62 lines
2.0 KiB
TypeScript
62 lines
2.0 KiB
TypeScript
import * as sqs from "./sqs.generated";
|
|
import * as iam from "../../aws-iam";
|
|
import * as cdk from "../../core/lib";
|
|
/**
|
|
* Collection of grant methods for a IQueueRef
|
|
*/
|
|
export declare class QueueGrants {
|
|
/**
|
|
* Creates grants for QueueGrants
|
|
*/
|
|
static fromQueue(resource: sqs.IQueueRef): QueueGrants;
|
|
protected readonly resource: sqs.IQueueRef;
|
|
protected readonly encryptedResource?: iam.IEncryptedResource;
|
|
protected readonly policyResource?: iam.IResourceWithPolicyV2;
|
|
private constructor();
|
|
/**
|
|
* Grant the given identity custom permissions
|
|
*/
|
|
actions(grantee: iam.IGrantable, actions: Array<string>, options?: cdk.EncryptedPermissionsOptions): iam.Grant;
|
|
/**
|
|
* Grant permissions to consume messages from a queue
|
|
*
|
|
* This will grant the following permissions:
|
|
*
|
|
* - sqs:ChangeMessageVisibility
|
|
* - sqs:DeleteMessage
|
|
* - sqs:ReceiveMessage
|
|
* - sqs:GetQueueAttributes
|
|
* - sqs:GetQueueUrl
|
|
*
|
|
* If encryption is used, permission to use the key to decrypt the contents of the queue will also be granted to the same principal.
|
|
*
|
|
* This will grant the following KMS permissions:
|
|
*
|
|
* - kms:Decrypt
|
|
*/
|
|
consumeMessages(grantee: iam.IGrantable): iam.Grant;
|
|
/**
|
|
* Grant access to send messages to a queue to the given identity.
|
|
*
|
|
* This will grant the following permissions:
|
|
*
|
|
* - sqs:SendMessage
|
|
* - sqs:GetQueueAttributes
|
|
* - sqs:GetQueueUrl
|
|
*
|
|
* If encryption is used, permission to use the key to encrypt/decrypt the contents of the queue will also be granted to the same principal.
|
|
*
|
|
* This will grant the following KMS permissions:
|
|
*
|
|
* - kms:Decrypt
|
|
* - kms:Encrypt
|
|
* - kms:ReEncrypt*
|
|
* - kms:GenerateDataKey*
|
|
*/
|
|
sendMessages(grantee: iam.IGrantable): iam.Grant;
|
|
/**
|
|
* Grants purge permissions
|
|
*/
|
|
purge(grantee: iam.IGrantable): iam.Grant;
|
|
}
|