npm - @rio-cloud/cdk-v2-constructs - Versions diffs - 6.8.0 → 6.9.0 - Mend

@rio-cloud/cdk-v2-constructs 6.8.0 → 6.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/.jsii +33 -1
package/docs/API.md +668 -0
package/docs/changelog.md +37 -616
package/lib/iam/ecr-pull-through-cache-policy-statement.d.ts +4 -0
package/lib/iam/ecr-pull-through-cache-policy-statement.js +25 -0
package/lib/iam/index.d.ts +1 -0
package/lib/iam/index.js +18 -0
package/lib/index.d.ts +1 -0
package/lib/index.js +3 -2
package/package.json +3 -3
package/version.json +1 -1
package/CHANGELOG.md +0 -106

package/docs/API.md CHANGED Viewed

@@ -15962,6 +15962,674 @@ Example - route issues based on their priority:
+### EcrPullThroughCachePolicyStatement <a name="EcrPullThroughCachePolicyStatement" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement"></a>
+#### Initializers <a name="Initializers" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.Initializer"></a>
+```typescript
+import { iam } from '@rio-cloud/cdk-v2-constructs'
+new iam.EcrPullThroughCachePolicyStatement()
+```
+| **Name** | **Type** | **Description** |
+| --- | --- | --- |
+---
+#### Methods <a name="Methods" id="Methods"></a>
+| **Name** | **Description** |
+| --- | --- |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addAccountCondition">addAccountCondition</a></code> | Add a `StringEquals` condition that limits to a given account from `sts:ExternalId`. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addAccountRootPrincipal">addAccountRootPrincipal</a></code> | Adds an AWS account root user principal to this policy statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addActions">addActions</a></code> | Specify allowed actions into the "Action" section of the policy statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addAllResources">addAllResources</a></code> | Adds a ``"*"`` resource to this statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addAnyPrincipal">addAnyPrincipal</a></code> | Adds all identities in all accounts ("*") to this policy statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addArnPrincipal">addArnPrincipal</a></code> | Specify a principal using the ARN  identifier of the principal. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addAwsAccountPrincipal">addAwsAccountPrincipal</a></code> | Specify AWS account ID as the principal entity to the "Principal" section of a policy statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addCanonicalUserPrincipal">addCanonicalUserPrincipal</a></code> | Adds a canonical user ID principal to this policy document. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addCondition">addCondition</a></code> | Add a condition to the Policy. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addConditions">addConditions</a></code> | Add multiple conditions to the Policy. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addFederatedPrincipal">addFederatedPrincipal</a></code> | Adds a federated identity provider such as Amazon Cognito to this policy statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addNotActions">addNotActions</a></code> | Explicitly allow all actions except the specified list of actions into the "NotAction" section of the policy document. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addNotPrincipals">addNotPrincipals</a></code> | Specify principals that is not allowed or denied access to the "NotPrincipal" section of a policy statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addNotResources">addNotResources</a></code> | Specify resources that this policy statement will not apply to in the "NotResource" section of this policy statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addPrincipals">addPrincipals</a></code> | Adds principals to the "Principal" section of a policy statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addResources">addResources</a></code> | Specify resources that this policy statement applies into the "Resource" section of this policy statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addServicePrincipal">addServicePrincipal</a></code> | Adds a service principal to this policy statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addSourceAccountCondition">addSourceAccountCondition</a></code> | Add an `StringEquals` condition that limits to a given account from `aws:SourceAccount`. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addSourceArnCondition">addSourceArnCondition</a></code> | Add an `ArnEquals` condition that limits to a given resource arn from `aws:SourceArn`. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.copy">copy</a></code> | Create a new `PolicyStatement` with the same exact properties as this one, except for the overrides. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.freeze">freeze</a></code> | Make the PolicyStatement immutable. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.toJSON">toJSON</a></code> | JSON-ify the statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.toStatementJson">toStatementJson</a></code> | JSON-ify the policy statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.toString">toString</a></code> | String representation of this policy statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.validateForAnyPolicy">validateForAnyPolicy</a></code> | Validate that the policy statement satisfies base requirements for a policy. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.validateForIdentityPolicy">validateForIdentityPolicy</a></code> | Validate that the policy statement satisfies all requirements for an identity-based policy. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.validateForResourcePolicy">validateForResourcePolicy</a></code> | Validate that the policy statement satisfies all requirements for a resource-based policy. |
+---
+##### `addAccountCondition` <a name="addAccountCondition" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addAccountCondition"></a>
+```typescript
+public addAccountCondition(accountId: string): void
+```
+Add a `StringEquals` condition that limits to a given account from `sts:ExternalId`.
