cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,299 lines (1,298 loc) • 46.4 kB
TypeScript
import { AccessLevelList } from '../../shared/access-level';
import { PolicyStatement, Operator } from '../../shared';
import { aws_iam as iam } from "aws-cdk-lib";
/**
* Statement provider for service [s3-outposts](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3onoutposts.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
export declare class S3Outposts extends PolicyStatement {
servicePrefix: string;
/**
* Grants permission to abort a multipart upload
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointArn()
* - .ifDataAccessPointAccount()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
*/
toAbortMultipartUpload(): this;
/**
* Grants permission to create a new access point
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPoint.html
*/
toCreateAccessPoint(): this;
/**
* Grants permission to create a new bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html
*/
toCreateBucket(): this;
/**
* Grants permission to create a new endpoint
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_CreateEndpoint.html
*/
toCreateEndpoint(): this;
/**
* Grants permission to delete the access point named in the URI
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointArn()
* - .ifDataAccessPointAccount()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPoint.html
*/
toDeleteAccessPoint(): this;
/**
* Grants permission to delete the policy on a specified access point
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifDataAccessPointArn()
* - .ifDataAccessPointAccount()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointPolicy.html
*/
toDeleteAccessPointPolicy(): this;
/**
* Grants permission to delete the bucket named in the URI
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucket.html
*/
toDeleteBucket(): this;
/**
* Grants permission to delete the policy on a specified bucket
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketPolicy.html
*/
toDeleteBucketPolicy(): this;
/**
* Grants permission to delete the endpoint named in the URI
*
* Access Level: Write
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_DeleteEndpoint.html
*/
toDeleteEndpoint(): this;
/**
* Grants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the object
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
*/
toDeleteObject(): this;
/**
* Grants permission to use the tagging subresource to remove the entire tag set from the specified object
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifExistingObjectTag()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html
*/
toDeleteObjectTagging(): this;
/**
* Grants permission to remove a specific version of an object
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifVersionid()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
*/
toDeleteObjectVersion(): this;
/**
* Grants permission to remove the entire tag set for a specific version of the object
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifExistingObjectTag()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifVersionid()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html
*/
toDeleteObjectVersionTagging(): this;
/**
* Grants permission to return configuration information about the specified access point
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPoint.html
*/
toGetAccessPoint(): this;
/**
* Grants permission to returns the access point policy associated with the specified access point
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointPolicy.html
*/
toGetAccessPointPolicy(): this;
/**
* Grants permission to return the bucket configuration associated with an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucket.html
*/
toGetBucket(): this;
/**
* Grants permission to return the policy of the specified bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html
*/
toGetBucketPolicy(): this;
/**
* Grants permission to return the tag set associated with an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketTagging.html
*/
toGetBucketTagging(): this;
/**
* Grants permission to return the versioning state of an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html
*/
toGetBucketVersioning(): this;
/**
* Grants permission to return the lifecycle configuration information set on an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketLifecycleConfiguration.html
*/
toGetLifecycleConfiguration(): this;
/**
* Grants permission to retrieve objects from Amazon S3
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifExistingObjectTag()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
*/
toGetObject(): this;
/**
* Grants permission to return the tag set of an object
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifExistingObjectTag()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html
*/
toGetObjectTagging(): this;
/**
* Grants permission to retrieve a specific version of an object
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifExistingObjectTag()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifVersionid()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
*/
toGetObjectVersion(): this;
/**
* Grants permission to replicate both unencrypted objects and objects encrypted with SSE-KMS
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
*/
toGetObjectVersionForReplication(): this;
/**
* Grants permission to return the tag set for a specific version of the object
*
* Access Level: Read
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifExistingObjectTag()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifVersionid()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
*/
toGetObjectVersionTagging(): this;
/**
* Grants permission to get the replication configuration information set on an Amazon S3 bucket
*
* Access Level: Read
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketReplication.html
*/
toGetReplicationConfiguration(): this;
/**
* Grants permission to list access points
*
