cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,140 lines • 130 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Sts = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [sts](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Sts extends shared_1.PolicyStatement {
/**
* Grants permission to obtain a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifTransitiveTagKeys()
* - .ifExternalId()
* - .ifRoleSessionName()
* - .ifIamResourceTag()
* - .ifSourceIdentity()
* - .ifCognitoAmr()
* - .ifCognitoAud()
* - .ifCognitoSub()
* - .ifAmazonAppId()
* - .ifAmazonUserId()
* - .ifFacebookAppId()
* - .ifFacebookId()
* - .ifGoogleAud()
* - .ifGoogleSub()
* - .ifSamlNamequalifier()
* - .ifSamlSub()
* - .ifSamlSubType()
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
*/
toAssumeRole() {
return this.to('AssumeRole');
}
/**
* Grants permission to obtain a set of temporary security credentials for users who have been authenticated via a SAML authentication response
*
* Access Level: Write
*
* Possible conditions:
* - .ifSamlNamequalifier()
* - .ifSamlSub()
* - .ifSamlSubType()
* - .ifSamlAud()
* - .ifSamlIss()
* - .ifSamlDoc()
* - .ifSamlCn()
* - .ifSamlCommonName()
* - .ifSamlEduorghomepageuri()
* - .ifSamlEduorgidentityauthnpolicyuri()
* - .ifSamlEduorglegalname()
* - .ifSamlEduorgsuperioruri()
* - .ifSamlEduorgwhitepagesuri()
* - .ifSamlEdupersonaffiliation()
* - .ifSamlEdupersonassurance()
* - .ifSamlEdupersonentitlement()
* - .ifSamlEdupersonnickname()
* - .ifSamlEdupersonorgdn()
* - .ifSamlEdupersonorgunitdn()
* - .ifSamlEdupersonprimaryaffiliation()
* - .ifSamlEdupersonprimaryorgunitdn()
* - .ifSamlEdupersonprincipalname()
* - .ifSamlEdupersonscopedaffiliation()
* - .ifSamlEdupersontargetedid()
* - .ifSamlGivenName()
* - .ifSamlMail()
* - .ifSamlName()
* - .ifSamlOrganizationStatus()
* - .ifSamlPrimaryGroupSID()
* - .ifSamlSurname()
* - .ifSamlUid()
* - .ifSamlX500UniqueIdentifier()
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifTransitiveTagKeys()
* - .ifSourceIdentity()
* - .ifRoleSessionName()
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html
*/
toAssumeRoleWithSAML() {
return this.to('AssumeRoleWithSAML');
}
/**
* Grants permission to obtain a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider
*
* Access Level: Write
*
* Possible conditions:
* - .ifCognitoAmr()
* - .ifCognitoAud()
* - .ifCognitoSub()
* - .ifAmazonAppId()
* - .ifAmazonUserId()
* - .ifFacebookAppId()
* - .ifFacebookId()
* - .ifGoogleAud()
* - .ifGoogleOaud()
* - .ifGoogleSub()
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifTransitiveTagKeys()
* - .ifSourceIdentity()
* - .ifRoleSessionName()
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html
*/
toAssumeRoleWithWebIdentity() {
return this.to('AssumeRoleWithWebIdentity');
}
/**
* Grants permission to obtain a set of temporary security credentials that you can use to perform privileged tasks in member accounts in your organization
*
* Access Level: Write
*
* Possible conditions:
* - .ifTaskPolicyArn()
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html
*/
toAssumeRoot() {
return this.to('AssumeRoot');
}
/**
* Grants permission to decode additional information about the authorization status of a request from an encoded message returned in response to an AWS request
*
* Access Level: Write
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_DecodeAuthorizationMessage.html
*/
toDecodeAuthorizationMessage() {
return this.to('DecodeAuthorizationMessage');
}
/**
* Grants permission to obtain details about the access key id passed as a parameter to the request
*
* Access Level: Read
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_GetAccessKeyInfo.html
*/
toGetAccessKeyInfo() {
return this.to('GetAccessKeyInfo');
}
/**
* Grants permission to obtain details about the IAM identity whose credentials are used to call the API
*
* Access Level: Read
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html
*/
toGetCallerIdentity() {
return this.to('GetCallerIdentity');
}
/**
* Grants permission to obtain a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html
*/
toGetFederationToken() {
return this.to('GetFederationToken');
}
/**
* Grants permission to obtain a STS bearer token for an AWS root user, IAM role, or an IAM user
*
* Access Level: Read
*
* Possible conditions:
* - .ifAWSServiceName()
* - .ifDurationSeconds()
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bearer.html
*/
toGetServiceBearerToken() {
return this.to('GetServiceBearerToken');
}
/**
* Grants permission to obtain a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for an AWS account or IAM user
*
* Access Level: Read
*
* https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html
*/
toGetSessionToken() {
return this.to('GetSessionToken');
}
/**
* Grants permission to set context keys on a STS session
*
* Access Level: Write
*
* Possible conditions:
* - .ifRequestContext()
* - .ifRequestContextProviders()
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts
*/
toSetContext() {
return this.to('SetContext');
}
/**
* Grants permission to set a source identity on a STS session
*
* Access Level: Write
*
* Possible conditions:
* - .ifSourceIdentity()
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html#id_credentials_temp_control-access_monitor-perms
*/
toSetSourceIdentity() {
return this.to('SetSourceIdentity');
}
/**
* Grants permission to add tags to a STS session
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
* - .ifTransitiveTagKeys()
* - .ifSamlAud()
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
*/
toTagSession() {
return this.to('TagSession');
}
/**
* Adds a resource of type role to the statement
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
*
* @param roleNameWithPath - Identifier for the roleNameWithPath.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifIamResourceTag()
*/
