PyPI - aws-cdk.aws-s3tables-alpha - Versions diffs - 2.212.0a0__py3-none-any.whl → 2.213.0a0__py3-none-any.whl - Mend

aws-cdk.aws-s3tables-alpha 2.212.0a0py3-none-any.whl → 2.213.0a0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of aws-cdk.aws-s3tables-alpha might be problematic. Click here for more details.

Files changed (11) hide show

aws_cdk/aws_s3tables_alpha/__init__.py CHANGED Viewed

@@ -156,11 +156,38 @@ encrypted_bucket_auto = TableBucket(scope, "EncryptedTableBucketAuto",
 )
 ```
+### Controlling Table Permissions
+```python
+# Grant the principal read permissions to the table
+account_id = "123456789012"
+table.grant_read(iam.AccountPrincipal(account_id))
+# Grant the role write permissions to the table
+role = iam.Role(stack, "MyRole", assumed_by=iam.ServicePrincipal("sample"))
+table.grant_write(role)
+# Grant the user read and write permissions to the table
+table.grant_read_write(iam.User(stack, "MyUser"))
+# Grant an account permissions to the table
+table.grant_read_write(iam.AccountPrincipal(account_id))
+# Add custom resource policy statements
+permissions = iam.PolicyStatement(
+    effect=iam.Effect.ALLOW,
+    actions=["s3tables:*"],
+    principals=[iam.ServicePrincipal("example.aws.internal")],
+    resources=["*"]
+)
+table.add_to_resource_policy(permissions)
+```
 ## Coming Soon
 L2 Construct support for:
-* Table Policy
 * KMS encryption support for Tables
 '''
 from pkgutil import extend_path
@@ -198,6 +225,7 @@ from ._jsii import *
 import aws_cdk as _aws_cdk_ceddda9d
 import aws_cdk.aws_iam as _aws_cdk_aws_iam_ceddda9d
 import aws_cdk.aws_kms as _aws_cdk_aws_kms_ceddda9d
+import aws_cdk.aws_s3tables as _aws_cdk_aws_s3tables_ceddda9d
 import constructs as _constructs_77d1e7e8
@@ -407,6 +435,83 @@ class ITable(_aws_cdk_ceddda9d.IResource, typing_extensions.Protocol):
         '''
         ...
+    @jsii.member(jsii_name="addToResourcePolicy")
+    def add_to_resource_policy(
+        self,
+        statement: _aws_cdk_aws_iam_ceddda9d.PolicyStatement,
+    ) -> _aws_cdk_aws_iam_ceddda9d.AddToResourcePolicyResult:
+        '''(experimental) Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this table.
+        Note that the policy statement may or may not be added to the policy.
+        For example, when an ``ITable`` is created from an existing table,
+        it's not possible to tell whether the table already has a policy
+        attached, let alone to re-use that policy to add more statements to it.
+        So it's safest to do nothing in these cases.
+        :param statement: the policy statement to be added to the table's policy.
+        :return:
+        metadata about the execution of this method. If the policy
+        was not added, the value of ``statementAdded`` will be ``false``. You
+        should always check this value to make sure that the operation was
+        actually carried out. Otherwise, synthesis and deploy will terminate
+        silently, which may be confusing.
+        :stability: experimental
+        '''
+        ...
+    @jsii.member(jsii_name="grantRead")
+    def grant_read(
+        self,
+        identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+    ) -> _aws_cdk_aws_iam_ceddda9d.Grant:
+        '''(experimental) Grant read permissions for this table to an IAM principal (Role/Group/User).
+        If the parent TableBucket of this table has encryption,
+        you should grant kms:Decrypt permission to use this key to the same principal.
+        :param identity: The principal to allow read permissions to.
+        :stability: experimental
+        '''
+        ...
+    @jsii.member(jsii_name="grantReadWrite")
+    def grant_read_write(
+        self,
+        identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+    ) -> _aws_cdk_aws_iam_ceddda9d.Grant:
+        '''(experimental) Grant read and write permissions for this table to an IAM principal (Role/Group/User).
+        If the parent TableBucket of this table has encryption,
+        you should grant kms:GenerateDataKey and kms:Decrypt permission
+        to use this key to the same principal.
+        :param identity: The principal to allow read and write permissions to.
+        :stability: experimental
+        '''
+        ...
+    @jsii.member(jsii_name="grantWrite")
+    def grant_write(
+        self,
+        identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+    ) -> _aws_cdk_aws_iam_ceddda9d.Grant:
+        '''(experimental) Grant write permissions for this table to an IAM principal (Role/Group/User).
+        If the parent TableBucket of this table has encryption,
+        you should grant kms:GenerateDataKey and kms:Decrypt permission
+        to use this key to the same principal.
+        :param identity: The principal to allow write permissions to.
+        :stability: experimental
+        '''
+        ...
 class _ITableProxy(
     jsii.proxy_for(_aws_cdk_ceddda9d.IResource), # type: ignore[misc]
@@ -458,6 +563,95 @@ class _ITableProxy(
         '''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "region"))
+    @jsii.member(jsii_name="addToResourcePolicy")
+    def add_to_resource_policy(
+        self,
+        statement: _aws_cdk_aws_iam_ceddda9d.PolicyStatement,
+    ) -> _aws_cdk_aws_iam_ceddda9d.AddToResourcePolicyResult:
+        '''(experimental) Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this table.
+        Note that the policy statement may or may not be added to the policy.
+        For example, when an ``ITable`` is created from an existing table,
+        it's not possible to tell whether the table already has a policy
+        attached, let alone to re-use that policy to add more statements to it.
+        So it's safest to do nothing in these cases.
+        :param statement: the policy statement to be added to the table's policy.
+        :return:
+        metadata about the execution of this method. If the policy
+        was not added, the value of ``statementAdded`` will be ``false``. You
+        should always check this value to make sure that the operation was
+        actually carried out. Otherwise, synthesis and deploy will terminate
+        silently, which may be confusing.
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__da6cde6f4428a664d5a067b88ed42d6a9c66af2a44cb2211d25ecd28073c5cf3)
+            check_type(argname="argument statement", value=statement, expected_type=type_hints["statement"])
+        return typing.cast(_aws_cdk_aws_iam_ceddda9d.AddToResourcePolicyResult, jsii.invoke(self, "addToResourcePolicy", [statement]))
+    @jsii.member(jsii_name="grantRead")
+    def grant_read(
+        self,
+        identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+    ) -> _aws_cdk_aws_iam_ceddda9d.Grant:
+        '''(experimental) Grant read permissions for this table to an IAM principal (Role/Group/User).
+        If the parent TableBucket of this table has encryption,
+        you should grant kms:Decrypt permission to use this key to the same principal.
+        :param identity: The principal to allow read permissions to.
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__3e83bfa5470edaff0a4a96df441439dc54d0e9371b70d2571426e560cb4ae2eb)
+            check_type(argname="argument identity", value=identity, expected_type=type_hints["identity"])
+        return typing.cast(_aws_cdk_aws_iam_ceddda9d.Grant, jsii.invoke(self, "grantRead", [identity]))
+    @jsii.member(jsii_name="grantReadWrite")
+    def grant_read_write(
+        self,
+        identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+    ) -> _aws_cdk_aws_iam_ceddda9d.Grant:
+        '''(experimental) Grant read and write permissions for this table to an IAM principal (Role/Group/User).
+        If the parent TableBucket of this table has encryption,
+        you should grant kms:GenerateDataKey and kms:Decrypt permission
+        to use this key to the same principal.
+        :param identity: The principal to allow read and write permissions to.
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__6e9db385d2bd54ad234de96ad643e346812e81e4cf447d2e614c92f8ce02037d)
+            check_type(argname="argument identity", value=identity, expected_type=type_hints["identity"])
+        return typing.cast(_aws_cdk_aws_iam_ceddda9d.Grant, jsii.invoke(self, "grantReadWrite", [identity]))
+    @jsii.member(jsii_name="grantWrite")
+    def grant_write(
+        self,
+        identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+    ) -> _aws_cdk_aws_iam_ceddda9d.Grant:
+        '''(experimental) Grant write permissions for this table to an IAM principal (Role/Group/User).
+        If the parent TableBucket of this table has encryption,
+        you should grant kms:GenerateDataKey and kms:Decrypt permission
+        to use this key to the same principal.
+        :param identity: The principal to allow write permissions to.
