| 1 | import * as iam from '@aws-cdk/aws-iam';
|
| 2 | import * as kms from '@aws-cdk/aws-kms';
|
| 3 | import { IResource, Resource } from '@aws-cdk/core';
|
| 4 | /**
|
| 5 | * Represents an SQS queue
|
| 6 | */
|
| 7 | export interface IQueue extends IResource {
|
| 8 | /**
|
| 9 | * The ARN of this queue
|
| 10 | * @attribute
|
| 11 | */
|
| 12 | readonly queueArn: string;
|
| 13 | /**
|
| 14 | * The URL of this queue
|
| 15 | * @attribute
|
| 16 | */
|
| 17 | readonly queueUrl: string;
|
| 18 | /**
|
| 19 | * The name of this queue
|
| 20 | * @attribute
|
| 21 | */
|
| 22 | readonly queueName: string;
|
| 23 | /**
|
| 24 | * If this queue is server-side encrypted, this is the KMS encryption key.
|
| 25 | */
|
| 26 | readonly encryptionMasterKey?: kms.IKey;
|
| 27 | /**
|
| 28 | * Whether this queue is an Amazon SQS FIFO queue. If false, this is a standard queue.
|
| 29 | */
|
| 30 | readonly fifo: boolean;
|
| 31 | /**
|
| 32 | * Adds a statement to the IAM resource policy associated with this queue.
|
| 33 | *
|
| 34 | * If this queue was created in this stack (`new Queue`), a queue policy
|
| 35 | * will be automatically created upon the first call to `addToPolicy`. If
|
| 36 | * the queue is imported (`Queue.import`), then this is a no-op.
|
| 37 | */
|
| 38 | addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult;
|
| 39 | /**
|
| 40 | * Grant permissions to consume messages from a queue
|
| 41 | *
|
| 42 | * This will grant the following permissions:
|
| 43 | *
|
| 44 | * - sqs:ChangeMessageVisibility
|
| 45 | * - sqs:DeleteMessage
|
| 46 | * - sqs:ReceiveMessage
|
| 47 | * - sqs:GetQueueAttributes
|
| 48 | * - sqs:GetQueueUrl
|
| 49 | *
|
| 50 | * @param grantee Principal to grant consume rights to
|
| 51 | */
|
| 52 | grantConsumeMessages(grantee: iam.IGrantable): iam.Grant;
|
| 53 | /**
|
| 54 | * Grant access to send messages to a queue to the given identity.
|
| 55 | *
|
| 56 | * This will grant the following permissions:
|
| 57 | *
|
| 58 | * - sqs:SendMessage
|
| 59 | * - sqs:GetQueueAttributes
|
| 60 | * - sqs:GetQueueUrl
|
| 61 | *
|
| 62 | * @param grantee Principal to grant send rights to
|
| 63 | */
|
| 64 | grantSendMessages(grantee: iam.IGrantable): iam.Grant;
|
| 65 | /**
|
| 66 | * Grant an IAM principal permissions to purge all messages from the queue.
|
| 67 | *
|
| 68 | * This will grant the following permissions:
|
| 69 | *
|
| 70 | * - sqs:PurgeQueue
|
| 71 | * - sqs:GetQueueAttributes
|
| 72 | * - sqs:GetQueueUrl
|
| 73 | *
|
| 74 | * @param grantee Principal to grant send rights to
|
| 75 | */
|
| 76 | grantPurge(grantee: iam.IGrantable): iam.Grant;
|
| 77 | /**
|
| 78 | * Grant the actions defined in queueActions to the identity Principal given
|
| 79 | * on this SQS queue resource.
|
| 80 | *
|
| 81 | * @param grantee Principal to grant right to
|
| 82 | * @param queueActions The actions to grant
|
| 83 | */
|
| 84 | grant(grantee: iam.IGrantable, ...queueActions: string[]): iam.Grant;
|
| 85 | }
|
| 86 | /**
|
| 87 | * Reference to a new or existing Amazon SQS queue
|
| 88 | */
|
| 89 | export declare abstract class QueueBase extends Resource implements IQueue {
|
| 90 | /**
|
| 91 | * The ARN of this queue
|
| 92 | */
|
| 93 | abstract readonly queueArn: string;
|
| 94 | /**
|
| 95 | * The URL of this queue
|
| 96 | */
|
| 97 | abstract readonly queueUrl: string;
|
| 98 | /**
|
| 99 | * The name of this queue
|
| 100 | */
|
| 101 | abstract readonly queueName: string;
|
| 102 | /**
|
| 103 | * If this queue is server-side encrypted, this is the KMS encryption key.