onRole(roleNameWithPath, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:iam::${account ?? this.defaultAccount}:role/${roleNameWithPath}`);
}
/**
* Adds a resource of type user to the statement
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html
*
* @param userNameWithPath - Identifier for the userNameWithPath.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onUser(userNameWithPath, account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:iam::${account ?? this.defaultAccount}:user/${userNameWithPath}`);
}
/**
* Adds a resource of type root-user to the statement
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
*
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onRootUser(account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:iam::${account ?? this.defaultAccount}:root`);
}
/**
* Adds a resource of type self-session to the statement
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns
*
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onSelfSession(account, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:sts::${account ?? this.defaultAccount}:self`);
}
/**
* Adds a resource of type context-provider to the statement
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns
*
* @param contextProviderName - Identifier for the contextProviderName.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onContextProvider(contextProviderName, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:iam::aws:contextProvider/${contextProviderName}`);
}
/**
* Filters access by the Google application ID
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifGoogleAud(value, operator) {
return this.if(`accounts.google.com:aud`, value, operator ?? 'StringLike');
}
/**
* Filters access by the Google audience
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_oaud
*
* Applies to actions:
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifGoogleOaud(value, operator) {
return this.if(`accounts.google.com:oaud`, value, operator ?? 'StringLike');
}
/**
* Filters access by the subject of the claim (the Google user ID)
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifGoogleSub(value, operator) {
return this.if(`accounts.google.com:sub`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tags that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
* - .toAssumeRoleWithWebIdentity()
* - .toGetFederationToken()
* - .toTagSession()
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey, value, operator) {
return this.if(`aws:RequestTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tags associated with the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to resource types:
* - role
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey, value, operator) {
return this.if(`aws:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tag keys that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
* - .toAssumeRoleWithWebIdentity()
* - .toGetFederationToken()
* - .toTagSession()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value, operator) {
return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
}
/**
* Filters access by the login information for Amazon Cognito
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_amr
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifCognitoAmr(value, operator) {
return this.if(`cognito-identity.amazonaws.com:amr`, value, operator ?? 'StringLike');
}
/**
* Filters access by the Amazon Cognito identity pool ID
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifCognitoAud(value, operator) {
return this.if(`cognito-identity.amazonaws.com:aud`, value, operator ?? 'StringLike');
}
/**
* Filters access by the subject of the claim (the Amazon Cognito user ID)
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifCognitoSub(value, operator) {
return this.if(`cognito-identity.amazonaws.com:sub`, value, operator ?? 'StringLike');
}
/**
* Filters access by the Facebook application ID
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifFacebookAppId(value, operator) {
return this.if(`graph.facebook.com:app_id`, value, operator ?? 'StringLike');
}
/**
* Filters access by the Facebook user ID
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifFacebookId(value, operator) {
return this.if(`graph.facebook.com:id`, value, operator ?? 'StringLike');
}
/**
* Filters access by the tags that are attached to the role that is being assumed
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_ResourceTag
*
* Applies to actions:
* - .toAssumeRole()
*
* Applies to resource types:
* - role
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifIamResourceTag(tagKey, value, operator) {
return this.if(`iam:ResourceTag/${tagKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the endpoint URL to which SAML assertions are presented
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
* - .toTagSession()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlAud(value, operator) {
return this.if(`saml:aud`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduOrg attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_cn
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlCn(value, operator) {
return this.if(`saml:cn`, value, operator ?? 'StringLike');
}
/**
* Filters access by the commonName attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_commonname
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlCommonName(value, operator) {
return this.if(`saml:commonName`, value, operator ?? 'StringLike');
}
/**
* Filters access by on the principal that was used to assume the role
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_doc
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlDoc(value, operator) {
return this.if(`saml:doc`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduOrg attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorghomepageuri
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEduorghomepageuri(value, operator) {
