Merge pull request #631 from udondan/iam-updates

udondan · Apr 18, 2024 · efbfa78 · efbfa78
2 parents 9d3811f + 34ad8f8
commit efbfa78
Show file tree

Hide file tree

Showing 14 changed files with 229 additions and 37 deletions.
diff --git a/CHANGELOG/v0.628.0.md b/CHANGELOG/v0.628.0.md
@@ -0,0 +1,17 @@
+**New actions:**
+
+- emr-containers:CreateSecurityConfiguration
+- emr-containers:DescribeSecurityConfiguration
+- emr-containers:ListSecurityConfigurations
+- internetmonitor:GetInternetEvent
+- internetmonitor:ListInternetEvents
+- outposts:CancelCapacityTask
+- outposts:GetCapacityTask
+- outposts:GetOutpostSupportedInstanceTypes
+- outposts:ListCapacityTasks
+- outposts:StartCapacityTask
+
+**New resource types:**
+
+- emr-containers:securityConfiguration
+- internetmonitor:InternetEvent
diff --git a/README.md b/README.md
@@ -17,8 +17,8 @@
 Support for:
 
 - 390 Services
-- 16542 Actions
-- 1773 Resource Types
+- 16552 Actions
+- 1775 Resource Types
 - 1721 Condition keys
 <!-- /stats -->
 

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.627.0
+0.628.0
diff --git a/docs/source/conf.py b/docs/source/conf.py
@@ -24,7 +24,7 @@
 author = 'Daniel Schroeder'
 
 # The full version, including alpha/beta/rc tags
-release = '0.627.0'
+release = '0.628.0'
 
 # -- General configuration ---------------------------------------------------
 

diff --git a/docs/source/index.rst b/docs/source/index.rst
@@ -31,8 +31,8 @@ AWS IAM policy statement generator with fluent interface.
 Support for:
 
 - 390 Services
-- 16542 Actions
-- 1773 Resource Types
+- 16552 Actions
+- 1775 Resource Types
 - 1721 Condition keys
 
 ..

diff --git a/lib/generated/policy-statements/cloudwatchinternetmonitor.ts b/lib/generated/policy-statements/cloudwatchinternetmonitor.ts
@@ -55,6 +55,17 @@ export class Internetmonitor extends PolicyStatement {
     return this.to('GetHealthEvent');
   }
 
+  /**
+   * Grants permission to get information about a specified internet event
+   *
+   * Access Level: Read
+   *
+   * https://docs.aws.amazon.com/internet-monitor/latest/api/API_GetInternetEvent.html
+   */
+  public toGetInternetEvent() {
+    return this.to('GetInternetEvent');
+  }
+
   /**
    * Grants permission to get information about a monitor
    *
@@ -110,6 +121,17 @@ export class Internetmonitor extends PolicyStatement {
     return this.to('ListHealthEvents');
   }
 
+  /**
+   * Grants permission to list all internet events
+   *
+   * Access Level: List
+   *
+   * https://docs.aws.amazon.com/internet-monitor/latest/api/API_ListInternetEvents.html
+   */
+  public toListInternetEvents() {
+    return this.to('ListInternetEvents');
+  }
+
   /**
    * Grants permission to list all monitors in an account and their statuses
    *
@@ -203,6 +225,7 @@ export class Internetmonitor extends PolicyStatement {
     ],
     Read: [
       'GetHealthEvent',
+      'GetInternetEvent',
       'GetMonitor',
       'GetQueryResults',
       'GetQueryStatus',
@@ -212,6 +235,7 @@ export class Internetmonitor extends PolicyStatement {
     ],
     List: [
       'ListHealthEvents',
+      'ListInternetEvents',
       'ListMonitors'
     ],
     Tagging: [
@@ -252,6 +276,19 @@ export class Internetmonitor extends PolicyStatement {
     return this.on(`arn:${ partition ?? this.defaultPartition }:internetmonitor:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:monitor/${ monitorName }`);
   }
 
+  /**
+   * Adds a resource of type InternetEvent to the statement
+   *
+   * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-IM-components.html
+   *
+   * @param internetEventId - Identifier for the internetEventId.
+   * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+   * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+   */
+  public onInternetEvent(internetEventId: string, account?: string, partition?: string) {
+    return this.on(`arn:${ partition ?? this.defaultPartition }:internetmonitor::${ account ?? this.defaultAccount }:internet-event/${ internetEventId }`);
+  }
+
   /**
    * Filters access by tag key-value pairs in the request
    *

diff --git a/lib/generated/policy-statements/emroneksemrcontainers.ts b/lib/generated/policy-statements/emroneksemrcontainers.ts
@@ -60,6 +60,21 @@ export class EmrContainers extends PolicyStatement {
     return this.to('CreateManagedEndpoint');
   }
 
