iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,401 lines • 137 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Workspaces = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [workspaces](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonworkspaces.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Workspaces extends shared_1.PolicyStatement {
/**
* Statement provider for service [workspaces](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonworkspaces.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'workspaces';
this.accessLevelList = {
Write: [
'AcceptAccountLinkInvitation',
'AssociateConnectionAlias',
'AssociateIpGroups',
'AssociateWorkspaceApplication',
'AuthorizeIpRules',
'CopyWorkspaceImage',
'CreateAccountLinkInvitation',
'CreateConnectClientAddIn',
'CreateConnectionAlias',
'CreateIpGroup',
'CreateRootClientCertificate',
'CreateStandbyWorkspaces',
'CreateUpdatedWorkspaceImage',
'CreateWorkspaceBundle',
'CreateWorkspaceImage',
'CreateWorkspaces',
'CreateWorkspacesPool',
'DeleteAccountLinkInvitation',
'DeleteClientBranding',
'DeleteConnectClientAddIn',
'DeleteConnectionAlias',
'DeleteIpGroup',
'DeleteRootClientCertificate',
'DeleteWorkspaceBundle',
'DeleteWorkspaceImage',
'DeployWorkspaceApplications',
'DeregisterWorkspaceDirectory',
'DisassociateConnectionAlias',
'DisassociateIpGroups',
'DisassociateWorkspaceApplication',
'ImportClientBranding',
'ImportCustomWorkspaceImage',
'ImportWorkspaceImage',
'MigrateWorkspace',
'ModifyAccount',
'ModifyCertificateBasedAuthProperties',
'ModifyClientProperties',
'ModifyEndpointEncryptionMode',
'ModifySamlProperties',
'ModifyStreamingProperties',
'ModifyWorkspaceAccessProperties',
'ModifyWorkspaceCreationProperties',
'ModifyWorkspaceProperties',
'ModifyWorkspaceState',
'RebootWorkspaces',
'RebuildWorkspaces',
'RegisterWorkspaceDirectory',
'RejectAccountLinkInvitation',
'RestoreWorkspace',
'RevokeIpRules',
'StartWorkspaces',
'StartWorkspacesPool',
'StopWorkspaces',
'StopWorkspacesPool',
'Stream',
'TerminateWorkspaces',
'TerminateWorkspacesPool',
'TerminateWorkspacesPoolSession',
'UpdateConnectClientAddIn',
'UpdateConsent',
'UpdateRootClientCertificate',
'UpdateRulesOfIpGroup',
'UpdateWorkspaceBundle',
'UpdateWorkspacesPool'
],
Tagging: [
'CreateTags',
'DeleteTags'
],
Read: [
'DescribeAccount',
'DescribeAccountModifications',
'DescribeClientBranding',
'DescribeConnectionAliasPermissions',
'DescribeConnectionAliases',
'DescribeConsent',
'DescribeCustomWorkspaceImageImport',
'DescribeIpGroups',
'DescribeTags',
'DescribeWorkspaceDirectories',
'DescribeWorkspaceImagePermissions',
'DescribeWorkspacesConnectionStatus',
'GetAccountLink'
],
List: [
'DescribeApplicationAssociations',
'DescribeApplications',
'DescribeBundleAssociations',
'DescribeClientProperties',
'DescribeConnectClientAddIns',
'DescribeImageAssociations',
'DescribeWorkspaceAssociations',
'DescribeWorkspaceBundles',
'DescribeWorkspaceImages',
'DescribeWorkspaceSnapshots',
'DescribeWorkspaces',
'DescribeWorkspacesPoolSessions',
'DescribeWorkspacesPools',
'DirectoryAccessManagement',
'ListAccountLinks',
'ListAvailableManagementCidrRanges'
],
'Permissions management': [
'ModifySelfservicePermissions',
'UpdateConnectionAliasPermission',
'UpdateWorkspaceImagePermission'
]
};
}
/**
* Grants permission to accept invitations from other AWS accounts to share the same configuration for WorkSpaces BYOL
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_AcceptAccountLinkInvitation.html
*/
toAcceptAccountLinkInvitation() {
return this.to('AcceptAccountLinkInvitation');
}
/**
* Grants permission to associate connection aliases with directories
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_AssociateConnectionAlias.html
*/
toAssociateConnectionAlias() {
return this.to('AssociateConnectionAlias');
}
/**
* Grants permission to associate IP access control groups with directories
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_AssociateIpGroups.html
*/
toAssociateIpGroups() {
return this.to('AssociateIpGroups');
}
/**
* Grants permission to associate a workspace application with a WorkSpace
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_AssociateWorkspaceApplication.html
*/
toAssociateWorkspaceApplication() {
return this.to('AssociateWorkspaceApplication');
}
/**
* Grants permission to add rules to IP access control groups
*
* Access Level: Write
*
* Dependent actions:
* - workspaces:UpdateRulesOfIpGroup
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_AuthorizeIpRules.html
*/
toAuthorizeIpRules() {
return this.to('AuthorizeIpRules');
}
/**
* Grants permission to copy a WorkSpace image
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - workspaces:DescribeWorkspaceImages
