@gradientedge/cdk-utils 8.73.0 → 8.74.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -58,6 +58,21 @@ export declare class IamManager {
|
|
|
58
58
|
* @param {string[]} resourceArns list of ARNs to allow access to
|
|
59
59
|
*/
|
|
60
60
|
statementForReadAnyAppConfig(resourceArns?: string[]): cdk.aws_iam.PolicyStatement;
|
|
61
|
+
/**
|
|
62
|
+
* @summary Method to create iam statement to access app config
|
|
63
|
+
* @param {string[]} resourceArns list of ARNs to allow access to
|
|
64
|
+
*/
|
|
65
|
+
statementForAppConfigExecution(resourceArns?: string[]): cdk.aws_iam.PolicyStatement;
|
|
66
|
+
/**
|
|
67
|
+
* @summary Method to create iam statement to put xray telemetry
|
|
68
|
+
* @param {string[]} resourceArns list of ARNs to allow access to
|
|
69
|
+
*/
|
|
70
|
+
statementForPutXrayTelemetry(resourceArns?: string[]): cdk.aws_iam.PolicyStatement;
|
|
71
|
+
/**
|
|
72
|
+
* @summary Method to create iam statement to decrypt kms
|
|
73
|
+
* @param {string[]} resourceArns list of ARNs to allow access to
|
|
74
|
+
*/
|
|
75
|
+
statementForDecryptKms(resourceArns?: string[]): cdk.aws_iam.PolicyStatement;
|
|
61
76
|
/**
|
|
62
77
|
* @summary Method to create iam statement to list s3 buckets
|
|
63
78
|
* @param {common.CommonConstruct} scope scope in which this resource is defined
|
|
@@ -130,6 +130,39 @@ class IamManager {
|
|
|
130
130
|
resources: resourceArns ?? ['*'],
|
|
131
131
|
});
|
|
132
132
|
}
|
|
133
|
+
/**
|
|
134
|
+
* @summary Method to create iam statement to access app config
|
|
135
|
+
* @param {string[]} resourceArns list of ARNs to allow access to
|
|
136
|
+
*/
|
|
137
|
+
statementForAppConfigExecution(resourceArns) {
|
|
138
|
+
return new iam.PolicyStatement({
|
|
139
|
+
effect: iam.Effect.ALLOW,
|
|
140
|
+
actions: ['appconfig:GetLatestConfiguration', 'appconfig:StartConfigurationSession'],
|
|
141
|
+
resources: resourceArns ?? ['*'],
|
|
142
|
+
});
|
|
143
|
+
}
|
|
144
|
+
/**
|
|
145
|
+
* @summary Method to create iam statement to put xray telemetry
|
|
146
|
+
* @param {string[]} resourceArns list of ARNs to allow access to
|
|
147
|
+
*/
|
|
148
|
+
statementForPutXrayTelemetry(resourceArns) {
|
|
149
|
+
return new iam.PolicyStatement({
|
|
150
|
+
effect: iam.Effect.ALLOW,
|
|
151
|
+
actions: ['xray:PutTraceSegments', 'xray:PutTelemetryRecords'],
|
|
152
|
+
resources: resourceArns ?? ['*'],
|
|
153
|
+
});
|
|
154
|
+
}
|
|
155
|
+
/**
|
|
156
|
+
* @summary Method to create iam statement to decrypt kms
|
|
157
|
+
* @param {string[]} resourceArns list of ARNs to allow access to
|
|
158
|
+
*/
|
|
159
|
+
statementForDecryptKms(resourceArns) {
|
|
160
|
+
return new iam.PolicyStatement({
|
|
161
|
+
effect: iam.Effect.ALLOW,
|
|
162
|
+
actions: ['kms:Decrypt'],
|
|
163
|
+
resources: resourceArns ?? ['*'],
|
|
164
|
+
});
|
|
165
|
+
}
|
|
133
166
|
/**
|
|
134
167
|