return this.if(`saml:eduorghomepageuri`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduOrg attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEduorgidentityauthnpolicyuri(value, operator) {
return this.if(`saml:eduorgidentityauthnpolicyuri`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduOrg attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorglegalname
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEduorglegalname(value, operator) {
return this.if(`saml:eduorglegalname`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduOrg attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorgsuperioruri
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEduorgsuperioruri(value, operator) {
return this.if(`saml:eduorgsuperioruri`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduOrg attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorgwhitepagesuri
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEduorgwhitepagesuri(value, operator) {
return this.if(`saml:eduorgwhitepagesuri`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonaffiliation
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonaffiliation(value, operator) {
return this.if(`saml:edupersonaffiliation`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonassurance
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonassurance(value, operator) {
return this.if(`saml:edupersonassurance`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonentitlement
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonentitlement(value, operator) {
return this.if(`saml:edupersonentitlement`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonnickname
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonnickname(value, operator) {
return this.if(`saml:edupersonnickname`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonorgdn
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonorgdn(value, operator) {
return this.if(`saml:edupersonorgdn`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonorgunitdn
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonorgunitdn(value, operator) {
return this.if(`saml:edupersonorgunitdn`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprimaryaffiliation
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonprimaryaffiliation(value, operator) {
return this.if(`saml:edupersonprimaryaffiliation`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprimaryorgunitdn
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonprimaryorgunitdn(value, operator) {
return this.if(`saml:edupersonprimaryorgunitdn`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprincipalname
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonprincipalname(value, operator) {
return this.if(`saml:edupersonprincipalname`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonscopedaffiliation
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersonscopedaffiliation(value, operator) {
return this.if(`saml:edupersonscopedaffiliation`, value, operator ?? 'StringLike');
}
/**
* Filters access by the eduPerson attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersontargetedid
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlEdupersontargetedid(value, operator) {
return this.if(`saml:edupersontargetedid`, value, operator ?? 'StringLike');
}
/**
* Filters access by the givenName attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_givenname
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlGivenName(value, operator) {
return this.if(`saml:givenName`, value, operator ?? 'StringLike');
}
/**
* Filters access by on the issuer, which is represented by a URN
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_iss
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlIss(value, operator) {
return this.if(`saml:iss`, value, operator ?? 'StringLike');
}
/**
* Filters access by the mail attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_mail
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlMail(value, operator) {
return this.if(`saml:mail`, value, operator ?? 'StringLike');
}
/**
* Filters access by the name attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_name
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlName(value, operator) {
return this.if(`saml:name`, value, operator ?? 'StringLike');
}
/**
* Filters access by the hash value of the issuer, account ID, and friendly name
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_namequalifier
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlNamequalifier(value, operator) {
return this.if(`saml:namequalifier`, value, operator ?? 'StringLike');
}
/**
* Filters access by the organizationStatus attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_organizationstatus
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlOrganizationStatus(value, operator) {
return this.if(`saml:organizationStatus`, value, operator ?? 'StringLike');
}
/**
* Filters access by the primaryGroupSID attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_primarygroupsid
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlPrimaryGroupSID(value, operator) {
return this.if(`saml:primaryGroupSID`, value, operator ?? 'StringLike');
}
/**
* Filters access by the subject of the claim (the SAML user ID)
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlSub(value, operator) {
return this.if(`saml:sub`, value, operator ?? 'StringLike');
}
/**
* Filters access by the value persistent, transient, or the full Format URI
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_subtype
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlSubType(value, operator) {
return this.if(`saml:sub_type`, value, operator ?? 'StringLike');
}
/**
* Filters access by the surname attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_surname
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlSurname(value, operator) {