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_CopyWorkspaceImage.html
*/
toCopyWorkspaceImage() {
return this.to('CopyWorkspaceImage');
}
/**
* Grants permission to invite other AWS accounts to share the same configuration for WorkSpaces BYOL
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_CreateAccountLinkInvitation.html
*/
toCreateAccountLinkInvitation() {
return this.to('CreateAccountLinkInvitation');
}
/**
* Grants permission to create an Amazon Connect client add-in within a directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_CreateConnectClientAddIn.html
*/
toCreateConnectClientAddIn() {
return this.to('CreateConnectClientAddIn');
}
/**
* Grants permission to create connection aliases for use with cross-Region redirection
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_CreateConnectionAlias.html
*/
toCreateConnectionAlias() {
return this.to('CreateConnectionAlias');
}
/**
* Grants permission to create IP access control groups
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_CreateIpGroup.html
*/
toCreateIpGroup() {
return this.to('CreateIpGroup');
}
/**
* Grants permission to create a root client certificate
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/wsp-console-permissions-ref.html
*/
toCreateRootClientCertificate() {
return this.to('CreateRootClientCertificate');
}
/**
* Grants permission to create one or more Standby WorkSpaces
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_CreateStandbyWorkspaces.html
*/
toCreateStandbyWorkspaces() {
return this.to('CreateStandbyWorkspaces');
}
/**
* Grants permission to create tags for WorkSpaces resources
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_CreateTags.html
*/
toCreateTags() {
return this.to('CreateTags');
}
/**
* Grants permission to create an updated WorkSpace image
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_CreateUpdatedWorkspaceImage.html
*/
toCreateUpdatedWorkspaceImage() {
return this.to('CreateUpdatedWorkspaceImage');
}
/**
* Grants permission to create a WorkSpace bundle
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - workspaces:CreateTags
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_CreateWorkspaceBundle.html
*/
toCreateWorkspaceBundle() {
return this.to('CreateWorkspaceBundle');
}
/**
* Grants permission to create a new WorkSpace image
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_CreateWorkspaceImage.html
*/
toCreateWorkspaceImage() {
return this.to('CreateWorkspaceImage');
}
/**
* Grants permission to create one or more WorkSpaces
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_CreateWorkspaces.html
*/
toCreateWorkspaces() {
return this.to('CreateWorkspaces');
}
/**
* Grants permission to create a WorkSpaces Pool
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_CreateWorkspacesPool.html
*/
toCreateWorkspacesPool() {
return this.to('CreateWorkspacesPool');
}
/**
* Grants permission to delete invitations to other AWS accounts to share the same configuration for WorkSpaces BYOL
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DeleteAccountLinkInvitation.html
*/
toDeleteAccountLinkInvitation() {
return this.to('DeleteAccountLinkInvitation');
}
/**
* Grants permission to delete AWS WorkSpaces Client branding data within a directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DeleteClientBranding.html
*/
toDeleteClientBranding() {
return this.to('DeleteClientBranding');
}
/**
* Grants permission to delete an Amazon Connect client add-in that is configured within a directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DeleteConnectClientAddIn.html
*/
toDeleteConnectClientAddIn() {
return this.to('DeleteConnectClientAddIn');
}
/**
* Grants permission to delete connection aliases
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DeleteConnectionAlias.html
*/
toDeleteConnectionAlias() {
return this.to('DeleteConnectionAlias');
}
/**
* Grants permission to delete IP access control groups
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DeleteIpGroup.html
*/
toDeleteIpGroup() {
return this.to('DeleteIpGroup');
}
/**
* Grants permission to delete root client certificate
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/wsp-console-permissions-ref.html
*/
toDeleteRootClientCertificate() {
return this.to('DeleteRootClientCertificate');
}
/**
* Grants permission to delete tags from WorkSpaces resources
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DeleteTags.html
*/
toDeleteTags() {
return this.to('DeleteTags');
}
/**
* Grants permission to delete WorkSpace bundles
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DeleteWorkspaceBundle.html
*/
toDeleteWorkspaceBundle() {
return this.to('DeleteWorkspaceBundle');