+This method can only be called once: subsequent calls will overwrite earlier calls.
+> [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
+###### `accountId`<sup>Required</sup> <a name="accountId" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addAccountCondition.parameter.accountId"></a>
+- *Type:* string
+---
+##### `addAccountRootPrincipal` <a name="addAccountRootPrincipal" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addAccountRootPrincipal"></a>
+```typescript
+public addAccountRootPrincipal(): void
+```
+Adds an AWS account root user principal to this policy statement.
+##### `addActions` <a name="addActions" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addActions"></a>
+```typescript
+public addActions(actions: string): void
+```
+Specify allowed actions into the "Action" section of the policy statement.
+> [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html)
+###### `actions`<sup>Required</sup> <a name="actions" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addActions.parameter.actions"></a>
+- *Type:* string
+actions that will be allowed.
+---
+##### `addAllResources` <a name="addAllResources" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addAllResources"></a>
+```typescript
+public addAllResources(): void
+```
+Adds a ``"*"`` resource to this statement.
+##### `addAnyPrincipal` <a name="addAnyPrincipal" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addAnyPrincipal"></a>
+```typescript
+public addAnyPrincipal(): void
+```
+Adds all identities in all accounts ("*") to this policy statement.
+##### `addArnPrincipal` <a name="addArnPrincipal" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addArnPrincipal"></a>
+```typescript
+public addArnPrincipal(arn: string): void
+```
+Specify a principal using the ARN  identifier of the principal.
+You cannot specify IAM groups and instance profiles as principals.
+###### `arn`<sup>Required</sup> <a name="arn" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addArnPrincipal.parameter.arn"></a>
+- *Type:* string
+ARN identifier of AWS account, IAM user, or IAM role (i.e. arn:aws:iam::123456789012:user/user-name).
+---
+##### `addAwsAccountPrincipal` <a name="addAwsAccountPrincipal" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addAwsAccountPrincipal"></a>
+```typescript
+public addAwsAccountPrincipal(accountId: string): void
+```
+Specify AWS account ID as the principal entity to the "Principal" section of a policy statement.
+###### `accountId`<sup>Required</sup> <a name="accountId" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addAwsAccountPrincipal.parameter.accountId"></a>
+- *Type:* string
+---
+##### `addCanonicalUserPrincipal` <a name="addCanonicalUserPrincipal" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addCanonicalUserPrincipal"></a>
+```typescript
+public addCanonicalUserPrincipal(canonicalUserId: string): void
+```
+Adds a canonical user ID principal to this policy document.
+###### `canonicalUserId`<sup>Required</sup> <a name="canonicalUserId" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addCanonicalUserPrincipal.parameter.canonicalUserId"></a>
+- *Type:* string
+unique identifier assigned by AWS for every account.
+---
+##### `addCondition` <a name="addCondition" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addCondition"></a>
+```typescript
+public addCondition(key: string, value: any): void
+```
+Add a condition to the Policy.
+If multiple calls are made to add a condition with the same operator and field, only
+the last one wins. For example:
+```ts
+declare const stmt: iam.PolicyStatement;
+stmt.addCondition('StringEquals', { 'aws:SomeField': '1' });
+stmt.addCondition('StringEquals', { 'aws:SomeField': '2' });
+```
+Will end up with the single condition `StringEquals: { 'aws:SomeField': '2' }`.
+If you meant to add a condition to say that the field can be *either* `1` or `2`, write
+this:
+```ts
+declare const stmt: iam.PolicyStatement;
+stmt.addCondition('StringEquals', { 'aws:SomeField': ['1', '2'] });
+```
+###### `key`<sup>Required</sup> <a name="key" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addCondition.parameter.key"></a>
+- *Type:* string
+---
+###### `value`<sup>Required</sup> <a name="value" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addCondition.parameter.value"></a>
+- *Type:* any
+---
+##### `addConditions` <a name="addConditions" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addConditions"></a>
+```typescript
+public addConditions(conditions: {[ key: string ]: any}): void
+```
+Add multiple conditions to the Policy.
