cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,486 lines (1,485 loc) • 73.5 kB
TypeScript
import { AccessLevelList } from '../../shared/access-level';
import { PolicyStatement, Operator } from '../../shared';
import { aws_iam as iam } from "aws-cdk-lib";
/**
* Statement provider for service [iam](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentityandaccessmanagementiam.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
export declare class Iam extends PolicyStatement {
servicePrefix: string;
/**
* Grants permission to add a new client ID (audience) to the list of registered IDs for the specified IAM OpenID Connect (OIDC) provider resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddClientIDToOpenIDConnectProvider.html
*/
toAddClientIDToOpenIDConnectProvider(): this;
/**
* Grants permission to add an IAM role to the specified instance profile
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddRoleToInstanceProfile.html
*/
toAddRoleToInstanceProfile(): this;
/**
* Grants permission to add an IAM user to the specified IAM group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddUserToGroup.html
*/
toAddUserToGroup(): this;
/**
* Grants permission to attach a managed policy to the specified IAM group
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPolicyARN()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html
*/
toAttachGroupPolicy(): this;
/**
* Grants permission to attach a managed policy to the specified IAM role
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPolicyARN()
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html
*/
toAttachRolePolicy(): this;
/**
* Grants permission to attach a managed policy to the specified IAM user
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPolicyARN()
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html
*/
toAttachUserPolicy(): this;
/**
* Grants permission to an IAM user to change their own password
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html
*/
toChangePassword(): this;
/**
* Grants permission to create access key and secret access key for the specified IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html
*/
toCreateAccessKey(): this;
/**
* Grants permission to create an alias for your AWS account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccountAlias.html
*/
toCreateAccountAlias(): this;
/**
* Grants permission to create a new group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateGroup.html
*/
toCreateGroup(): this;
/**
* Grants permission to create a new instance profile
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateInstanceProfile.html
*/
toCreateInstanceProfile(): this;
/**
* Grants permission to create a password for the specified IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateLoginProfile.html
*/
toCreateLoginProfile(): this;
/**
* Grants permission to create an IAM resource that describes an identity provider (IdP) that supports OpenID Connect (OIDC)
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html
*/
toCreateOpenIDConnectProvider(): this;
/**
* Grants permission to create a new managed policy
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
*/
toCreatePolicy(): this;
/**
* Grants permission to create a new version of the specified managed policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicyVersion.html
*/
toCreatePolicyVersion(): this;
/**
* Grants permission to create a new role
*
* Access Level: Write
*
* Possible conditions:
* - .ifPermissionsBoundary()
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
*/
toCreateRole(): this;
/**
* Grants permission to create an IAM resource that describes an identity provider (IdP) that supports SAML 2.0
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateSAMLProvider.html
*/
toCreateSAMLProvider(): this;
/**
* Grants permission to create an IAM role that allows an AWS service to perform actions on your behalf
*
* Access Level: Write
*
* Possible conditions:
* - .ifAWSServiceName()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceLinkedRole.html
*/
toCreateServiceLinkedRole(): this;
/**
* Grants permission to create a new service-specific credential for an IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceSpecificCredential.html
*/
toCreateServiceSpecificCredential(): this;
/**
* Grants permission to create a new IAM user
*
* Access Level: Write
*
* Possible conditions:
* - .ifPermissionsBoundary()
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateUser.html
*/
toCreateUser(): this;
/**
* Grants permission to create a new virtual MFA device
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateVirtualMFADevice.html
*/
toCreateVirtualMFADevice(): this;
/**
* Grants permission to deactivate the specified MFA device and remove its association with the IAM user for which it was originally enabled
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html
*/
toDeactivateMFADevice(): this;
/**
* Grants permission to delete the access key pair that is associated with the specified IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html
*/
toDeleteAccessKey(): this;
/**
* Grants permission to delete the specified AWS account alias
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountAlias.html
*/
toDeleteAccountAlias(): this;
/**
* Grants permission to delete the password policy for the AWS account
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountPasswordPolicy.html
*/
toDeleteAccountPasswordPolicy(): this;
/**
* Grants permission to delete an existing CloudFront public key
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
*/
toDeleteCloudFrontPublicKey(): this;
/**