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__580625b8fab3a16de8ff8d5024b24a235d5bc9597470275f3fd5c04ef950a9d9)
+            check_type(argname="argument identity", value=identity, expected_type=type_hints["identity"])
+        return typing.cast(_aws_cdk_aws_iam_ceddda9d.Grant, jsii.invoke(self, "grantWrite", [identity]))
 # Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
 typing.cast(typing.Any, ITable).__jsii_proxy_class__ = lambda : _ITableProxy
@@ -1655,6 +1849,87 @@ class Table(
             check_type(argname="argument table_name", value=table_name, expected_type=type_hints["table_name"])
         return typing.cast(None, jsii.sinvoke(cls, "validateTableName", [table_name]))
+    @jsii.member(jsii_name="addToResourcePolicy")
+    def add_to_resource_policy(
+        self,
+        statement: _aws_cdk_aws_iam_ceddda9d.PolicyStatement,
+    ) -> _aws_cdk_aws_iam_ceddda9d.AddToResourcePolicyResult:
+        '''(experimental) Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this table.
+        Note that the policy statement may or may not be added to the policy.
+        For example, when an ``ITable`` is created from an existing table,
+        it's not possible to tell whether the table already has a policy
+        attached, let alone to re-use that policy to add more statements to it.
+        So it's safest to do nothing in these cases.
+        :param statement: -
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__bf2cc6b0089371bf3b3d86048c16f309f2afb3d7329dc28525f622d9e8006e27)
+            check_type(argname="argument statement", value=statement, expected_type=type_hints["statement"])
+        return typing.cast(_aws_cdk_aws_iam_ceddda9d.AddToResourcePolicyResult, jsii.invoke(self, "addToResourcePolicy", [statement]))
+    @jsii.member(jsii_name="grantRead")
+    def grant_read(
+        self,
+        identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+    ) -> _aws_cdk_aws_iam_ceddda9d.Grant:
+        '''(experimental) Grant read permissions for this table to an IAM principal (Role/Group/User).
+        If the parent TableBucket of this table has encryption,
+        you should grant kms:Decrypt permission to use this key to the same principal.
+        :param identity: -
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__f0556fb0bd61a76d9f9bdbab13c49228511a3523caa64f6dbed93963966ed96c)
+            check_type(argname="argument identity", value=identity, expected_type=type_hints["identity"])
+        return typing.cast(_aws_cdk_aws_iam_ceddda9d.Grant, jsii.invoke(self, "grantRead", [identity]))
+    @jsii.member(jsii_name="grantReadWrite")
+    def grant_read_write(
+        self,
+        identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+    ) -> _aws_cdk_aws_iam_ceddda9d.Grant:
+        '''(experimental) Grant read and write permissions for this table to an IAM principal (Role/Group/User).
+        If the parent TableBucket of this table has encryption,
+        you should grant kms:GenerateDataKey and kms:Decrypt permission
+        to use this key to the same principal.
+        :param identity: -
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__f751d804f7db1fb6bfea578e65d8642e7c39a6078f8effb3cc12bd1d6e5cdd45)
+            check_type(argname="argument identity", value=identity, expected_type=type_hints["identity"])
+        return typing.cast(_aws_cdk_aws_iam_ceddda9d.Grant, jsii.invoke(self, "grantReadWrite", [identity]))
+    @jsii.member(jsii_name="grantWrite")
+    def grant_write(
+        self,
+        identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+    ) -> _aws_cdk_aws_iam_ceddda9d.Grant:
+        '''(experimental) Grant write permissions for this table to an IAM principal (Role/Group/User).
+        If the parent TableBucket of this table has encryption,
+        you should grant kms:GenerateDataKey and kms:Decrypt permission
+        to use this key to the same principal.
+        :param identity: -
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__782a3a885790eb02b5e9bbd37dd4b038ae3f5d0bdcf890b812c9284899e029ce)
+            check_type(argname="argument identity", value=identity, expected_type=type_hints["identity"])
+        return typing.cast(_aws_cdk_aws_iam_ceddda9d.Grant, jsii.invoke(self, "grantWrite", [identity]))
     @jsii.python.classproperty
     @jsii.member(jsii_name="PROPERTY_INJECTION_ID")
     def PROPERTY_INJECTION_ID(cls) -> builtins.str:
@@ -1691,6 +1966,33 @@ class Table(