+See the `addCondition` function for a caveat on calling this method multiple times.
+###### `conditions`<sup>Required</sup> <a name="conditions" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addConditions.parameter.conditions"></a>
+- *Type:* {[ key: string ]: any}
+---
+##### `addFederatedPrincipal` <a name="addFederatedPrincipal" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addFederatedPrincipal"></a>
+```typescript
+public addFederatedPrincipal(federated: any, conditions: {[ key: string ]: any}): void
+```
+Adds a federated identity provider such as Amazon Cognito to this policy statement.
+###### `federated`<sup>Required</sup> <a name="federated" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addFederatedPrincipal.parameter.federated"></a>
+- *Type:* any
+federated identity provider (i.e. 'cognito-identity.amazonaws.com').
+---
+###### `conditions`<sup>Required</sup> <a name="conditions" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addFederatedPrincipal.parameter.conditions"></a>
+- *Type:* {[ key: string ]: any}
+The conditions under which the policy is in effect.
+See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).
+---
+##### `addNotActions` <a name="addNotActions" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addNotActions"></a>
+```typescript
+public addNotActions(notActions: string): void
+```
+Explicitly allow all actions except the specified list of actions into the "NotAction" section of the policy document.
+> [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html)
+###### `notActions`<sup>Required</sup> <a name="notActions" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addNotActions.parameter.notActions"></a>
+- *Type:* string
+actions that will be denied.
+All other actions will be permitted.
+---
+##### `addNotPrincipals` <a name="addNotPrincipals" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addNotPrincipals"></a>
+```typescript
+public addNotPrincipals(notPrincipals: IPrincipal): void
+```
+Specify principals that is not allowed or denied access to the "NotPrincipal" section of a policy statement.
+> [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html)
+###### `notPrincipals`<sup>Required</sup> <a name="notPrincipals" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addNotPrincipals.parameter.notPrincipals"></a>
+- *Type:* aws-cdk-lib.aws_iam.IPrincipal
+IAM principals that will be denied access.
+---
+##### `addNotResources` <a name="addNotResources" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addNotResources"></a>
+```typescript
+public addNotResources(arns: string): void
+```
+Specify resources that this policy statement will not apply to in the "NotResource" section of this policy statement.
+All resources except the specified list will be matched.
+> [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html)
+###### `arns`<sup>Required</sup> <a name="arns" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addNotResources.parameter.arns"></a>
+- *Type:* string
+Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to.
+---
+##### `addPrincipals` <a name="addPrincipals" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addPrincipals"></a>
+```typescript
+public addPrincipals(principals: IPrincipal): void
+```
+Adds principals to the "Principal" section of a policy statement.
+> [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html)
+###### `principals`<sup>Required</sup> <a name="principals" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addPrincipals.parameter.principals"></a>
+- *Type:* aws-cdk-lib.aws_iam.IPrincipal
+IAM principals that will be added.
+---
+##### `addResources` <a name="addResources" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addResources"></a>
+```typescript
+public addResources(arns: string): void
+```
+Specify resources that this policy statement applies into the "Resource" section of this policy statement.
+> [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html)
+###### `arns`<sup>Required</sup> <a name="arns" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addResources.parameter.arns"></a>
+- *Type:* string
+Amazon Resource Names (ARNs) of the resources that this policy statement applies to.
+---
+##### `addServicePrincipal` <a name="addServicePrincipal" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addServicePrincipal"></a>
+```typescript
+public addServicePrincipal(service: string, opts?: ServicePrincipalOpts): void
+```
+Adds a service principal to this policy statement.
+###### `service`<sup>Required</sup> <a name="service" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addServicePrincipal.parameter.service"></a>
+- *Type:* string
+the service name for which a service principal is requested (e.g: `s3.amazonaws.com`).
+---
+###### `opts`<sup>Optional</sup> <a name="opts" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addServicePrincipal.parameter.opts"></a>
+- *Type:* aws-cdk-lib.aws_iam.ServicePrincipalOpts
+options for adding the service principal (such as specifying a principal in a different region).
