daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
893c1107298ed0ad83c4aef1cb28466c9ab42976
agent-claw/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket-grants.d.ts
daniel 732b00fb66 agent-claw: automated task changes
2026-05-06 18:55:16 -05:00

140 lines
6.7 KiB
TypeScript
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
import type { GrantReplicationPermissionProps } from './bucket';
import type { IBucketRef } from './s3.generated';
import type { IGrantable } from '../../aws-iam';
import { Grant } from '../../aws-iam';
import type * as iam from '../../aws-iam/lib/grant';
/**
* Collection of grant methods for a Bucket
*/
export declare class BucketGrants {
private readonly bucket;
private readonly encryptedResource?;
private readonly policyResource?;
/**
* Creates grants for an IBucketRef
*/
static fromBucket(bucket: IBucketRef): BucketGrants;
private constructor();
/**
* Grant read permissions for this bucket and its contents to an IAM
* principal (Role/Group/User).
*
* If encryption is used, permission to use the key to decrypt the contents
* of the bucket will also be granted to the same principal.
*
* @param identity The principal
* @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*'). Parameter type is `any` but `string` should be passed in.
*/
read(identity: IGrantable, objectsKeyPattern?: any): Grant;
/**
* Grant write permissions for this bucket and its contents to an IAM
* principal (Role/Group/User).
*
* If encryption is used, permission to use the key to decrypt the contents
* of the bucket will also be granted to the same principal.
*
* @param identity The principal
* @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*'). Parameter type is `any` but `string` should be passed in.
*/
write(identity: IGrantable, objectsKeyPattern?: any, allowedActionPatterns?: string[]): Grant;
/**
* Grants s3:DeleteObject* permission to an IAM principal for objects
* in this bucket.
*
* @param grantee The principal
* @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*'). Parameter type is `any` but `string` should be passed in.
*/
delete(grantee: IGrantable, objectsKeyPattern?: any): Grant;
/**
* Allows unrestricted access to objects from this bucket.
*
* IMPORTANT: This permission allows anyone to perform actions on S3 objects
* in this bucket, which is useful for when you configure your bucket as a
* website and want everyone to be able to read objects in the bucket without
* needing to authenticate.
*
* Without arguments, this method will grant read ("s3:GetObject") access to
* all objects ("*") in the bucket.
*
* The method returns the `iam.Grant` object, which can then be modified
* as needed. For example, you can add a condition that will restrict access only
* to an IPv4 range like this:
*
* const grant = bucket.grantPublicAccess();
* grant.resourceStatement!.addCondition(IpAddress, { “aws:SourceIp”: “54.240.143.0/24” });
*
* Note that if this `IBucket` refers to an existing bucket, possibly not
* managed by CloudFormation, this method will have no effect, since it's
* impossible to modify the policy of an existing bucket.
*
* @param keyPrefix the prefix of S3 object keys (e.g. `home/*`). Default is "*".
* @param allowedActions the set of S3 actions to allow. Default is "s3:GetObject".
*/
publicAccess(keyPrefix?: string, ...allowedActions: string[]): Grant;
/**
* Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
*
* If encryption is used, permission to use the key to encrypt the contents
* of written files will also be granted to the same principal.
* @param identity The principal
* @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*'). Parameter type is `any` but `string` should be passed in.
*/
put(identity: IGrantable, objectsKeyPattern?: any): Grant;
/**
* Grants s3:PutObjectAcl and s3:PutObjectVersionAcl permissions for this bucket to an IAM principal.
*
* If encryption is used, permission to use the key to encrypt the contents
* of written files will also be granted to the same principal.
* @param identity The principal
* @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*'). Parameter type is `any` but `string` should be passed in.
*/
putAcl(identity: IGrantable, objectsKeyPattern?: string): Grant;
/**
* Grants the given actions on the bucket's objects to the given principal.
*
* KMS actions (prefixed with `kms:`) are automatically separated and granted on the encryption key.
*
* @param identity The principal to grant permissions to.
* @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*').
* @param actions The S3 and/or KMS actions to grant.
*/
actionsOnObjectKeys(identity: IGrantable, objectsKeyPattern?: string, ...actions: string[]): Grant;
/**
* Grants the given actions on both the bucket and the bucket's objects to the given principal.
*
* KMS actions (prefixed with `kms:`) are automatically separated and granted on the encryption key.
*
* @param identity The principal to grant permissions to.
* @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*').
* @param actions The S3 and/or KMS actions to grant.
*/
actionsOnBucketAndObjectKeys(identity: IGrantable, objectsKeyPattern?: string, ...actions: string[]): Grant;
/**
* Grant read and write permissions for this bucket and its contents to an IAM
* principal (Role/Group/User).
*
* If encryption is used, permission to use the key to decrypt the contents
* of the bucket will also be granted to the same principal.
*
* @param identity The principal
* @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*'). Parameter type is `any` but `string` should be passed in.
*/
readWrite(identity: IGrantable, objectsKeyPattern?: any): Grant;
private get putActions();
private get writeActions();
/**
* Grant replication permission to a principal.
* This method allows the principal to perform replication operations on this bucket.
*
* Note that when calling this function for source or destination buckets that support KMS encryption,
* you need to specify the KMS key for encryption and the KMS key for decryption, respectively.
*
* @param identity The principal to grant replication permission to.
* @param props The properties of the replication source and destination buckets.
*/
replicationPermission(identity: IGrantable, props: GrantReplicationPermissionProps): iam.Grant;
private grantActions;
private grant;
private arnForObjects;
}
Reference in New Issue View Git Blame Copy Permalink