cdk-iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [aws-external-anthropic](https://docs.aws.amazon.com/service-authorization/latest/reference/list_claudeplatformonaws.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class AwsExternalAnthropic extends PolicyStatement { servicePrefix: string; /** * Grants permission to archive a managed agent * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toArchiveAgent(): this; /** * Grants permission to archive a managed agent environment * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toArchiveEnvironment(): this; /** * Grants permission to archive a memory store * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toArchiveMemoryStore(): this; /** * Grants permission to archive a managed agent session * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toArchiveSession(): this; /** * Grants permission to archive a credential vault * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toArchiveVault(): this; /** * Grants permission to archive a workspace * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toArchiveWorkspace(): this; /** * Grants permission to assume console access on Claude Platform * * Access Level: Write * * Possible conditions: * - .ifCapability() * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toAssumeConsole(): this; /** * Grants permission to make API calls using bearer token authentication * * Access Level: List * * Possible conditions: * - .ifBearerTokenType() * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html */ toCallWithBearerToken(): this; /** * Grants permission to cancel an in-progress batch inference request * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCancelBatchInference(): this; /** * Grants permission to count tokens for a message request * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCountTokens(): this; /** * Grants permission to create a managed agent in a workspace * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCreateAgent(): this; /** * Grants permission to create a batch inference request * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCreateBatchInference(): this; /** * Grants permission to create a managed agent environment in a workspace * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCreateEnvironment(): this; /** * Grants permission to upload a file to a workspace * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCreateFile(): this; /** * Grants permission to create a chat completion inference request * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCreateInference(): this; /** * Grants permission to create a managed agent memory store in a workspace * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCreateMemoryStore(): this; /** * Grants permission to create a managed agent session in a workspace * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCreateSession(): this; /** * Grants permission to create a skill in a workspace * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCreateSkill(): this; /** * Grants permission to create a user profile in a workspace * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCreateUserProfile(): this; /** * Grants permission to create an enrollment URL for a user profile * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCreateUserProfileEnrollmentUrl(): this; /** * Grants permission to create a managed agent credential vault in a workspace * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCreateVault(): this; /** * Grants permission to create a workspace in an organization * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toCreateWorkspace(): this; /** * Grants permission to delete a batch inference request * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toDeleteBatchInference(): this; /** * Grants permission to delete a managed agent environment * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toDeleteEnvironment(): this; /** * Grants permission to delete a file from a workspace * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toDeleteFile(): this; /** * Grants permission to delete a memory store * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toDeleteMemoryStore(): this; /** * Grants permission to delete a managed agent session * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toDeleteSession(): this; /** * Grants permission to delete a skill from a workspace * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toDeleteSkill(): this; /** * Grants permission to delete a credential vault * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toDeleteVault(): this; /** * Grants permission to retrieve the status of account setup and AWS Marketplace registration * * Access Level: Read * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toGetAccountStatus(): this; /** * Grants permission to retrieve details or versions of a managed agent * * Access Level: Read * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toGetAgent(): this; /** * Grants permission to retrieve details of a batch inference request * * Access Level: Read * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toGetBatchInference(): this; /** * Grants permission to retrieve details of a managed agent environment * * Access Level: Read * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toGetEnvironment(): this; /** * Grants permission to retrieve a file or its content from a workspace * * Access Level: Read * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toGetFile(): this; /** * Grants permission to retrieve details of a memory store, its memories, or its memory versions * * Access Level: Read * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toGetMemoryStore(): this; /** * Grants permission to retrieve information about a specific model * * Access Level: Read * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toGetModel(): this; /** * Grants permission to retrieve details, events, or resources of a managed agent session * * Access Level: Read * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toGetSession(): this; /** * Grants permission to retrieve details of a skill or its versions * * Access Level: Read * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toGetSkill(): this; /** * Grants permission to retrieve details of a user profile * * Access Level: Read * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toGetUserProfile(): this; /** * Grants permission to retrieve details of a credential vault or its credentials * * Access Level: Read * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toGetVault(): this; /** * Grants permission to retrieve details of a workspace * * Access Level: Read * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toGetWorkspace(): this; /** * Grants