UNPKG

raindancers-network

Version:

Extensions to the ec2.Vpc Constructs

github.com/raindancers/raindancers-network.raindancers-cdk

raindancers/raindancers-network.raindancers-cdk

150 lines (149 loc) 5.67 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
import { aws_sso as sso, aws_iam as iam, IResource, Resource, Duration } from 'aws-cdk-lib'; import { Construct } from 'constructs'; import { Assignment, AssignmentOptions } from './assignment'; export interface CustomerManagedPolicyReference extends sso.CfnPermissionSet.CustomerManagedPolicyReferenceProperty { } export interface PermissionBoundary extends sso.CfnPermissionSet.PermissionsBoundaryProperty { } /** * The resource interface for an AWS SSO permission set. */ export interface IPermissionSet extends IResource { /** * The permission set ARN of the permission set. Such as * `arn:aws:sso:::permissionSet/ins-instanceid/ps-permissionsetid`. * * @attribute */ readonly permissionSetArn: string; /** * The SSO instance ARN of the permission set. */ readonly ssoInstanceArn: string; /** * Grant this permission set to a given principal for a given * targetId (AWS account identifier) on a given SSO instance. */ grant(id: string, assignmentOptions: AssignmentOptions): Assignment; } /** * The base permission set class */ declare abstract class PermissionSetBase extends Resource implements IPermissionSet { abstract readonly permissionSetArn: string; abstract readonly ssoInstanceArn: string; grant(id: string, assignmentOptions: AssignmentOptions): Assignment; } /** * Attributes for a permission set */ export interface PermissionSetAttributes { /** * The permission set ARN of the permission set. Such as * `arn:aws:sso:::permissionSet/ins-instanceid/ps-permissionsetid`. */ readonly permissionSetArn: string; /** * The SSO instance ARN of the permission set. */ readonly ssoInstanceArn: string; } /** * The properties of a new permission set */ export interface PermissionSetProps { /** * The ARN of the SSO instance under which the operation will be executed. */ readonly ssoInstanceArn: string; /** * The name of the permission set. */ readonly name: string; /** * Specifies the names and paths of a customer managed policy. * You must have an IAM policy that matches the name and path in each * AWS account where you want to deploy your permission set. * * @default - No customer managed policies */ readonly customerManagedPolicyReferences?: CustomerManagedPolicyReference[]; /** * The description of the `PermissionSet`. * * @default - No description */ readonly description?: string; /** * The IAM inline policy that is attached to the permission set. * * @default - No inline policy */ readonly inlinePolicy?: iam.PolicyDocument; /** * The AWS managed policies to attach to the `PermissionSet`. * * @default - No AWS managed policies */ readonly awsManagedPolicies?: iam.IManagedPolicy[]; /** * Specifies the configuration of the AWS managed or customer managed * policy that you want to set as a permissions boundary. Specify either * customerManagedPolicyReference to use the name and path of a customer * managed policy, or managedPolicy to use the ARN of an AWS managed * policy. * * A permissions boundary represents the maximum permissions that any * policy can grant your role. For more information, see Permissions boundaries * for IAM entities in the AWS Identity and Access Management User Guide. * * @see https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html * * @default - No permissions boundary */ readonly permissionsBoundary?: PermissionBoundary; /** * Used to redirect users within the application during the federation * authentication process. * * By default, when a user signs into the AWS access portal, chooses an account, * and then chooses the role that AWS creates from the assigned permission set, * IAM Identity Center redirects the user’s browser to the AWS Management Console. * * You can change this behavior by setting the relay state to a different console * URL. Setting the relay state enables you to provide the user with quick access * to the console that is most appropriate for their role. For example, you can * set the relay state to the Amazon EC2 console URL (https://console.aws.amazon.com/ec2/) * to redirect the user to that console when they choose the Amazon EC2 * administrator role. * * @see https://docs.aws.amazon.com/singlesignon/latest/userguide/howtopermrelaystate.html * * @default - No redirection */ readonly relayStateType?: string; /** * The length of time that the application user sessions are valid for. */ readonly sessionDuration?: Duration; } export declare class PermissionSet extends PermissionSetBase { /** * Reference an existing permission set by ARN */ static fromPermissionSetArn(scope: Construct, id: string, permissionSetArn: string): IPermissionSet; /** * The underlying CfnPermissionSet resource */ readonly cfnPermissionSet: sso.CfnPermissionSet; /** * The permission set ARN of the permission set. */ readonly permissionSetArn: string; /** * The SSO instance the permission set belongs to */ readonly ssoInstanceArn: string; constructor(scope: Construct, id: string, props: PermissionSetProps); } export {};