1 | import { Stack } from './stack';
|
2 | /**
|
3 | * An enum representing the various ARN formats that different services use.
|
4 | */
|
5 | export declare enum ArnFormat {
|
6 | /**
|
7 | * This represents a format where there is no 'resourceName' part.
|
8 | * This format is used for S3 resources,
|
9 | * like 'arn:aws:s3:::bucket'.
|
10 | * Everything after the last colon is considered the 'resource',
|
11 | * even if it contains slashes,
|
12 | * like in 'arn:aws:s3:::bucket/object.zip'.
|
13 | */
|
14 | NO_RESOURCE_NAME = "arn:aws:service:region:account:resource",
|
15 | /**
|
16 | * This represents a format where the 'resource' and 'resourceName'
|
17 | * parts are separated with a colon.
|
18 | * Like in: 'arn:aws:service:region:account:resource:resourceName'.
|
19 | * Everything after the last colon is considered the 'resourceName',
|
20 | * even if it contains slashes,
|
21 | * like in 'arn:aws:apigateway:region:account:resource:/test/mydemoresource/*'.
|
22 | */
|
23 | COLON_RESOURCE_NAME = "arn:aws:service:region:account:resource:resourceName",
|
24 | /**
|
25 | * This represents a format where the 'resource' and 'resourceName'
|
26 | * parts are separated with a slash.
|
27 | * Like in: 'arn:aws:service:region:account:resource/resourceName'.
|
28 | * Everything after the separating slash is considered the 'resourceName',
|
29 | * even if it contains colons,
|
30 | * like in 'arn:aws:cognito-sync:region:account:identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678:bla'.
|
31 | */
|
32 | SLASH_RESOURCE_NAME = "arn:aws:service:region:account:resource/resourceName",
|
33 | /**
|
34 | * This represents a format where the 'resource' and 'resourceName'
|
35 | * parts are seperated with a slash,
|
36 | * but there is also an additional slash after the colon separating 'account' from 'resource'.
|
37 | * Like in: 'arn:aws:service:region:account:/resource/resourceName'.
|
38 | * Note that the leading slash is _not_ included in the parsed 'resource' part.
|
39 | */
|
40 | SLASH_RESOURCE_SLASH_RESOURCE_NAME = "arn:aws:service:region:account:/resource/resourceName"
|
41 | }
|
42 | export interface ArnComponents {
|
43 | /**
|
44 | * The partition that the resource is in. For standard AWS regions, the
|
45 | * partition is aws. If you have resources in other partitions, the
|
46 | * partition is aws-partitionname. For example, the partition for resources
|
47 | * in the China (Beijing) region is aws-cn.
|
48 | *
|
49 | * @default The AWS partition the stack is deployed to.
|
50 | */
|
51 | readonly partition?: string;
|
52 | /**
|
53 | * The service namespace that identifies the AWS product (for example,
|
54 | * 's3', 'iam', 'codepipline').
|
55 | */
|
56 | readonly service: string;
|
57 | /**
|
58 | * The region the resource resides in. Note that the ARNs for some resources
|
59 | * do not require a region, so this component might be omitted.
|
60 | *
|
61 | * @default The region the stack is deployed to.
|
62 | */
|
63 | readonly region?: string;
|
64 | /**
|
65 | * The ID of the AWS account that owns the resource, without the hyphens.
|
66 | * For example, 123456789012. Note that the ARNs for some resources don't
|
67 | * require an account number, so this component might be omitted.
|
68 | *
|
69 | * @default The account the stack is deployed to.
|
70 | */
|
71 | readonly account?: string;
|
72 | /**
|
73 | * Resource type (e.g. "table", "autoScalingGroup", "certificate").
|
74 | * For some resource types, e.g. S3 buckets, this field defines the bucket name.
|
75 | */
|
76 | readonly resource: string;
|
77 | /**
|
78 | * Separator between resource type and the resource.
|
79 | *
|
80 | * Can be either '/', ':' or an empty string. Will only be used if resourceName is defined.
|
81 | * @default '/'
|
82 | *
|
83 | * @deprecated use arnFormat instead
|
84 | */
|
85 | readonly sep?: string;
|
86 | /**
|
87 | * Resource name or path within the resource (i.e. S3 bucket object key) or
|
88 | * a wildcard such as ``"*"``. This is service-dependent.
|
89 | */
|
90 | readonly resourceName?: string;
|
91 | /**
|
92 | * The specific ARN format to use for this ARN value.
|
93 | *
|
94 | * @default - uses value of `sep` as the separator for formatting,
|
95 | * `ArnFormat.SLASH_RESOURCE_NAME` if that property was also not provided
|
96 | */
|
97 | readonly arnFormat?: ArnFormat;
|
98 | }
|
99 | export declare class Arn {
|
100 | /**
|
101 | * Creates an ARN from components.
