cdk-iam-floyd 0.806.0 → 0.807.0

package/README.md

@@ -16,9 +16,9 @@
 Support for:
 
 - 451 Services
-- 21206 Actions
-- 2242 Resource Types
-- 2373 Condition keys
+- 21229 Actions
+- 2244 Resource Types
+- 2374 Condition keys
 <!-- /stats -->
 
 ![EXPERIMENTAL](https://img.shields.io/badge/stability-experimantal-orange?style=for-the-badge)**<br>This is an early version of the package. The API will change while I implement new features. Therefore make sure you use an exact version in your `package.json` before it reaches 1.0.0.**

package/lib/generated/policy-statements/cloudwatch.d.ts

@@ -57,6 +57,11 @@ export declare class Cloudwatch extends PolicyStatement {
      *
      * Access Level: Write
      *
+     * Dependent actions:
+     * - logs:CreateScheduledQuery
+     * - logs:DeleteScheduledQuery
+     * - logs:GetScheduledQuery
+     *
      * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DeleteAlarms.html
      */
     toDeleteAlarms(): this;
@@ -212,6 +217,17 @@ export declare class Cloudwatch extends PolicyStatement {
      * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetDashboard.html
      */
     toGetDashboard(): this;
+    /**
+     * Grants permission to get a dataset
+     *
+     * Access Level: Read
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
+     *
+     * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetDataset.html
+     */
+    toGetDataset(): this;
     /**
      * Grants permission to return the top-N report of unique contributors over a time range for a given insight rule
      *
@@ -221,7 +237,7 @@ export declare class Cloudwatch extends PolicyStatement {
      */
     toGetInsightRuleReport(): this;
     /**
-     * Grants permission to retrieve batch amounts of CloudWatch metric data and perform metric math on retrieved data
+     * Grants permission to retrieve batch amounts of CloudWatch classic metric data and perform metric math on retrieved data; and grants permission to retrieve OTLP metric data using PromQL
      *
      * Access Level: Read
      *
@@ -443,6 +459,26 @@ export declare class Cloudwatch extends PolicyStatement {
      * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutInsightRule.html
      */
     toPutInsightRule(): this;
+    /**
+     * Grants permission to create or update a log-based alarm and associate it with a CloudWatch Logs Insights scheduled query
+     *
+     * Access Level: Write
+     *
+     * Possible conditions:
+     * - .ifAwsRequestTag()
+     * - .ifAwsTagKeys()
+     * - .ifAlarmActions()
+     *
+     * Dependent actions:
+     * - iam:PassRole
+     * - logs:CreateScheduledQuery
+     * - logs:DeleteScheduledQuery
+     * - logs:GetScheduledQuery
+     * - logs:UpdateScheduledQuery
+     *
+     * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutLogAlarm.html
+     */
+    toPutLogAlarm(): this;
     /**
      * Grants permission to create managed Insight Rules
      *
@@ -470,7 +506,7 @@ export declare class Cloudwatch extends PolicyStatement {
      */
     toPutMetricAlarm(): this;
     /**
-     * Grants permission to publish metric data points to Amazon CloudWatch
+     * Grants permission to publish metric data points to Amazon CloudWatch using CloudWatch and OTLP formats
      *
      * Access Level: Write
      *
@@ -605,6 +641,20 @@ export declare class Cloudwatch extends PolicyStatement {
      * - .ifAwsResourceTag()
      */
     onDashboard(dashboardName: string, account?: string, partition?: string): this;
+    /**
+     * Adds a resource of type dataset to the statement
+     *
+     * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html
+     *
+     * @param datasetId - Identifier for the datasetId.
+     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+     * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
+     */
+    onDataset(datasetId: string, account?: string, region?: string, partition?: string): this;
     /**
      * Adds a resource of type insight-rule to the statement
      *
@@ -663,7 +713,7 @@ export declare class Cloudwatch extends PolicyStatement {
      */
     onService(serviceName: string, uniqueAttributesHex: string, account?: string, region?: string, partition?: string): this;
     /**
-     * Filters actions based on the allowed set of values for each of the tags
+     * Filters access by the presence of tags in the request
      *
      * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
      *
@@ -674,6 +724,7 @@ export declare class Cloudwatch extends PolicyStatement {
      * - .toPutCompositeAlarm()
      * - .toPutDashboard()
      * - .toPutInsightRule()
+     * - .toPutLogAlarm()
      * - .toPutManagedInsightRules()
      * - .toPutMetricAlarm()
      * - .toPutMetricStream()
@@ -685,14 +736,25 @@ export declare class Cloudwatch extends PolicyStatement {
      */
     ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
     /**
-     * Filters actions based on tag-value associated with the resource
+     * Filters access by tags associated with the resource
      *
      * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
      *
+     * Applies to actions:
+     * - .toGetDataset()
+     * - .toGetMetricData()
+     * - .toListMetrics()
+     * - .toListTagsForResource()
+     * - .toPutMetricAlarm()
+     * - .toPutMetricData()
+     * - .toTagResource()
+     * - .toUntagResource()
+     *
      * Applies to resource types:
      * - alarm
      * - alarm-mute-rule
      * - dashboard
+     * - dataset
      * - insight-rule
      * - metric-stream
      * - slo
@@ -704,7 +766,7 @@ export declare class Cloudwatch extends PolicyStatement {
      */
     ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
     /**
-     * Filters actions based on the presence of mandatory tags in the request
+     * Filters access by the presence of tags in the request
      *
      * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
      *
@@ -715,6 +777,7 @@ export declare class Cloudwatch extends PolicyStatement {
      * - .toPutCompositeAlarm()
      * - .toPutDashboard()
      * - .toPutInsightRule()
+     * - .toPutLogAlarm()
      * - .toPutManagedInsightRules()
      * - .toPutMetricAlarm()
      * - .toPutMetricStream()
@@ -726,12 +789,13 @@ export declare class Cloudwatch extends PolicyStatement {
      */
     ifAwsTagKeys(value: string | string[], operator?: Operator | string): this;
     /**
-     * Filters actions based on defined alarm actions
+     * Filters access by defined alarm actions
      *
      * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-cw-condition-keys-alarm-actions.html
      *
      * Applies to actions:
      * - .toPutCompositeAlarm()
+     * - .toPutLogAlarm()
      * - .toPutMetricAlarm()
      *
      * @param value The value(s) to check
@@ -739,7 +803,7 @@ export declare class Cloudwatch extends PolicyStatement {
      */
     ifAlarmActions(value: string | string[], operator?: Operator | string): this;
     /**
-     * Filters actions based on the presence of optional namespace values
+     * Filters access by the presence of optional namespace values
      *
      * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-cw-condition-keys-namespace.html
      *
@@ -751,7 +815,7 @@ export declare class Cloudwatch extends PolicyStatement {
      */
     ifNamespace(value: string | string[], operator?: Operator | string): this;
     /**
-     * Filters actions based on the Log Groups specified in an Insight Rule
+     * Filters access by the Log Groups specified in an Insight Rule
      *
      * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-cw-condition-keys-contributor.html
      *