cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
970 lines (969 loc) • 44.7 kB
TypeScript
import { AccessLevelList } from '../../shared/access-level';
import { PolicyStatement, Operator } from '../../shared';
import { aws_iam as iam } from "aws-cdk-lib";
/**
* Statement provider for service [sts](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
export declare class Sts extends PolicyStatement {
servicePrefix: string;
/**
* Grants permission to obtain a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifTransitiveTagKeys()
* - .ifExternalId()
* - .ifRoleSessionName()
* - .ifIamResourceTag()
* - .ifSourceIdentity()
* - .ifCognitoAmr()
* - .ifCognitoAud()
* - .ifCognitoSub()
* - .ifAmazonAppId()
* - .ifAmazonUserId()
* - .ifFacebookAppId()
* - .ifFacebookId()
* - .ifGoogleAud()
* - .ifGoogleSub()
* - .ifSamlNamequalifier()
* - .ifSamlSub()
* - .ifSamlSubType()
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
*/
toAssumeRole(): this;
/**
* Grants permission to obtain a set of temporary security credentials for users who have been authenticated via a SAML authentication response
*
* Access Level: Write
*
* Possible conditions:
* - .ifSamlNamequalifier()
* - .ifSamlSub()
* - .ifSamlSubType()
* - .ifSamlAud()
* - .ifSamlIss()
* - .ifSamlDoc()
* - .ifSamlCn()
* - .ifSamlCommonName()
* - .ifSamlEduorghomepageuri()
* - .ifSamlEduorgidentityauthnpolicyuri()
* - .ifSamlEduorglegalname()
* - .ifSamlEduorgsuperioruri()
* - .ifSamlEduorgwhitepagesuri()
* - .ifSamlEdupersonaffiliation()
* - .ifSamlEdupersonassurance()
* - .ifSamlEdupersonentitlement()
* - .ifSamlEdupersonnickname()
* - .ifSamlEdupersonorgdn()
* - .ifSamlEdupersonorgunitdn()
* - .ifSamlEdupersonprimaryaffiliation()
* - .ifSamlEdupersonprimaryorgunitdn()
* - .ifSamlEdupersonprincipalname()
* - .ifSamlEdupersonscopedaffiliation()
* - .ifSamlEdupersontargetedid()
* - .ifSamlGivenName()
* - .ifSamlMail()
* - .ifSamlName()
* - .ifSamlOrganizationStatus()
* - .ifSamlPrimaryGroupSID()
* - .ifSamlSurname()
* - .ifSamlUid()
* - .ifSamlX500UniqueIdentifier()
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifTransitiveTagKeys()
* - .ifSourceIdentity()
* - .ifRoleSessionName()
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html
*/
toAssumeRoleWithSAML(): this;
/**
* Grants permission to obtain a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider
*
* Access Level: Write
*
* Possible conditions:
* - .ifCognitoAmr()
* - .ifCognitoAud()
* - .ifCognitoSub()
* - .ifAmazonAppId()
* - .ifAmazonUserId()
* - .ifFacebookAppId()
* - .ifFacebookId()
* - .ifGoogleAud()
* - .ifGoogleOaud()
* - .ifGoogleSub()
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifTransitiveTagKeys()
* - .ifSourceIdentity()
* - .ifRoleSessionName()
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html
*/
toAssumeRoleWithWebIdentity(): this;
/**
* Grants permission to obtain a set of temporary security credentials that you can use to perform privileged tasks in member accounts in your organization
*
* Access Level: Write
*
* Possible conditions:
* - .ifTaskPolicyArn()
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html
*/
toAssumeRoot(): this;
/**
* Grants permission to decode additional information about the authorization status of a request from an encoded message returned in response to an AWS request
*
* Access Level: Write
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_DecodeAuthorizationMessage.html
*/
toDecodeAuthorizationMessage(): this;
/**
* Grants permission to obtain details about the access key id passed as a parameter to the request
*
* Access Level: Read
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_GetAccessKeyInfo.html
*/
toGetAccessKeyInfo(): this;
/**
* Grants permission to obtain details about the IAM identity whose credentials are used to call the API
*
* Access Level: Read
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html
*/
toGetCallerIdentity(): this;
/**
* Grants permission to obtain a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html
*/
toGetFederationToken(): this;
/**
* Grants permission to obtain a STS bearer token for an AWS root user, IAM role, or an IAM user
*
* Access Level: Read
*
* Possible conditions:
* - .ifAWSServiceName()
* - .ifDurationSeconds()
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bearer.html
*/
toGetServiceBearerToken(): this;
/**
* Grants permission to obtain a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for an AWS account or IAM user
*
* Access Level: Read
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html
*/
toGetSessionToken(): this;
/**
* Grants permission to set context keys on a STS session
*
* Access Level: Write
*
* Possible conditions:
* - .ifRequestContext()
* - .ifRequestContextProviders()
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts
*/
toSetContext(): this;
/**
* Grants permission to set a source identity on a STS session
*
* Access Level: Write
*
* Possible conditions:
* - .ifSourceIdentity()
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html#id_credentials_temp_control-access_monitor-perms
*/
toSetSourceIdentity(): this;
/**
* Grants permission to add tags to a STS session
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifTransitiveTagKeys()
* - .ifSamlAud()
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
*/
toTagSession(): this;
protected accessLevelList: AccessLevelList;
/**
* Adds a resource of type role to the statement
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
*
* @param roleNameWithPath - Identifier for the roleNameWithPath.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifIamResourceTag()
*/
onRole(roleNameWithPath: string, account?: string, partition?: string): this;
/**
* Adds a resource of type user to the statement
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html
*
* @param userNameWithPath - Identifier for the userNameWithPath.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onUser(userNameWithPath: string, account?: string, partition?: string): this;
/**
* Adds a resource of type root-user to the statement
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
*
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onRootUser(account?: string, partition?: string): this;
/**
* Adds a resource of type self-session to the statement
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns
*
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onSelfSession(account?: string, partition?: string): this;
/**
* Adds a resource of type context-provider to the statement
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns
*
* @param contextProviderName - Identifier for the contextProviderName.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onContextProvider(contextProviderName: string, partition?: string): this;
/**
* Filters access by the Google application ID
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifGoogleAud(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the Google audience
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_oaud
*
* Applies to actions:
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifGoogleOaud(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the subject of the claim (the Google user ID)
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifGoogleSub(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the tags that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
* - .toAssumeRoleWithWebIdentity()
* - .toGetFederationToken()
* - .toTagSession()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the tags associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to resource types:
* - role
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the tag keys that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
* - .toAssumeRoleWithWebIdentity()
* - .toGetFederationToken()
* - .toTagSession()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the login information for Amazon Cognito
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_amr
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifCognitoAmr(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the Amazon Cognito identity pool ID
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifCognitoAud(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the subject of the claim (the Amazon Cognito user ID)
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifCognitoSub(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the Facebook application ID
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifFacebookAppId(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the Facebook user ID
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifFacebookId(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the tags that are attached to the role that is being assumed
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_ResourceTag
*
* Applies to actions:
* - .toAssumeRole()
*
* Applies to resource types:
* - role
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifIamResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the endpoint URL to which SAML assertions are presented
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
* - .toTagSession()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlAud(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduOrg attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_cn
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlCn(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the commonName attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_commonname
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlCommonName(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by on the principal that was used to assume the role
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_doc
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlDoc(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduOrg attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorghomepageuri
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEduorghomepageuri(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduOrg attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEduorgidentityauthnpolicyuri(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduOrg attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorglegalname
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEduorglegalname(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduOrg attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorgsuperioruri
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEduorgsuperioruri(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduOrg attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorgwhitepagesuri
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEduorgwhitepagesuri(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonaffiliation
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonaffiliation(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonassurance
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonassurance(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonentitlement
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonentitlement(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonnickname
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonnickname(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonorgdn
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonorgdn(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonorgunitdn
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonorgunitdn(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprimaryaffiliation
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonprimaryaffiliation(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprimaryorgunitdn
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonprimaryorgunitdn(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprincipalname
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonprincipalname(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonscopedaffiliation
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonscopedaffiliation(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersontargetedid
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersontargetedid(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the givenName attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_givenname
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlGivenName(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by on the issuer, which is represented by a URN
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_iss
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlIss(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the mail attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_mail
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlMail(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the name attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_name
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlName(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the hash value of the issuer, account ID, and friendly name
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_namequalifier
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlNamequalifier(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the organizationStatus attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_organizationstatus
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlOrganizationStatus(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the primaryGroupSID attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_primarygroupsid
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlPrimaryGroupSID(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the subject of the claim (the SAML user ID)
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlSub(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the value persistent, transient, or the full Format URI
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_subtype
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlSubType(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the surname attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_surname
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlSurname(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the uid attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_uid
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlUid(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the uid attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_x500uniqueidentifier
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlX500UniqueIdentifier(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the service that is obtaining a bearer token
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_awsservicename
*
* Applies to actions:
* - .toGetServiceBearerToken()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAWSServiceName(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the duration in seconds when getting a bearer token
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_durationseconds
*
* Applies to actions:
* - .toGetServiceBearerToken()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifDurationSeconds(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the unique identifier required when you assume a role in another account
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_externalid
*
* Applies to actions:
* - .toAssumeRole()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifExternalId(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the session context key-value pairs embedded in the signed context assertion retrieved from a trusted context provider
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts
*
* Applies to actions:
* - .toSetContext()
*
* @param contextKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestContext(contextKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the context provider ARNs
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts
*
* Applies to actions:
* - .toSetContext()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifRequestContextProviders(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the role session name required when you assume a role
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRoleSessionName(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the source identity that is passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sourceidentity
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
* - .toAssumeRoleWithWebIdentity()
* - .toSetSourceIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSourceIdentity(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by TaskPolicyARN
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts
*
* Applies to actions:
* - .toAssumeRoot()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifTaskPolicyArn(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the transitive tag keys that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_TransitiveTagKeys
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
* - .toAssumeRoleWithWebIdentity()
* - .toTagSession()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifTransitiveTagKeys(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the Login with Amazon application ID
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAmazonAppId(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the Login with Amazon user ID
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAmazonUserId(value: string | string[], operator?: Operator | string): this;
/**
* Statement provider for service [sts](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html).
*
*/
constructor(props?: iam.PolicyStatementProps);
}