* Access Level: List
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListAccessPoints.html
*/
toListAccessPoints(): this;
/**
* Grants permission to list some or all of the objects in an Amazon S3 bucket (up to 1000)
*
* Access Level: List
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifDelimiter()
* - .ifMaxKeys()
* - .ifPrefix()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html
*/
toListBucket(): this;
/**
* Grants permission to list in-progress multipart uploads
*
* Access Level: List
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html
*/
toListBucketMultipartUploads(): this;
/**
* Grants permission to list metadata about all the versions of objects in an Amazon S3 bucket
*
* Access Level: List
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifDelimiter()
* - .ifMaxKeys()
* - .ifPrefix()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectVersions.html
*/
toListBucketVersions(): this;
/**
* Grants permission to list endpoints
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_ListEndpoints.html
*/
toListEndpoints(): this;
/**
* Grants permission to list the parts that have been uploaded for a specific multipart upload
*
* Access Level: List
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
*/
toListMultipartUploadParts(): this;
/**
* Grants permission to list outposts with S3 capacity
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_ListOutpostsWithS3.html
*/
toListOutpostsWithS3(): this;
/**
* Grants permission to list all buckets owned by the authenticated sender of the request
*
* Access Level: List
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListRegionalBuckets.html
*/
toListRegionalBuckets(): this;
/**
* Grants permission to list shared endpoints
*
* Access Level: List
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_ListSharedEndpoints.html
*/
toListSharedEndpoints(): this;
/**
* Grants permission to associate an access policy with a specified access point
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutAccessPointPolicy.html
*/
toPutAccessPointPolicy(): this;
/**
* Grants permission to add or replace a bucket policy on a bucket
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html
*/
toPutBucketPolicy(): this;
/**
* Grants permission to add a set of tags to an existing Amazon S3 bucket
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketTagging.html
*/
toPutBucketTagging(): this;
/**
* Grants permission to set the versioning state of an existing Amazon S3 bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html
*/
toPutBucketVersioning(): this;
/**
* Grants permission to create a new lifecycle configuration for the bucket or replace an existing lifecycle configuration
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketLifecycleConfiguration.html
*/
toPutLifecycleConfiguration(): this;
/**
* Grants permission to add an object to a bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifRequestObjectTag()
* - .ifRequestObjectTagKeys()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzAcl()
* - .ifXAmzContentSha256()
* - .ifXAmzCopySource()
* - .ifXAmzMetadataDirective()
* - .ifXAmzServerSideEncryption()
* - .ifXAmzStorageClass()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
*/
toPutObject(): this;
/**
* Grants permission to set the access control list (ACL) permissions for an object that already exists in a bucket
*
* Access Level: Permissions management
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifExistingObjectTag()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzAcl()
* - .ifXAmzContentSha256()
* - .ifXAmzStorageClass()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectAcl.html
*/
toPutObjectAcl(): this;
/**
* Grants permission to set the supplied tag-set to an object that already exists in a bucket
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifExistingObjectTag()
* - .ifRequestObjectTag()
* - .ifRequestObjectTagKeys()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html
*/
toPutObjectTagging(): this;
/**
* Grants permission to set the supplied tag-set for a specific version of an object
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifDataAccessPointAccount()
* - .ifDataAccessPointArn()
* - .ifAccessPointNetworkOrigin()
* - .ifExistingObjectTag()
* - .ifRequestObjectTag()
* - .ifRequestObjectTagKeys()
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifVersionid()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html
*/
toPutObjectVersionTagging(): this;
/**
* Grants permission to create a new replication configuration or replace an existing one
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketReplication.html
*/
toPutReplicationConfiguration(): this;
/**
* Grants permission to replicate delete markers to the destination bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
*/
toReplicateDelete(): this;
/**
* Grants permission to replicate objects and object tags to the destination bucket
*
* Access Level: Write
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
* - .ifXAmzServerSideEncryption()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
*/
toReplicateObject(): this;
/**
* Grants permission to replicate object tags to the destination bucket
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAuthType()
* - .ifSignatureAge()
* - .ifSignatureversion()
* - .ifXAmzContentSha256()
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html
*/
toReplicateTags(): this;
protected accessLevelList: AccessLevelList;
/**
* Adds a resource of type accesspoint to the statement
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html
*
* @param outpostId - Identifier for the outpostId.
* @param accessPointName - Identifier for the accessPointName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onAccesspoint(outpostId: string, accessPointName: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type bucket to the statement
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingBucket.html
*
* @param outpostId - Identifier for the outpostId.
