@jaypie/constructs 1.1.48 → 1.1.49
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/index.cjs +73 -16
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/esm/index.js +74 -17
- package/dist/esm/index.js.map +1 -1
- package/package.json +2 -2
package/dist/cjs/index.cjs
CHANGED
|
@@ -1389,6 +1389,7 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1389
1389
|
"budgets:*",
|
|
1390
1390
|
"ce:*",
|
|
1391
1391
|
"cost-optimization-hub:*",
|
|
1392
|
+
"cur:*",
|
|
1392
1393
|
],
|
|
1393
1394
|
Resource: "*",
|
|
1394
1395
|
},
|
|
@@ -1418,14 +1419,52 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1418
1419
|
{
|
|
1419
1420
|
Effect: "Allow",
|
|
1420
1421
|
Action: [
|
|
1422
|
+
"aws-portal:ViewUsage",
|
|
1421
1423
|
"aws-portal:ViewBilling",
|
|
1422
|
-
"
|
|
1423
|
-
"budgets:
|
|
1424
|
-
"
|
|
1425
|
-
"
|
|
1426
|
-
"
|
|
1427
|
-
"
|
|
1428
|
-
"
|
|
1424
|
+
"budgets:Describe*",
|
|
1425
|
+
"budgets:View*",
|
|
1426
|
+
"ce:Get*",
|
|
1427
|
+
"ce:List*",
|
|
1428
|
+
"cloudformation:Describe*",
|
|
1429
|
+
"cloudformation:Get*",
|
|
1430
|
+
"cloudformation:List*",
|
|
1431
|
+
"cloudwatch:BatchGet*",
|
|
1432
|
+
"cloudwatch:Get*",
|
|
1433
|
+
"cloudwatch:List*",
|
|
1434
|
+
"cost-optimization-hub:Get*",
|
|
1435
|
+
"cost-optimization-hub:List*",
|
|
1436
|
+
"ec2:Describe*",
|
|
1437
|
+
"ec2:Get*",
|
|
1438
|
+
"ec2:List*",
|
|
1439
|
+
"ec2:Search*",
|
|
1440
|
+
"iam:Get*",
|
|
1441
|
+
"iam:List*",
|
|
1442
|
+
"iam:PassRole",
|
|
1443
|
+
"lambda:Get*",
|
|
1444
|
+
"lambda:List*",
|
|
1445
|
+
"logs:Describe*",
|
|
1446
|
+
"logs:Get*",
|
|
1447
|
+
"logs:List*",
|
|
1448
|
+
"pipes:Describe*",
|
|
1449
|
+
"pipes:List*",
|
|
1450
|
+
"s3:Get*",
|
|
1451
|
+
"s3:List*",
|
|
1452
|
+
"secretsmanager:GetRandomPassword",
|
|
1453
|
+
"secretsmanager:GetResourcePolicy",
|
|
1454
|
+
"secretsmanager:List*",
|
|
1455
|
+
"securityhub:Describe*",
|
|
1456
|
+
"securityhub:Get*",
|
|
1457
|
+
"securityhub:List*",
|
|
1458
|
+
"servicecatalog:Describe*",
|
|
1459
|
+
"sns:Get*",
|
|
1460
|
+
"sns:List*",
|
|
1461
|
+
"sqs:Get*",
|
|
1462
|
+
"sqs:List*",
|
|
1463
|
+
"states:Describe*",
|
|
1464
|
+
"states:Get*",
|
|
1465
|
+
"states:List*",
|
|
1466
|
+
"tag:*",
|
|
1467
|
+
"xray:*",
|
|
1429
1468
|
],
|
|
1430
1469
|
Resource: "*",
|
|
1431
1470
|
},
|
|
@@ -1438,7 +1477,12 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1438
1477
|
name: exports.PermissionSetType.ANALYST,
|
|
1439
1478
|
description: "Read-only access with billing visibility and limited write access",
|
|
1440
1479
|
sessionDuration: cdk$1.Duration.hours(4).toIsoString(),
|
|
1441
|
-
managedPolicies: [
|
|
1480
|
+
managedPolicies: [
|
|
1481
|
+
awsIam.ManagedPolicy.fromAwsManagedPolicyName("AmazonQDeveloperAccess")
|
|
1482
|
+
.managedPolicyArn,
|
|
1483
|
+
awsIam.ManagedPolicy.fromAwsManagedPolicyName("ReadOnlyAccess")
|
|
1484
|
+
.managedPolicyArn,
|
|
1485
|
+
],
|
|
1442
1486
|
inlinePolicy: mergedPolicy,
|
|
1443
1487
|
});
|
|
1444
1488
|
cdk$1.Tags.of(permissionSet).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
|
|
@@ -1455,18 +1499,27 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1455
1499
|
{
|
|
1456
1500
|
Effect: "Allow",
|
|
1457
1501
|
Action: [
|
|
1502
|
+
"budgets:*",
|
|
1503
|
+
"ce:*",
|
|
1504
|
+
"cloudformation:*",
|
|
1458
1505
|
"cloudwatch:*",
|
|
1459
|
-
"
|
|
1506
|
+
"cost-optimization-hub:*",
|
|
1507
|
+
"ec2:*",
|
|
1508
|
+
"iam:Get*",
|
|
1509
|
+
"iam:List*",
|
|
1510
|
+
"iam:PassRole",
|
|
1460
1511
|
"lambda:*",
|
|
1461
|
-
"
|
|
1462
|
-
"
|
|
1512
|
+
"logs:*",
|
|
1513
|
+
"pipes:*",
|
|
1463
1514
|
"s3:*",
|
|
1515
|
+
"secretsmanager:*",
|
|
1516
|
+
"securityhub:*",
|
|
1517
|
+
"servicecatalog:*",
|
|
1464
1518
|
"sns:*",
|
|
1465
1519
|
"sqs:*",
|
|
1466
|
-
"
|
|
1467
|
-
"
|
|
1468
|
-
"
|
|
1469
|
-
"codebuild:*",
|
|
1520
|
+
"states:*",
|
|
1521
|
+
"tag:*",
|
|
1522
|
+
"xray:*",
|
|
1470
1523
|
],
|
|
1471
1524
|
Resource: "*",
|
|
1472
1525
|
},
|
|
@@ -1491,7 +1544,11 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1491
1544
|
description: "System administrator access with expanded write permissions",
|
|
1492
1545
|
sessionDuration: cdk$1.Duration.hours(8).toIsoString(),
|
|
1493
1546
|
managedPolicies: [
|
|
1494
|
-
"
|
|
1547
|
+
awsIam.ManagedPolicy.fromAwsManagedPolicyName("AmazonQDeveloperAccess")
|
|
1548
|
+
.managedPolicyArn,
|
|
1549
|
+
awsIam.ManagedPolicy.fromAwsManagedPolicyName("ReadOnlyAccess")
|
|
1550
|
+
.managedPolicyArn,
|
|
1551
|
+
awsIam.ManagedPolicy.fromAwsManagedPolicyName("job-function/SystemAdministrator").managedPolicyArn,
|
|
1495
1552
|
],
|
|
1496
1553
|
inlinePolicy: mergedPolicy,
|
|
1497
1554
|
});
|