|
102 | *
|
103 | * If `partition`, `region` or `account` are not specified, the stack's
|
104 | * partition, region and account will be used.
|
105 | *
|
106 | * If any component is the empty string, an empty string will be inserted
|
107 | * into the generated ARN at the location that component corresponds to.
|
108 | *
|
109 | * The ARN will be formatted as follows:
|
110 | *
|
111 | * arn:{partition}:{service}:{region}:{account}:{resource}{sep}{resource-name}
|
112 | *
|
113 | * The required ARN pieces that are omitted will be taken from the stack that
|
114 | * the 'scope' is attached to. If all ARN pieces are supplied, the supplied scope
|
115 | * can be 'undefined'.
|
116 | */
|
117 | static format(components: ArnComponents, stack?: Stack): string;
|
118 | /**
|
119 | * Given an ARN, parses it and returns components.
|
120 | *
|
121 | * IF THE ARN IS A CONCRETE STRING...
|
122 | *
|
123 | * ...it will be parsed and validated. The separator (`sep`) will be set to '/'
|
124 | * if the 6th component includes a '/', in which case, `resource` will be set
|
125 | * to the value before the '/' and `resourceName` will be the rest. In case
|
126 | * there is no '/', `resource` will be set to the 6th components and
|
127 | * `resourceName` will be set to the rest of the string.
|
128 | *
|
129 | * IF THE ARN IS A TOKEN...
|
130 | *
|
131 | * ...it cannot be validated, since we don't have the actual value yet at the
|
132 | * time of this function call. You will have to supply `sepIfToken` and
|
133 | * whether or not ARNs of the expected format usually have resource names
|
134 | * in order to parse it properly. The resulting `ArnComponents` object will
|
135 | * contain tokens for the subexpressions of the ARN, not string literals.
|
136 | *
|
137 | * If the resource name could possibly contain the separator char, the actual
|
138 | * resource name cannot be properly parsed. This only occurs if the separator
|
139 | * char is '/', and happens for example for S3 object ARNs, IAM Role ARNs,
|
140 | * IAM OIDC Provider ARNs, etc. To properly extract the resource name from a
|
141 | * Tokenized ARN, you must know the resource type and call
|
142 | * `Arn.extractResourceName`.
|
143 | *
|
144 | * @param arn The ARN to parse
|
145 | * @param sepIfToken The separator used to separate resource from resourceName
|
146 | * @param hasName Whether there is a name component in the ARN at all. For
|
147 | * example, SNS Topics ARNs have the 'resource' component contain the topic
|
148 | * name, and no 'resourceName' component.
|
149 | *
|
150 | * @returns an ArnComponents object which allows access to the various
|
151 | * components of the ARN.
|
152 | *
|
153 | * @returns an ArnComponents object which allows access to the various
|
154 | * components of the ARN.
|
155 | *
|
156 | * @deprecated use split instead
|
157 | */
|
158 | static parse(arn: string, sepIfToken?: string, hasName?: boolean): ArnComponents;
|
159 | /**
|
160 | * Splits the provided ARN into its components.
|
161 | * Works both if 'arn' is a string like 'arn:aws:s3:::bucket',
|
162 | * and a Token representing a dynamic CloudFormation expression
|
163 | * (in which case the returned components will also be dynamic CloudFormation expressions,
|
164 | * encoded as Tokens).
|
165 | *
|
166 | * @param arn the ARN to split into its components
|
167 | * @param arnFormat the expected format of 'arn' - depends on what format the service 'arn' represents uses
|
168 | */
|
169 | static split(arn: string, arnFormat: ArnFormat): ArnComponents;
|
170 | /**
|
171 | * Extract the full resource name from an ARN
|
172 | *
|
173 | * Necessary for resource names (paths) that may contain the separator, like
|
174 | * `arn:aws:iam::111111111111:role/path/to/role/name`.
|
175 | *
|
176 | * Only works if we statically know the expected `resourceType` beforehand, since we're going
|
177 | * to use that to split the string on ':<resourceType>/' (and take the right-hand side).
|
178 | *
|
179 | * We can't extract the 'resourceType' from the ARN at hand, because CloudFormation Expressions
|
180 | * only allow literals in the 'separator' argument to `{ Fn::Split }`, and so it can't be
|
181 | * `{ Fn::Select: [5, { Fn::Split: [':', ARN] }}`.
|
182 | *
|
183 | * Only necessary for ARN formats for which the type-name separator is `/`.
|
184 | */
|
185 | static extractResourceName(arn: string, resourceType: string): string;
|
186 | private constructor();
|
187 | }
|