+---
+##### `addSourceAccountCondition` <a name="addSourceAccountCondition" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addSourceAccountCondition"></a>
+```typescript
+public addSourceAccountCondition(accountId: string): void
+```
+Add an `StringEquals` condition that limits to a given account from `aws:SourceAccount`.
+This method can only be called once: subsequent calls will overwrite earlier calls.
+> [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount)
+###### `accountId`<sup>Required</sup> <a name="accountId" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addSourceAccountCondition.parameter.accountId"></a>
+- *Type:* string
+---
+##### `addSourceArnCondition` <a name="addSourceArnCondition" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addSourceArnCondition"></a>
+```typescript
+public addSourceArnCondition(arn: string): void
+```
+Add an `ArnEquals` condition that limits to a given resource arn from `aws:SourceArn`.
+This method can only be called once: subsequent calls will overwrite earlier calls.
+> [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn)
+###### `arn`<sup>Required</sup> <a name="arn" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.addSourceArnCondition.parameter.arn"></a>
+- *Type:* string
+---
+##### `copy` <a name="copy" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.copy"></a>
+```typescript
+public copy(overrides?: PolicyStatementProps): PolicyStatement
+```
+Create a new `PolicyStatement` with the same exact properties as this one, except for the overrides.
+###### `overrides`<sup>Optional</sup> <a name="overrides" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.copy.parameter.overrides"></a>
+- *Type:* aws-cdk-lib.aws_iam.PolicyStatementProps
+---
+##### `freeze` <a name="freeze" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.freeze"></a>
+```typescript
+public freeze(): PolicyStatement
+```
+Make the PolicyStatement immutable.
+After calling this, any of the `addXxx()` methods will throw an exception.
+Libraries that lazily generate statement bodies can override this method to
+fill the actual PolicyStatement fields. Be aware that this method may be called
+multiple times.
+##### `toJSON` <a name="toJSON" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.toJSON"></a>
+```typescript
+public toJSON(): any
+```
+JSON-ify the statement.
+Used when JSON.stringify() is called
+##### `toStatementJson` <a name="toStatementJson" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.toStatementJson"></a>
+```typescript
+public toStatementJson(): any
+```
+JSON-ify the policy statement.
+Used when JSON.stringify() is called
+##### `toString` <a name="toString" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.toString"></a>
+```typescript
+public toString(): string
+```
+String representation of this policy statement.
+##### `validateForAnyPolicy` <a name="validateForAnyPolicy" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.validateForAnyPolicy"></a>
+```typescript
+public validateForAnyPolicy(): string[]
+```
+Validate that the policy statement satisfies base requirements for a policy.
+##### `validateForIdentityPolicy` <a name="validateForIdentityPolicy" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.validateForIdentityPolicy"></a>
+```typescript
+public validateForIdentityPolicy(): string[]
+```
+Validate that the policy statement satisfies all requirements for an identity-based policy.
+##### `validateForResourcePolicy` <a name="validateForResourcePolicy" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.validateForResourcePolicy"></a>
+```typescript
+public validateForResourcePolicy(): string[]
+```
+Validate that the policy statement satisfies all requirements for a resource-based policy.
+#### Static Functions <a name="Static Functions" id="Static Functions"></a>
+| **Name** | **Description** |
+| --- | --- |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.fromJson">fromJson</a></code> | Creates a new PolicyStatement based on the object provided. |
+---
+##### `fromJson` <a name="fromJson" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.fromJson"></a>
+```typescript
+import { iam } from '@rio-cloud/cdk-v2-constructs'
+iam.EcrPullThroughCachePolicyStatement.fromJson(obj: any)
+```
+Creates a new PolicyStatement based on the object provided.
+This will accept an object created from the `.toJSON()` call
+###### `obj`<sup>Required</sup> <a name="obj" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.fromJson.parameter.obj"></a>
+- *Type:* any
+the PolicyStatement in object form.
