@jaypie/constructs 1.1.48 → 1.1.49
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/index.cjs +73 -16
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/esm/index.js +74 -17
- package/dist/esm/index.js.map +1 -1
- package/package.json +2 -2
package/dist/esm/index.js
CHANGED
|
@@ -14,7 +14,7 @@ import * as s3 from 'aws-cdk-lib/aws-s3';
|
|
|
14
14
|
import * as s3n from 'aws-cdk-lib/aws-s3-notifications';
|
|
15
15
|
import * as sqs from 'aws-cdk-lib/aws-sqs';
|
|
16
16
|
import * as lambdaEventSources from 'aws-cdk-lib/aws-lambda-event-sources';
|
|
17
|
-
import { ServicePrincipal, Role, FederatedPrincipal, PolicyStatement, Effect } from 'aws-cdk-lib/aws-iam';
|
|
17
|
+
import { ServicePrincipal, ManagedPolicy, Role, FederatedPrincipal, PolicyStatement, Effect } from 'aws-cdk-lib/aws-iam';
|
|
18
18
|
import { LogGroup, RetentionDays, FilterPattern } from 'aws-cdk-lib/aws-logs';
|
|
19
19
|
import * as sso from 'aws-cdk-lib/aws-sso';
|
|
20
20
|
import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
|
|
@@ -1357,6 +1357,7 @@ class JaypieSsoGroups extends Construct {
|
|
|
1357
1357
|
"budgets:*",
|
|
1358
1358
|
"ce:*",
|
|
1359
1359
|
"cost-optimization-hub:*",
|
|
1360
|
+
"cur:*",
|
|
1360
1361
|
],
|
|
1361
1362
|
Resource: "*",
|
|
1362
1363
|
},
|
|
@@ -1386,14 +1387,52 @@ class JaypieSsoGroups extends Construct {
|
|
|
1386
1387
|
{
|
|
1387
1388
|
Effect: "Allow",
|
|
1388
1389
|
Action: [
|
|
1390
|
+
"aws-portal:ViewUsage",
|
|
1389
1391
|
"aws-portal:ViewBilling",
|
|
1390
|
-
"
|
|
1391
|
-
"budgets:
|
|
1392
|
-
"
|
|
1393
|
-
"
|
|
1394
|
-
"
|
|
1395
|
-
"
|
|
1396
|
-
"
|
|
1392
|
+
"budgets:Describe*",
|
|
1393
|
+
"budgets:View*",
|
|
1394
|
+
"ce:Get*",
|
|
1395
|
+
"ce:List*",
|
|
1396
|
+
"cloudformation:Describe*",
|
|
1397
|
+
"cloudformation:Get*",
|
|
1398
|
+
"cloudformation:List*",
|
|
1399
|
+
"cloudwatch:BatchGet*",
|
|
1400
|
+
"cloudwatch:Get*",
|
|
1401
|
+
"cloudwatch:List*",
|
|
1402
|
+
"cost-optimization-hub:Get*",
|
|
1403
|
+
"cost-optimization-hub:List*",
|
|
1404
|
+
"ec2:Describe*",
|
|
1405
|
+
"ec2:Get*",
|
|
1406
|
+
"ec2:List*",
|
|
1407
|
+
"ec2:Search*",
|
|
1408
|
+
"iam:Get*",
|
|
1409
|
+
"iam:List*",
|
|
1410
|
+
"iam:PassRole",
|
|
1411
|
+
"lambda:Get*",
|
|
1412
|
+
"lambda:List*",
|
|
1413
|
+
"logs:Describe*",
|
|
1414
|
+
"logs:Get*",
|
|
1415
|
+
"logs:List*",
|
|
1416
|
+
"pipes:Describe*",
|
|
1417
|
+
"pipes:List*",
|
|
1418
|
+
"s3:Get*",
|
|
1419
|
+
"s3:List*",
|
|
1420
|
+
"secretsmanager:GetRandomPassword",
|
|
1421
|
+
"secretsmanager:GetResourcePolicy",
|
|
1422
|
+
"secretsmanager:List*",
|
|
1423
|
+
"securityhub:Describe*",
|
|
1424
|
+
"securityhub:Get*",