* Grants permission to delete the specified IAM group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroup.html
*/
toDeleteGroup(): this;
/**
* Grants permission to delete the specified inline policy from its group
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroupPolicy.html
*/
toDeleteGroupPolicy(): this;
/**
* Grants permission to delete the specified instance profile
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteInstanceProfile.html
*/
toDeleteInstanceProfile(): this;
/**
* Grants permission to delete the password for the specified IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteLoginProfile.html
*/
toDeleteLoginProfile(): this;
/**
* Grants permission to delete an OpenID Connect identity provider (IdP) resource object in IAM
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteOpenIDConnectProvider.html
*/
toDeleteOpenIDConnectProvider(): this;
/**
* Grants permission to delete the specified managed policy and remove it from any IAM entities (users, groups, or roles) to which it is attached
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html
*/
toDeletePolicy(): this;
/**
* Grants permission to delete a version from the specified managed policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html
*/
toDeletePolicyVersion(): this;
/**
* Grants permission to delete the specified role
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRole.html
*/
toDeleteRole(): this;
/**
* Grants permission to remove the permissions boundary from a role
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePermissionsBoundary.html
*/
toDeleteRolePermissionsBoundary(): this;
/**
* Grants permission to delete the specified inline policy from the specified role
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html
*/
toDeleteRolePolicy(): this;
/**
* Grants permission to delete a SAML provider resource in IAM
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSAMLProvider.html
*/
toDeleteSAMLProvider(): this;
/**
* Grants permission to delete the specified SSH public key
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSSHPublicKey.html
*/
toDeleteSSHPublicKey(): this;
/**
* Grants permission to delete the specified server certificate
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServerCertificate.html
*/
toDeleteServerCertificate(): this;
/**
* Grants permission to delete an IAM role that is linked to a specific AWS service, if the service is no longer using it
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceLinkedRole.html
*/
toDeleteServiceLinkedRole(): this;
/**
* Grants permission to delete the specified service-specific credential for an IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceSpecificCredential.html
*/
toDeleteServiceSpecificCredential(): this;
/**
* Grants permission to delete a signing certificate that is associated with the specified IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSigningCertificate.html
*/
toDeleteSigningCertificate(): this;
/**
* Grants permission to delete the specified IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUser.html
*/
toDeleteUser(): this;
/**
* Grants permission to remove the permissions boundary from the specified IAM user
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPermissionsBoundary.html
*/
toDeleteUserPermissionsBoundary(): this;
/**
* Grants permission to delete the specified inline policy from an IAM user
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html
*/
toDeleteUserPolicy(): this;
/**
* Grants permission to delete a virtual MFA device
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteVirtualMFADevice.html
*/
toDeleteVirtualMFADevice(): this;
/**
* Grants permission to detach a managed policy from the specified IAM group
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPolicyARN()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html
*/
toDetachGroupPolicy(): this;
/**
* Grants permission to detach a managed policy from the specified role
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPolicyARN()
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html
*/
toDetachRolePolicy(): this;
/**
* Grants permission to detach a managed policy from the specified IAM user
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPolicyARN()
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html
*/
toDetachUserPolicy(): this;
/**
* Grants permission to disable the management of member account root user credentials for an organization managed under the current account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DisableOrganizationsRootCredentialsManagement.html
*/
toDisableOrganizationsRootCredentialsManagement(): this;
/**
* Grants permission to disable privileged root actions in member accounts for an organization managed under the current account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_DisableOrganizationsRootSessions.html
*/
toDisableOrganizationsRootSessions(): this;
/**
* Grants permission to enable an MFA device and associate it with the specified IAM user
*
* Access Level: Write
*
* Possible conditions:
* - .ifRegisterSecurityKey()
* - .ifFIDOFIPS1402Certification()
* - .ifFIDOFIPS1403Certification()
* - .ifFIDOCertification()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html
*/
toEnableMFADevice(): this;
/**
* Grants permission to enable the management of member account root user credentials for an organization managed under the current account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableOrganizationsRootCredentialsManagement.html
*/
toEnableOrganizationsRootCredentialsManagement(): this;
/**
