npm - @jjrawlins/cdk-ami-builder - Versions diffs - 0.0.19 → 0.0.20 - Mend

@jjrawlins/cdk-ami-builder 0.0.19 → 0.0.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (279) hide show

package/node_modules/cdk-iam-floyd/lib/generated/policy-statements/securityhub.d.ts CHANGED Viewed

@@ -120,8 +120,9 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Possible conditions:
      * - .ifASFFSyntaxPath()
+     * - .ifOCSFSyntaxPath()
      *
-     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindingsV2.html
      */
     toBatchUpdateFindings(): this;
     /**
@@ -135,6 +136,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
      */
     toBatchUpdateStandardsControlAssociations(): this;
+    /**
+     * Grants permission to complete the OAuth 2.0 authorization code flow based on input parameters
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ConnectorRegistrationsV2.html
+     */
+    toConnectorRegistrationsV2(): this;
     /**
      * Grants permission to create custom actions in Security Hub
      *
@@ -143,6 +152,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateActionTarget.html
      */
     toCreateActionTarget(): this;
+    /**
+     * Grants permission to create an aggregatorV2, which configures data aggregation across Regions
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateAggregatorV2.html
+     */
+    toCreateAggregatorV2(): this;
     /**
      * Grants permission to create an automation rule based on input parameters
      *
@@ -155,6 +172,18 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
      */
     toCreateAutomationRule(): this;
+    /**
+     * Grants permission to create an automation rule V2 based on input parameters
+     *
+     * Access Level: Write
+     *
+     * Possible conditions:
+     * - .ifAwsRequestTag()
+     * - .ifAwsTagKeys()
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
+     */
+    toCreateAutomationRuleV2(): this;
     /**
      * Grants permission to create a configuration policy to manage organization member settings in Security Hub
      *
@@ -167,12 +196,24 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateConfigurationPolicy.html
      */
     toCreateConfigurationPolicy(): this;
+    /**
+     * Grants permission to create a connector V2 based on input parameters
+     *
+     * Access Level: Write
+     *
+     * Possible conditions:
+     * - .ifAwsRequestTag()
+     * - .ifAwsTagKeys()
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateConnectorV2.html
+     */
+    toCreateConnectorV2(): this;
     /**
      * Grants permission to create a finding aggregator, which contains the cross-Region finding aggregation configuration
      *
      * Access Level: Write
      *
-     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateFindingAggregator.html
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateFindingAggregator.html
      */
     toCreateFindingAggregator(): this;
     /**
@@ -191,6 +232,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateMembers.html
      */
     toCreateMembers(): this;
+    /**
+     * Grants permission to create ticket for a selected OCSF finding
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateTicketV2.html
+     */
+    toCreateTicketV2(): this;
     /**
      * Grants permission to decline Security Hub invitations to become a member account
      *
@@ -207,6 +256,22 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteActionTarget.html
      */
     toDeleteActionTarget(): this;
+    /**
+     * Grants permission to delete an aggregatorV2, which configures data aggregation across Regions
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteAggregatorV2.html
+     */
+    toDeleteAggregatorV2(): this;
+    /**
+     * Grants permission to delete an automation rule V2 in Security Hub
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
+     */
+    toDeleteAutomationRuleV2(): this;
     /**
      * Grants permission to delete an existing configuration policy
      *
@@ -215,6 +280,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteConfigurationPolicy.html
      */
     toDeleteConfigurationPolicy(): this;
+    /**
+     * Grants permission to delete a connector V2 in Security Hub
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteConnectorV2.html
+     */
+    toDeleteConnectorV2(): this;
     /**
      * Grants permission to delete a finding aggregator, which disables finding aggregation across Regions
      *
@@ -279,6 +352,22 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeProducts.html
      */
     toDescribeProducts(): this;
+    /**
+     * Grants permission to retrieve information about the available Security Hub V2 product integrations
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeProductsV2.html
+     */
+    toDescribeProductsV2(): this;
+    /**
+     * Grants permission to retrieve information about the hub V2 resource in your account
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeSecurityHubV2.html
+     */
+    toDescribeSecurityHubV2(): this;
     /**
      * Grants permission to retrieve information about Security Hub standards
      *
@@ -309,7 +398,9 @@ export declare class Securityhub extends PolicyStatement {
      * Access Level: Write
      *
      * Dependent actions:
+     * - organizations:DeregisterDelegatedAdministrator
      * - organizations:DescribeOrganization
+     * - organizations:ListDelegatedAdministrators
      *
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableOrganizationAdminAccount.html
      */
@@ -322,6 +413,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableSecurityHub.html
      */
     toDisableSecurityHub(): this;
+    /**
+     * Grants permission to disable Security Hub V2
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableSecurityHubV2.html
+     */
+    toDisableSecurityHubV2(): this;
     /**
      * Grants permission to a Security Hub member account to disassociate from the associated administrator account
      *
@@ -362,6 +461,8 @@ export declare class Securityhub extends PolicyStatement {
      * Dependent actions:
      * - organizations:DescribeOrganization
      * - organizations:EnableAWSServiceAccess
+     * - organizations:ListAWSServiceAccessForOrganization
+     * - organizations:ListDelegatedAdministrators
      * - organizations:RegisterDelegatedAdministrator
      *
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableOrganizationAdminAccount.html
@@ -380,11 +481,23 @@ export declare class Securityhub extends PolicyStatement {
      */
     toEnableSecurityHub(): this;
     /**
-     * Grants permission to retrieve insight results by providing a set of filters instead of an insight ARN