* @param bucketName - Identifier for the bucketName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onBucket(outpostId: string, bucketName: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type endpoint to the statement
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/outposts-endpoints.html
*
* @param outpostId - Identifier for the outpostId.
* @param endpointId - Identifier for the endpointId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onEndpoint(outpostId: string, endpointId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type object to the statement
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingObjects.html
*
* @param outpostId - Identifier for the outpostId.
* @param bucketName - Identifier for the bucketName.
* @param objectName - Identifier for the objectName.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onObject(outpostId: string, bucketName: string, objectName: string, account?: string, region?: string, partition?: string): this;
/**
* Filters access by the network origin (Internet or VPC)
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-access-points.html#access-points-policies
*
* Applies to actions:
* - .toAbortMultipartUpload()
* - .toCreateAccessPoint()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteObject()
* - .toDeleteObjectTagging()
* - .toDeleteObjectVersion()
* - .toDeleteObjectVersionTagging()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetObject()
* - .toGetObjectTagging()
* - .toGetObjectVersion()
* - .toGetObjectVersionTagging()
* - .toListBucket()
* - .toListBucketMultipartUploads()
* - .toListBucketVersions()
* - .toListMultipartUploadParts()
* - .toPutAccessPointPolicy()
* - .toPutObject()
* - .toPutObjectAcl()
* - .toPutObjectTagging()
* - .toPutObjectVersionTagging()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAccessPointNetworkOrigin(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the AWS Account ID that owns the access point
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-access-points.html#access-points-policies
*
* Applies to actions:
* - .toAbortMultipartUpload()
* - .toCreateAccessPoint()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteObject()
* - .toDeleteObjectTagging()
* - .toDeleteObjectVersion()
* - .toDeleteObjectVersionTagging()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetObject()
* - .toGetObjectTagging()
* - .toGetObjectVersion()
* - .toGetObjectVersionTagging()
* - .toListBucket()
* - .toListBucketMultipartUploads()
* - .toListBucketVersions()
* - .toListMultipartUploadParts()
* - .toPutAccessPointPolicy()
* - .toPutObject()
* - .toPutObjectAcl()
* - .toPutObjectTagging()
* - .toPutObjectVersionTagging()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifDataAccessPointAccount(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by an access point Amazon Resource Name (ARN)
*
* Applies to actions:
* - .toAbortMultipartUpload()
* - .toCreateAccessPoint()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteObject()
* - .toDeleteObjectTagging()
* - .toDeleteObjectVersion()
* - .toDeleteObjectVersionTagging()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetObject()
* - .toGetObjectTagging()
* - .toGetObjectVersion()
* - .toGetObjectVersionTagging()
* - .toListBucket()
* - .toListBucketMultipartUploads()
* - .toListBucketVersions()
* - .toListMultipartUploadParts()
* - .toPutAccessPointPolicy()
* - .toPutObject()
* - .toPutObjectAcl()
* - .toPutObjectTagging()
* - .toPutObjectVersionTagging()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifDataAccessPointArn(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by requiring that an existing object tag has a specific tag key and value
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html#tagging-and-policies
*
* Applies to actions:
* - .toDeleteObjectTagging()
* - .toDeleteObjectVersionTagging()
* - .toGetObject()
* - .toGetObjectTagging()
* - .toGetObjectVersion()
* - .toGetObjectVersionTagging()
* - .toPutObjectAcl()
* - .toPutObjectTagging()
* - .toPutObjectVersionTagging()
*
* @param key The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifExistingObjectTag(key: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by restricting the tag keys and values allowed on objects
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html#tagging-and-policies
*
* Applies to actions:
* - .toPutObject()
* - .toPutObjectTagging()
* - .toPutObjectVersionTagging()
*
* @param key The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestObjectTag(key: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by restricting the tag keys allowed on objects
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html#tagging-and-policies
*
* Applies to actions:
* - .toPutObject()
* - .toPutObjectTagging()
* - .toPutObjectVersionTagging()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestObjectTagKeys(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by restricting incoming requests to a specific authentication method
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html
*
* Applies to actions:
* - .toAbortMultipartUpload()
* - .toCreateAccessPoint()
* - .toCreateBucket()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteBucket()
* - .toDeleteBucketPolicy()
* - .toDeleteObject()
* - .toDeleteObjectTagging()
* - .toDeleteObjectVersion()
* - .toDeleteObjectVersionTagging()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetBucket()
* - .toGetBucketPolicy()
* - .toGetBucketTagging()
* - .toGetBucketVersioning()
* - .toGetLifecycleConfiguration()
* - .toGetObject()
* - .toGetObjectTagging()
* - .toGetObjectVersion()
* - .toGetObjectVersionForReplication()
* - .toGetObjectVersionTagging()
* - .toGetReplicationConfiguration()
* - .toListAccessPoints()
* - .toListBucket()
* - .toListBucketMultipartUploads()
* - .toListBucketVersions()
* - .toListMultipartUploadParts()
* - .toListRegionalBuckets()
* - .toPutAccessPointPolicy()
* - .toPutBucketPolicy()
* - .toPutBucketTagging()
* - .toPutBucketVersioning()
* - .toPutLifecycleConfiguration()
* - .toPutObject()
* - .toPutObjectAcl()
* - .toPutObjectTagging()
* - .toPutObjectVersionTagging()
* - .toPutReplicationConfiguration()
* - .toReplicateDelete()
* - .toReplicateObject()
* - .toReplicateTags()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAuthType(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by requiring the delimiter parameter
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/walkthrough1.html
*
* Applies to actions:
* - .toListBucket()
* - .toListBucketVersions()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifDelimiter(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by limiting the maximum number of keys returned in a ListBucket request
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#example-numeric-condition-operators
*
* Applies to actions:
* - .toListBucket()
* - .toListBucketVersions()
*
* @param value The value(s) to check
* @param operator Works with [numeric operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_Numeric). **Default:** `NumericEquals`
*/
ifMaxKeys(value: number | number[], operator?: Operator | string): this;
/**
* Filters access by key name prefix
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#condition-key-bucket-ops-2
*
* Applies to actions:
* - .toListBucket()
* - .toListBucketVersions()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifPrefix(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by identifying the length of time, in milliseconds, that a signature is valid in an authenticated request
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html
*
* Applies to actions:
* - .toAbortMultipartUpload()
* - .toCreateAccessPoint()
* - .toCreateBucket()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteBucket()
* - .toDeleteBucketPolicy()
* - .toDeleteObject()
* - .toDeleteObjectTagging()
* - .toDeleteObjectVersion()
* - .toDeleteObjectVersionTagging()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetBucket()
* - .toGetBucketPolicy()
* - .toGetBucketTagging()
* - .toGetBucketVersioning()
* - .toGetLifecycleConfiguration()
* - .toGetObject()
* - .toGetObjectTagging()
* - .toGetObjectVersion()
* - .toGetObjectVersionForReplication()
* - .toGetObjectVersionTagging()
* - .toGetReplicationConfiguration()
* - .toListAccessPoints()
* - .toListBucket()
* - .toListBucketMultipartUploads()
* - .toListBucketVersions()
* - .toListMultipartUploadParts()
* - .toListRegionalBuckets()
* - .toPutAccessPointPolicy()
* - .toPutBucketPolicy()
* - .toPutBucketTagging()
* - .toPutBucketVersioning()
* - .toPutLifecycleConfiguration()
* - .toPutObject()
* - .toPutObjectAcl()
* - .toPutObjectTagging()
* - .toPutObjectVersionTagging()
* - .toPutReplicationConfiguration()
* - .toReplicateDelete()
* - .toReplicateObject()
* - .toReplicateTags()
*
* @param value The value(s) to check
* @param operator Works with [numeric operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_Numeric). **Default:** `NumericEquals`
*/
ifSignatureAge(value: number | number[], operator?: Operator | string): this;
/**
* Filters access by identifying the version of AWS Signature that is supported for authenticated requests
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html
*
* Applies to actions:
* - .toAbortMultipartUpload()
* - .toCreateAccessPoint()
* - .toCreateBucket()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteBucket()
* - .toDeleteBucketPolicy()
* - .toDeleteObject()