         '''
         return typing.cast(builtins.str, jsii.get(self, "tableName"))
+    @builtins.property
+    @jsii.member(jsii_name="tablePolicy")
+    def table_policy(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_s3tables_ceddda9d.CfnTablePolicy]:
+        '''(experimental) The resource policy for this table.
+        :stability: experimental
+        '''
+        return typing.cast(typing.Optional[_aws_cdk_aws_s3tables_ceddda9d.CfnTablePolicy], jsii.get(self, "tablePolicy"))
+    @builtins.property
+    @jsii.member(jsii_name="autoCreatePolicy")
+    def _auto_create_policy(self) -> builtins.bool:
+        '''(experimental) Indicates if a table resource policy should automatically created upon the first call to ``addToResourcePolicy``.
+        :stability: experimental
+        '''
+        return typing.cast(builtins.bool, jsii.get(self, "autoCreatePolicy"))
+    @_auto_create_policy.setter
+    def _auto_create_policy(self, value: builtins.bool) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__cc8c67ff83da04c70c080f40fd29333e2e8cae2c2f37dd6606ad76db5c4cc5d7)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "autoCreatePolicy", value) # pyright: ignore[reportArgumentType]
 @jsii.data_type(
     jsii_type="@aws-cdk/aws-s3tables-alpha.TableAttributes",
@@ -2632,6 +2934,190 @@ class TableBucketProps:
         )
+class TablePolicy(
+    _aws_cdk_ceddda9d.Resource,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="@aws-cdk/aws-s3tables-alpha.TablePolicy",
+):
+    '''(experimental) A  Policy for S3 Tables.
+    You will almost never need to use this construct directly.
+    Instead, Table.addToResourcePolicy can be used to add more policies to your table directly
+    :stability: experimental
+    :exampleMetadata: fixture=_generated
+    Example::
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        import aws_cdk.aws_s3tables_alpha as s3tables_alpha
+        import aws_cdk as cdk
+        from aws_cdk import aws_iam as iam
+        # policy_document: iam.PolicyDocument
+        # table: s3tables_alpha.Table
+        table_policy = s3tables_alpha.TablePolicy(self, "MyTablePolicy",
+            table=table,
+            # the properties below are optional
+            removal_policy=cdk.RemovalPolicy.DESTROY,
+            resource_policy=policy_document
+        )
+    '''
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        table: ITable,
+        removal_policy: typing.Optional[_aws_cdk_ceddda9d.RemovalPolicy] = None,
+        resource_policy: typing.Optional[_aws_cdk_aws_iam_ceddda9d.PolicyDocument] = None,
+    ) -> None:
+        '''
+        :param scope: -
+        :param id: -
+        :param table: (experimental) The associated table.
+        :param removal_policy: (experimental) Policy to apply when the policy is removed from this stack. Default: - RemovalPolicy.DESTROY.
+        :param resource_policy: (experimental) The policy document for the table's resource policy. Default: undefined An empty iam.PolicyDocument will be initialized
+        :stability: experimental
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__8b78bf56e8d94ea2b7e7602cfb78ea18ec614a55b94a18e39d69bd1c23964cf8)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = TablePolicyProps(
+            table=table, removal_policy=removal_policy, resource_policy=resource_policy
+        )
+        jsii.create(self.__class__, self, [scope, id, props])
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="PROPERTY_INJECTION_ID")
+    def PROPERTY_INJECTION_ID(cls) -> builtins.str:
+        '''(experimental) Uniquely identifies this class.
+        :stability: experimental
+        '''
+        return typing.cast(builtins.str, jsii.sget(cls, "PROPERTY_INJECTION_ID"))
+    @builtins.property
+    @jsii.member(jsii_name="document")
+    def document(self) -> _aws_cdk_aws_iam_ceddda9d.PolicyDocument:
+        '''(experimental) The IAM PolicyDocument containing permissions represented by this policy.
+        :stability: experimental
+        '''
+        return typing.cast(_aws_cdk_aws_iam_ceddda9d.PolicyDocument, jsii.get(self, "document"))
+@jsii.data_type(
+    jsii_type="@aws-cdk/aws-s3tables-alpha.TablePolicyProps",
+    jsii_struct_bases=[],
+    name_mapping={
+        "table": "table",
+        "removal_policy": "removalPolicy",
+        "resource_policy": "resourcePolicy",
+    },
+)
+class TablePolicyProps:
+    def __init__(
+        self,
