@jjrawlins/cdk-ami-builder 0.0.19 → 0.0.21

package/node_modules/cdk-iam-floyd/lib/generated/policy-statements/securityhub.d.ts

@@ -120,8 +120,9 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Possible conditions:
      * - .ifASFFSyntaxPath()
+     * - .ifOCSFSyntaxPath()
      *
-     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindingsV2.html
      */
     toBatchUpdateFindings(): this;
     /**
@@ -135,6 +136,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html
      */
     toBatchUpdateStandardsControlAssociations(): this;
+    /**
+     * Grants permission to complete the OAuth 2.0 authorization code flow based on input parameters
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ConnectorRegistrationsV2.html
+     */
+    toConnectorRegistrationsV2(): this;
     /**
      * Grants permission to create custom actions in Security Hub
      *
@@ -143,6 +152,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateActionTarget.html
      */
     toCreateActionTarget(): this;
+    /**
+     * Grants permission to create an aggregatorV2, which configures data aggregation across Regions
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateAggregatorV2.html
+     */
+    toCreateAggregatorV2(): this;
     /**
      * Grants permission to create an automation rule based on input parameters
      *
@@ -155,6 +172,18 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
      */
     toCreateAutomationRule(): this;
+    /**
+     * Grants permission to create an automation rule V2 based on input parameters
+     *
+     * Access Level: Write
+     *
+     * Possible conditions:
+     * - .ifAwsRequestTag()
+     * - .ifAwsTagKeys()
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
+     */
+    toCreateAutomationRuleV2(): this;
     /**
      * Grants permission to create a configuration policy to manage organization member settings in Security Hub
      *
@@ -167,12 +196,24 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateConfigurationPolicy.html
      */
     toCreateConfigurationPolicy(): this;
+    /**
+     * Grants permission to create a connector V2 based on input parameters
+     *
+     * Access Level: Write
+     *
+     * Possible conditions:
+     * - .ifAwsRequestTag()
+     * - .ifAwsTagKeys()
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateConnectorV2.html
+     */
+    toCreateConnectorV2(): this;
     /**
      * Grants permission to create a finding aggregator, which contains the cross-Region finding aggregation configuration
      *
      * Access Level: Write
      *
-     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateFindingAggregator.html
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateFindingAggregator.html
      */
     toCreateFindingAggregator(): this;
     /**
@@ -191,6 +232,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateMembers.html
      */
     toCreateMembers(): this;
+    /**
+     * Grants permission to create ticket for a selected OCSF finding
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateTicketV2.html
+     */
+    toCreateTicketV2(): this;
     /**
      * Grants permission to decline Security Hub invitations to become a member account
      *
@@ -207,6 +256,22 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteActionTarget.html
      */
     toDeleteActionTarget(): this;
+    /**
+     * Grants permission to delete an aggregatorV2, which configures data aggregation across Regions
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteAggregatorV2.html
+     */
+    toDeleteAggregatorV2(): this;
+    /**
+     * Grants permission to delete an automation rule V2 in Security Hub
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
+     */
+    toDeleteAutomationRuleV2(): this;
     /**
      * Grants permission to delete an existing configuration policy
      *
@@ -215,6 +280,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteConfigurationPolicy.html
      */
     toDeleteConfigurationPolicy(): this;
+    /**
+     * Grants permission to delete a connector V2 in Security Hub
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteConnectorV2.html
+     */
+    toDeleteConnectorV2(): this;
     /**
      * Grants permission to delete a finding aggregator, which disables finding aggregation across Regions
      *
@@ -279,6 +352,22 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeProducts.html
      */
     toDescribeProducts(): this;
+    /**
+     * Grants permission to retrieve information about the available Security Hub V2 product integrations
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeProductsV2.html
+     */
+    toDescribeProductsV2(): this;
+    /**
+     * Grants permission to retrieve information about the hub V2 resource in your account
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeSecurityHubV2.html
+     */
+    toDescribeSecurityHubV2(): this;
     /**
      * Grants permission to retrieve information about Security Hub standards
      *
@@ -309,7 +398,9 @@ export declare class Securityhub extends PolicyStatement {
      * Access Level: Write
      *
      * Dependent actions:
+     * - organizations:DeregisterDelegatedAdministrator
      * - organizations:DescribeOrganization
+     * - organizations:ListDelegatedAdministrators
      *
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableOrganizationAdminAccount.html
      */
@@ -322,6 +413,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableSecurityHub.html
      */
     toDisableSecurityHub(): this;
+    /**
+     * Grants permission to disable Security Hub V2
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableSecurityHubV2.html
+     */
+    toDisableSecurityHubV2(): this;
     /**
      * Grants permission to a Security Hub member account to disassociate from the associated administrator account
      *
@@ -362,6 +461,8 @@ export declare class Securityhub extends PolicyStatement {
      * Dependent actions:
      * - organizations:DescribeOrganization
      * - organizations:EnableAWSServiceAccess
+     * - organizations:ListAWSServiceAccessForOrganization
+     * - organizations:ListDelegatedAdministrators
      * - organizations:RegisterDelegatedAdministrator
      *
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableOrganizationAdminAccount.html
@@ -380,11 +481,23 @@ export declare class Securityhub extends PolicyStatement {
      */
     toEnableSecurityHub(): this;
     /**
-     * Grants permission to retrieve insight results by providing a set of filters instead of an insight ARN
+     * Grants permission to enable Security Hub V2
+     *
+     * Access Level: Write
+     *
+     * Possible conditions:
+     * - .ifAwsRequestTag()
+     * - .ifAwsTagKeys()
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableSecurityHubV2.html
+     */
+    toEnableSecurityHubV2(): this;
+    /**
+     * Grants permission to retrieve aggregated statistical data about the findings
      *
      * Access Level: Read
      *
-     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetAdhocInsightResults.html
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingStatisticsV2.html
      */
     toGetAdhocInsightResults(): this;
     /**
@@ -395,6 +508,22 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetAdministratorAccount.html
      */
     toGetAdministratorAccount(): this;
+    /**
+     * Grants permission to retrieve details for an aggregatorV2, which configures data aggregation across Regions
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetAggregatorV2.html
+     */
+    toGetAggregatorV2(): this;
+    /**
+     * Grants permission to retrieve details for an automation rule V2 from Security Hub based on rule Amazon Resource Name (ARN)
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
+     */
+    toGetAutomationRuleV2(): this;
     /**
      * Grants permission to get a complete overview of one configuration policy created by the calling account
      *
@@ -411,6 +540,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetConfigurationPolicyAssociation.html
      */
     toGetConfigurationPolicyAssociation(): this;
+    /**
+     * Grants permission to retrieve details for a connector V2 from Security Hub based on connector id
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetConnectorV2.html
+     */
+    toGetConnectorV2(): this;
     /**
      * Grants permission to retrieve a security score and counts of finding and control statuses for a security standard
      *
@@ -448,7 +585,7 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Access Level: Read
      *
-     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingsV2.html
      */
     toGetFindings(): this;
     /**
@@ -515,6 +652,22 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetMembers.html
      */
     toGetMembers(): this;
+    /**
+     * Grants permission to retrieve aggregate statistics about resources
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetResourcesStatisticsV2.html
+     */
+    toGetResourcesStatisticsV2(): this;
+    /**
+     * Grants permission to retrieve a list of resources
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetResourcesV2.html
+     */
+    toGetResourcesV2(): this;
     /**
      * Grants permission to get the definition details of a specific security control identified by ID
      *
@@ -542,6 +695,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_InviteMembers.html
      */
     toInviteMembers(): this;
+    /**
+     * Grants permission to retrieve a list of aggregatorsV2, which configures data aggregation across Regions
+     *
+     * Access Level: List
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListAggregatorsV2.html
+     */
+    toListAggregatorsV2(): this;
     /**
      * Grants permission to retrieve a list of automation rules and their metadata for the calling account from Security Hub
      *
@@ -550,6 +711,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
      */
     toListAutomationRules(): this;
+    /**
+     * Grants permission to retrieve a list of automation rules V2 and their metadata for the calling account from Security Hub
+     *
+     * Access Level: List
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
+     */
+    toListAutomationRulesV2(): this;
     /**
      * Grants permission to list the summaries of all configuration policies created by the calling account
      *
@@ -566,6 +735,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListConfigurationPolicyAssociations.html
      */
     toListConfigurationPolicyAssociations(): this;
+    /**
+     * Grants permission to retrieve a list of connectors V2 and their metadata for the calling account from Security Hub
+     *
+     * Access Level: List
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListConnectorsV2.html
+     */
+    toListConnectorsV2(): this;
     /**
      * Grants permission to retrieve a list of controls for a standard, including the control IDs, statuses and finding counts
      *
@@ -587,7 +764,7 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Access Level: List
      *
-     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateFindingAggregator.html
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListFindingAggregators.html
      */
     toListFindingAggregators(): this;
     /**
@@ -613,6 +790,7 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Dependent actions:
      * - organizations:DescribeOrganization
+     * - organizations:ListDelegatedAdministrators
      *
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListOrganizationAdminAccounts.html
      */
@@ -700,6 +878,22 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateActionTarget.html
      */
     toUpdateActionTarget(): this;
+    /**
+     * Grants permission to update an aggregatorV2, which configures data aggregation across Regions
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateAggregatorV2.html
+     */
+    toUpdateAggregatorV2(): this;
+    /**
+     * Grants permission to update an automation rule V2 in Security Hub based on rule Amazon Resource Name (ARN) and input parameters
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
+     */
+    toUpdateAutomationRuleV2(): this;
     /**
      * Grants permission to update an existing configuration policy
      *
@@ -708,6 +902,14 @@ export declare class Securityhub extends PolicyStatement {
      * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateConfigurationPolicy.html
      */
     toUpdateConfigurationPolicy(): this;
+    /**
+     * Grants permission to update a connector V2 in Security Hub based on connector id and input parameters
+     *
+     * Access Level: Write
+     *
+     * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateConnectorV2.html
+     */
+    toUpdateConnectorV2(): this;
     /**
      * Grants permission to update a finding aggregator, which contains the cross-Region finding aggregation configuration
      *
@@ -781,6 +983,20 @@ export declare class Securityhub extends PolicyStatement {
      * - .ifAwsResourceTag()
      */
     onHub(account?: string, region?: string, partition?: string): this;
+    /**
+     * Adds a resource of type hubv2 to the statement
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources
+     *
+     * @param hubV2Id - Identifier for the hubV2Id.
