Class IamManager

Provides operations on AWS

A new instance of this class is injected into CommonConstruct constructor.
If a custom construct extends CommonConstruct, an instance is available within the context.

Example

import { CommonConstruct } from '@gradientedge/cdk-utils'

class CustomConstruct extends CommonConstruct {
  constructor(parent: Construct, id: string, props: common.CommonStackProps) {
    super(parent, id, props)
    this.props = props
    this.iamManager.createRoleForEcsEvent('MyEcsRole', this, cluster, task)
  }
}

See

[CDK IAM Module]https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam-readme.html

Index

Constructors

constructor

Methods

createPolicyForCloudfrontInvalidation createPolicyForSqsEvent createRoleForAppConfigSecrets createRoleForCloudfrontInvalidation createRoleForCloudTrail createRoleForDynamoDbToLambdaPipe createRoleForEcsEvent createRoleForEcsExecution createRoleForLambda createRoleForSqsToLambdaPipe createRoleForSqsToSfnPipe createRoleForStepFunction statementForAppConfigExecution statementForAssumeRole statementForCloudfrontInvalidation statementForCreateAnyLogStream statementForCreateLogStream statementForDecryptKms statementForDeleteAnyS3Objects statementFordynamoDbStream statementForEcsPassRole statementForGetAnyS3Objects statementForInvokeLambda statementForListAllMyBuckets statementForListBucket statementForPassRole statementForPollQueue statementForPutAnyLogEvent statementForPutAnyS3Objects statementForPutEvents statementForPutLogEvent statementForPutXrayTelemetry statementForReadAnyAppConfig statementForReadSecrets statementForReadTableItems statementForRunEcsTask statementForStartExecution statementForWriteEfs statementForWriteTableItems

Constructors

constructor

new IamManager(): IamManager
Returns IamManager

Methods

createPolicyForCloudfrontInvalidation

createPolicyForCloudfrontInvalidation(resourceArns?: string[]): PolicyDocument
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyDocument
- Defined in packages/aws/src/services/identity-access-management/main.ts:415

createPolicyForSqsEvent

createPolicyForSqsEvent(
    id: string,
    scope: CommonConstruct,
    sqsQueue: Queue,
    eventBridgeRule: IRule,
    servicePrincipals?: ServicePrincipal[],
): PolicyDocument
Parameters
- id: string
  scoped id of the resource
- scope: CommonConstruct
  scope in which this resource is defined
- sqsQueue: Queue
- eventBridgeRule: IRule
- OptionalservicePrincipals: ServicePrincipal[]
Returns PolicyDocument
- Defined in packages/aws/src/services/identity-access-management/main.ts:443

createRoleForAppConfigSecrets

createRoleForAppConfigSecrets(
    id: string,
    scope: CommonConstruct,
    policy: PolicyDocument,
    servicePrincipal?: ServicePrincipal,
): Role
Parameters
- id: string
  scoped id of the resource
- scope: CommonConstruct
  scope in which this resource is defined
- policy: PolicyDocument
- OptionalservicePrincipal: ServicePrincipal
Returns Role
- Defined in packages/aws/src/services/identity-access-management/main.ts:603

createRoleForCloudfrontInvalidation

createRoleForCloudfrontInvalidation(id: string, scope: CommonConstruct): Role
Parameters
- id: string
  scoped id of the resource
- scope: CommonConstruct
  scope in which this resource is defined
Returns Role
- Defined in packages/aws/src/services/identity-access-management/main.ts:472

createRoleForCloudTrail

createRoleForCloudTrail(
    id: string,
    scope: CommonConstruct,
    logGroup: CfnLogGroup,
): CfnRole
Parameters
- id: string
  scoped id of the resource
- scope: CommonConstruct
  scope in which this resource is defined
- logGroup: CfnLogGroup
Returns CfnRole
- Defined in packages/aws/src/services/identity-access-management/main.ts:488

createRoleForDynamoDbToLambdaPipe

createRoleForDynamoDbToLambdaPipe(
    id: string,
    scope: CommonConstruct,
    dynamoDbStreamArn: string,
    lambdaFunctionArn: string,
): Role
Parameters
- id: string
  scoped id of the resource
- scope: CommonConstruct
  scope in which this resource is defined
- dynamoDbStreamArn: string
  the arn of the dynamoDb Stream queue
- lambdaFunctionArn: string
  the arn of the lambda function
Returns Role
- Defined in packages/aws/src/services/identity-access-management/main.ts:708