+        *,
+        table: ITable,
+        removal_policy: typing.Optional[_aws_cdk_ceddda9d.RemovalPolicy] = None,
+        resource_policy: typing.Optional[_aws_cdk_aws_iam_ceddda9d.PolicyDocument] = None,
+    ) -> None:
+        '''(experimental) Parameters for constructing a TablePolicy.
+        :param table: (experimental) The associated table.
+        :param removal_policy: (experimental) Policy to apply when the policy is removed from this stack. Default: - RemovalPolicy.DESTROY.
+        :param resource_policy: (experimental) The policy document for the table's resource policy. Default: undefined An empty iam.PolicyDocument will be initialized
+        :stability: experimental
+        :exampleMetadata: fixture=_generated
+        Example::
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            import aws_cdk.aws_s3tables_alpha as s3tables_alpha
+            import aws_cdk as cdk
+            from aws_cdk import aws_iam as iam
+            # policy_document: iam.PolicyDocument
+            # table: s3tables_alpha.Table
+            table_policy_props = s3tables_alpha.TablePolicyProps(
+                table=table,
+                # the properties below are optional
+                removal_policy=cdk.RemovalPolicy.DESTROY,
+                resource_policy=policy_document
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__b086238e24aebc145195c4cca70cd83d65abedf1539c0b11b96843994c862fb8)
+            check_type(argname="argument table", value=table, expected_type=type_hints["table"])
+            check_type(argname="argument removal_policy", value=removal_policy, expected_type=type_hints["removal_policy"])
+            check_type(argname="argument resource_policy", value=resource_policy, expected_type=type_hints["resource_policy"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "table": table,
+        }
+        if removal_policy is not None:
+            self._values["removal_policy"] = removal_policy
+        if resource_policy is not None:
+            self._values["resource_policy"] = resource_policy
+    @builtins.property
+    def table(self) -> ITable:
+        '''(experimental) The associated table.
+        :stability: experimental
+        '''
+        result = self._values.get("table")
+        assert result is not None, "Required property 'table' is missing"
+        return typing.cast(ITable, result)
+    @builtins.property
+    def removal_policy(self) -> typing.Optional[_aws_cdk_ceddda9d.RemovalPolicy]:
+        '''(experimental) Policy to apply when the policy is removed from this stack.
+        :default: - RemovalPolicy.DESTROY.
+        :stability: experimental
+        '''
+        result = self._values.get("removal_policy")
+        return typing.cast(typing.Optional[_aws_cdk_ceddda9d.RemovalPolicy], result)
+    @builtins.property
+    def resource_policy(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_iam_ceddda9d.PolicyDocument]:
+        '''(experimental) The policy document for the table's resource policy.
+        :default: undefined An empty iam.PolicyDocument will be initialized
+        :stability: experimental
+        '''
+        result = self._values.get("resource_policy")
+        return typing.cast(typing.Optional[_aws_cdk_aws_iam_ceddda9d.PolicyDocument], result)
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+    def __repr__(self) -> str:
+        return "TablePolicyProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
 @jsii.data_type(
     jsii_type="@aws-cdk/aws-s3tables-alpha.TableProps",
     jsii_struct_bases=[],
@@ -3007,6 +3493,8 @@ __all__ = [
     "TableBucketPolicy",
     "TableBucketPolicyProps",
     "TableBucketProps",
+    "TablePolicy",
+    "TablePolicyProps",
     "TableProps",
     "UnreferencedFileRemoval",
     "UnreferencedFileRemovalStatus",
@@ -3022,6 +3510,30 @@ def _typecheckingstub__ea606cde59917b73fdb198d73eabdbbe686fdbd73e01ef72284a9061e
     """Type checking stubs"""
     pass
+def _typecheckingstub__da6cde6f4428a664d5a067b88ed42d6a9c66af2a44cb2211d25ecd28073c5cf3(
+    statement: _aws_cdk_aws_iam_ceddda9d.PolicyStatement,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__3e83bfa5470edaff0a4a96df441439dc54d0e9371b70d2571426e560cb4ae2eb(
+    identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__6e9db385d2bd54ad234de96ad643e346812e81e4cf447d2e614c92f8ce02037d(
+    identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__580625b8fab3a16de8ff8d5024b24a235d5bc9597470275f3fd5c04ef950a9d9(