}
/**
* Grants permission to delete WorkSpace images
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DeleteWorkspaceImage.html
*/
toDeleteWorkspaceImage() {
return this.to('DeleteWorkspaceImage');
}
/**
* Grants permission to deploy all pending workspace applications on a WorkSpace
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DeployWorkspaceApplications.html
*/
toDeployWorkspaceApplications() {
return this.to('DeployWorkspaceApplications');
}
/**
* Grants permission to deregister directories from use with Amazon WorkSpaces
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DeregisterWorkspaceDirectory.html
*/
toDeregisterWorkspaceDirectory() {
return this.to('DeregisterWorkspaceDirectory');
}
/**
* Grants permission to retrieve the configuration of Bring Your Own License (BYOL) for WorkSpaces accounts
*
* Access Level: Read
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeAccount.html
*/
toDescribeAccount() {
return this.to('DescribeAccount');
}
/**
* Grants permission to retrieve modifications to the configuration of Bring Your Own License (BYOL) for WorkSpaces accounts
*
* Access Level: Read
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeAccountModifications.html
*/
toDescribeAccountModifications() {
return this.to('DescribeAccountModifications');
}
/**
* Grants permission to retrieve information about resources associated with a WorkSpace application
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeApplicationAssociations.html
*/
toDescribeApplicationAssociations() {
return this.to('DescribeApplicationAssociations');
}
/**
* Grants permission to obtain information about WorkSpace applications
*
* Access Level: List
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeApplications.html
*/
toDescribeApplications() {
return this.to('DescribeApplications');
}
/**
* Grants permission to retrieve information about resources associated with a WorkSpace bundle
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeBundleAssociations.html
*/
toDescribeBundleAssociations() {
return this.to('DescribeBundleAssociations');
}
/**
* Grants permission to retrieve AWS WorkSpaces Client branding data within a directory
*
* Access Level: Read
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeClientBranding.html
*/
toDescribeClientBranding() {
return this.to('DescribeClientBranding');
}
/**
* Grants permission to retrieve information about WorkSpaces clients
*
* Access Level: List
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeClientProperties.html
*/
toDescribeClientProperties() {
return this.to('DescribeClientProperties');
}
/**
* Grants permission to retrieve a list of Amazon Connect client add-ins that have been created
*
* Access Level: List
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeConnectClientAddIns.html
*/
toDescribeConnectClientAddIns() {
return this.to('DescribeConnectClientAddIns');
}
/**
* Grants permission to retrieve the permissions that the owners of connection aliases have granted to other AWS accounts for connection aliases
*
* Access Level: Read
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeConnectionAliasPermissions.html
*/
toDescribeConnectionAliasPermissions() {
return this.to('DescribeConnectionAliasPermissions');
}
/**
* Grants permission to retrieve a list that describes the connection aliases used for cross-Region redirection
*
* Access Level: Read
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeConnectionAliases.html
*/
toDescribeConnectionAliases() {
return this.to('DescribeConnectionAliases');
}
/**
* Grants permission to retrieve information about consent agreement to BYOL minimum requirements
*
* Access Level: Read
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/wsp-console-permissions-ref.html
*/
toDescribeConsent() {
return this.to('DescribeConsent');
}
/**
* Grants permission to retrieve information about WorkSpace BYOL image import task
*
* Access Level: Read
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeCustomWorkspaceImageImport.html
*/
toDescribeCustomWorkspaceImageImport() {
return this.to('DescribeCustomWorkspaceImageImport');
}
/**
* Grants permission to retrieve information about resources associated with a WorkSpace image
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeImageAssociations.html
*/
toDescribeImageAssociations() {
return this.to('DescribeImageAssociations');
}
/**
* Grants permission to retrieve information about IP access control groups
*
* Access Level: Read
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeIpGroups.html
*/
toDescribeIpGroups() {
return this.to('DescribeIpGroups');
}
/**
* Grants permission to describe the tags for WorkSpaces resources
*
* Access Level: Read