createRoleForEcsEvent

createRoleForEcsEvent(
    id: string,
    scope: CommonConstruct,
    cluster: ICluster,
    task: ITaskDefinition,
): Role
Parameters
- id: string
  scoped id of the resource
- scope: CommonConstruct
  scope in which this resource is defined
- cluster: ICluster
- task: ITaskDefinition
Returns Role
- Defined in packages/aws/src/services/identity-access-management/main.ts:518

createRoleForEcsExecution

createRoleForEcsExecution(
    id: string,
    scope: CommonConstruct,
    policy: PolicyDocument,
): Role
Parameters
- id: string
  scoped id of the resource
- scope: CommonConstruct
  scope in which this resource is defined
- policy: PolicyDocument
Returns Role
- Defined in packages/aws/src/services/identity-access-management/main.ts:542

createRoleForLambda

createRoleForLambda(
    id: string,
    scope: CommonConstruct,
    policy: PolicyDocument,
    servicePrincipal?: ServicePrincipal,
): Role
Parameters
- id: string
  scoped id of the resource
- scope: CommonConstruct
  scope in which this resource is defined
- policy: PolicyDocument
- OptionalservicePrincipal: ServicePrincipal
Returns Role
- Defined in packages/aws/src/services/identity-access-management/main.ts:570

createRoleForSqsToLambdaPipe

createRoleForSqsToLambdaPipe(
    id: string,
    scope: CommonConstruct,
    queueArn: string,
    lambdaArn: string,
): Role
Parameters
- id: string
  scoped id of the resource
- scope: CommonConstruct
  scope in which this resource is defined
- queueArn: string
  the arn of the sqs queue
- lambdaArn: string
  the arn of the lambda function
Returns Role
- Defined in packages/aws/src/services/identity-access-management/main.ts:685

createRoleForSqsToSfnPipe

createRoleForSqsToSfnPipe(
    id: string,
    scope: CommonConstruct,
    queueArn: string,
    stepFunctionArn: string,
): Role
Parameters
- id: string
  scoped id of the resource
- scope: CommonConstruct
  scope in which this resource is defined
- queueArn: string
  the arn of the sqs queue
- stepFunctionArn: string
  the arn of the step function
Returns Role
- Defined in packages/aws/src/services/identity-access-management/main.ts:662

createRoleForStepFunction

createRoleForStepFunction(
    id: string,
    scope: CommonConstruct,
    policy: PolicyDocument,
    servicePrincipal?: ServicePrincipal,
): Role
Parameters
- id: string
  scoped id of the resource
- scope: CommonConstruct
  scope in which this resource is defined
- policy: PolicyDocument
- OptionalservicePrincipal: ServicePrincipal
Returns Role
- Defined in packages/aws/src/services/identity-access-management/main.ts:629

statementForAppConfigExecution

statementForAppConfigExecution(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:130

statementForAssumeRole

statementForAssumeRole(
scope: CommonConstruct,
servicePrincipals: ServicePrincipal[],
): PolicyStatement
Parameters
- scope: CommonConstruct
  scope in which this resource is defined
- servicePrincipals: ServicePrincipal[]
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:270

statementForCloudfrontInvalidation

statementForCloudfrontInvalidation(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:245

statementForCreateAnyLogStream

statementForCreateAnyLogStream(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:328

statementForCreateLogStream

statementForCreateLogStream(
scope: CommonConstruct,
logGroup: CfnLogGroup,
): PolicyStatement
Parameters
- scope: CommonConstruct
  scope in which this resource is defined
- logGroup: CfnLogGroup
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:311

statementForDecryptKms

statementForDecryptKms(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:154

statementForDeleteAnyS3Objects

statementForDeleteAnyS3Objects(
    scope: CommonConstruct,
    bucket: IBucket,
    resourceArns?: string[],
): PolicyStatement
Parameters
- scope: CommonConstruct
  scope in which this resource is defined
- bucket: IBucket
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:207

statementFordynamoDbStream

statementFordynamoDbStream(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:403

statementForEcsPassRole

statementForEcsPassRole(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:282