* - .toDeleteObjectTagging()
* - .toDeleteObjectVersion()
* - .toDeleteObjectVersionTagging()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetBucket()
* - .toGetBucketPolicy()
* - .toGetBucketTagging()
* - .toGetBucketVersioning()
* - .toGetLifecycleConfiguration()
* - .toGetObject()
* - .toGetObjectTagging()
* - .toGetObjectVersion()
* - .toGetObjectVersionForReplication()
* - .toGetObjectVersionTagging()
* - .toGetReplicationConfiguration()
* - .toListAccessPoints()
* - .toListBucket()
* - .toListBucketMultipartUploads()
* - .toListBucketVersions()
* - .toListMultipartUploadParts()
* - .toListRegionalBuckets()
* - .toPutAccessPointPolicy()
* - .toPutBucketPolicy()
* - .toPutBucketTagging()
* - .toPutBucketVersioning()
* - .toPutLifecycleConfiguration()
* - .toPutObject()
* - .toPutObjectAcl()
* - .toPutObjectTagging()
* - .toPutObjectVersionTagging()
* - .toPutReplicationConfiguration()
* - .toReplicateDelete()
* - .toReplicateObject()
* - .toReplicateTags()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSignatureversion(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by a specific object version
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#getobjectversion-limit-access-to-specific-version-3
*
* Applies to actions:
* - .toDeleteObjectVersion()
* - .toDeleteObjectVersionTagging()
* - .toGetObjectVersion()
* - .toGetObjectVersionTagging()
* - .toPutObjectVersionTagging()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifVersionid(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by requiring the x-amz-acl header with a specific canned ACL in a request
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#permissions
*
* Applies to actions:
* - .toPutObject()
* - .toPutObjectAcl()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifXAmzAcl(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by disallowing unsigned content in your bucket
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html
*
* Applies to actions:
* - .toAbortMultipartUpload()
* - .toCreateAccessPoint()
* - .toCreateBucket()
* - .toDeleteAccessPoint()
* - .toDeleteAccessPointPolicy()
* - .toDeleteBucket()
* - .toDeleteBucketPolicy()
* - .toDeleteObject()
* - .toDeleteObjectTagging()
* - .toDeleteObjectVersion()
* - .toDeleteObjectVersionTagging()
* - .toGetAccessPoint()
* - .toGetAccessPointPolicy()
* - .toGetBucket()
* - .toGetBucketPolicy()
* - .toGetBucketTagging()
* - .toGetBucketVersioning()
* - .toGetLifecycleConfiguration()
* - .toGetObject()
* - .toGetObjectTagging()
* - .toGetObjectVersion()
* - .toGetObjectVersionForReplication()
* - .toGetObjectVersionTagging()
* - .toGetReplicationConfiguration()
* - .toListAccessPoints()
* - .toListBucket()
* - .toListBucketMultipartUploads()
* - .toListBucketVersions()
* - .toListMultipartUploadParts()
* - .toListRegionalBuckets()
* - .toPutAccessPointPolicy()
* - .toPutBucketPolicy()
* - .toPutBucketTagging()
* - .toPutBucketVersioning()
* - .toPutLifecycleConfiguration()
* - .toPutObject()
* - .toPutObjectAcl()
* - .toPutObjectTagging()
* - .toPutObjectVersionTagging()
* - .toPutReplicationConfiguration()
* - .toReplicateDelete()
* - .toReplicateObject()
* - .toReplicateTags()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifXAmzContentSha256(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by restricting the copy source to a specific bucket, prefix, or object
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#putobject-limit-copy-source-3
*
* Applies to actions:
* - .toPutObject()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifXAmzCopySource(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by enabling enforcement of object metadata behavior (COPY or REPLACE) when objects are copied
*
* https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
*
* Applies to actions:
* - .toPutObject()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifXAmzMetadataDirective(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by requiring server-side encryption
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html
*
* Applies to actions:
* - .toPutObject()
* - .toReplicateObject()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifXAmzServerSideEncryption(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by storage class
*
* https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html#sc-howtoset
*
* Applies to actions:
* - .toPutObject()
* - .toPutObjectAcl()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifXAmzStorageClass(value: string | string[], operator?: Operator | string): this;
/**
* Statement provider for service [s3-outposts](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3onoutposts.html).
*
*/
constructor(props?: iam.PolicyStatementProps);
}