import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [cloudwatch](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Cloudwatch extends PolicyStatement { servicePrefix: string; /** * Grants permission to batch get service level indicator report * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Monitoring-Sections.html#ApplicationSignals-PreviewSDK */ toBatchGetServiceLevelIndicatorReport(): this; /** * Grants permission to batch retrieve a service level objective budget report * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Monitoring-Sections.html#ApplicationSignals-PreviewSDK */ toBatchGetServiceLevelObjectiveBudgetReport(): this; /** * Grants permission to create a service level objective * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Monitoring-Sections.html#ApplicationSignals-PreviewSDK */ toCreateServiceLevelObjective(): this; /** * Grants permission to delete a collection of alarms * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DeleteAlarms.html */ toDeleteAlarms(): this; /** * Grants permission to delete the specified anomaly detection model from your account * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DeleteAnomalyDetector.html */ toDeleteAnomalyDetector(): this; /** * Grants permission to delete all CloudWatch dashboards that you specify * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DeleteDashboards.html */ toDeleteDashboards(): this; /** * Grants permission to delete a collection of insight rules * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DeleteInsightRules.html */ toDeleteInsightRules(): this; /** * Grants permission to delete the CloudWatch metric stream that you specify * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DeleteMetricStream.html */ toDeleteMetricStream(): this; /** * Grants permission to delete a service level objective * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Monitoring-Sections.html#ApplicationSignals-PreviewSDK */ toDeleteServiceLevelObjective(): this; /** * Grants permission to retrieve the history for the specified alarm * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAlarmHistory.html */ toDescribeAlarmHistory(): this; /** * Grants permission to describe all alarms, currently owned by the user's account * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAlarms.html */ toDescribeAlarms(): this; /** * Grants permission to describe all alarms configured on the specified metric, currently owned by the user's account * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAlarmsForMetric.html */ toDescribeAlarmsForMetric(): this; /** * Grants permission to list the anomaly detection models that you have created in your account * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAnomalyDetectors.html */ toDescribeAnomalyDetectors(): this; /** * Grants permission to describe all insight rules, currently owned by the user's account * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeInsightRules.html */ toDescribeInsightRules(): this; /** * Grants permission to disable actions for a collection of alarms * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DisableAlarmActions.html */ toDisableAlarmActions(): this; /** * Grants permission to disable a collection of insight rules * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DisableInsightRules.html */ toDisableInsightRules(): this; /** * Grants permission to enable actions for a collection of alarms * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_EnableAlarmActions.html */ toEnableAlarmActions(): this; /** * Grants permission to enable a collection of insight rules * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_EnableInsightRules.html */ toEnableInsightRules(): this; /** * Grants permission to enable a CloudWatch topology discovery * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Monitoring-Sections.html#ApplicationSignals-PreviewSDK */ toEnableTopologyDiscovery(): this; /** * Grants permission to generate a Metrics Insights or Logs Insights query string from a natural language prompt * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch-metrics-insights-query-assist.html */ toGenerateQuery(): this; /** * Grants permission to display the details of the CloudWatch dashboard you specify * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetDashboard.html */ toGetDashboard(): this; /** * Grants permission to return the top-N report of unique contributors over a time range for a given insight rule * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetInsightRuleReport.html */ toGetInsightRuleReport(): this; /** * Grants permission to retrieve batch amounts of CloudWatch metric data and perform metric math on retrieved data * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html */ toGetMetricData(): this; /** * Grants permission to retrieve statistics for the specified metric * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricStatistics.html */ toGetMetricStatistics(): this; /** * Grants permission to return the details of a CloudWatch metric stream * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricStream.html */ toGetMetricStream(): this; /** * Grants permission to retrieve snapshots of metric widgets * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricWidgetImage.html */ toGetMetricWidgetImage(): this; /** * Grants permission to retrieve information about a service * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Monitoring-Sections.html#ApplicationSignals-PreviewSDK */ toGetService(): this; /** * Grants permission to retrieve service data * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/permissions-reference-cw.html */ toGetServiceData(): this; /** * Grants permission to retrieve information about service level objective * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Monitoring-Sections.html#ApplicationSignals-PreviewSDK */ toGetServiceLevelObjective(): this; /** * Grants permission to retrieve a CloudWatch topology discovery status * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/permissions-reference-cw.html */ toGetTopologyDiscoveryStatus(): this; /** * Grants permission to retrieve a CloudWatch topology map * * Access Level: Read * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Monitoring-Sections.html#ApplicationSignals-PreviewSDK */ toGetTopologyMap(): this; /** * Grants permission to share CloudWatch resources with a monitoring account * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account-Setup.html#CloudWatch-Unified-Cross-Account-Setup-permissions */ toLink(): this; /** * Grants permission to return a list of all CloudWatch dashboards in your account * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListDashboards.html */ toListDashboards(): this; /** * Grants permission to retrieve all the entities that are emitting a given metric * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/permissions-reference-cw.html */ toListEntitiesForMetric(): this; /** * Grants permission to list available managed Insight Rules for a given Resource ARN * * Access Level: Read * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifRequestManagedResourceARNs() * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListManagedInsightRules.html */ toListManagedInsightRules(): this; /** * Grants permission to return a list of all CloudWatch metric streams in your account * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetricStreams.html */ toListMetricStreams(): this; /** * Grants permission to retrieve a list of valid metrics stored for the AWS account owner * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html */ toListMetrics(): this; /** * Grants permission to list service level objectives * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Monitoring-Sections.html#ApplicationSignals-PreviewSDK */ toListServiceLevelObjectives(): this; /** * Grants permission to list services * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Monitoring-Sections.html#ApplicationSignals-PreviewSDK */ toListServices(): this; /** * Grants permission to list tags for an Amazon CloudWatch resource * * Access Level: List * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to create or update an anomaly detection model for a CloudWatch metric * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutAnomalyDetector.html */ toPutAnomalyDetector(): this; /** * Grants permission to create or update a composite alarm * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifAlarmActions() * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutCompositeAlarm.html */ toPutCompositeAlarm(): this; /** * Grants permission to create a CloudWatch dashboard, or update an existing dashboard if it already exists * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutDashboard.html */ toPutDashboard(): this; /** * Grants permission to create a new insight rule or replace an existing insight rule * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifRequestInsightRuleLogGroups() * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutInsightRule.html */ toPutInsightRule(): this; /** * Grants permission to create managed Insight Rules * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifRequestManagedResourceARNs() * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutManagedInsightRules.html */ toPutManagedInsightRules(): this; /** * Grants permission to create or update an alarm and associates it with the specified Amazon CloudWatch metric * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifAlarmActions() * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricAlarm.html */ toPutMetricAlarm(): this; /** * Grants permission to publish metric data points to Amazon CloudWatch * * Access Level: Write * * Possible conditions: * - .ifNamespace() * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricData.html */ toPutMetricData(): this; /** * Grants permission to create a CloudWatch metric stream, or update an existing metric stream if it already exists * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricStream.html */ toPutMetricStream(): this; /** * Grants permission to temporarily set the state of an alarm for testing purposes * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_SetAlarmState.html */ toSetAlarmState(): this; /** * Grants permission to start all CloudWatch metric streams that you specify * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_StartMetricStreams.html */ toStartMetricStreams(): this; /** * Grants permission to stop all CloudWatch metric streams that you specify * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_StopMetricStreams.html */ toStopMetricStreams(): this; /** * Grants permission to add tags to an Amazon CloudWatch resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to remove a tag from an Amazon CloudWatch resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update a service level objective * * Access Level: Write * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Monitoring-Sections.html#ApplicationSignals-PreviewSDK */ toUpdateServiceLevelObjective(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type alarm to the statement * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html * * @param alarmName - Identifier for the alarmName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAlarm(alarmName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type dashboard to the statement * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html * * @param dashboardName - Identifier for the dashboardName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onDashboard(dashboardName: string, account?: string, partition?: string): this; /** * Adds a resource of type insight-rule to the statement * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html * * @param insightRuleName - Identifier for the insightRuleName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onInsightRule(insightRuleName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type metric-stream to the statement * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html * * @param metricStreamName - Identifier for the metricStreamName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onMetricStream(metricStreamName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type slo to the statement * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html * * @param sloName - Identifier for the sloName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSlo(sloName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type service to the statement * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html * * @param serviceName - Identifier for the serviceName. * @param uniqueAttributesHex - Identifier for the uniqueAttributesHex. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onService(serviceName: string, uniqueAttributesHex: string, account?: string, region?: string, partition?: string): this; /** * Filters actions based on the allowed set of values for each of the tags * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateServiceLevelObjective() * - .toListManagedInsightRules() * - .toPutCompositeAlarm() * - .toPutInsightRule() * - .toPutManagedInsightRules() * - .toPutMetricAlarm() * - .toPutMetricStream() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters actions based on tag-value associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - alarm * - insight-rule * - metric-stream * - slo * - service * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters actions based on the presence of mandatory tags in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateServiceLevelObjective() * - .toListManagedInsightRules() * - .toPutCompositeAlarm() * - .toPutInsightRule() * - .toPutManagedInsightRules() * - .toPutMetricAlarm() * - .toPutMetricStream() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters actions based on defined alarm actions * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-cw-condition-keys-alarm-actions.html * * Applies to actions: * - .toPutCompositeAlarm() * - .toPutMetricAlarm() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAlarmActions(value: string | string[], operator?: Operator | string): this; /** * Filters actions based on the presence of optional namespace values * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-cw-condition-keys-namespace.html * * Applies to actions: * - .toPutMetricData() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifNamespace(value: string | string[], operator?: Operator | string): this; /** * Filters actions based on the Log Groups specified in an Insight Rule * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-cw-condition-keys-contributor.html * * Applies to actions: * - .toPutInsightRule() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifRequestInsightRuleLogGroups(value: string | string[], operator?: Operator | string): this; /** * Filters access by the Resource ARNs specified in a managed Insight Rule * * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-cw-condition-keys-contributor.html * * Applies to actions: * - .toListManagedInsightRules() * - .toPutManagedInsightRules() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifRequestManagedResourceARNs(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [cloudwatch](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html). * */ constructor(props?: iam.PolicyStatementProps); }