* Grants permission to enable privileged root actions in member accounts for an organization managed under the current account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableOrganizationsRootSessions.html
*/
toEnableOrganizationsRootSessions(): this;
/**
* Grants permission to generate a credential report for the AWS account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateCredentialReport.html
*/
toGenerateCredentialReport(): this;
/**
* Grants permission to generate an access report for an AWS Organizations entity
*
* Access Level: Read
*
* Possible conditions:
* - .ifOrganizationsPolicyId()
*
* Dependent actions:
* - organizations:DescribePolicy
* - organizations:ListChildren
* - organizations:ListParents
* - organizations:ListPoliciesForTarget
* - organizations:ListRoots
* - organizations:ListTargetsForPolicy
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html
*/
toGenerateOrganizationsAccessReport(): this;
/**
* Grants permission to generate a service last accessed data report for an IAM resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateServiceLastAccessedDetails.html
*/
toGenerateServiceLastAccessedDetails(): this;
/**
* Grants permission to retrieve information about when the specified access key was last used
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccessKeyLastUsed.html
*/
toGetAccessKeyLastUsed(): this;
/**
* Grants permission to retrieve information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountAuthorizationDetails.html
*/
toGetAccountAuthorizationDetails(): this;
/**
* Grants permission to retrieve the email address that is associated with the account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html
*/
toGetAccountEmailAddress(): this;
/**
* Grants permission to retrieve the account name that is associated with the account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html
*/
toGetAccountName(): this;
/**
* Grants permission to retrieve the password policy for the AWS account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountPasswordPolicy.html
*/
toGetAccountPasswordPolicy(): this;
/**
* Grants permission to retrieve information about IAM entity usage and IAM quotas in the AWS account
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html
*/
toGetAccountSummary(): this;
/**
* Grants permission to retrieve information about the specified CloudFront public key
*
* Access Level: Read
*
* https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
*/
toGetCloudFrontPublicKey(): this;
/**
* Grants permission to retrieve a list of all of the context keys that are referenced in the specified policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html
*/
toGetContextKeysForCustomPolicy(): this;
/**
* Grants permission to retrieve a list of all context keys that are referenced in all IAM policies that are attached to the specified IAM identity (user, group, or role)
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html
*/
toGetContextKeysForPrincipalPolicy(): this;
/**
* Grants permission to retrieve a credential report for the AWS account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetCredentialReport.html
*/
toGetCredentialReport(): this;
/**
* Grants permission to retrieve a list of IAM users in the specified IAM group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroup.html
*/
toGetGroup(): this;
/**
* Grants permission to retrieve an inline policy document that is embedded in the specified IAM group
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html
*/
toGetGroupPolicy(): this;
/**
* Grants permission to retrieve information about the specified instance profile, including the instance profile's path, GUID, ARN, and role
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetInstanceProfile.html
*/
toGetInstanceProfile(): this;
/**
* Grants permission to retrieve the user name and password creation date for the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetLoginProfile.html
*/
toGetLoginProfile(): this;
/**
* Grants permission to retrieve information about an MFA device for the specified user
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetMFADevice.html
*/
toGetMFADevice(): this;
/**
* Grants permission to retrieve information about the specified OpenID Connect (OIDC) provider resource in IAM
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOpenIDConnectProvider.html
*/
toGetOpenIDConnectProvider(): this;
/**
* Grants permission to retrieve an AWS Organizations access report
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOrganizationsAccessReport.html
*/
toGetOrganizationsAccessReport(): this;
/**
* Grants permission to retrieve information about the specified managed policy, including the policy's default version and the total number of identities to which the policy is attached
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
*/
toGetPolicy(): this;
/**
* Grants permission to retrieve information about a version of the specified managed policy, including the policy document
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
*/
toGetPolicyVersion(): this;
/**
* Grants permission to retrieve information about the specified role, including the role's path, GUID, ARN, and the role's trust policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html
*/
toGetRole(): this;
/**
* Grants permission to retrieve an inline policy document that is embedded with the specified IAM role
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html
*/
toGetRolePolicy(): this;
/**
* Grants permission to retrieve the SAML provider metadocument that was uploaded when the IAM SAML provider resource was created or updated
