1 | import * as iam from '@aws-cdk/aws-iam';
|
2 | import * as kms from '@aws-cdk/aws-kms';
|
3 | import { IResource, Resource } from '@aws-cdk/core';
|
4 | /**
|
5 | * Represents an SQS queue
|
6 | */
|
7 | export interface IQueue extends IResource {
|
8 | /**
|
9 | * The ARN of this queue
|
10 | * @attribute
|
11 | */
|
12 | readonly queueArn: string;
|
13 | /**
|
14 | * The URL of this queue
|
15 | * @attribute
|
16 | */
|
17 | readonly queueUrl: string;
|
18 | /**
|
19 | * The name of this queue
|
20 | * @attribute
|
21 | */
|
22 | readonly queueName: string;
|
23 | /**
|
24 | * If this queue is server-side encrypted, this is the KMS encryption key.
|
25 | */
|
26 | readonly encryptionMasterKey?: kms.IKey;
|
27 | /**
|
28 | * Whether this queue is an Amazon SQS FIFO queue. If false, this is a standard queue.
|
29 | */
|
30 | readonly fifo: boolean;
|
31 | /**
|
32 | * Adds a statement to the IAM resource policy associated with this queue.
|
33 | *
|
34 | * If this queue was created in this stack (`new Queue`), a queue policy
|
35 | * will be automatically created upon the first call to `addToPolicy`. If
|
36 | * the queue is imported (`Queue.import`), then this is a no-op.
|
37 | */
|
38 | addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult;
|
39 | /**
|
40 | * Grant permissions to consume messages from a queue
|
41 | *
|
42 | * This will grant the following permissions:
|
43 | *
|
44 | * - sqs:ChangeMessageVisibility
|
45 | * - sqs:DeleteMessage
|
46 | * - sqs:ReceiveMessage
|
47 | * - sqs:GetQueueAttributes
|
48 | * - sqs:GetQueueUrl
|
49 | *
|
50 | * @param grantee Principal to grant consume rights to
|
51 | */
|
52 | grantConsumeMessages(grantee: iam.IGrantable): iam.Grant;
|
53 | /**
|
54 | * Grant access to send messages to a queue to the given identity.
|
55 | *
|
56 | * This will grant the following permissions:
|
57 | *
|
58 | * - sqs:SendMessage
|
59 | * - sqs:GetQueueAttributes
|
60 | * - sqs:GetQueueUrl
|
61 | *
|
62 | * @param grantee Principal to grant send rights to
|
63 | */
|
64 | grantSendMessages(grantee: iam.IGrantable): iam.Grant;
|
65 | /**
|
66 | * Grant an IAM principal permissions to purge all messages from the queue.
|
67 | *
|
68 | * This will grant the following permissions:
|
69 | *
|
70 | * - sqs:PurgeQueue
|
71 | * - sqs:GetQueueAttributes
|
72 | * - sqs:GetQueueUrl
|
73 | *
|
74 | * @param grantee Principal to grant send rights to
|
75 | */
|
76 | grantPurge(grantee: iam.IGrantable): iam.Grant;
|
77 | /**
|
78 | * Grant the actions defined in queueActions to the identity Principal given
|
79 | * on this SQS queue resource.
|
80 | *
|
81 | * @param grantee Principal to grant right to
|
82 | * @param queueActions The actions to grant
|
83 | */
|
84 | grant(grantee: iam.IGrantable, ...queueActions: string[]): iam.Grant;
|
85 | }
|
86 | /**
|
87 | * Reference to a new or existing Amazon SQS queue
|
88 | */
|
89 | export declare abstract class QueueBase extends Resource implements IQueue {
|
90 | /**
|
91 | * The ARN of this queue
|
92 | */
|
93 | abstract readonly queueArn: string;
|
94 | /**
|
95 | * The URL of this queue
|
96 | */
|
97 | abstract readonly queueUrl: string;
|
98 | /**
|
99 | * The name of this queue
|
100 | */
|
101 | abstract readonly queueName: string;
|
102 | /**
|
103 | * If this queue is server-side encrypted, this is the KMS encryption key.