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeTags.html
*/
toDescribeTags() {
return this.to('DescribeTags');
}
/**
* Grants permission to retrieve information about resources associated with a WorkSpace
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspaceAssociations.html
*/
toDescribeWorkspaceAssociations() {
return this.to('DescribeWorkspaceAssociations');
}
/**
* Grants permission to obtain information about WorkSpace bundles
*
* Access Level: List
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspaceBundles.html
*/
toDescribeWorkspaceBundles() {
return this.to('DescribeWorkspaceBundles');
}
/**
* Grants permission to retrieve information about directories that are registered with WorkSpaces
*
* Access Level: Read
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspaceDirectories.html
*/
toDescribeWorkspaceDirectories() {
return this.to('DescribeWorkspaceDirectories');
}
/**
* Grants permission to retrieve information about WorkSpace image permissions
*
* Access Level: Read
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspaceImagePermissions.html
*/
toDescribeWorkspaceImagePermissions() {
return this.to('DescribeWorkspaceImagePermissions');
}
/**
* Grants permission to retrieve information about WorkSpace images
*
* Access Level: List
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspaceImages.html
*/
toDescribeWorkspaceImages() {
return this.to('DescribeWorkspaceImages');
}
/**
* Grants permission to retrieve information about WorkSpace snapshots
*
* Access Level: List
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspaceSnapshots.html
*/
toDescribeWorkspaceSnapshots() {
return this.to('DescribeWorkspaceSnapshots');
}
/**
* Grants permission to obtain information about WorkSpaces
*
* Access Level: List
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspaces.html
*/
toDescribeWorkspaces() {
return this.to('DescribeWorkspaces');
}
/**
* Grants permission to obtain the connection status of WorkSpaces
*
* Access Level: Read
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspacesConnectionStatus.html
*/
toDescribeWorkspacesConnectionStatus() {
return this.to('DescribeWorkspacesConnectionStatus');
}
/**
* Grants permission to retrieve information about the sessions of a WorkSpaces Pool
*
* Access Level: List
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspacesPoolSessions.html
*/
toDescribeWorkspacesPoolSessions() {
return this.to('DescribeWorkspacesPoolSessions');
}
/**
* Grants permission to retrieve information about WorkSpaces Pools
*
* Access Level: List
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspacesPools.html
*/
toDescribeWorkspacesPools() {
return this.to('DescribeWorkspacesPools');
}
/**
* Grants permission to directory management actions while managing and provisioning workspaces
*
* Access Level: List
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/wsp-console-permissions-ref.html
*/
toDirectoryAccessManagement() {
return this.to('DirectoryAccessManagement');
}
/**
* Grants permission to disassociate connection aliases from directories
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DisassociateConnectionAlias.html
*/
toDisassociateConnectionAlias() {
return this.to('DisassociateConnectionAlias');
}
/**
* Grants permission to disassociate IP access control groups from directories
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DisassociateIpGroups.html
*/
toDisassociateIpGroups() {
return this.to('DisassociateIpGroups');
}
/**
* Grants permission to disassociate a workspace application from a WorkSpace
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_DisassociateWorkspaceApplication.html
*/
toDisassociateWorkspaceApplication() {
return this.to('DisassociateWorkspaceApplication');
}
/**
* Grants permission to retrieve a link with another AWS Account for sharing configuration for WorkSpaces BYOL
*
* Access Level: Read
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_GetAccountLink.html
*/
toGetAccountLink() {
return this.to('GetAccountLink');
}
/**
* Grants permission to import AWS WorkSpaces Client branding data within a directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ImportClientBranding.html
*/
toImportClientBranding() {
return this.to('ImportClientBranding');
}
/**
* Grants permission to import Bring Your Own License (BYOL) images into Amazon WorkSpaces
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ImportCustomWorkspaceImage.html
*/
toImportCustomWorkspaceImage() {
return this.to('ImportCustomWorkspaceImage');
}
/**
* Grants permission to import Bring Your Own License (BYOL) images into Amazon WorkSpaces
*
* Access Level: Write
*
* Dependent actions:
* - ec2:DescribeImages