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSAMLProvider.html
*/
toGetSAMLProvider(): this;
/**
* Grants permission to retrieve the specified SSH public key, including metadata about the key
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSSHPublicKey.html
*/
toGetSSHPublicKey(): this;
/**
* Grants permission to retrieve information about the specified server certificate stored in IAM
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServerCertificate.html
*/
toGetServerCertificate(): this;
/**
* Grants permission to retrieve information about the service last accessed data report
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetails.html
*/
toGetServiceLastAccessedDetails(): this;
/**
* Grants permission to retrieve information about the entities from the service last accessed data report
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetailsWithEntities.html
*/
toGetServiceLastAccessedDetailsWithEntities(): this;
/**
* Grants permission to retrieve an IAM service-linked role deletion status
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLinkedRoleDeletionStatus.html
*/
toGetServiceLinkedRoleDeletionStatus(): this;
/**
* Grants permission to retrieve information about the specified IAM user, including the user's creation date, path, unique ID, and ARN
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html
*/
toGetUser(): this;
/**
* Grants permission to retrieve an inline policy document that is embedded in the specified IAM user
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html
*/
toGetUserPolicy(): this;
/**
* Grants permission to list information about the access key IDs that are associated with the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html
*/
toListAccessKeys(): this;
/**
* Grants permission to list the account alias that is associated with the AWS account
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html
*/
toListAccountAliases(): this;
/**
* Grants permission to list all managed policies that are attached to the specified IAM group
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html
*/
toListAttachedGroupPolicies(): this;
/**
* Grants permission to list all managed policies that are attached to the specified IAM role
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html
*/
toListAttachedRolePolicies(): this;
/**
* Grants permission to list all managed policies that are attached to the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html
*/
toListAttachedUserPolicies(): this;
/**
* Grants permission to list all current CloudFront public keys for the account
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
*/
toListCloudFrontPublicKeys(): this;
/**
* Grants permission to list all IAM identities to which the specified managed policy is attached
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html
*/
toListEntitiesForPolicy(): this;
/**
* Grants permission to list the names of the inline policies that are embedded in the specified IAM group
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html
*/
toListGroupPolicies(): this;
/**
* Grants permission to list the IAM groups that have the specified path prefix
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroups.html
*/
toListGroups(): this;
/**
* Grants permission to list the IAM groups that the specified IAM user belongs to
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupsForUser.html
*/
toListGroupsForUser(): this;
/**
* Grants permission to list the tags that are attached to the specified instance profile
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfileTags.html
*/
toListInstanceProfileTags(): this;
/**
* Grants permission to list the instance profiles that have the specified path prefix
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfiles.html
*/
toListInstanceProfiles(): this;
/**
* Grants permission to list the instance profiles that have the specified associated IAM role
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfilesForRole.html
*/
toListInstanceProfilesForRole(): this;
/**
* Grants permission to list the tags that are attached to the specified virtual mfa device
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADeviceTags.html
*/
toListMFADeviceTags(): this;
/**
* Grants permission to list the MFA devices for an IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADevices.html
*/
toListMFADevices(): this;
/**
* Grants permission to list the tags that are attached to the specified OpenID Connect provider
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviderTags.html
*/
toListOpenIDConnectProviderTags(): this;
/**
* Grants permission to list information about the IAM OpenID Connect (OIDC) provider resource objects that are defined in the AWS account
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html
*/
toListOpenIDConnectProviders(): this;
/**
* Grants permission to list the centralized root access features enabled for your organization
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOrganizationsFeatures.html
*/
toListOrganizationsFeatures(): this;
/**
* Grants permission to list all managed policies
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html
*/
toListPolicies(): this;
/**
* Grants permission to list information about the policies that grant an entity access to a specific service
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPoliciesGrantingServiceAccess.html
*/
toListPoliciesGrantingServiceAccess(): this;
/**
* Grants permission to list the tags that are attached to the specified managed policy
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyTags.html
*/
toListPolicyTags(): this;
/**
