aws-cdk/packages/@aws-cdk/aws-s3tables-alpha/lib/permissions.ts at bf886da62d8dc6cd337805028d84c8e7c62ada83 · aws/aws-cdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
// Table Bucket
// Read privileges
export const TABLE_BUCKET_READ_ACCESS = [
  's3tables:Get*',
  's3tables:ListNamespaces',
  's3tables:ListTables',
];

// Write privileges
export const TABLE_BUCKET_WRITE_ACCESS = [
  's3tables:PutTableData',
  's3tables:UpdateTableMetadataLocation',
  's3tables:CreateNamespace',
  's3tables:DeleteNamespace',
  's3tables:PutTableBucketMaintenanceConfiguration',
  's3tables:CreateTable',
  's3tables:RenameTable',
];

export const TABLE_BUCKET_READ_WRITE_ACCESS = [...new Set([
  ...TABLE_BUCKET_READ_ACCESS,
  ...TABLE_BUCKET_WRITE_ACCESS,
])];

// Table
// Read privileges
export const TABLE_READ_ACCESS = [
  's3tables:Get*',
];
// Write privileges
export const TABLE_WRITE_ACCESS = [
  's3tables:PutTableData',
  's3tables:UpdateTableMetadataLocation',
  's3tables:RenameTable',
];
export const TABLE_READ_WRITE_ACCESS = [...new Set([
  ...TABLE_READ_ACCESS,
  ...TABLE_WRITE_ACCESS,
])];

// Permissions for user defined KMS Keys
// https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-kms-permissions.html
export const KEY_READ_ACCESS = [
  'kms:Decrypt',
];

export const KEY_WRITE_ACCESS = [
  'kms:Decrypt',
  'kms:GenerateDataKey*',
];

export const KEY_READ_WRITE_ACCESS = [...new Set([
  ...KEY_READ_ACCESS,
  ...KEY_WRITE_ACCESS,
])];