|
104 | */
|
105 | abstract readonly encryptionMasterKey?: kms.IKey;
|
106 | /**
|
107 | * Whether this queue is an Amazon SQS FIFO queue. If false, this is a standard queue.
|
108 | */
|
109 | abstract readonly fifo: boolean;
|
110 | /**
|
111 | * Controls automatic creation of policy objects.
|
112 | *
|
113 | * Set by subclasses.
|
114 | */
|
115 | protected abstract readonly autoCreatePolicy: boolean;
|
116 | private policy?;
|
117 | /**
|
118 | * Adds a statement to the IAM resource policy associated with this queue.
|
119 | *
|
120 | * If this queue was created in this stack (`new Queue`), a queue policy
|
121 | * will be automatically created upon the first call to `addToPolicy`. If
|
122 | * the queue is imported (`Queue.import`), then this is a no-op.
|
123 | */
|
124 | addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult;
|
125 | protected validate(): string[];
|
126 | /**
|
127 | * Grant permissions to consume messages from a queue
|
128 | *
|
129 | * This will grant the following permissions:
|
130 | *
|
131 | * - sqs:ChangeMessageVisibility
|
132 | * - sqs:DeleteMessage
|
133 | * - sqs:ReceiveMessage
|
134 | * - sqs:GetQueueAttributes
|
135 | * - sqs:GetQueueUrl
|
136 | *
|
137 | * @param grantee Principal to grant consume rights to
|
138 | */
|
139 | grantConsumeMessages(grantee: iam.IGrantable): iam.Grant;
|
140 | /**
|
141 | * Grant access to send messages to a queue to the given identity.
|
142 | *
|
143 | * This will grant the following permissions:
|
144 | *
|
145 | * - sqs:SendMessage
|
146 | * - sqs:GetQueueAttributes
|
147 | * - sqs:GetQueueUrl
|
148 | *
|
149 | * @param grantee Principal to grant send rights to
|
150 | */
|
151 | grantSendMessages(grantee: iam.IGrantable): iam.Grant;
|
152 | /**
|
153 | * Grant an IAM principal permissions to purge all messages from the queue.
|
154 | *
|
155 | * This will grant the following permissions:
|
156 | *
|
157 | * - sqs:PurgeQueue
|
158 | * - sqs:GetQueueAttributes
|
159 | * - sqs:GetQueueUrl
|
160 | *
|
161 | * @param grantee Principal to grant send rights to
|
162 | */
|
163 | grantPurge(grantee: iam.IGrantable): iam.Grant;
|
164 | /**
|
165 | * Grant the actions defined in queueActions to the identity Principal given
|
166 | * on this SQS queue resource.
|
167 | *
|
168 | * @param grantee Principal to grant right to
|
169 | * @param actions The actions to grant
|
170 | */
|
171 | grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
|
172 | }
|
173 | /**
|
174 | * Reference to a queue
|
175 | */
|
176 | export interface QueueAttributes {
|
177 | /**
|
178 | * The ARN of the queue.
|
179 | */
|
180 | readonly queueArn: string;
|
181 | /**
|
182 | * The URL of the queue.
|
183 | * @see https://docs.aws.amazon.com/sdk-for-net/v2/developer-guide/QueueURL.html
|
184 | *
|
185 | * @default - 'https://sqs.<region-endpoint>/<account-ID>/<queue-name>'
|
186 | */
|
187 | readonly queueUrl?: string;
|
188 | /**
|
189 | * The name of the queue.
|
190 | * @default if queue name is not specified, the name will be derived from the queue ARN
|
191 | */
|
192 | readonly queueName?: string;
|
193 | /**
|
194 | * KMS encryption key, if this queue is server-side encrypted by a KMS key.
|
195 | *
|
196 | * @default - None
|
197 | */
|
198 | readonly keyArn?: string;
|
199 | /**
|
200 | * Whether this queue is an Amazon SQS FIFO queue. If false, this is a standard queue.
|
201 | *
|
202 | * In case of a FIFO queue which is imported from a token, this value has to be explicitly set to true.
|
203 | *
|
204 | * @default - if fifo is not specified, the property will be determined based on the queue name (not possible for FIFO queues imported from a token)
|
205 | */
|
206 | readonly fifo?: boolean;
|
207 | }
|