* Grants permission to list information about the versions of the specified managed policy, including the version that is currently set as the policy's default version
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html
*/
toListPolicyVersions(): this;
/**
* Grants permission to list the names of the inline policies that are embedded in the specified IAM role
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html
*/
toListRolePolicies(): this;
/**
* Grants permission to list the tags that are attached to the specified IAM role
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoleTags.html
*/
toListRoleTags(): this;
/**
* Grants permission to list the IAM roles that have the specified path prefix
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoles.html
*/
toListRoles(): this;
/**
* Grants permission to list the tags that are attached to the specified SAML provider
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviderTags.html
*/
toListSAMLProviderTags(): this;
/**
* Grants permission to list the SAML provider resources in IAM
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviders.html
*/
toListSAMLProviders(): this;
/**
* Grants permission to list information about the SSH public keys that are associated with the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSSHPublicKeys.html
*/
toListSSHPublicKeys(): this;
/**
* Grants permission to list the status of all active STS regional endpoints
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
*/
toListSTSRegionalEndpointsStatus(): this;
/**
* Grants permission to list the tags that are attached to the specified server certificate
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificateTags.html
*/
toListServerCertificateTags(): this;
/**
* Grants permission to list the server certificates that have the specified path prefix
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificates.html
*/
toListServerCertificates(): this;
/**
* Grants permission to list the service-specific credentials that are associated with the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServiceSpecificCredentials.html
*/
toListServiceSpecificCredentials(): this;
/**
* Grants permission to list information about the signing certificates that are associated with the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSigningCertificates.html
*/
toListSigningCertificates(): this;
/**
* Grants permission to list the names of the inline policies that are embedded in the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserPolicies.html
*/
toListUserPolicies(): this;
/**
* Grants permission to list the tags that are attached to the specified IAM user
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserTags.html
*/
toListUserTags(): this;
/**
* Grants permission to list the IAM users that have the specified path prefix
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUsers.html
*/
toListUsers(): this;
/**
* Grants permission to list virtual MFA devices by assignment status
*
* Access Level: List
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListVirtualMFADevices.html
*/
toListVirtualMFADevices(): this;
/**
* Grants permission to pass a role to a service
*
* Access Level: Write
*
* Possible conditions:
* - .ifAssociatedResourceArn()
* - .ifPassedToService()
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html
*/
toPassRole(): this;
/**
* Grants permission to create or update an inline policy document that is embedded in the specified IAM group
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html
*/
toPutGroupPolicy(): this;
/**
* Grants permission to set a managed policy as a permissions boundary for a role
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePermissionsBoundary.html
*/
toPutRolePermissionsBoundary(): this;
/**
* Grants permission to create or update an inline policy document that is embedded in the specified IAM role
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html
*/
toPutRolePolicy(): this;
/**
* Grants permission to set a managed policy as a permissions boundary for an IAM user
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPermissionsBoundary.html
*/
toPutUserPermissionsBoundary(): this;
/**
* Grants permission to create or update an inline policy document that is embedded in the specified IAM user
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifPermissionsBoundary()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
*/
toPutUserPolicy(): this;
/**
* Grants permission to remove the client ID (audience) from the list of client IDs in the specified IAM OpenID Connect (OIDC) provider resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveClientIDFromOpenIDConnectProvider.html
*/
toRemoveClientIDFromOpenIDConnectProvider(): this;
/**
* Grants permission to remove an IAM role from the specified EC2 instance profile
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveRoleFromInstanceProfile.html
*/
toRemoveRoleFromInstanceProfile(): this;
/**
* Grants permission to remove an IAM user from the specified group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveUserFromGroup.html
*/
toRemoveUserFromGroup(): this;
/**
* Grants permission to reset the password for an existing service-specific credential for an IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html
*/
toResetServiceSpecificCredential(): this;
/**
* Grants permission to synchronize the specified MFA device with its IAM entity (user or role)
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResyncMFADevice.html
*/
toResyncMFADevice(): this;
/**
* Grants permission to set the version of the specified policy as the policy's default version