statementForGetAnyS3Objects

statementForGetAnyS3Objects(
    scope: CommonConstruct,
    bucket: IBucket,
    resourceArns?: string[],
): PolicyStatement
Parameters
- scope: CommonConstruct
  scope in which this resource is defined
- bucket: IBucket
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:193

statementForInvokeLambda

statementForInvokeLambda(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:93

statementForListAllMyBuckets

statementForListAllMyBuckets(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:179

statementForListBucket

statementForListBucket(scope: CommonConstruct, bucket: IBucket): PolicyStatement
Parameters
- scope: CommonConstruct
  scope in which this resource is defined
- bucket: IBucket
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:167

statementForPassRole

statementForPassRole(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:233

statementForPollQueue

statementForPollQueue(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:81

statementForPutAnyLogEvent

statementForPutAnyLogEvent(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:358

statementForPutAnyS3Objects

statementForPutAnyS3Objects(
    scope: CommonConstruct,
    bucket: IBucket,
    resourceArns?: string[],
): PolicyStatement
Parameters
- scope: CommonConstruct
  scope in which this resource is defined
- bucket: IBucket
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:221

statementForPutEvents

statementForPutEvents(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:57

statementForPutLogEvent

statementForPutLogEvent(
scope: CommonConstruct,
logGroup: CfnLogGroup,
): PolicyStatement
Parameters
- scope: CommonConstruct
  scope in which this resource is defined
- logGroup: CfnLogGroup
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:341

statementForPutXrayTelemetry

statementForPutXrayTelemetry(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:142

statementForReadAnyAppConfig

statementForReadAnyAppConfig(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:105

statementForReadSecrets

statementForReadSecrets(
scope: CommonConstruct,
resourceArns?: string[],
): PolicyStatement
Parameters
- scope: CommonConstruct
  scope in which this resource is defined
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:43

statementForReadTableItems

statementForReadTableItems(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:370

statementForRunEcsTask

statementForRunEcsTask(
    scope: CommonConstruct,
    cluster: ICluster,
    task: ITaskDefinition,
): PolicyStatement
Parameters
- scope: CommonConstruct
  scope in which this resource is defined
- cluster: ICluster
- task: ITaskDefinition
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:297

statementForStartExecution

statementForStartExecution(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:69

statementForWriteEfs

statementForWriteEfs(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:257

statementForWriteTableItems

statementForWriteTableItems(resourceArns?: string[]): PolicyStatement
Parameters
- OptionalresourceArns: string[]
  list of ARNs to allow access to
Returns PolicyStatement
- Defined in packages/aws/src/services/identity-access-management/main.ts:391

Class IamManager

Example

See

Index

Constructors

Methods

Constructors

constructor

Returns IamManager

Methods

createPolicyForCloudfrontInvalidation

Parameters

Returns PolicyDocument

createPolicyForSqsEvent

Parameters

Returns PolicyDocument

createRoleForAppConfigSecrets

Parameters

Returns Role

createRoleForCloudfrontInvalidation

Parameters

Returns Role

createRoleForCloudTrail

Parameters

Returns CfnRole

createRoleForDynamoDbToLambdaPipe

Parameters

Returns Role

createRoleForEcsEvent

Parameters

Returns Role

createRoleForEcsExecution

Parameters

Returns Role

createRoleForLambda

Parameters

Returns Role

createRoleForSqsToLambdaPipe

Parameters

Returns Role

createRoleForSqsToSfnPipe

Parameters

Returns Role

createRoleForStepFunction

Parameters

Returns Role

statementForAppConfigExecution

Parameters

Returns PolicyStatement

statementForAssumeRole

Parameters

Returns PolicyStatement

statementForCloudfrontInvalidation

Parameters

Returns PolicyStatement

statementForCreateAnyLogStream

Parameters

Returns PolicyStatement

statementForCreateLogStream

Parameters

Returns PolicyStatement

statementForDecryptKms

Parameters

Returns PolicyStatement

statementForDeleteAnyS3Objects

Parameters

Returns PolicyStatement

statementFordynamoDbStream

Parameters

Returns PolicyStatement

statementForEcsPassRole

Parameters

Returns PolicyStatement

statementForGetAnyS3Objects

Parameters

Returns PolicyStatement

statementForInvokeLambda

Parameters

Returns PolicyStatement

statementForListAllMyBuckets