+    identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+) -> None:
+    """Type checking stubs"""
+    pass
 def _typecheckingstub__a7c10542c60e15926bb4ef59925c4f6c0878400e041897780edddaa65054d627(
     statement: _aws_cdk_aws_iam_ceddda9d.PolicyStatement,
 ) -> None:
@@ -3157,6 +3669,36 @@ def _typecheckingstub__536e137c7e7454507b9ec796514d014c3913e8c528dfeba351b5e0e36
     """Type checking stubs"""
     pass
+def _typecheckingstub__bf2cc6b0089371bf3b3d86048c16f309f2afb3d7329dc28525f622d9e8006e27(
+    statement: _aws_cdk_aws_iam_ceddda9d.PolicyStatement,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__f0556fb0bd61a76d9f9bdbab13c49228511a3523caa64f6dbed93963966ed96c(
+    identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__f751d804f7db1fb6bfea578e65d8642e7c39a6078f8effb3cc12bd1d6e5cdd45(
+    identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__782a3a885790eb02b5e9bbd37dd4b038ae3f5d0bdcf890b812c9284899e029ce(
+    identity: _aws_cdk_aws_iam_ceddda9d.IGrantable,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__cc8c67ff83da04c70c080f40fd29333e2e8cae2c2f37dd6606ad76db5c4cc5d7(
+    value: builtins.bool,
+) -> None:
+    """Type checking stubs"""
+    pass
 def _typecheckingstub__20a648b98b2aa2a4eec0f744feac0d8ec3ee06e18fb2a623e889d224bf8fec03(
     *,
     table_arn: builtins.str,
@@ -3284,6 +3826,26 @@ def _typecheckingstub__aa14ccf904c2576c446af7122d6335d3a92b012274a231120ab28c942
     """Type checking stubs"""
     pass
+def _typecheckingstub__8b78bf56e8d94ea2b7e7602cfb78ea18ec614a55b94a18e39d69bd1c23964cf8(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    table: ITable,
+    removal_policy: typing.Optional[_aws_cdk_ceddda9d.RemovalPolicy] = None,
+    resource_policy: typing.Optional[_aws_cdk_aws_iam_ceddda9d.PolicyDocument] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+def _typecheckingstub__b086238e24aebc145195c4cca70cd83d65abedf1539c0b11b96843994c862fb8(
+    *,
+    table: ITable,
+    removal_policy: typing.Optional[_aws_cdk_ceddda9d.RemovalPolicy] = None,
+    resource_policy: typing.Optional[_aws_cdk_aws_iam_ceddda9d.PolicyDocument] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
 def _typecheckingstub__adbbcc05d3dc39dfd296a872f006be429c733d0afc6f602e57bd2bede716f05e(
     *,
     namespace: INamespace,

aws_cdk/aws_s3tables_alpha/_jsii/__init__.py CHANGED Viewed

@@ -33,9 +33,9 @@ import constructs._jsii
 __jsii_assembly__ = jsii.JSIIAssembly.load(
     "@aws-cdk/aws-s3tables-alpha",
-    "2.212.0-alpha.0",
+    "2.213.0-alpha.0",
     __name__[0:-6],
-    "aws-s3tables-alpha@2.212.0-alpha.0.jsii.tgz",
+    "aws-s3tables-alpha@2.213.0-alpha.0.jsii.tgz",
 )
 __all__ = [

aws_cdk/aws_s3tables_alpha/_jsii/aws-s3tables-alpha@2.213.0-alpha.0.jsii.tgz ADDED Viewed

Binary file

{aws_cdk_aws_s3tables_alpha-2.212.0a0.dist-info → aws_cdk_aws_s3tables_alpha-2.213.0a0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk.aws-s3tables-alpha
-Version: 2.212.0a0
+Version: 2.213.0a0
 Summary: CDK Constructs for S3 Tables
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services
@@ -22,7 +22,7 @@ Requires-Python: ~=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: NOTICE
-Requires-Dist: aws-cdk-lib <3.0.0,>=2.212.0
+Requires-Dist: aws-cdk-lib <3.0.0,>=2.213.0
 Requires-Dist: constructs <11.0.0,>=10.0.0
 Requires-Dist: jsii <2.0.0,>=1.113.0
 Requires-Dist: publication >=0.0.3
@@ -185,9 +185,36 @@ encrypted_bucket_auto = TableBucket(scope, "EncryptedTableBucketAuto",
 )
 ```
+### Controlling Table Permissions
+```python
+# Grant the principal read permissions to the table
+account_id = "123456789012"
+table.grant_read(iam.AccountPrincipal(account_id))
+# Grant the role write permissions to the table
+role = iam.Role(stack, "MyRole", assumed_by=iam.ServicePrincipal("sample"))
+table.grant_write(role)
+# Grant the user read and write permissions to the table
+table.grant_read_write(iam.User(stack, "MyUser"))
+# Grant an account permissions to the table
+table.grant_read_write(iam.AccountPrincipal(account_id))
+# Add custom resource policy statements
+permissions = iam.PolicyStatement(
+    effect=iam.Effect.ALLOW,
+    actions=["s3tables:*"],
+    principals=[iam.ServicePrincipal("example.aws.internal")],
+    resources=["*"]
+)
+table.add_to_resource_policy(permissions)
+```
 ## Coming Soon
 L2 Construct support for:
-* Table Policy
 * KMS encryption support for Tables