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetDefaultPolicyVersion.html
*/
toSetDefaultPolicyVersion(): this;
/**
* Grants permission to activate or deactivate an STS regional endpoint
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
*/
toSetSTSRegionalEndpointStatus(): this;
/**
* Grants permission to set the STS global endpoint token version
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetSecurityTokenServicePreferences.html
*/
toSetSecurityTokenServicePreferences(): this;
/**
* Grants permission to simulate whether an identity-based policy or resource-based policy provides permissions for specific API operations and resources
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html
*/
toSimulateCustomPolicy(): this;
/**
* Grants permission to simulate whether an identity-based policy that is attached to a specified IAM entity (user or role) provides permissions for specific API operations and resources
*
* Access Level: Read
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html
*/
toSimulatePrincipalPolicy(): this;
/**
* Grants permission to add tags to an instance profile
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagInstanceProfile.html
*/
toTagInstanceProfile(): this;
/**
* Grants permission to add tags to a virtual mfa device
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagMFADevice.html
*/
toTagMFADevice(): this;
/**
* Grants permission to add tags to an OpenID Connect provider
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagOpenIDConnectProvider.html
*/
toTagOpenIDConnectProvider(): this;
/**
* Grants permission to add tags to a managed policy
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagPolicy.html
*/
toTagPolicy(): this;
/**
* Grants permission to add tags to an IAM role
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagRole.html
*/
toTagRole(): this;
/**
* Grants permission to add tags to a SAML Provider
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagSAMLProvider.html
*/
toTagSAMLProvider(): this;
/**
* Grants permission to add tags to a server certificate
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagServerCertificate.html
*/
toTagServerCertificate(): this;
/**
* Grants permission to add tags to an IAM user
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagUser.html
*/
toTagUser(): this;
/**
* Grants permission to remove the specified tags from the instance profile
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagInstanceProfile.html
*/
toUntagInstanceProfile(): this;
/**
* Grants permission to remove the specified tags from the virtual mfa device
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagMFADevice.html
*/
toUntagMFADevice(): this;
/**
* Grants permission to remove the specified tags from the OpenID Connect provider
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagOpenIDConnectProvider.html
*/
toUntagOpenIDConnectProvider(): this;
/**
* Grants permission to remove the specified tags from the managed policy
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagPolicy.html
*/
toUntagPolicy(): this;
/**
* Grants permission to remove the specified tags from the role
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagRole.html
*/
toUntagRole(): this;
/**
* Grants permission to remove the specified tags from the SAML Provider
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagSAMLProvider.html
*/
toUntagSAMLProvider(): this;
/**
* Grants permission to remove the specified tags from the server certificate
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagServerCertificate.html
*/
toUntagServerCertificate(): this;
/**
* Grants permission to remove the specified tags from the user
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagUser.html
*/
toUntagUser(): this;
/**
* Grants permission to update the status of the specified access key as Active or Inactive
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html
*/
toUpdateAccessKey(): this;
/**
* Grants permission to update the email address that is associated with the account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html
*/
toUpdateAccountEmailAddress(): this;
/**
* Grants permission to update the account name that is associated with the account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html
*/
toUpdateAccountName(): this;
/**
* Grants permission to update the password policy settings for the AWS account
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccountPasswordPolicy.html
*/
toUpdateAccountPasswordPolicy(): this;
/**
* Grants permission to update the policy that grants an IAM entity permission to assume a role
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html
*/
toUpdateAssumeRolePolicy(): this;
/**
* Grants permission to update an existing CloudFront public key
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
*/
toUpdateCloudFrontPublicKey(): this;
/**
* Grants permission to update the name or path of the specified IAM group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateGroup.html
*/
toUpdateGroup(): this;
/**
* Grants permission to change the password for the specified IAM user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateLoginProfile.html
*/
toUpdateLoginProfile(): this;
/**
* Grants permission to update the entire list of server certificate thumbprints that are associated with an OpenID Connect (OIDC) provider resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateOpenIDConnectProviderThumbprint.html
*/
toUpdateOpenIDConnectProviderThumbprint(): this;
/**
* Grants permission to update the description or maximum session duration setting of a role
*
* Access Level: Write