+  /**
+   * Grants permission to create a security configuration
+   *
+   * Access Level: Write
+   *
+   * Possible conditions:
+   * - .ifAwsRequestTag()
+   * - .ifAwsTagKeys()
+   *
+   * https://docs.aws.amazon.com/emr-on-eks/latest/APIReference/API_CreateSecurityConfiguration.html
+   */
+  public toCreateSecurityConfiguration() {
+    return this.to('CreateSecurityConfiguration');
+  }
+
   /**
    * Grants permission to create a virtual cluster
    *
@@ -141,6 +156,17 @@ export class EmrContainers extends PolicyStatement {
     return this.to('DescribeManagedEndpoint');
   }
 
+  /**
+   * Grants permission to describe a security configuration
+   *
+   * Access Level: Read
+   *
+   * https://docs.aws.amazon.com/emr-on-eks/latest/APIReference/API_DescribeSecurityConfiguration.html
+   */
+  public toDescribeSecurityConfiguration() {
+    return this.to('DescribeSecurityConfiguration');
+  }
+
   /**
    * Grants permission to describe a virtual cluster
    *
@@ -196,6 +222,17 @@ export class EmrContainers extends PolicyStatement {
     return this.to('ListManagedEndpoints');
   }
 
+  /**
+   * Grants permission to list security configurations
+   *
+   * Access Level: List
+   *
+   * https://docs.aws.amazon.com/emr-on-eks/latest/APIReference/API_ListSecurityConfigurations.html
+   */
+  public toListSecurityConfigurations() {
+    return this.to('ListSecurityConfigurations');
+  }
+
   /**
    * Grants permission to list tags for the specified resource
    *
@@ -269,6 +306,7 @@ export class EmrContainers extends PolicyStatement {
       'CancelJobRun',
       'CreateJobTemplate',
       'CreateManagedEndpoint',
+      'CreateSecurityConfiguration',
       'CreateVirtualCluster',
       'DeleteJobTemplate',
       'DeleteManagedEndpoint',
@@ -280,12 +318,14 @@ export class EmrContainers extends PolicyStatement {
       'DescribeJobRun',
       'DescribeJobTemplate',
       'DescribeManagedEndpoint',
+      'DescribeSecurityConfiguration',
       'DescribeVirtualCluster'
     ],
     List: [
       'ListJobRuns',
       'ListJobTemplates',
       'ListManagedEndpoints',
+      'ListSecurityConfigurations',
       'ListTagsForResource',
       'ListVirtualClusters'
     ],
@@ -365,6 +405,23 @@ export class EmrContainers extends PolicyStatement {
     return this.on(`arn:${ partition ?? this.defaultPartition }:emr-containers:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:/virtualclusters/${ virtualClusterId }/endpoints/${ endpointId }`);
   }
 
+  /**
+   * Adds a resource of type securityConfiguration to the statement
+   *
+   * https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/security-configurations.html
+   *
+   * @param securityConfigurationId - Identifier for the securityConfigurationId.
+   * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+   * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+   * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+   *
+   * Possible conditions:
+   * - .ifAwsResourceTag()
+   */
+  public onSecurityConfiguration(securityConfigurationId: string, account?: string, region?: string, partition?: string) {
+    return this.on(`arn:${ partition ?? this.defaultPartition }:emr-containers:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:/securityconfigurations/${ securityConfigurationId }`);
+  }
+
   /**
    * Filters access by the tag key-value pairs present in the request
    *
@@ -373,6 +430,7 @@ export class EmrContainers extends PolicyStatement {
    * Applies to actions:
    * - .toCreateJobTemplate()
    * - .toCreateManagedEndpoint()
+   * - .toCreateSecurityConfiguration()
    * - .toCreateVirtualCluster()
    * - .toStartJobRun()
    * - .toTagResource()
@@ -395,6 +453,7 @@ export class EmrContainers extends PolicyStatement {
    * - jobRun
    * - jobTemplate
    * - managedEndpoint
+   * - securityConfiguration
    *
    * @param tagKey The tag key to check
    * @param value The value(s) to check
@@ -412,6 +471,7 @@ export class EmrContainers extends PolicyStatement {
    * Applies to actions:
    * - .toCreateJobTemplate()
    * - .toCreateManagedEndpoint()
+   * - .toCreateSecurityConfiguration()
    * - .toCreateVirtualCluster()
    * - .toStartJobRun()
    * - .toTagResource()