cdk-iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [fsx](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonfsx.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Fsx extends PolicyStatement { servicePrefix: string; /** * Grants permission to associate a File Gateway instance with an Amazon FSx for Windows File Server file system * * Access Level: Write * * https://docs.aws.amazon.com/filegateway/latest/filefsxw/what-is-file-fsxw.html */ toAssociateFileGateway(): this; /** * Grants permission to associate DNS aliases with an Amazon FSx for Windows File Server file system * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_AssociateFileSystemAliases.html */ toAssociateFileSystemAliases(): this; /** * Grants permission to allow deletion of an FSx for ONTAP SnapLock Enterprise volume that contains WORM (write once, read many) files with active retention periods * * Access Level: Permissions management * * https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/snaplock-enterprise.html#bypass-enterprise */ toBypassSnaplockEnterpriseRetention(): this; /** * Grants permission to cancel a data repository task * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CancelDataRepositoryTask.html */ toCancelDataRepositoryTask(): this; /** * Grants permission to copy a backup * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - fsx:TagResource * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CopyBackup.html */ toCopyBackup(): this; /** * Grants permission to update an existing volume by using a snapshot from another Amazon FSx for OpenZFS file system * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CopySnapshotAndUpdateVolume.html */ toCopySnapshotAndUpdateVolume(): this; /** * Grants permission to create and attach a S3 Access Point to a FSx File System * * Access Level: Write * * Dependent actions: * - s3:CreateAccessPoint * - s3:GetAccessPoint * - s3:PutAccessPointPolicy * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateAndAttachS3AccessPoint.html */ toCreateAndAttachS3AccessPoint(): this; /** * Grants permission to create a new backup of an Amazon FSx file system or an Amazon FSx volume * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - fsx:TagResource * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateBackup.html */ toCreateBackup(): this; /** * Grants permission to create a new data respository association for an Amazon FSx for Lustre file system * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - fsx:TagResource * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateDataRepositoryAssociation.html */ toCreateDataRepositoryAssociation(): this; /** * Grants permission to create a new data respository task for an Amazon FSx for Lustre file system * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - fsx:TagResource * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateDataRepositoryTask.html */ toCreateDataRepositoryTask(): this; /** * Grants permission to create a new, empty, Amazon file cache * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - ec2:DescribeSecurityGroups * - ec2:DescribeSubnets * - ec2:DescribeVpcs * - ec2:GetSecurityGroupsForVpc * - fsx:CreateDataRepositoryAssociation * - fsx:TagResource * - logs:CreateLogGroup * - logs:CreateLogStream * - logs:PutLogEvents * - s3:ListBucket * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileCache.html */ toCreateFileCache(): this; /** * Grants permission to create a new, empty, Amazon FSx file system * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - ec2:GetSecurityGroupsForVpc * - fsx:TagResource * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystem.html */ toCreateFileSystem(): this; /** * Grants permission to create a new Amazon FSx file system from an existing backup * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - ec2:GetSecurityGroupsForVpc * - fsx:TagResource * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystemFromBackup.html */ toCreateFileSystemFromBackup(): this; /** * Grants permission to create a new snapshot on a volume * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - fsx:TagResource * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateSnapshot.html */ toCreateSnapshot(): this; /** * Grants permission to create a new storage virtual machine in an Amazon FSx for Ontap file system * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - fsx:TagResource * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateStorageVirtualMachine.html */ toCreateStorageVirtualMachine(): this; /** * Grants permission to create a new volume * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifStorageVirtualMachineId() * - .ifParentVolumeId() * * Dependent actions: * - fsx:TagResource * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateVolume.html */ toCreateVolume(): this; /** * Grants permission to create a new volume from backup * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifStorageVirtualMachineId() * * Dependent actions: * - fsx:TagResource * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateVolumeFromBackup.html */ toCreateVolumeFromBackup(): this; /** * Grants permission to delete a backup, deleting its contents. After deletion, the backup no longer exists, and its data is no longer available * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteBackup.html */ toDeleteBackup(): this; /** * Grants permission to delete a data repository association * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteDataRepositoryAssociation.html */ toDeleteDataRepositoryAssociation(): this; /** * Grants permission to delete a file cache, deleting its contents * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - fsx:DeleteDataRepositoryAssociation * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteFileCache.html */ toDeleteFileCache(): this; /** * Grants permission to delete a file system, deleting its contents and any existing automatic backups of the file system * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - fsx:CreateBackup * - fsx:TagResource * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteFileSystem.html */ toDeleteFileSystem(): this; /** * Grants permission to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and GetResourcePolicy are also required * * Access Level: Permissions management * * https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/on-demand-replication.html */ toDeleteResourcePolicy(): this; /** * Grants permission to delete a snapshot on a volume * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteSnapshot.html */ toDeleteSnapshot(): this; /** * Grants permission to delete a storage virtual machine, deleting its contents * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteStorageVirtualMachine.html */ toDeleteStorageVirtualMachine(): this; /** * Grants permission to delete a volume, deleting its contents and any existing automatic backups of the volume * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifStorageVirtualMachineId() * - .ifParentVolumeId() * * Dependent actions: * - fsx:TagResource * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteVolume.html */ toDeleteVolume(): this; /** * Grants permission to describe the File Gateway instances associated with an Amazon FSx for Windows File Server file system * * Access Level: Read * * https://docs.aws.amazon.com/filegateway/latest/filefsxw/what-is-file-fsxw.html */ toDescribeAssociatedFileGateways(): this; /** * Grants permission to return the descriptions of all backups owned by your AWS account in the AWS Region of the endpoint that you're calling * * Access Level: Read * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeBackups.html */ toDescribeBackups(): this; /** * Grants permission to return the descriptions of all data repository associations owned by your AWS account in the AWS Region of the endpoint that you're calling * * Access Level: Read * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeDataRepositoryAssociations.html */ toDescribeDataRepositoryAssociations(): this; /** * Grants permission to return the descriptions of all data repository tasks owned by your AWS account in the AWS Region of the endpoint that you're calling * * Access Level: Read * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeDataRepositoryTasks.html */ toDescribeDataRepositoryTasks(): this; /** * Grants permission to return the descriptions of all file caches owned by your AWS account in the AWS Region of the endpoint that you're calling * * Access Level: Read * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileCaches.html */ toDescribeFileCaches(): this; /** * Grants permission to return the description of all DNS aliases owned by your Amazon FSx for Windows File Server file system * * Access Level: Read * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileSystemAliases.html */ toDescribeFileSystemAliases(): this; /** * Grants permission to return the descriptions of all file systems owned by your AWS account in the AWS Region of the endpoint that you're calling * * Access Level: Read * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileSystems.html */ toDescribeFileSystems(): this; /** * Grants permission to return the descriptions of S3 Access Point Attachments * * Access Level: Read * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeS3AccessPointAttachments.html */ toDescribeS3AccessPointAttachments(): this; /** * Grants permission to return the descriptions of whether FSx route table updates from participant accounts are allowed in your account * * Access Level: Read * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeSharedVpcConfiguration.html */ toDescribeSharedVpcConfiguration(): this; /** * Grants permission to return the descriptions of all snapshots owned by your AWS account in the AWS Region of the endpoint you're calling * * Access Level: Read * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeSnapshots.html */ toDescribeSnapshots(): this; /** * Grants permission to return the descriptions of all storage virtual machines owned by your AWS account in the AWS Region of the endpoint that you're calling * * Access Level: Read * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeStorageVirtualMachines.html */ toDescribeStorageVirtualMachines(): this; /** * Grants permission to return the descriptions of all volumes owned by your AWS account in the AWS Region of the endpoint that you're calling * * Access Level: Read * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeVolumes.html */ toDescribeVolumes(): this; /** * Grants permission to detach an S3 Access Point from an Amazon FSx File System and delete the S3 Access Point * * Access Level: Write * * Dependent actions: * - s3:DeleteAccessPoint * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DetachAndDeleteS3AccessPoint.html */ toDetachAndDeleteS3AccessPoint(): this; /** * Grants permission to disassociate a File Gateway instance from an Amazon FSx for Windows File Server file system * * Access Level: Write * * https://docs.aws.amazon.com/filegateway/latest/filefsxw/what-is-file-fsxw.html */ toDisassociateFileGateway(): this; /** * Grants permission to disassociate file system aliases with an Amazon FSx for Windows File Server file system * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_DisassociateFileSystemAliases.html */ toDisassociateFileSystemAliases(): this; /** * Grants permission to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and DeleteResourcePolicy are also required * * Access Level: Permissions management * * https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/on-demand-replication.html */ toGetResourcePolicy(): this; /** * Grants permission to list tags for an Amazon FSx resource * * Access Level: Read * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to manage backup principal associations through AWS Backup * * Access Level: Permissions management * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_CopyBackup.html */ toManageBackupPrincipalAssociations(): this; /** * Grants permission to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). DeleteResourcePolicy and GetResourcePolicy are also required * * Access Level: Permissions management * * https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/on-demand-replication.html */ toPutResourcePolicy(): this; /** * Grants permission to release file system NFS V3 locks * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_ReleaseFileSystemNfsV3Locks.html */ toReleaseFileSystemNfsV3Locks(): this; /** * Grants permission to restore volume state from a snapshot * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_RestoreVolumeFromSnapshot.html */ toRestoreVolumeFromSnapshot(): this; /** * Grants permission to start misconfigured state recovery * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_StartMisconfiguredStateRecovery.html */ toStartMisconfiguredStateRecovery(): this; /** * Grants permission to tag an Amazon FSx resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to remove a tag from an Amazon FSx resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update data repository association configuration * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateDataRepositoryAssociation.html */ toUpdateDataRepositoryAssociation(): this; /** * Grants permission to update file cache configuration * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileCache.html */ toUpdateFileCache(): this; /** * Grants permission to update file system configuration * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileSystem.html */ toUpdateFileSystem(): this; /** * Grants permission to enable or disable FSx route table updates from participant accounts in your account * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateSharedVpcConfiguration.html */ toUpdateSharedVpcConfiguration(): this; /** * Grants permission to update snapshot configuration * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateSnapshot.html */ toUpdateSnapshot(): this; /** * Grants permission to update storage virtual machine configuration * * Access Level: Write * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateStorageVirtualMachine.html */ toUpdateStorageVirtualMachine(): this; /** * Grants permission to update volume configuration * * Access Level: Write * * Possible conditions: * - .ifStorageVirtualMachineId() * - .ifParentVolumeId() * * https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateVolume.html */ toUpdateVolume(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type file-system to the statement * * https://docs.aws.amazon.com/fsx/latest/WindowsGuide/access-control-overview.html#access-control-resources * * @param fileSystemId - Identifier for the fileSystemId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFileSystem(fileSystemId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type file-cache to the statement * * https://docs.aws.amazon.com/fsx/latest/FileCacheGuide/security-iam.html * * @param fileCacheId - Identifier for the fileCacheId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFileCache(fileCacheId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type backup to the statement * * https://docs.aws.amazon.com/fsx/latest/WindowsGuide/access-control-overview.html#access-control-resources * * @param backupId - Identifier for the backupId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onBackup(backupId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type storage-virtual-machine to the statement * * https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/security-iam.html * * @param fileSystemId - Identifier for the fileSystemId. * @param storageVirtualMachineId - Identifier for the storageVirtualMachineId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onStorageVirtualMachine(fileSystemId: string, storageVirtualMachineId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type task to the statement * * https://docs.aws.amazon.com/fsx/latest/LustreGuide/access-control-overview.html#access-control-resources * * @param taskId - Identifier for the taskId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onTask(taskId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type association to the statement * * https://docs.aws.amazon.com/fsx/latest/LustreGuide/access-control-overview.html#access-control-resources * * @param fileSystemIdOrFileCacheId - Identifier for the fileSystemIdOrFileCacheId. * @param dataRepositoryAssociationId - Identifier for the dataRepositoryAssociationId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAssociation(fileSystemIdOrFileCacheId: string, dataRepositoryAssociationId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type volume to the statement * * https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/security-iam.html * * @param fileSystemId - Identifier for the fileSystemId. * @param volumeId - Identifier for the volumeId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onVolume(fileSystemId: string, volumeId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type snapshot to the statement * * https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/access-control-overview.html#access-control-resources * * @param volumeId - Identifier for the volumeId. * @param snapshotId - Identifier for the snapshotId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSnapshot(volumeId: string, snapshotId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the tags that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCopyBackup() * - .toCreateBackup() * - .toCreateDataRepositoryAssociation() * - .toCreateDataRepositoryTask() * - .toCreateFileCache() * - .toCreateFileSystem() * - .toCreateFileSystemFromBackup() * - .toCreateSnapshot() * - .toCreateStorageVirtualMachine() * - .toCreateVolume() * - .toCreateVolumeFromBackup() * - .toDeleteFileCache() * - .toDeleteFileSystem() * - .toDeleteVolume() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tags associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - file-system * - file-cache * - backup * - storage-virtual-machine * - task * - association * - volume * - snapshot * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag keys that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCopyBackup() * - .toCreateBackup() * - .toCreateDataRepositoryAssociation() * - .toCreateDataRepositoryTask() * - .toCreateFileCache() * - .toCreateFileSystem() * - .toCreateFileSystemFromBackup() * - .toCreateSnapshot() * - .toCreateStorageVirtualMachine() * - .toCreateVolume() * - .toCreateVolumeFromBackup() * - .toDeleteFileCache() * - .toDeleteFileSystem() * - .toDeleteVolume() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by whether the backup is a destination backup for a CopyBackup operation * * https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html#copy-backups * * @param value `true` or `false`. **Default:** `true` */ ifIsBackupCopyDestination(value?: boolean): this; /** * Filters access by whether the backup is a source backup for a CopyBackup operation * * https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html#copy-backups * * @param value `true` or `false`. **Default:** `true` */ ifIsBackupCopySource(value?: boolean): this; /** * Filters access by NFS data repositories which support authentication * * https://docs.aws.amazon.com/fsx/latest/FileCacheGuide/encryption-in-transit.html * * Applies to actions: * - .toCreateDataRepositoryAssociation() * - .toCreateFileCache() * - .toTagResource() * * @param value `true` or `false`. **Default:** `true` */ ifNfsDataRepositoryAuthenticationEnabled(value?: boolean): this; /** * Filters access by NFS data repositories which support encryption-in-transit * * https://docs.aws.amazon.com/fsx/latest/FileCacheGuide/encryption-in-transit.html * * Applies to actions: * - .toCreateDataRepositoryAssociation() * - .toCreateFileCache() * - .toTagResource() * * @param value `true` or `false`. **Default:** `true` */ ifNfsDataRepositoryEncryptionInTransitEnabled(value?: boolean): this; /** * Filters access by the containing parent volume for mutating volume operations * * https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/creating-volumes.html * * Applies to actions: * - .toCreateVolume() * - .toDeleteVolume() * - .toTagResource() * - .toUpdateVolume() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifParentVolumeId(value: string | string[], operator?: Operator | string): this; /** * Filters access by the containing storage virtual machine for a volume for mutating volume operations * * https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/creating-volumes.html * * Applies to actions: * - .toCreateVolume() * - .toCreateVolumeFromBackup() * - .toDeleteVolume() * - .toTagResource() * - .toUpdateVolume() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifStorageVirtualMachineId(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [fsx](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonfsx.html). * */ constructor(props?: iam.PolicyStatementProps); }