* - ec2:ModifyImageAttribute
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ImportWorkspaceImage.html
*/
toImportWorkspaceImage() {
return this.to('ImportWorkspaceImage');
}
/**
* Grants permission to retrieve links with the AWS Account(s) that share your configuration for WorkSpaces BYOL
*
* Access Level: List
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ListAccountLinks.html
*/
toListAccountLinks() {
return this.to('ListAccountLinks');
}
/**
* Grants permission to list the available CIDR ranges for enabling Bring Your Own License (BYOL) for WorkSpaces accounts
*
* Access Level: List
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ListAvailableManagementCidrRanges.html
*/
toListAvailableManagementCidrRanges() {
return this.to('ListAvailableManagementCidrRanges');
}
/**
* Grants permission to migrate WorkSpaces
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_MigrateWorkspace.html
*/
toMigrateWorkspace() {
return this.to('MigrateWorkspace');
}
/**
* Grants permission to modify the configuration of Bring Your Own License (BYOL) for WorkSpaces accounts
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ModifyAccount.html
*/
toModifyAccount() {
return this.to('ModifyAccount');
}
/**
* Grants permission to modify the certificate-based authorization properties of a directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ModifyCertificateBasedAuthProperties.html
*/
toModifyCertificateBasedAuthProperties() {
return this.to('ModifyCertificateBasedAuthProperties');
}
/**
* Grants permission to modify the properties of WorkSpaces clients
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ModifyClientProperties.html
*/
toModifyClientProperties() {
return this.to('ModifyClientProperties');
}
/**
* Grants permission to configure the specified directory between Standard TLS and FIPS 140-2 validated mode
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ModifyEndpointEncryptionMode.html
*/
toModifyEndpointEncryptionMode() {
return this.to('ModifyEndpointEncryptionMode');
}
/**
* Grants permission to modify the SAML properties of a directory
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ModifySamlProperties.html
*/
toModifySamlProperties() {
return this.to('ModifySamlProperties');
}
/**
* Grants permission to modify the self-service WorkSpace management capabilities for your users
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ModifySelfservicePermissions.html
*/
toModifySelfservicePermissions() {
return this.to('ModifySelfservicePermissions');
}
/**
* Grants permission to modify the streaming properties
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ModifyStreamingProperties.html
*/
toModifyStreamingProperties() {
return this.to('ModifyStreamingProperties');
}
/**
* Grants permission to specify which devices and operating systems users can use to access their WorkSpaces
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ModifyWorkspaceAccessProperties.html
*/
toModifyWorkspaceAccessProperties() {
return this.to('ModifyWorkspaceAccessProperties');
}
/**
* Grants permission to modify the default properties used to create WorkSpaces
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ModifyWorkspaceCreationProperties.html
*/
toModifyWorkspaceCreationProperties() {
return this.to('ModifyWorkspaceCreationProperties');
}
/**
* Grants permission to modify WorkSpace properties, including the running mode and the AutoStop period
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ModifyWorkspaceProperties.html
*/
toModifyWorkspaceProperties() {
return this.to('ModifyWorkspaceProperties');
}
/**
* Grants permission to modify the state of WorkSpaces
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_ModifyWorkspaceState.html
*/
toModifyWorkspaceState() {
return this.to('ModifyWorkspaceState');
}
/**
* Grants permission to reboot WorkSpaces
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_RebootWorkspaces.html
*/
toRebootWorkspaces() {
return this.to('RebootWorkspaces');
}
/**
* Grants permission to rebuild WorkSpaces
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_RebuildWorkspaces.html
*/
toRebuildWorkspaces() {
return this.to('RebuildWorkspaces');
}
/**
* Grants permission to register directories for use with Amazon WorkSpaces
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_RegisterWorkspaceDirectory.html
*/
toRegisterWorkspaceDirectory() {
return this.to('RegisterWorkspaceDirectory');
}
/**
* Grants permission to reject invitations from other AWS accounts to share the same configuration for WorkSpaces BYOL
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_RejectAccountLinkInvitation.html
*/
toRejectAccountLinkInvitation() {
return this.to('RejectAccountLinkInvitation');