* @summary Method to create iam statement to list s3 buckets
|
|
135
168
|
* @param {common.CommonConstruct} scope scope in which this resource is defined
|
|
@@ -215,6 +215,7 @@ class LambdaManager {
|
|
|
215
215
|
filesystem: accessPoint
|
|
216
216
|
? lambda.FileSystem.fromEfsAccessPoint(accessPoint, mountPath || '/mnt/msg')
|
|
217
217
|
: undefined,
|
|
218
|
+
logRetention: scope.props.logRetention ?? props.logRetention,
|
|
218
219
|
reservedConcurrentExecutions: props.reservedConcurrentExecutions,
|
|
219
220
|
role: role instanceof iam.Role ? role : undefined,
|
|
220
221
|
securityGroups: securityGroups,
|
package/package.json
CHANGED
|
@@ -117,6 +117,42 @@ export class IamManager {
|
|
|
117
117
|
})
|
|
118
118
|
}
|
|
119
119
|
|
|
120
|
+
/**
|
|
121
|
+
* @summary Method to create iam statement to access app config
|
|
122
|
+
* @param {string[]} resourceArns list of ARNs to allow access to
|
|
123
|
+
*/
|
|
124
|
+
public statementForAppConfigExecution(resourceArns?: string[]) {
|
|
125
|
+
return new iam.PolicyStatement({
|
|
126
|
+
effect: iam.Effect.ALLOW,
|
|
127
|
+
actions: ['appconfig:GetLatestConfiguration', 'appconfig:StartConfigurationSession'],
|
|
128
|
+
resources: resourceArns ?? ['*'],
|
|
129
|
+
})
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
/**
|
|
133
|
+
* @summary Method to create iam statement to put xray telemetry
|
|
134
|
+
* @param {string[]} resourceArns list of ARNs to allow access to
|
|
135
|
+
*/
|
|
136
|
+
public statementForPutXrayTelemetry(resourceArns?: string[]) {
|
|
137
|
+
return new iam.PolicyStatement({
|
|
138
|
+
effect: iam.Effect.ALLOW,
|
|
139
|
+
actions: ['xray:PutTraceSegments', 'xray:PutTelemetryRecords'],
|
|
140
|
+
resources: resourceArns ?? ['*'],
|
|
141
|
+
})
|
|
142
|
+
}
|
|
143
|
+
|
|
144
|
+
/**
|
|
145
|
+
* @summary Method to create iam statement to decrypt kms
|
|
146
|
+
* @param {string[]} resourceArns list of ARNs to allow access to
|
|
147
|
+
*/
|
|
148
|
+
public statementForDecryptKms(resourceArns?: string[]) {
|
|
149
|
+
return new iam.PolicyStatement({
|
|
150
|
+
effect: iam.Effect.ALLOW,
|
|
151
|
+
actions: ['kms:Decrypt'],
|
|
152
|
+
resources: resourceArns ?? ['*'],
|
|
153
|
+
})
|
|
154
|
+
}
|
|
155
|
+
|
|
120
156
|
/**
|
|
121
157
|
* @summary Method to create iam statement to list s3 buckets
|
|
122
158
|
* @param {common.CommonConstruct} scope scope in which this resource is defined
|
|
@@ -270,6 +270,7 @@ export class LambdaManager {
|
|
|
270
270
|
filesystem: accessPoint
|
|
271
271
|
? lambda.FileSystem.fromEfsAccessPoint(accessPoint, mountPath || '/mnt/msg')
|
|
272
272
|
: undefined,
|
|
273
|
+
logRetention: scope.props.logRetention ?? props.logRetention,
|
|
273
274
|
reservedConcurrentExecutions: props.reservedConcurrentExecutions,
|
|
274
275
|
role: role instanceof iam.Role ? role : undefined,
|
|
275
276
|
securityGroups: securityGroups,
|