|
|
1425
|
+
"securityhub:List*",
|
|
1426
|
+
"servicecatalog:Describe*",
|
|
1427
|
+
"sns:Get*",
|
|
1428
|
+
"sns:List*",
|
|
1429
|
+
"sqs:Get*",
|
|
1430
|
+
"sqs:List*",
|
|
1431
|
+
"states:Describe*",
|
|
1432
|
+
"states:Get*",
|
|
1433
|
+
"states:List*",
|
|
1434
|
+
"tag:*",
|
|
1435
|
+
"xray:*",
|
|
1397
1436
|
],
|
|
1398
1437
|
Resource: "*",
|
|
1399
1438
|
},
|
|
@@ -1406,7 +1445,12 @@ class JaypieSsoGroups extends Construct {
|
|
|
1406
1445
|
name: PermissionSetType.ANALYST,
|
|
1407
1446
|
description: "Read-only access with billing visibility and limited write access",
|
|
1408
1447
|
sessionDuration: Duration.hours(4).toIsoString(),
|
|
1409
|
-
managedPolicies: [
|
|
1448
|
+
managedPolicies: [
|
|
1449
|
+
ManagedPolicy.fromAwsManagedPolicyName("AmazonQDeveloperAccess")
|
|
1450
|
+
.managedPolicyArn,
|
|
1451
|
+
ManagedPolicy.fromAwsManagedPolicyName("ReadOnlyAccess")
|
|
1452
|
+
.managedPolicyArn,
|
|
1453
|
+
],
|
|
1410
1454
|
inlinePolicy: mergedPolicy,
|
|
1411
1455
|
});
|
|
1412
1456
|
Tags.of(permissionSet).add(CDK$2.TAG.SERVICE, CDK$2.SERVICE.SSO);
|
|
@@ -1423,18 +1467,27 @@ class JaypieSsoGroups extends Construct {
|
|
|
1423
1467
|
{
|
|
1424
1468
|
Effect: "Allow",
|
|
1425
1469
|
Action: [
|
|
1470
|
+
"budgets:*",
|
|
1471
|
+
"ce:*",
|
|
1472
|
+
"cloudformation:*",
|
|
1426
1473
|
"cloudwatch:*",
|
|
1427
|
-
"
|
|
1474
|
+
"cost-optimization-hub:*",
|
|
1475
|
+
"ec2:*",
|
|
1476
|
+
"iam:Get*",
|
|
1477
|
+
"iam:List*",
|
|
1478
|
+
"iam:PassRole",
|
|
1428
1479
|
"lambda:*",
|
|
1429
|
-
"
|
|
1430
|
-
"
|
|
1480
|
+
"logs:*",
|
|
1481
|
+
"pipes:*",
|
|
1431
1482
|
"s3:*",
|
|
1483
|
+
"secretsmanager:*",
|
|
1484
|
+
"securityhub:*",
|
|
1485
|
+
"servicecatalog:*",
|
|
1432
1486
|
"sns:*",
|
|
1433
1487
|
"sqs:*",
|
|
1434
|
-
"
|
|
1435
|
-
"
|
|
1436
|
-
"
|
|
1437
|
-
"codebuild:*",
|
|
1488
|
+
"states:*",
|
|
1489
|
+
"tag:*",
|
|
1490
|
+
"xray:*",
|
|
1438
1491
|
],
|
|
1439
1492
|
Resource: "*",
|
|
1440
1493
|
},
|
|
@@ -1459,7 +1512,11 @@ class JaypieSsoGroups extends Construct {
|
|
|
1459
1512
|
description: "System administrator access with expanded write permissions",
|
|
1460
1513
|
sessionDuration: Duration.hours(8).toIsoString(),
|
|
1461
1514
|
managedPolicies: [
|
|
1462
|
-
"
|
|
1515
|
+
ManagedPolicy.fromAwsManagedPolicyName("AmazonQDeveloperAccess")
|
|
1516
|
+
.managedPolicyArn,
|
|
1517
|
+
ManagedPolicy.fromAwsManagedPolicyName("ReadOnlyAccess")
|
|
1518
|
+
.managedPolicyArn,
|
|
1519
|
+
ManagedPolicy.fromAwsManagedPolicyName("job-function/SystemAdministrator").managedPolicyArn,
|
|
1463
1520
|
],
|
|
1464
1521
|
inlinePolicy: mergedPolicy,
|
|
1465
1522
|
});
|