}
/**
* Grants permission to restore WorkSpaces
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_RestoreWorkspace.html
*/
toRestoreWorkspace() {
return this.to('RestoreWorkspace');
}
/**
* Grants permission to remove rules from IP access control groups
*
* Access Level: Write
*
* Dependent actions:
* - workspaces:UpdateRulesOfIpGroup
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_RevokeIpRules.html
*/
toRevokeIpRules() {
return this.to('RevokeIpRules');
}
/**
* Grants permission to start AutoStop WorkSpaces
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_StartWorkspaces.html
*/
toStartWorkspaces() {
return this.to('StartWorkspaces');
}
/**
* Grants permission to start a WorkSpaces Pool
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_StartWorkspacesPool.html
*/
toStartWorkspacesPool() {
return this.to('StartWorkspacesPool');
}
/**
* Grants permission to stop AutoStop WorkSpaces
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_StopWorkspaces.html
*/
toStopWorkspaces() {
return this.to('StopWorkspaces');
}
/**
* Grants permission to stop a WorkSpaces Pool
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_StopWorkspacesPool.html
*/
toStopWorkspacesPool() {
return this.to('StopWorkspacesPool');
}
/**
* Grants permission to federated users to sign in by using their existing credentials and stream their workspace
*
* Access Level: Write
*
* Possible conditions:
* - .ifUserId()
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_Stream.html
*/
toStream() {
return this.to('Stream');
}
/**
* Grants permission to terminate WorkSpaces
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_TerminateWorkspaces.html
*/
toTerminateWorkspaces() {
return this.to('TerminateWorkspaces');
}
/**
* Grants permission to terminate a WorkSpaces Pool
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_TerminateWorkspacesPool.html
*/
toTerminateWorkspacesPool() {
return this.to('TerminateWorkspacesPool');
}
/**
* Grants permission to terminate a WorkSpaces Pool session
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_TerminateWorkspacesPoolSession.html
*/
toTerminateWorkspacesPoolSession() {
return this.to('TerminateWorkspacesPoolSession');
}
/**
* Grants permission to update an Amazon Connect client add-in. Use this action to update the name and endpoint URL of an Amazon Connect client add-in
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_UpdateConnectClientAddIn.html
*/
toUpdateConnectClientAddIn() {
return this.to('UpdateConnectClientAddIn');
}
/**
* Grants permission to share or unshare connection aliases with other accounts
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_UpdateConnectionAliasPermission.html
*/
toUpdateConnectionAliasPermission() {
return this.to('UpdateConnectionAliasPermission');
}
/**
* Grants permission to update the consent agreement to BYOL minimum requirements
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/wsp-console-permissions-ref.html
*/
toUpdateConsent() {
return this.to('UpdateConsent');
}
/**
* Grants permission to update a root client certificate
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/wsp-console-permissions-ref.html
*/
toUpdateRootClientCertificate() {
return this.to('UpdateRootClientCertificate');
}
/**
* Grants permission to replace rules for IP access control groups
*
* Access Level: Write
*
* Dependent actions:
* - workspaces:AuthorizeIpRules
* - workspaces:RevokeIpRules
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_UpdateRulesOfIpGroup.html
*/
toUpdateRulesOfIpGroup() {
return this.to('UpdateRulesOfIpGroup');
}
/**
* Grants permission to update the WorkSpace images used in WorkSpace bundles
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_UpdateWorkspaceBundle.html
*/
toUpdateWorkspaceBundle() {
return this.to('UpdateWorkspaceBundle');
}
/**
* Grants permission to share or unshare WorkSpace images with other accounts by specifying whether other accounts have permission to copy the image
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_UpdateWorkspaceImagePermission.html
*/
toUpdateWorkspaceImagePermission() {
return this.to('UpdateWorkspaceImagePermission');
}
/**
* Grants permission to update the WorkSpaces pool
*
* Access Level: Write
*
* https://docs.aws.amazon.com/workspaces/latest/api/API_UpdateWorkspacesPool.html
*/
toUpdateWorkspacesPool() {
return this.to('UpdateWorkspacesPool');
}
/**
* Adds a resource of type certificateid to the statement
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/trusted-devices.html
*
* @param certificateId - Identifier for the certificateId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onCertificateid(certificateId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:workspaces:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:workspacecertificate/${certificateId}`);