+     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+     * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
+     */
+    onHubv2(hubV2Id: string, account?: string, region?: string, partition?: string): this;
     /**
      * Adds a resource of type product to the statement
      *
@@ -804,6 +1020,20 @@ export declare class Securityhub extends PolicyStatement {
      * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
      */
     onFindingAggregator(findingAggregatorId: string, account?: string, region?: string, partition?: string): this;
+    /**
+     * Adds a resource of type aggregatorv2 to the statement
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources
+     *
+     * @param aggregatorV2Id - Identifier for the aggregatorV2Id.
+     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+     * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
+     */
+    onAggregatorv2(aggregatorV2Id: string, account?: string, region?: string, partition?: string): this;
     /**
      * Adds a resource of type automation-rule to the statement
      *
@@ -813,8 +1043,25 @@ export declare class Securityhub extends PolicyStatement {
      * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
      * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
      * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
      */
     onAutomationRule(automationRuleId: string, account?: string, region?: string, partition?: string): this;
+    /**
+     * Adds a resource of type automation-rulev2 to the statement
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules
+     *
+     * @param automationRuleV2Id - Identifier for the automationRuleV2Id.
+     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+     * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
+     */
+    onAutomationRulev2(automationRuleV2Id: string, account?: string, region?: string, partition?: string): this;
     /**
      * Adds a resource of type configuration-policy to the statement
      *
@@ -824,8 +1071,25 @@ export declare class Securityhub extends PolicyStatement {
      * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
      * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
      * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
      */
     onConfigurationPolicy(configurationPolicyId: string, account?: string, region?: string, partition?: string): this;
+    /**
+     * Adds a resource of type connectorv2 to the statement
+     *
+     * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources
+     *
+     * @param connectorV2Id - Identifier for the connectorV2Id.
+     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+     * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
+     */
+    onConnectorv2(connectorV2Id: string, account?: string, region?: string, partition?: string): this;
     /**
      * Filters access by actions based on the presence of tag key-value pairs in the request
      *
@@ -833,8 +1097,11 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Applies to actions:
      * - .toCreateAutomationRule()
+     * - .toCreateAutomationRuleV2()
      * - .toCreateConfigurationPolicy()
+     * - .toCreateConnectorV2()
      * - .toEnableSecurityHub()
+     * - .toEnableSecurityHubV2()
      *
      * @param tagKey The tag key to check
      * @param value The value(s) to check
@@ -848,6 +1115,12 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Applies to resource types:
      * - hub
+     * - hubv2
+     * - aggregatorv2
+     * - automation-rule
+     * - automation-rulev2
+     * - configuration-policy
+     * - connectorv2
      *
      * @param tagKey The tag key to check
      * @param value The value(s) to check
@@ -861,8 +1134,11 @@ export declare class Securityhub extends PolicyStatement {
      *
      * Applies to actions:
      * - .toCreateAutomationRule()
+     * - .toCreateAutomationRuleV2()
      * - .toCreateConfigurationPolicy()
+     * - .toCreateConnectorV2()
      * - .toEnableSecurityHub()
+     * - .toEnableSecurityHubV2()
      *
      * @param value The value(s) to check
      * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
@@ -881,6 +1157,19 @@ export declare class Securityhub extends PolicyStatement {
      * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
      */
     ifASFFSyntaxPath(aSFFSyntaxPath: string, value: string | string[], operator?: Operator | string): this;
+    /**
+     * Filters access by the specified fields and values in the request
+     *
+     * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-ocsfsyntaxpath
+     *
+     * Applies to actions:
+     * - .toBatchUpdateFindings()
+     *
+     * @param oCSFSyntaxPath The tag key to check
+     * @param value The value(s) to check
+     * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
+     */
+    ifOCSFSyntaxPath(oCSFSyntaxPath: string, value: string | string[], operator?: Operator | string): this;
     /**
      * Filters access by the AwsAccountId field that is specified in the request
      *