62 lines
1.9 KiB
TypeScript
62 lines
1.9 KiB
TypeScript
import type { ITableRef } from './dynamodb.generated';
|
|
import * as iam from '../../aws-iam';
|
|
import type * as kms from '../../aws-kms';
|
|
/**
|
|
* Construction properties for StreamGrants
|
|
*/
|
|
export interface StreamGrantsProps {
|
|
/**
|
|
* The table this stream is for
|
|
*/
|
|
readonly table: ITableRef;
|
|
/**
|
|
* The ARN of the Stream
|
|
*/
|
|
readonly tableStreamArn: string;
|
|
/**
|
|
* The encryption key of the table
|
|
*
|
|
* Required permissions will be added to the key as well.
|
|
*
|
|
* @default - No key
|
|
*/
|
|
readonly encryptionKey?: kms.IKey;
|
|
}
|
|
/**
|
|
* A set of permissions to grant on a Table Stream
|
|
*/
|
|
export declare class StreamGrants {
|
|
private readonly table;
|
|
private readonly tableStreamArn;
|
|
private readonly encryptionKey?;
|
|
constructor(props: StreamGrantsProps);
|
|
/**
|
|
* Adds an IAM policy statement associated with this table's stream to an
|
|
* IAM principal's policy.
|
|
*
|
|
* If `encryptionKey` is present, appropriate grants to the key needs to be added
|
|
* separately using the `table.encryptionKey.grant*` methods.
|
|
*
|
|
* @param grantee The principal (no-op if undefined)
|
|
* @param actions The set of actions to allow (i.e. "dynamodb:DescribeStream", "dynamodb:GetRecords", ...)
|
|
*/
|
|
actions(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
|
|
/**
|
|
* Permits an IAM Principal to list streams attached to current dynamodb table.
|
|
*
|
|
* @param grantee The principal (no-op if undefined)
|
|
*/
|
|
list(grantee: iam.IGrantable): iam.Grant;
|
|
/**
|
|
* Permits an IAM principal all stream data read operations for this
|
|
* table's stream:
|
|
* DescribeStream, GetRecords, GetShardIterator, ListStreams.
|
|
*
|
|
* Appropriate grants will also be added to the customer-managed KMS key
|
|
* if one was configured.
|
|
*
|
|
* @param grantee The principal to grant access to
|
|
*/
|
|
read(grantee: iam.IGrantable): iam.Grant;
|
|
}
|