permission to list managed agents in a workspace * * Access Level: List * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toListAgents(): this; /** * Grants permission to list batch inference requests in a workspace * * Access Level: List * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toListBatchInferences(): this; /** * Grants permission to list managed agent environments in a workspace * * Access Level: List * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toListEnvironments(): this; /** * Grants permission to list files in a workspace * * Access Level: List * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toListFiles(): this; /** * Grants permission to list managed agent memory stores in a workspace * * Access Level: List * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toListMemoryStores(): this; /** * Grants permission to list available models in a workspace * * Access Level: List * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toListModels(): this; /** * Grants permission to list managed agent sessions in a workspace * * Access Level: List * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toListSessions(): this; /** * Grants permission to list skills in a workspace * * Access Level: List * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toListSkills(): this; /** * Grants permission to list tags for a resource * * Access Level: Read * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toListTagsForResource(): this; /** * Grants permission to list user profiles in a workspace * * Access Level: List * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toListUserProfiles(): this; /** * Grants permission to list managed agent credential vaults in a workspace * * Access Level: List * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toListVaults(): this; /** * Grants permission to list workspaces in an organization * * Access Level: List * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toListWorkspaces(): this; /** * Grants permission to tag a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toTagResource(): this; /** * Grants permission to untag a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toUntagResource(): this; /** * Grants permission to update a managed agent * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toUpdateAgent(): this; /** * Grants permission to update a managed agent environment * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toUpdateEnvironment(): this; /** * Grants permission to update a memory store, mutate its memories, or redact a memory version * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toUpdateMemoryStore(): this; /** * Grants permission to update a managed agent session, append session events, or manage its resources * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toUpdateSession(): this; /** * Grants permission to create or delete a skill version * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toUpdateSkill(): this; /** * Grants permission to update a user profile in a workspace * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toUpdateUserProfile(): this; /** * Grants permission to update a credential vault or manage its stored credentials * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toUpdateVault(): this; /** * Grants permission to update a workspace * * Access Level: Write * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-actions.html#iam-actions */ toUpdateWorkspace(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type workspace to the statement * * https://docs.aws.amazon.com/claude-platform/latest/userguide/workspaces.html#workspaces * * @param resourceId - Identifier for the resourceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onWorkspace(resourceId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the Short-term or Long-term bearer tokens * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-policies.html * * Applies to actions: * - .toCallWithBearerToken() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifBearerTokenType(value: string | string[], operator?: Operator | string): this; /** * Filters access by the use of the Claude Platform console * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-policies.html * * @param value `true` or `false`. **Default:** `true` */ ifCalledViaConsole(value?: boolean): this; /** * Filters access by the Claude Platform role used for the console session * * https://docs.aws.amazon.com/claude-platform/latest/userguide/iam-policies.html * * Applies to actions: * - .toAssumeConsole() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifCapability(value: string | string[], operator?: Operator | string): this; /** * Filters access by the tags that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateWorkspace() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tags associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to actions: * - .toArchiveAgent() * - .toArchiveEnvironment() * - .toArchiveMemoryStore() * - .toArchiveSession() * - .toArchiveVault() * - .toArchiveWorkspace() * - .toCancelBatchInference() * - .toCountTokens() * - .toCreateAgent() * - .toCreateBatchInference() * - .toCreateEnvironment() * - .toCreateFile() * - .toCreateInference() * - .toCreateMemoryStore() * - .toCreateSession() * - .toCreateSkill() * - .toCreateUserProfile() * - .toCreateUserProfileEnrollmentUrl() * - .toCreateVault() * - .toDeleteBatchInference() * - .toDeleteEnvironment() * - .toDeleteFile() * - .toDeleteMemoryStore() * - .toDeleteSession() * - .toDeleteSkill() * - .toDeleteVault() * - .toGetAgent() * - .toGetBatchInference() * - .toGetEnvironment() * - .toGetFile() * - .toGetMemoryStore() * - .toGetModel() * - .toGetSession() * - .toGetSkill() * - .toGetUserProfile() * - .toGetVault() * - .toGetWorkspace() * - .toListAgents() * - .toListBatchInferences() * - .toListEnvironments() * - .toListFiles() * - .toListMemoryStores() * - .toListModels() * - .toListSessions() * - .toListSkills() * - .toListTagsForResource() * - .toListUserProfiles() * - .toListVaults() * - .toTagResource() * - .toUntagResource() * - .toUpdateAgent() * - .toUpdateEnvironment() * - .toUpdateMemoryStore() * - .toUpdateSession() * - .toUpdateSkill() * - .toUpdateUserProfile() * - .toUpdateVault() * - .toUpdateWorkspace() * * Applies to resource types: * - workspace * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag keys that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateWorkspace() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [aws-external-anthropic](https://docs.aws.amazon.com/service-authorization/latest/reference/list_claudeplatformonaws.html). * */ constructor(props?: iam.PolicyStatementProps); }