aws_cdk_aws_s3tables_alpha-2.213.0a0.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,10 @@
+aws_cdk/aws_s3tables_alpha/__init__.py,sha256=HBYS-WiHLol69mRGqPrLIuVmn4gbDPTlIeNUUfZcofo,157772
+aws_cdk/aws_s3tables_alpha/py.typed,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
+aws_cdk/aws_s3tables_alpha/_jsii/__init__.py,sha256=BPv-B-K9JbimVrJR2hjQdOf5F_oGzn85v_4lhooyCjc,1489
+aws_cdk/aws_s3tables_alpha/_jsii/aws-s3tables-alpha@2.213.0-alpha.0.jsii.tgz,sha256=3d4sz_06Ixkwi9Oq2HjL2fkHSLgR2ihMS9WZBJKZb5s,88857
+aws_cdk_aws_s3tables_alpha-2.213.0a0.dist-info/LICENSE,sha256=y47tc38H0C4DpGljYUZDl8XxidQjNxxGLq-K4jwv6Xc,11391
+aws_cdk_aws_s3tables_alpha-2.213.0a0.dist-info/METADATA,sha256=zSb_F12LibvCNuML8J7uv-UOErq_mL7hjpromuvYChY,7238
+aws_cdk_aws_s3tables_alpha-2.213.0a0.dist-info/NOTICE,sha256=ZDV6_xBfMvhFtjjBh_f6lJjhZ2AEWWAGGkx2kLKHiuc,113
+aws_cdk_aws_s3tables_alpha-2.213.0a0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
+aws_cdk_aws_s3tables_alpha-2.213.0a0.dist-info/top_level.txt,sha256=1TALAKbuUGsMSrfKWEf268lySCmcqSEO6cDYe_XlLHM,8
+aws_cdk_aws_s3tables_alpha-2.213.0a0.dist-info/RECORD,,