|
| 104 | */
|
| 105 | abstract readonly encryptionMasterKey?: kms.IKey;
|
| 106 | /**
|
| 107 | * Whether this queue is an Amazon SQS FIFO queue. If false, this is a standard queue.
|
| 108 | */
|
| 109 | abstract readonly fifo: boolean;
|
| 110 | /**
|
| 111 | * Controls automatic creation of policy objects.
|
| 112 | *
|
| 113 | * Set by subclasses.
|
| 114 | */
|
| 115 | protected abstract readonly autoCreatePolicy: boolean;
|
| 116 | private policy?;
|
| 117 | /**
|
| 118 | * Adds a statement to the IAM resource policy associated with this queue.
|
| 119 | *
|
| 120 | * If this queue was created in this stack (`new Queue`), a queue policy
|
| 121 | * will be automatically created upon the first call to `addToPolicy`. If
|
| 122 | * the queue is imported (`Queue.import`), then this is a no-op.
|
| 123 | */
|
| 124 | addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult;
|
| 125 | protected validate(): string[];
|
| 126 | /**
|
| 127 | * Grant permissions to consume messages from a queue
|
| 128 | *
|
| 129 | * This will grant the following permissions:
|
| 130 | *
|
| 131 | * - sqs:ChangeMessageVisibility
|
| 132 | * - sqs:DeleteMessage
|
| 133 | * - sqs:ReceiveMessage
|
| 134 | * - sqs:GetQueueAttributes
|
| 135 | * - sqs:GetQueueUrl
|
| 136 | *
|
| 137 | * @param grantee Principal to grant consume rights to
|
| 138 | */
|
| 139 | grantConsumeMessages(grantee: iam.IGrantable): iam.Grant;
|
| 140 | /**
|
| 141 | * Grant access to send messages to a queue to the given identity.
|
| 142 | *
|
| 143 | * This will grant the following permissions:
|
| 144 | *
|
| 145 | * - sqs:SendMessage
|
| 146 | * - sqs:GetQueueAttributes
|
| 147 | * - sqs:GetQueueUrl
|
| 148 | *
|
| 149 | * @param grantee Principal to grant send rights to
|
| 150 | */
|
| 151 | grantSendMessages(grantee: iam.IGrantable): iam.Grant;
|
| 152 | /**
|
| 153 | * Grant an IAM principal permissions to purge all messages from the queue.
|
| 154 | *
|
| 155 | * This will grant the following permissions:
|
| 156 | *
|
| 157 | * - sqs:PurgeQueue
|
| 158 | * - sqs:GetQueueAttributes
|
| 159 | * - sqs:GetQueueUrl
|
| 160 | *
|
| 161 | * @param grantee Principal to grant send rights to
|
| 162 | */
|
| 163 | grantPurge(grantee: iam.IGrantable): iam.Grant;
|
| 164 | /**
|
| 165 | * Grant the actions defined in queueActions to the identity Principal given
|
| 166 | * on this SQS queue resource.
|
| 167 | *
|
| 168 | * @param grantee Principal to grant right to
|
| 169 | * @param actions The actions to grant
|
| 170 | */
|
| 171 | grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
|
| 172 | }
|
| 173 | /**
|
| 174 | * Reference to a queue
|
| 175 | */
|
| 176 | export interface QueueAttributes {
|
| 177 | /**
|
| 178 | * The ARN of the queue.
|
| 179 | */
|
| 180 | readonly queueArn: string;
|
| 181 | /**
|
| 182 | * The URL of the queue.
|
| 183 | * @see https://docs.aws.amazon.com/sdk-for-net/v2/developer-guide/QueueURL.html
|
| 184 | *
|
| 185 | * @default - 'https://sqs.<region-endpoint>/<account-ID>/<queue-name>'
|
| 186 | */
|
| 187 | readonly queueUrl?: string;
|
| 188 | /**
|
| 189 | * The name of the queue.
|
| 190 | * @default if queue name is not specified, the name will be derived from the queue ARN
|
| 191 | */
|
| 192 | readonly queueName?: string;
|
| 193 | /**
|
| 194 | * KMS encryption key, if this queue is server-side encrypted by a KMS key.
|
| 195 | *
|
| 196 | * @default - None
|
| 197 | */
|
| 198 | readonly keyArn?: string;
|
| 199 | /**
|
| 200 | * Whether this queue is an Amazon SQS FIFO queue. If false, this is a standard queue.
|
| 201 | *
|
| 202 | * In case of a FIFO queue which is imported from a token, this value has to be explicitly set to true.
|
| 203 | *
|
| 204 | * @default - if fifo is not specified, the property will be determined based on the queue name (not possible for FIFO queues imported from a token)
|
| 205 | */
|
| 206 | readonly fifo?: boolean;
|
| 207 | }
|