+     * Grants permission to enable Security Hub V2
+     *
+     * Access Level: Write
+     *
+     * Possible conditions:
+     * - .ifAwsRequestTag()
+     * - .ifAwsTagKeys()
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableSecurityHubV2.html
+     */
+    toEnableSecurityHubV2(): this;
+    /**
+     * Grants permission to retrieve aggregated statistical data about the findings
      *
      * Access Level: Read
      *
-     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetAdhocInsightResults.html
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingStatisticsV2.html
      */
     toGetAdhocInsightResults(): this;
     /**
@@ -395,6 +508,22 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetAdministratorAccount.html
      */
     toGetAdministratorAccount(): this;
+    /**
+     * Grants permission to retrieve details for an aggregatorV2, which configures data aggregation across Regions
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetAggregatorV2.html
+     */
+    toGetAggregatorV2(): this;
+    /**
+     * Grants permission to retrieve details for an automation rule V2 from Security Hub based on rule Amazon Resource Name (ARN)
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
+     */
+    toGetAutomationRuleV2(): this;
     /**
      * Grants permission to get a complete overview of one configuration policy created by the calling account
      *
@@ -411,6 +540,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetConfigurationPolicyAssociation.html
      */
     toGetConfigurationPolicyAssociation(): this;
+    /**
+     * Grants permission to retrieve details for a connector V2 from Security Hub based on connector id
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetConnectorV2.html
+     */
+    toGetConnectorV2(): this;
     /**
      * Grants permission to retrieve a security score and counts of finding and control statuses for a security standard
      *
@@ -448,7 +585,7 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Access Level: Read
      *
-     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingsV2.html
      */
     toGetFindings(): this;
     /**
@@ -515,6 +652,22 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetMembers.html
      */
     toGetMembers(): this;
+    /**
+     * Grants permission to retrieve aggregate statistics about resources
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetResourcesStatisticsV2.html
+     */
+    toGetResourcesStatisticsV2(): this;
+    /**
+     * Grants permission to retrieve a list of resources
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetResourcesV2.html
+     */
+    toGetResourcesV2(): this;
     /**
      * Grants permission to get the definition details of a specific security control identified by ID
      *
@@ -542,6 +695,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_InviteMembers.html
      */
     toInviteMembers(): this;
+    /**
+     * Grants permission to retrieve a list of aggregatorsV2, which configures data aggregation across Regions
+     *
+     * Access Level: List
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListAggregatorsV2.html
+     */
+    toListAggregatorsV2(): this;
     /**
      * Grants permission to retrieve a list of automation rules and their metadata for the calling account from Security Hub
      *
@@ -550,6 +711,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
      */
     toListAutomationRules(): this;
+    /**
+     * Grants permission to retrieve a list of automation rules V2 and their metadata for the calling account from Security Hub
+     *
+     * Access Level: List
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
+     */
+    toListAutomationRulesV2(): this;
     /**
      * Grants permission to list the summaries of all configuration policies created by the calling account
      *
@@ -566,6 +735,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListConfigurationPolicyAssociations.html
      */
     toListConfigurationPolicyAssociations(): this;
+    /**
+     * Grants permission to retrieve a list of connectors V2 and their metadata for the calling account from Security Hub
+     *
+     * Access Level: List
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListConnectorsV2.html
+     */
+    toListConnectorsV2(): this;
     /**
      * Grants permission to retrieve a list of controls for a standard, including the control IDs, statuses and finding counts
      *
@@ -587,7 +764,7 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Access Level: List
      *
-     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateFindingAggregator.html
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListFindingAggregators.html
      */
     toListFindingAggregators(): this;
     /**
@@ -613,6 +790,7 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Dependent actions:
      * - organizations:DescribeOrganization
+     * - organizations:ListDelegatedAdministrators
      *
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListOrganizationAdminAccounts.html
      */
@@ -700,6 +878,22 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateActionTarget.html
      */
     toUpdateActionTarget(): this;
+    /**
+     * Grants permission to update an aggregatorV2, which configures data aggregation across Regions
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateAggregatorV2.html
+     */
+    toUpdateAggregatorV2(): this;
+    /**
+     * Grants permission to update an automation rule V2 in Security Hub based on rule Amazon Resource Name (ARN) and input parameters
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
+     */
+    toUpdateAutomationRuleV2(): this;
     /**
      * Grants permission to update an existing configuration policy
      *
@@ -708,6 +902,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateConfigurationPolicy.html
      */
     toUpdateConfigurationPolicy(): this;
+    /**
+     * Grants permission to update a connector V2 in Security Hub based on connector id and input parameters
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateConnectorV2.html
+     */
+    toUpdateConnectorV2(): this;
     /**
      * Grants permission to update a finding aggregator, which contains the cross-Region finding aggregation configuration
      *
@@ -781,6 +983,20 @@ export declare class Securityhub extends PolicyStatement {
      * - .ifAwsResourceTag()
      */
     onHub(account?: string, region?: string, partition?: string): this;
+    /**
+     * Adds a resource of type hubv2 to the statement
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources
+     *
+     * @param hubV2Id - Identifier for the hubV2Id.
