@cloud-copilot/iam-lens/dist/esm/principalCan/resources/statements.d.ts

Visibility in IAM in and across AWS accounts

import { type Policy, type Statement } from '@cloud-copilot/iam-policy';
import { IamCollectClient } from '../../collect/client.js';
export type StatementPrincipalMatchType = 'PrincipalMatch' | 'AccountMatch' | 'NoMatch';
/**
 * Checks to see if a statement applies to a principal by running a simulation.
 *
 * If the principal is a match return 'PrincipalMatch'
 * If the account is a match return 'AccountMatch'
 * Otherwise return 'NoMatch'
 *
 * @param statement the statement to check
 * @param principalArn the arn of the principal to check
 * @param client the IAM collect client to use for retrieving principal information
 * @returns Whether the statement applies to the principal
 */
export declare function statementAppliesToPrincipal(statement: Statement, principalArn: string, client: IamCollectClient): Promise<StatementPrincipalMatchType>;
/**
 * Makes a policy that captures the principal and principal conditions from a statement
 * and allows all actions on all resources.
 *
 * The conditions returned are only those that relate to the principal.
 *
 * @param statement the statement to extract the principal from
 * @returns
 */
export declare function makePrincipalOnlyPolicyFromStatement(statement: Statement): Policy;
//# sourceMappingURL=statements.d.ts.map