return this.if(`saml:surname`, value, operator ?? 'StringLike');
}
/**
* Filters access by the uid attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_uid
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlUid(value, operator) {
return this.if(`saml:uid`, value, operator ?? 'StringLike');
}
/**
* Filters access by the uid attribute
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_x500uniqueidentifier
*
* Applies to actions:
* - .toAssumeRoleWithSAML()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSamlX500UniqueIdentifier(value, operator) {
return this.if(`saml:x500UniqueIdentifier`, value, operator ?? 'StringLike');
}
/**
* Filters access by the service that is obtaining a bearer token
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_awsservicename
*
* Applies to actions:
* - .toGetServiceBearerToken()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAWSServiceName(value, operator) {
return this.if(`AWSServiceName`, value, operator ?? 'StringLike');
}
/**
* Filters access by the duration in seconds when getting a bearer token
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_durationseconds
*
* Applies to actions:
* - .toGetServiceBearerToken()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifDurationSeconds(value, operator) {
return this.if(`DurationSeconds`, value, operator ?? 'StringLike');
}
/**
* Filters access by the unique identifier required when you assume a role in another account
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_externalid
*
* Applies to actions:
* - .toAssumeRole()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifExternalId(value, operator) {
return this.if(`ExternalId`, value, operator ?? 'StringLike');
}
/**
* Filters access by the session context key-value pairs embedded in the signed context assertion retrieved from a trusted context provider
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts
*
* Applies to actions:
* - .toSetContext()
*
* @param contextKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestContext(contextKey, value, operator) {
return this.if(`RequestContext/${contextKey}`, value, operator ?? 'StringLike');
}
/**
* Filters access by the context provider ARNs
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts
*
* Applies to actions:
* - .toSetContext()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifRequestContextProviders(value, operator) {
return this.if(`RequestContextProviders`, value, operator ?? 'ArnLike');
}
/**
* Filters access by the role session name required when you assume a role
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRoleSessionName(value, operator) {
return this.if(`RoleSessionName`, value, operator ?? 'StringLike');
}
/**
* Filters access by the source identity that is passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sourceidentity
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
* - .toAssumeRoleWithWebIdentity()
* - .toSetSourceIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifSourceIdentity(value, operator) {
return this.if(`SourceIdentity`, value, operator ?? 'StringLike');
}
/**
* Filters access by TaskPolicyARN
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts
*
* Applies to actions:
* - .toAssumeRoot()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifTaskPolicyArn(value, operator) {
return this.if(`TaskPolicyArn`, value, operator ?? 'StringLike');
}
/**
* Filters access by the transitive tag keys that are passed in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_TransitiveTagKeys
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithSAML()
* - .toAssumeRoleWithWebIdentity()
* - .toTagSession()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifTransitiveTagKeys(value, operator) {
return this.if(`TransitiveTagKeys`, value, operator ?? 'StringLike');
}
/**
* Filters access by the Login with Amazon application ID
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAmazonAppId(value, operator) {
return this.if(`www.amazon.com:app_id`, value, operator ?? 'StringLike');
}
/**
* Filters access by the Login with Amazon user ID
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id
*
* Applies to actions:
* - .toAssumeRole()
* - .toAssumeRoleWithWebIdentity()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAmazonUserId(value, operator) {
return this.if(`www.amazon.com:user_id`, value, operator ?? 'StringLike');
}
/**
* Statement provider for service [sts](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html).
*
*/
constructor(props) {
super(props);
this.servicePrefix = 'sts';
this.accessLevelList = {
Write: [
'AssumeRole',
'AssumeRoleWithSAML',
'AssumeRoleWithWebIdentity',
'AssumeRoot',
'DecodeAuthorizationMessage',
'SetContext',
'SetSourceIdentity'
],
Read: [
'GetAccessKeyInfo',
'GetCallerIdentity',
'GetFederationToken',
'GetServiceBearerToken',
'GetSessionToken'
],
Tagging: [
'TagSession'
]
};
}
}
exports.Sts = Sts;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJpdHl0b2tlbnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJzZWN1cml0eXRva2Vuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFDQSx5Q0FBeUQ7QUFHekQ7Ozs7R0FJRztBQUNILE1BQWEsR0FBSSxTQUFRLHdCQUFlO0lBR3RDOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0EyQkc7SUFDSSxZQUFZO1FBQ2pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQTZDRztJQUNJLG9CQUFvQjtRQUN6QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O09BdUJHO0lBQ0ksMkJBQTJCO1FBQ2hDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO0lBQzlDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxZQUFZO1FBQ2pCLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksNEJBQTRCO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLEVBQUUsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxrQkFBa0I7UUFDdkIsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNJLG9CQUFvQjtRQUN6QixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7