}
/**
* Adds a resource of type directoryid to the statement
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/manage-workspaces-directory.html
*
* @param directoryId - Identifier for the directoryId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDirectoryid(directoryId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:workspaces:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:directory/${directoryId}`);
}
/**
* Adds a resource of type workspacebundle to the statement
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/bundles.html
*
* @param bundleId - Identifier for the bundleId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onWorkspacebundle(bundleId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:workspaces:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:workspacebundle/${bundleId}`);
}
/**
* Adds a resource of type workspaceid to the statement
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/wsp_workspace_management.html
*
* @param workspaceId - Identifier for the workspaceId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onWorkspaceid(workspaceId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:workspaces:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:workspace/${workspaceId}`);
}
/**
* Adds a resource of type workspaceimage to the statement
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/bundles.html
*
* @param imageId - Identifier for the imageId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onWorkspaceimage(imageId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:workspaces:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:workspaceimage/${imageId}`);
}
/**
* Adds a resource of type workspaceipgroup to the statement
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-ip-access-control-groups.html
*
* @param groupId - Identifier for the groupId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onWorkspaceipgroup(groupId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:workspaces:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:workspaceipgroup/${groupId}`);
}
/**
* Adds a resource of type workspacespoolid to the statement
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-pool.html
*
* @param poolId - Identifier for the poolId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onWorkspacespoolid(poolId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:workspaces:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:workspacespool/${poolId}`);
}
/**
* Adds a resource of type connectionalias to the statement
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/cross-region-redirection.html
*
* @param connectionAliasId - Identifier for the connectionAliasId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onConnectionalias(connectionAliasId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:workspaces:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:connectionalias/${connectionAliasId}`);
}
/**
* Adds a resource of type workspaceapplication to the statement
*
* https://docs.aws.amazon.com/workspaces/latest/adminguide/application-bundle-management.html
*
* @param workSpaceApplicationId - Identifier for the workSpaceApplicationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onWorkspaceapplication(workSpaceApplicationId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:workspaces:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:workspaceapplication/${workSpaceApplicationId}`);
}
/**
* Filters access based on the tags that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCopyWorkspaceImage()
* - .toCreateConnectionAlias()
* - .toCreateIpGroup()
* - .toCreateStandbyWorkspaces()
* - .toCreateTags()
* - .toCreateUpdatedWorkspaceImage()
* - .toCreateWorkspaceBundle()
* - .toCreateWorkspaceImage()
* - .toCreateWorkspaces()
* - .toCreateWorkspacesPool()
* - .toDeleteTags()
* - .toRegisterWorkspaceDirectory()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access based on the tags associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to actions:
* - .toAssociateWorkspaceApplication()
* - .toDeployWorkspaceApplications()
* - .toDescribeApplicationAssociations()
* - .toDescribeBundleAssociations()
* - .toDescribeImageAssociations()
* - .toDescribeWorkspaceAssociations()
* - .toDisassociateWorkspaceApplication()
*
* Applies to resource types:
* - directoryid
* - workspacebundle
* - workspaceid
* - workspaceimage
* - workspaceipgroup
* - workspacespoolid
* - connectionalias
* - workspaceapplication
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Fi