+     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+     * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
+     */
+    onHubv2(hubV2Id: string, account?: string, region?: string, partition?: string): this;
     /**
      * Adds a resource of type product to the statement
      *
@@ -804,6 +1020,20 @@ export declare class Securityhub extends PolicyStatement {
      * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
      */
     onFindingAggregator(findingAggregatorId: string, account?: string, region?: string, partition?: string): this;
+    /**
+     * Adds a resource of type aggregatorv2 to the statement
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources
+     *
+     * @param aggregatorV2Id - Identifier for the aggregatorV2Id.
+     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+     * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
+     */
+    onAggregatorv2(aggregatorV2Id: string, account?: string, region?: string, partition?: string): this;
     /**
      * Adds a resource of type automation-rule to the statement
      *
@@ -813,8 +1043,25 @@ export declare class Securityhub extends PolicyStatement {
      * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
      * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
      * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
      */
     onAutomationRule(automationRuleId: string, account?: string, region?: string, partition?: string): this;
+    /**
+     * Adds a resource of type automation-rulev2 to the statement
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
+     *
+     * @param automationRuleV2Id - Identifier for the automationRuleV2Id.
+     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+     * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
+     */
+    onAutomationRulev2(automationRuleV2Id: string, account?: string, region?: string, partition?: string): this;
     /**
      * Adds a resource of type configuration-policy to the statement
      *
@@ -824,8 +1071,25 @@ export declare class Securityhub extends PolicyStatement {
      * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
      * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
      * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
      */
     onConfigurationPolicy(configurationPolicyId: string, account?: string, region?: string, partition?: string): this;
+    /**
+     * Adds a resource of type connectorv2 to the statement
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources
+     *
+     * @param connectorV2Id - Identifier for the connectorV2Id.
+     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+     * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
+     */
+    onConnectorv2(connectorV2Id: string, account?: string, region?: string, partition?: string): this;
     /**
      * Filters access by actions based on the presence of tag key-value pairs in the request
      *
@@ -833,8 +1097,11 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Applies to actions:
      * - .toCreateAutomationRule()
+     * - .toCreateAutomationRuleV2()
      * - .toCreateConfigurationPolicy()
+     * - .toCreateConnectorV2()
      * - .toEnableSecurityHub()
+     * - .toEnableSecurityHubV2()
      *
      * @param tagKey The tag key to check
      * @param value The value(s) to check
@@ -848,6 +1115,12 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Applies to resource types:
      * - hub
+     * - hubv2
+     * - aggregatorv2
+     * - automation-rule
+     * - automation-rulev2
+     * - configuration-policy
+     * - connectorv2
      *
      * @param tagKey The tag key to check
      * @param value The value(s) to check
@@ -861,8 +1134,11 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Applies to actions:
      * - .toCreateAutomationRule()
+     * - .toCreateAutomationRuleV2()
      * - .toCreateConfigurationPolicy()
+     * - .toCreateConnectorV2()
      * - .toEnableSecurityHub()
+     * - .toEnableSecurityHubV2()
      *
      * @param value The value(s) to check
      * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
@@ -881,6 +1157,19 @@ export declare class Securityhub extends PolicyStatement {
      * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
      */
     ifASFFSyntaxPath(aSFFSyntaxPath: string, value: string | string[], operator?: Operator | string): this;
+    /**
+     * Filters access by the specified fields and values in the request
+     *
+     * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-ocsfsyntaxpath
+     *
+     * Applies to actions:
+     * - .toBatchUpdateFindings()
+     *
+     * @param oCSFSyntaxPath The tag key to check
+     * @param value The value(s) to check
+     * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
+     */
+    ifOCSFSyntaxPath(oCSFSyntaxPath: string, value: string | string[], operator?: Operator | string): this;
     /**
      * Filters access by the AwsAccountId field that is specified in the request
      *