aws_cdk/aws_s3tables_alpha/_jsii/aws-s3tables-alpha@2.212.0-alpha.0.jsii.tgz DELETED Viewed

Binary file

aws_cdk_aws_s3tables_alpha-2.212.0a0.dist-info/RECORD DELETED Viewed

@@ -1,10 +0,0 @@
-aws_cdk/aws_s3tables_alpha/__init__.py,sha256=QmCNmghPpBAzY8ACPD6zOLII25mW9ZCFp_EebGnR8Vs,134643
-aws_cdk/aws_s3tables_alpha/py.typed,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
-aws_cdk/aws_s3tables_alpha/_jsii/__init__.py,sha256=zDvEZ9WaGAQbxl5VqvFxD5v5W0VTMkRp_Ag-pHeKGPc,1489
-aws_cdk/aws_s3tables_alpha/_jsii/aws-s3tables-alpha@2.212.0-alpha.0.jsii.tgz,sha256=ldEWmK__oZzpHNLKY0karAGE7N_VUGVBdZrmfp4DyXE,81240
-aws_cdk_aws_s3tables_alpha-2.212.0a0.dist-info/LICENSE,sha256=y47tc38H0C4DpGljYUZDl8XxidQjNxxGLq-K4jwv6Xc,11391
-aws_cdk_aws_s3tables_alpha-2.212.0a0.dist-info/METADATA,sha256=UZCQ1YTOyzbxv9CM_22fMIhnLqGvYkyYEpxn31JjsUA,6452
-aws_cdk_aws_s3tables_alpha-2.212.0a0.dist-info/NOTICE,sha256=ZDV6_xBfMvhFtjjBh_f6lJjhZ2AEWWAGGkx2kLKHiuc,113
-aws_cdk_aws_s3tables_alpha-2.212.0a0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
-aws_cdk_aws_s3tables_alpha-2.212.0a0.dist-info/top_level.txt,sha256=1TALAKbuUGsMSrfKWEf268lySCmcqSEO6cDYe_XlLHM,8
-aws_cdk_aws_s3tables_alpha-2.212.0a0.dist-info/RECORD,,

{aws_cdk_aws_s3tables_alpha-2.212.0a0.dist-info → aws_cdk_aws_s3tables_alpha-2.213.0a0.dist-info}/LICENSE RENAMED Viewed

File without changes

{aws_cdk_aws_s3tables_alpha-2.212.0a0.dist-info → aws_cdk_aws_s3tables_alpha-2.213.0a0.dist-info}/NOTICE RENAMED Viewed

File without changes

{aws_cdk_aws_s3tables_alpha-2.212.0a0.dist-info → aws_cdk_aws_s3tables_alpha-2.213.0a0.dist-info}/WHEEL RENAMED Viewed

File without changes

{aws_cdk_aws_s3tables_alpha-2.212.0a0.dist-info → aws_cdk_aws_s3tables_alpha-2.213.0a0.dist-info}/top_level.txt RENAMED Viewed

File without changes

aws-cdk.aws-s3tables-alpha 2.212.0a0__py3-none-any.whl → 2.213.0a0__py3-none-any.whl

Potentially problematic release.

aws-cdk.aws-s3tables-alpha 2.212.0a0py3-none-any.whl → 2.213.0a0py3-none-any.whl