+---
+#### Properties <a name="Properties" id="Properties"></a>
+| **Name** | **Type** | **Description** |
+| --- | --- | --- |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.actions">actions</a></code> | <code>string[]</code> | The Actions added to this statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.conditions">conditions</a></code> | <code>any</code> | The conditions added to this statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.frozen">frozen</a></code> | <code>boolean</code> | Whether the PolicyStatement has been frozen. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.hasPrincipal">hasPrincipal</a></code> | <code>boolean</code> | Indicates if this permission has a "Principal" section. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.hasResource">hasResource</a></code> | <code>boolean</code> | Indicates if this permission has at least one resource associated with it. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.notActions">notActions</a></code> | <code>string[]</code> | The NotActions added to this statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.notPrincipals">notPrincipals</a></code> | <code>aws-cdk-lib.aws_iam.IPrincipal[]</code> | The NotPrincipals added to this statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.notResources">notResources</a></code> | <code>string[]</code> | The NotResources added to this statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.principals">principals</a></code> | <code>aws-cdk-lib.aws_iam.IPrincipal[]</code> | The Principals added to this statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.resources">resources</a></code> | <code>string[]</code> | The Resources added to this statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.effect">effect</a></code> | <code>aws-cdk-lib.aws_iam.Effect</code> | Whether to allow or deny the actions in this statement Set effect for this statement. |
+| <code><a href="#@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.sid">sid</a></code> | <code>string</code> | Statement ID for this statement Set Statement ID for this statement. |
+---
+##### `actions`<sup>Required</sup> <a name="actions" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.actions"></a>
+```typescript
+public readonly actions: string[];
+```
+- *Type:* string[]
+The Actions added to this statement.
+---
+##### `conditions`<sup>Required</sup> <a name="conditions" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.conditions"></a>
+```typescript
+public readonly conditions: any;
+```
+- *Type:* any
+The conditions added to this statement.
+---
+##### `frozen`<sup>Required</sup> <a name="frozen" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.frozen"></a>
+```typescript
+public readonly frozen: boolean;
+```
+- *Type:* boolean
+Whether the PolicyStatement has been frozen.
+The statement object is frozen when `freeze()` is called.
+---
+##### `hasPrincipal`<sup>Required</sup> <a name="hasPrincipal" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.hasPrincipal"></a>
+```typescript
+public readonly hasPrincipal: boolean;
+```
+- *Type:* boolean
+Indicates if this permission has a "Principal" section.
+---
+##### `hasResource`<sup>Required</sup> <a name="hasResource" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.hasResource"></a>
+```typescript
+public readonly hasResource: boolean;
+```
+- *Type:* boolean
+Indicates if this permission has at least one resource associated with it.
+---
+##### `notActions`<sup>Required</sup> <a name="notActions" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.notActions"></a>
+```typescript
+public readonly notActions: string[];
+```
+- *Type:* string[]
+The NotActions added to this statement.
+---
+##### `notPrincipals`<sup>Required</sup> <a name="notPrincipals" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.notPrincipals"></a>
+```typescript
+public readonly notPrincipals: IPrincipal[];
+```
+- *Type:* aws-cdk-lib.aws_iam.IPrincipal[]
+The NotPrincipals added to this statement.
+---
+##### `notResources`<sup>Required</sup> <a name="notResources" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.notResources"></a>
+```typescript
+public readonly notResources: string[];
+```
+- *Type:* string[]
+The NotResources added to this statement.
+---
+##### `principals`<sup>Required</sup> <a name="principals" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.principals"></a>
+```typescript
+public readonly principals: IPrincipal[];
+```
+- *Type:* aws-cdk-lib.aws_iam.IPrincipal[]
+The Principals added to this statement.
+---
+##### `resources`<sup>Required</sup> <a name="resources" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.resources"></a>
+```typescript
+public readonly resources: string[];
+```
+- *Type:* string[]
+The Resources added to this statement.
+---
+##### `effect`<sup>Required</sup> <a name="effect" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.effect"></a>
+```typescript
+public readonly effect: Effect;
+```
+- *Type:* aws-cdk-lib.aws_iam.Effect
+Whether to allow or deny the actions in this statement Set effect for this statement.
+---
+##### `sid`<sup>Optional</sup> <a name="sid" id="@rio-cloud/cdk-v2-constructs.iam.EcrPullThroughCachePolicyStatement.property.sid"></a>
+```typescript
+public readonly sid: string;
+```
+- *Type:* string
+Statement ID for this statement Set Statement ID for this statement.
+---
 ### KafkaEventSpecSource <a name="KafkaEventSpecSource" id="@rio-cloud/cdk-v2-constructs.KafkaEventSpecSource"></a>
 Wrapper class for the event spec itself to support providing it via file or inline string.