Grants permission to retrieve a list of automation rules V2 and their metadata for the calling account from Security Hub
*
* Access Level: List
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
*/
toListAutomationRulesV2() {
return this.to('ListAutomationRulesV2');
}
/**
* Grants permission to list the summaries of all configuration policies created by the calling account
*
* Access Level: List
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListConfigurationPolicies.html
*/
toListConfigurationPolicies() {
return this.to('ListConfigurationPolicies');
}
/**
* Grants permission to retrieve information about all configuration policies associationed with all member accounts and organizational units of the calling account's organization
*
* Access Level: List
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListConfigurationPolicyAssociations.html
*/
toListConfigurationPolicyAssociations() {
return this.to('ListConfigurationPolicyAssociations');
}
/**
* Grants permission to retrieve a list of connectors V2 and their metadata for the calling account from Security Hub
*
* Access Level: List
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListConnectorsV2.html
*/
toListConnectorsV2() {
return this.to('ListConnectorsV2');
}
/**
* Grants permission to retrieve a list of controls for a standard, including the control IDs, statuses and finding counts
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListControlEvaluationSummaries.html
*/
toListControlEvaluationSummaries() {
return this.to('ListControlEvaluationSummaries');
}
/**
* Grants permission to retrieve the Security Hub integrated products that are currently enabled
*
* Access Level: List
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListEnabledProductsForImport.html
*/
toListEnabledProductsForImport() {
return this.to('ListEnabledProductsForImport');
}
/**
* Grants permission to retrieve a list of finding aggregators, which contain the cross-Region finding aggregation configuration
*
* Access Level: List
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListFindingAggregators.html
*/
toListFindingAggregators() {
return this.to('ListFindingAggregators');
}
/**
* Grants permission to retrieve the Security Hub invitations sent to the account
*
* Access Level: List
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListInvitations.html
*/
toListInvitations() {
return this.to('ListInvitations');
}
/**
* Grants permission to retrieve details about Security Hub member accounts associated with the administrator account
*
* Access Level: List
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListMembers.html
*/
toListMembers() {
return this.to('ListMembers');
}
/**
* Grants permission to list the Security Hub administrator accounts for your organization
*
* Access Level: List
*
* Dependent actions:
* - organizations:DescribeOrganization
* - organizations:ListDelegatedAdministrators
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListOrganizationAdminAccounts.html
*/
toListOrganizationAdminAccounts() {
return this.to('ListOrganizationAdminAccounts');
}
/**
* Grants permission to retrieve a list of security control definitions, which contain details for security controls in the current region
*
* Access Level: List
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListSecurityControlDefinitions.html
*/
toListSecurityControlDefinitions() {
return this.to('ListSecurityControlDefinitions');
}
/**
* Grants permission to list the enablement status of a security control in standards
*
* Access Level: List
*
* Dependent actions:
* - securityhub:DescribeStandardsControls
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListStandardsControlAssociations.html
*/
toListStandardsControlAssociations() {
return this.to('ListStandardsControlAssociations');
}
/**
* Grants permission to list of tags associated with a resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to use a custom action to send Security Hub findings to Amazon EventBridge
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_SendFindingEvents.html
*/
toSendFindingEvents() {
return this.to('SendFindingEvents');
}
/**
* Grants permission to use a custom action to send Security Hub insights to Amazon EventBridge
*
* Access Level: Read
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_SendInsightEvents.html
*/
toSendInsightEvents() {
return this.to('SendInsightEvents');
}
/**
* Grants permission to associate a configuration policy with a member account or organizational unit in the calling account's organization
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_StartConfigurationPolicyAssociation.html
*/
toStartConfigurationPolicyAssociation() {
return this.to('StartConfigurationPolicyAssociation');
}
/**
* Grants permission to remove a configuration policy association from a member account or organizational unit in the calling account's organization
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_StartConfigurationPolicyDisassociation.html
*/
toStartConfigurationPolicyDisassociation() {
return this.to('StartConfigurationPolicyDisassociation');
}
/**
* Grants permission to add tags to a Security Hub resource
*
* Access Level: Tagging
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to remove tags from a Security Hub resource
*
* Access Level: Tagging
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update custom actions in Security Hub
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateActionTarget.html
*/
toUpdateActionTarget() {
return this.to('UpdateActionTarget');
}
/**
* Grants permission to update an aggregatorV2, which configures data aggregation across Regions
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateAggregatorV2.html
*/
toUpdateAggregatorV2() {
return this.to('UpdateAggregatorV2');
}
/**
* Grants permission to update an automation rule V2 in Security Hub based on rule Amazon Resource Name (ARN) and input parameters
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
*/
toUpdateAutomationRuleV2() {
return this.to('UpdateAutomationRuleV2');
}
/**
* Grants permission to update an existing configuration policy
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateConfigurationPolicy.html
*/
toUpdateConfigurationPolicy() {
return this.to('UpdateConfigurationPolicy');
}
/**
* Grants permission to update a connector V2 in Security Hub based on connector id and input parameters
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateConnectorV2.html
*/
toUpdateConnectorV2() {
return this.to('UpdateConnectorV2');
}
/**
* Grants permission to update a finding aggregator, which contains the cross-Region finding aggregation configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateFindingAggregator.html
*/
toUpdateFindingAggregator() {
return this.to('UpdateFindingAggregator');
}
/**
* Grants permission to update Security Hub findings
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateFindings.html
*/
toUpdateFindings() {
return this.to('UpdateFindings');
}
/**
* Grants permission to update insights in Security Hub
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateInsight.html
*/
toUpdateInsight() {
return this.to('UpdateInsight');
}
/**
* Grants permission to update the organization configuration for Security Hub
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateOrganizationConfiguration.html
*/
toUpdateOrganizationConfiguration() {
return this.to('UpdateOrganizationConfiguration');
}
/**
* Grants permission to update properties of a specific security control identified by ID or ARN
*
* Access Level: Write
*
* Dependent actions:
* - securityhub:UpdateStandardsControl
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateSecurityControl.html
*/
toUpdateSecurityControl() {
return this.to('UpdateSecurityControl');
}
/**
* Grants permission to update Security Hub configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateSecurityHubConfiguration.html
*/
toUpdateSecurityHubConfiguration() {
return this.to('UpdateSecurityHubConfiguration');
}
/**
* Grants permission to update Security Hub standards controls
*
* Access Level: Write
*
* https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateStandardsControl.html
*/
toUpdateStandardsControl() {
return this.to('UpdateStandardsControl');
}
/**
* Adds a resource of type hub to the statement
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources
*
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onHub(account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:securityhub:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:hub/default`);
}
/**
* Adds a resource of type hubv2 to the statement
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources
*
* @param hubV2Id - Identifier for the hubV2Id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onHubv2(hubV2Id, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:securityhub:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:hubv2/${hubV2Id}`);
}
/**
* Adds a resource of type product to the statement
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources
*
* @param company - Identifier for the company.
* @param productId - Identifier for the productId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onProduct(company, productId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:securityhub:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:product/${company}/${productId}`);
}
/**
* Adds a resource of type finding-aggregator to the statement
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources
*
* @param findingAggregatorId - Identifier for the findingAggregatorId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onFindingAggregator(findingAggregatorId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:securityhub:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:finding-aggregator/${findingAggregatorId}`);
}
/**
* Adds a resource of type aggregatorv2 to the statement
*
* https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources
*
* @param aggregatorV2Id - Identifier for the aggregatorV2Id.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless