iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,476 lines • 269 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Ssm = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [ssm](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssystemsmanager.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Ssm extends shared_1.PolicyStatement {
/**
* Statement provider for service [ssm](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssystemsmanager.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'ssm';
this.accessLevelList = {
Tagging: [
'AddTagsToResource',
'RemoveTagsFromResource'
],
Write: [
'AssociateOpsItemRelatedItem',
'CancelCommand',
'CancelMaintenanceWindowExecution',
'CreateActivation',
'CreateAssociation',
'CreateAssociationBatch',
'CreateDocument',
'CreateMaintenanceWindow',
'CreateOpsItem',
'CreateOpsMetadata',
'CreatePatchBaseline',
'CreateResourceDataSync',
'DeleteActivation',
'DeleteAssociation',
'DeleteDocument',
'DeleteInventory',
'DeleteMaintenanceWindow',
'DeleteOpsItem',
'DeleteOpsMetadata',
'DeleteParameter',
'DeleteParameters',
'DeletePatchBaseline',
'DeleteResourceDataSync',
'DeregisterManagedInstance',
'DeregisterPatchBaselineForPatchGroup',
'DeregisterTargetFromMaintenanceWindow',
'DeregisterTaskFromMaintenanceWindow',
'DisassociateOpsItemRelatedItem',
'LabelParameterVersion',
'PutCalendar',
'PutComplianceItems',
'PutInventory',
'PutParameter',
'RegisterDefaultPatchBaseline',
'RegisterManagedInstance',
'RegisterPatchBaselineForPatchGroup',
'RegisterTargetWithMaintenanceWindow',
'RegisterTaskWithMaintenanceWindow',
'ResetServiceSetting',
'ResumeSession',
'SendAutomationSignal',
'SendCommand',
'StartAccessRequest',
'StartAssociationsOnce',
'StartAutomationExecution',
'StartChangeRequestExecution',
'StartSession',
'StopAutomationExecution',
'TerminateSession',
'UnlabelParameterVersion',
'UpdateAssociation',
'UpdateAssociationStatus',
'UpdateDocument',
'UpdateDocumentDefaultVersion',
'UpdateDocumentMetadata',
'UpdateInstanceAssociationStatus',
'UpdateInstanceInformation',
'UpdateMaintenanceWindow',
'UpdateMaintenanceWindowTarget',
'UpdateMaintenanceWindowTask',
'UpdateManagedInstanceRole',
'UpdateOpsItem',
'UpdateOpsMetadata',
'UpdatePatchBaseline',
'UpdateResourceDataSync',
'UpdateServiceSetting'
],
'Permissions management': [
'DeleteResourcePolicy',
'ModifyDocumentPermission',
'PutResourcePolicy'
],
Read: [
'DescribeActivations',
'DescribeAssociation',
'DescribeAssociationExecutionTargets',
'DescribeAssociationExecutions',
'DescribeAutomationExecutions',
'DescribeAutomationStepExecutions',
'DescribeAvailablePatches',
'DescribeDocument',
'DescribeDocumentParameters',
'DescribeDocumentPermission',
'DescribeEffectiveInstanceAssociations',
'DescribeEffectivePatchesForPatchBaseline',
'DescribeInstanceAssociationsStatus',
'DescribeInstanceInformation',
'DescribeInstancePatchStates',
'DescribeInstancePatchStatesForPatchGroup',
'DescribeInstancePatches',
'DescribeInstanceProperties',
'DescribeInventoryDeletions',
'DescribeOpsItems',
'ExecuteAPI',
'GetAccessToken',
'GetAutomationExecution',
'GetCalendar',
'GetCalendarState',
'GetCommandInvocation',
'GetConnectionStatus',
'GetDefaultPatchBaseline',
'GetDeployablePatchSnapshotForInstance',
'GetDocument',
'GetExecutionPreview',
'GetInventory',
'GetInventorySchema',
'GetMaintenanceWindow',
'GetMaintenanceWindowExecution',
'GetMaintenanceWindowExecutionTask',
'GetMaintenanceWindowExecutionTaskInvocation',
'GetMaintenanceWindowTask',
'GetManifest',
'GetOpsItem',
'GetOpsMetadata',
'GetOpsSummary',
'GetParameter',
'GetParameterHistory',
'GetParameters',
'GetParametersByPath',
'GetPatchBaseline',
'GetPatchBaselineForPatchGroup',
'GetServiceSetting',
'PutConfigurePackageResult',
'StartExecutionPreview'
],
List: [
'DescribeMaintenanceWindowExecutionTaskInvocations',
'DescribeMaintenanceWindowExecutionTasks',
'DescribeMaintenanceWindowExecutions',
'DescribeMaintenanceWindowSchedule',
'DescribeMaintenanceWindowTargets',
'DescribeMaintenanceWindowTasks',
'DescribeMaintenanceWindows',
'DescribeMaintenanceWindowsForTarget',
'DescribeParameters',
'DescribePatchBaselines',
'DescribePatchGroupState',
'DescribePatchGroups',
'DescribePatchProperties',
'DescribeSessions',
'GetResourcePolicies',
'ListAssociationVersions',
'ListAssociations',
'ListCommandInvocations',
'ListCommands',
'ListComplianceItems',
'ListComplianceSummaries',
'ListDocumentMetadataHistory',
'ListDocumentVersions',
'ListDocuments',
'ListInstanceAssociations',
'ListInventoryEntries',
'ListNodes',
'ListNodesSummary',
'ListOpsItemEvents',
'ListOpsItemRelatedItems',
'ListOpsMetadata',
'ListResourceComplianceSummaries',
'ListResourceDataSync',
'ListTagsForResource'
]
};
}
/**
* Grants permission to add or overwrite one or more tags for a specified AWS resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_AddTagsToResource.html
*/
toAddTagsToResource() {
return this.to('AddTagsToResource');
}
/**
* Grants permission to associate RelatedItem to an OpsItem
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_AssociateOpsItemRelatedItem.html
*/
toAssociateOpsItemRelatedItem() {
return this.to('AssociateOpsItemRelatedItem');
}
/**
* Grants permission to cancel a specified Run Command command
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CancelCommand.html
*/
toCancelCommand() {
return this.to('CancelCommand');
}
/**
* Grants permission to cancel an in-progress maintenance window execution
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CancelMaintenanceWindowExecution.html
*/
toCancelMaintenanceWindowExecution() {
return this.to('CancelMaintenanceWindowExecution');
}
/**
* Grants permission to create an activation that is used to register on-premises servers and virtual machines (VMs) with Systems Manager
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateActivation.html
*/
toCreateActivation() {
return this.to('CreateActivation');
}
/**
* Grants permission to associate a specified Systems Manager document with specified instances or other targets
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateAssociation.html
*/
toCreateAssociation() {
return this.to('CreateAssociation');
}
/**
* Grants permission to combine entries for multiple CreateAssociation operations in a single command
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateAssociationBatch.html
*/
toCreateAssociationBatch() {
return this.to('CreateAssociationBatch');
}
/**
* Grants permission to create a Systems Manager SSM document
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifDocumentType()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateDocument.html
*/
toCreateDocument() {
return this.to('CreateDocument');
}
/**
* Grants permission to create a maintenance window
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateMaintenanceWindow.html
*/
toCreateMaintenanceWindow() {
return this.to('CreateMaintenanceWindow');
}
/**
* Grants permission to create an OpsItem in OpsCenter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateOpsItem.html
*/
toCreateOpsItem() {
return this.to('CreateOpsItem');
}
/**
* Grants permission to create an OpsMetadata object for an AWS resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateOpsMetadata.html
*/
toCreateOpsMetadata() {
return this.to('CreateOpsMetadata');
}
/**
* Grants permission to create a patch baseline
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreatePatchBaseline.html
*/
toCreatePatchBaseline() {
return this.to('CreatePatchBaseline');
}
/**
* Grants permission to create a resource data sync configuration, which regularly collects inventory data from managed instances and updates the data in an Amazon S3 bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifSyncType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateResourceDataSync.html
*/
toCreateResourceDataSync() {
return this.to('CreateResourceDataSync');
}
/**
* Grants permission to delete a specified activation for managed instances
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteActivation.html
*/
toDeleteActivation() {
return this.to('DeleteActivation');
}
/**
* Grants permission to disassociate a specified SSM document from a specified instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteAssociation.html
*/
toDeleteAssociation() {
return this.to('DeleteAssociation');
}
/**
* Grants permission to delete a specified SSM document and its instance associations
*
* Access Level: Write
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteDocument.html
*/
toDeleteDocument() {
return this.to('DeleteDocument');
}
/**
* Grants permission to delete a specified custom inventory type, or the data associated with a custom inventory type
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteInventory.html
*/
toDeleteInventory() {
return this.to('DeleteInventory');
}
/**
* Grants permission to delete a specified maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteMaintenanceWindow.html
*/
toDeleteMaintenanceWindow() {
return this.to('DeleteMaintenanceWindow');
}
/**
* Grants permission to delete an OpsItem
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteOpsItem.html
*/
toDeleteOpsItem() {
return this.to('DeleteOpsItem');
}
/**
* Grants permission to delete an OpsMetadata object
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteOpsMetadata.html
*/
toDeleteOpsMetadata() {
return this.to('DeleteOpsMetadata');
}
/**
* Grants permission to delete a specified SSM parameter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteParameter.html
*/
toDeleteParameter() {
return this.to('DeleteParameter');
}
/**
* Grants permission to delete multiple specified SSM parameters
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteParameters.html
*/
toDeleteParameters() {
return this.to('DeleteParameters');
}
/**
* Grants permission to delete a specified patch baseline
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeletePatchBaseline.html
*/
toDeletePatchBaseline() {
return this.to('DeletePatchBaseline');
}
/**
* Grants permission to delete a specified resource data sync
*
* Access Level: Write
*
* Possible conditions:
* - .ifSyncType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteResourceDataSync.html
*/
toDeleteResourceDataSync() {
return this.to('DeleteResourceDataSync');
}
/**
* Grants permission to delete a Systems Manager resource policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteResourcePolicy.html
*/
toDeleteResourcePolicy() {
return this.to('DeleteResourcePolicy');
}
/**
* Grants permission to deregister a specified on-premises server or virtual machine (VM) from Systems Manager
*
* Access Level: Write
*
* Possible conditions:
* - .ifResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeregisterManagedInstance.html
*/
toDeregisterManagedInstance() {
return this.to('DeregisterManagedInstance');
}
/**
* Grants permission to deregister a specified patch baseline from being the default patch baseline for a specified patch group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeregisterPatchBaselineForPatchGroup.html
*/
toDeregisterPatchBaselineForPatchGroup() {
return this.to('DeregisterPatchBaselineForPatchGroup');
}
/**
* Grants permission to deregister a specified target from a maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeregisterTargetFromMaintenanceWindow.html
*/
toDeregisterTargetFromMaintenanceWindow() {
return this.to('DeregisterTargetFromMaintenanceWindow');
}
/**
* Grants permission to deregister a specified task from a maintenance window
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeregisterTaskFromMaintenanceWindow.html
*/
toDeregisterTaskFromMaintenanceWindow() {
return this.to('DeregisterTaskFromMaintenanceWindow');
}
/**
* Grants permission to view details about a specified managed instance activation, such as when it was created and the number of instances registered using the activation
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeActivations.html
*/
toDescribeActivations() {
return this.to('DescribeActivations');
}
/**
* Grants permission to view details about the specified association for a specified instance or target
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAssociation.html
*/
toDescribeAssociation() {
return this.to('DescribeAssociation');
}
/**
* Grants permission to view information about a specified association execution
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAssociationExecutionTargets.html
*/
toDescribeAssociationExecutionTargets() {
return this.to('DescribeAssociationExecutionTargets');
}
/**
* Grants permission to view all executions for a specified association
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAssociationExecutions.html
*/
toDescribeAssociationExecutions() {
return this.to('DescribeAssociationExecutions');
}
/**
* Grants permission to view details about all active and terminated Automation executions
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAutomationExecutions.html
*/
toDescribeAutomationExecutions() {
return this.to('DescribeAutomationExecutions');
}
/**
* Grants permission to view information about all active and terminated step executions in an Automation workflow
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAutomationStepExecutions.html
*/
toDescribeAutomationStepExecutions() {
return this.to('DescribeAutomationStepExecutions');
}
/**
* Grants permission to view all patches eligible to include in a patch baseline
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeAvailablePatches.html
*/
toDescribeAvailablePatches() {
return this.to('DescribeAvailablePatches');
}
/**
* Grants permission to view details about a specified SSM document
*
* Access Level: Read
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeDocument.html
*/
toDescribeDocument() {
return this.to('DescribeDocument');
}
/**
* Grants permission to display information about SSM document parameters in the Systems Manager console (internal Systems Manager action)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toDescribeDocumentParameters() {
return this.to('DescribeDocumentParameters');
}
/**
* Grants permission to view the permissions for a specified SSM document
*
* Access Level: Read
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeDocumentPermission.html
*/
toDescribeDocumentPermission() {
return this.to('DescribeDocumentPermission');
}
/**
* Grants permission to view all current associations for a specified instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeEffectiveInstanceAssociations.html
*/
toDescribeEffectiveInstanceAssociations() {
return this.to('DescribeEffectiveInstanceAssociations');
}
/**
* Grants permission to view details about the patches currently associated with the specified patch baseline (Windows only)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeEffectivePatchesForPatchBaseline.html
*/
toDescribeEffectivePatchesForPatchBaseline() {
return this.to('DescribeEffectivePatchesForPatchBaseline');
}
/**
* Grants permission to view the status of the associations for a specified instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstanceAssociationsStatus.html
*/
toDescribeInstanceAssociationsStatus() {
return this.to('DescribeInstanceAssociationsStatus');
}
/**
* Grants permission to view details about a specified instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstanceInformation.html
*/
toDescribeInstanceInformation() {
return this.to('DescribeInstanceInformation');
}
/**
* Grants permission to view status details about patches on a specified instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstancePatchStates.html
*/
toDescribeInstancePatchStates() {
return this.to('DescribeInstancePatchStates');
}
/**
* Grants permission to describe the high-level patch state for the instances in the specified patch group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstancePatchStatesForPatchGroup.html
*/
toDescribeInstancePatchStatesForPatchGroup() {
return this.to('DescribeInstancePatchStatesForPatchGroup');
}
/**
* Grants permission to view general details about the patches on a specified instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInstancePatches.html
*/
toDescribeInstancePatches() {
return this.to('DescribeInstancePatches');
}
/**
* Grants permission to user's Amazon EC2 console to render managed instances' nodes
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toDescribeInstanceProperties() {
return this.to('DescribeInstanceProperties');
}
/**
* Grants permission to view details about a specified inventory deletion
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeInventoryDeletions.html
*/
toDescribeInventoryDeletions() {
return this.to('DescribeInventoryDeletions');
}
/**
* Grants permission to view details of a specified task execution for a maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowExecutionTaskInvocations.html
*/
toDescribeMaintenanceWindowExecutionTaskInvocations() {
return this.to('DescribeMaintenanceWindowExecutionTaskInvocations');
}
/**
* Grants permission to view details about the tasks that ran during a specified maintenance window execution
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowExecutionTasks.html
*/
toDescribeMaintenanceWindowExecutionTasks() {
return this.to('DescribeMaintenanceWindowExecutionTasks');
}
/**
* Grants permission to view the executions of a specified maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowExecutions.html
*/
toDescribeMaintenanceWindowExecutions() {
return this.to('DescribeMaintenanceWindowExecutions');
}
/**
* Grants permission to view details about upcoming executions of a specified maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowSchedule.html
*/
toDescribeMaintenanceWindowSchedule() {
return this.to('DescribeMaintenanceWindowSchedule');
}
/**
* Grants permission to view a list of the targets associated with a specified maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowTargets.html
*/
toDescribeMaintenanceWindowTargets() {
return this.to('DescribeMaintenanceWindowTargets');
}
/**
* Grants permission to view a list of the tasks associated with a specified maintenance window
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowTasks.html
*/
toDescribeMaintenanceWindowTasks() {
return this.to('DescribeMaintenanceWindowTasks');
}
/**
* Grants permission to view information about all or specified maintenance windows
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindows.html
*/
toDescribeMaintenanceWindows() {
return this.to('DescribeMaintenanceWindows');
}
/**
* Grants permission to view information about the maintenance window targets and tasks associated with a specified instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindowsForTarget.html
*/
toDescribeMaintenanceWindowsForTarget() {
return this.to('DescribeMaintenanceWindowsForTarget');
}
/**
* Grants permission to view details about specified OpsItems
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeOpsItems.html
*/
toDescribeOpsItems() {
return this.to('DescribeOpsItems');
}
/**
* Grants permission to view details about a specified SSM parameter
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeParameters.html
*/
toDescribeParameters() {
return this.to('DescribeParameters');
}
/**
* Grants permission to view information about patch baselines that meet the specified criteria
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchBaselines.html
*/
toDescribePatchBaselines() {
return this.to('DescribePatchBaselines');
}
/**
* Grants permission to view aggregated status details for patches for a specified patch group
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchGroupState.html
*/
toDescribePatchGroupState() {
return this.to('DescribePatchGroupState');
}
/**
* Grants permission to view information about the patch baseline for a specified patch group
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchGroups.html
*/
toDescribePatchGroups() {
return this.to('DescribePatchGroups');
}
/**
* Grants permission to view details of available patches for a specified operating system and patch property
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchProperties.html
*/
toDescribePatchProperties() {
return this.to('DescribePatchProperties');
}
/**
* Grants permission to view a list of recent Session Manager sessions that meet the specified search criteria
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeSessions.html
*/
toDescribeSessions() {
return this.to('DescribeSessions');
}
/**
* Grants permission to disassociate RelatedItem from an OpsItem
*
* Access Level: Write
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DisassociateOpsItemRelatedItem.html
*/
toDisassociateOpsItemRelatedItem() {
return this.to('DisassociateOpsItemRelatedItem');
}
/**
* Grants permission to a Systems Manager delegated administrator to view related resource details about OpsItems across multiple AWS accounts in the AWS Management Console
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html#systems-manager-namespace-other-API-operations
*/
toExecuteAPI() {
return this.to('ExecuteAPI');
}
/**
* Grants permission to return a credentials set to be used with just-in-time node access
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetAccessToken.html
*/
toGetAccessToken() {
return this.to('GetAccessToken');
}
/**
* Grants permission to view details of a specified Automation execution
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_AutomationExecution.html
*/
toGetAutomationExecution() {
return this.to('GetAutomationExecution');
}
/**
* Grants permission to view details of a specific calendar
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar-prereqs.html
*/
toGetCalendar() {
return this.to('GetCalendar');
}
/**
* Grants permission to view the calendar state for a change calendar or a list of change calendars
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetCalendarState.html
*/
toGetCalendarState() {
return this.to('GetCalendarState');
}
/**
* Grants permission to view details about the command execution of a specified invocation or plugin
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetCommandInvocation.html
*/
toGetCommandInvocation() {
return this.to('GetCommandInvocation');
}
/**
* Grants permission to view the Session Manager connection status for a specified managed instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifResourceTag()
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetConnectionStatus.html
*/
toGetConnectionStatus() {
return this.to('GetConnectionStatus');
}
/**
* Grants permission to view the current default patch baseline for a specified operating system type
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetDefaultPatchBaseline.html
*/
toGetDefaultPatchBaseline() {
return this.to('GetDefaultPatchBaseline');
}
/**
* Grants permission to retrieve the current patch baseline snapshot for a specified instance
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetDeployablePatchSnapshotForInstance.html
*/
toGetDeployablePatchSnapshotForInstance() {
return this.to('GetDeployablePatchSnapshotForInstance');
}
/**
* Grants permission to view the contents of a specified SSM document
*
* Access Level: Read
*
* Possible conditions:
* - .ifDocumentCategories()
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetDocument.html
*/
toGetDocument() {
return this.to('GetDocument');
}
/**
* Grants permission to retrieve an existing preview that shows the effects that running a specified Automation runbook would have on the targeted resources
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetExecutionPreview.html
*/
toGetExecutionPreview() {
return this.to('GetExecutionPreview');
}
/**
* Grants permission to view instance inventory details per the specified criteria
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetInventory.html
*/
toGetInventory() {
return this.to('GetInventory');
}
/**
* Grants permission to view a list of inventory types or attribute names for a specified inventory item type
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetInventorySchema.html
*/
toGetInventorySchema() {
return this.to('GetInventorySchema');
}
/**
* Grants permission to view details about a specified maintenance window
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindow.html
*/
toGetMaintenanceWindow() {
return this.to('GetMaintenanceWindow');
}
/**
* Grants permission to view details about a specified maintenance window execution
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindowExecution.html
*/
toGetMaintenanceWindowExecution() {
return this.to('GetMaintenanceWindowExecution');
}
/**
* Grants permission to view details about a specified maintenance window execution task
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindowExecutionTask.html
*/
toGetMaintenanceWindowExecutionTask() {
return this.to('GetMaintenanceWindowExecutionTask');
}
/**
* Grants permission to view details about a specific maintenance window task running on a specific target
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindowExecutionTaskInvocation.html
*/
toGetMaintenanceWindowExecutionTaskInvocation() {
return this.to('GetMaintenanceWindowExecutionTaskInvocation');
}
/**
* Grants permission to view details about tasks registered with a specified maintenance window
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetMaintenanceWindowTask.html
*/
toGetMaintenanceWindowTask() {
return this.to('GetMaintenanceWindowTask');
}
/**
* Grants permission to Systems Manager and SSM Agent to determine package installation requirements for an instance (internal Systems Manager call)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toGetManifest() {
return this.to('GetManifest');
}
/**
* Grants permission to view information about a specified OpsItem
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetOpsItem.html
*/
toGetOpsItem() {
return this.to('GetOpsItem');
}
/**
* Grants permission to retrieve an OpsMetadata object
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetOpsMetadata.html
*/
toGetOpsMetadata() {
return this.to('GetOpsMetadata');
}
/**
* Grants permission to view summary information about OpsItems based on specified filters and aggregators
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetOpsSummary.html
*/
toGetOpsSummary() {
return this.to('GetOpsSummary');
}
/**
* Grants permission to view information about a specified parameter
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParameter.html
*/
toGetParameter() {
return this.to('GetParameter');
}
/**
* Grants permission to view details and changes for a specified parameter
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParameterHistory.html
*/
toGetParameterHistory() {
return this.to('GetParameterHistory');
}
/**
* Grants permission to view information about multiple specified parameters
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParameters.html
*/
toGetParameters() {
return this.to('GetParameters');
}
/**
* Grants permission to view information about parameters in a specified hierarchy
*
* Access Level: Read
*
* Possible conditions:
* - .ifRecursive()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParametersByPath.html
*/
toGetParametersByPath() {
return this.to('GetParametersByPath');
}
/**
* Grants permission to view information about a specified patch baseline
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetPatchBaseline.html
*/
toGetPatchBaseline() {
return this.to('GetPatchBaseline');
}
/**
* Grants permission to view the ID of the current patch baseline for a specified patch group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetPatchBaselineForPatchGroup.html
*/
toGetPatchBaselineForPatchGroup() {
return this.to('GetPatchBaselineForPatchGroup');
}
/**
* Grants permission to retrieve lists of Systems Manager resource policies
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetResourcePolicies.html
*/
toGetResourcePolicies() {
return this.to('GetResourcePolicies');
}
/**
* Grants permission to view the account-level setting for an AWS service
*
* Access Level: Read
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetServiceSetting.html
*/
toGetServiceSetting() {
return this.to('GetServiceSetting');
}
/**
* Grants permission to apply an identifying label to a specified version of a parameter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_LabelParameterVersion.html
*/
toLabelParameterVersion() {
return this.to('LabelParameterVersion');
}
/**
* Grants permission to list versions of the specified association
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListAssociationVersions.html
*/
toListAssociationVersions() {
return this.to('ListAssociationVersions');
}
/**
* Grants permission to list the associations for a specified SSM document or managed instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListAssociations.html
*/
toListAssociations() {
return this.to('ListAssociations');
}
/**
* Grants permission to list information about command invocations sent to a specified instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListCommandInvocations.html
*/
toListCommandInvocations() {
return this.to('ListCommandInvocations');
}
/**
* Grants permission to list the commands sent to a specified instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListCommands.html
*/
toListCommands() {
return this.to('ListCommands');
}
/**
* Grants permission to list compliance status for specified resource types on a specified resource
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListComplianceItems.html
*/
toListComplianceItems() {
return this.to('ListComplianceItems');
}
/**
* Grants permission to list a summary count of compliant and noncompliant resources for a specified compliance type
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListComplianceSummaries.html
*/
toListComplianceSummaries() {
return this.to('ListComplianceSummaries');
}
/**
* Grants permission to view metadata history about a specified SSM document
*
* Access Level: List
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListDocumentMetadataHistory.html
*/
toListDocumentMetadataHistory() {
return this.to('ListDocumentMetadataHistory');
}
/**
* Grants permission to list all versions of a specified document
*
* Access Level: List
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListDocumentVersions.html
*/
toListDocumentVersions() {
return this.to('ListDocumentVersions');
}
/**
* Grants permission to view information about a specified SSM document
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListDocuments.html
*/
toListDocuments() {
return this.to('ListDocuments');
}
/**
* Grants permission to SSM Agent to check for new State Manager associations (internal Systems Manager call)
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html
*/
toListInstanceAssociations() {
return this.to('ListInstanceAssociations');
}
/**
* Grants permission to view a list of specified inventory types for a specified instance
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListInventoryEntries.html
*/
toListInventoryEntries() {
return this.to('ListInventoryEntries');
}
/**
* Grants permission to view details about managed nodes based on specified filters
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListNodes.html
*/
toListNodes() {
return this.to('ListNodes');
}
/**
* Grants permission to view summary information about managed nodes based on specified filters and aggregators
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListNodesSummary.html
*/
toListNodesSummary() {
return this.to('ListNodesSummary');
}
/**
* Grants permission to view details about OpsItemEvents
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListOpsItemEvents.html
*/
toListOpsItemEvents() {
return this.to('ListOpsItemEvents');
}
/**
* Grants permission to view details about OpsItem RelatedItems
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListOpsItemRelatedItems.html
*/
toListOpsItemRelatedItems() {
return this.to('ListOpsItemRelatedItems');
}
/**
* Grants permission to view a list of OpsMetadata objects
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListOpsMetadata.html
*/
toListOpsMetadata() {
return this.to('ListOpsMetadata');
}
/**
* Grants permission to list resource-level summary count
*
* Access Level: List
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListResourceComplianceSummaries.html
*/
toListResourceComplianceSummaries() {
return this.to('ListResourceComplianceSummaries');
}
/**
* Grants permission to list information about resource data sync configurations in an account
*
* Access Level: List
*
* Possible conditions:
* - .ifSyncType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListResourceDataSync.html
*/
toListResourceDataSync() {
return this.to('ListResourceDataSync');
}
/**
* Grants permission to view a list of resource tags for a specified resource
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to share a custom SSM document publicly or privately with specified AWS accounts
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifDocumentType()
*
* https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ModifyDocumentPermission.html
*/
toModifyDocumentPermission() {
return this.to('ModifyDocumentPe