cdk-iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [greengrass](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiotgreengrass.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Greengrass extends PolicyStatement { servicePrefix: string; /** * Grants permission to associate a role with a group. The role's permissions must allow Greengrass core Lambda functions and connectors to perform actions in other AWS services * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/associateroletogroup-put.html */ toAssociateRoleToGroup(): this; /** * Grants permission to associate a role with your account. AWS IoT Greengrass uses this role to access your Lambda functions and AWS IoT resources * * Access Level: Permissions management * * https://docs.aws.amazon.com/greengrass/v1/apireference/associateserviceroletoaccount-put.html */ toAssociateServiceRoleToAccount(): this; /** * Grants permission to create a connector definition * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/greengrass/v1/apireference/createconnectordefinition-post.html */ toCreateConnectorDefinition(): this; /** * Grants permission to create a version of an existing connector definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/createconnectordefinitionversion-post.html */ toCreateConnectorDefinitionVersion(): this; /** * Grants permission to create a core definition * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/greengrass/v1/apireference/createcoredefinition-post.html */ toCreateCoreDefinition(): this; /** * Grants permission to create a version of an existing core definition. Greengrass groups must each contain exactly one Greengrass core * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/createcoredefinitionversion-post.html */ toCreateCoreDefinitionVersion(): this; /** * Grants permission to create a deployment * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/createdeployment-post.html */ toCreateDeployment(): this; /** * Grants permission to create a device definition * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/greengrass/v1/apireference/createdevicedefinition-post.html */ toCreateDeviceDefinition(): this; /** * Grants permission to create a version of an existing device definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/createdevicedefinitionversion-post.html */ toCreateDeviceDefinitionVersion(): this; /** * Grants permission to create a Lambda function definition to be used in a group that contains a list of Lambda functions and their configurations * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/greengrass/v1/apireference/createfunctiondefinition-post.html */ toCreateFunctionDefinition(): this; /** * Grants permission to create a version of an existing Lambda function definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/createfunctiondefinitionversion-post.html */ toCreateFunctionDefinitionVersion(): this; /** * Grants permission to create a group * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/greengrass/v1/apireference/creategroup-post.html */ toCreateGroup(): this; /** * Grants permission to create a CA for the group, or rotate the existing CA * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/creategroupcertificateauthority-post.html */ toCreateGroupCertificateAuthority(): this; /** * Grants permission to create a version of a group that has already been defined * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/creategroupversion-post.html */ toCreateGroupVersion(): this; /** * Grants permission to create a logger definition * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/greengrass/v1/apireference/createloggerdefinition-post.html */ toCreateLoggerDefinition(): this; /** * Grants permission to create a version of an existing logger definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/createloggerdefinitionversion-post.html */ toCreateLoggerDefinitionVersion(): this; /** * Grants permission to create a resource definition that contains a list of resources to be used in a group * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/greengrass/v1/apireference/createresourcedefinition-post.html */ toCreateResourceDefinition(): this; /** * Grants permission to create a version of an existing resource definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/createresourcedefinitionversion-post.html */ toCreateResourceDefinitionVersion(): this; /** * Grants permission to create an AWS IoT job that will trigger your Greengrass cores to update the software they are running * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/createsoftwareupdatejob-post.html */ toCreateSoftwareUpdateJob(): this; /** * Grants permission to create a subscription definition * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/greengrass/v1/apireference/createsubscriptiondefinition-post.html */ toCreateSubscriptionDefinition(): this; /** * Grants permission to create a version of an existing subscription definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/createsubscriptiondefinitionversion-post.html */ toCreateSubscriptionDefinitionVersion(): this; /** * Grants permission to delete a connector definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/deleteconnectordefinition-delete.html */ toDeleteConnectorDefinition(): this; /** * Grants permission to delete a core definition. Deleting a definition that is currently in use in a deployment affects future deployments * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/deletecoredefinition-delete.html */ toDeleteCoreDefinition(): this; /** * Grants permission to delete a device definition. Deleting a definition that is currently in use in a deployment affects future deployments * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/deletedevicedefinition-delete.html */ toDeleteDeviceDefinition(): this; /** * Grants permission to delete a Lambda function definition. Deleting a definition that is currently in use in a deployment affects future deployments * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/deletefunctiondefinition-delete.html */ toDeleteFunctionDefinition(): this; /** * Grants permission to delete a group that is not currently in use in a deployment * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/deletegroup-delete.html */ toDeleteGroup(): this; /** * Grants permission to delete a logger definition. Deleting a definition that is currently in use in a deployment affects future deployments * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/deleteloggerdefinition-delete.html */ toDeleteLoggerDefinition(): this; /** * Grants permission to delete a resource definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/deleteresourcedefinition-delete.html */ toDeleteResourceDefinition(): this; /** * Grants permission to delete a subscription definition. Deleting a definition that is currently in use in a deployment affects future deployments * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/deletesubscriptiondefinition-delete.html */ toDeleteSubscriptionDefinition(): this; /** * Grants permission to disassociate the role from a group * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/disassociaterolefromgroup-delete.html */ toDisassociateRoleFromGroup(): this; /** * Grants permission to disassociate the service role from an account. Without a service role, deployments will not work * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/disassociateservicerolefromaccount-delete.html */ toDisassociateServiceRoleFromAccount(): this; /** * Grants permission to retrieve information required to connect to a Greengrass core * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/latest/developerguide/gg-discover-api.html */ toDiscover(): this; /** * Grants permission to retrieve the role associated with a group * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getassociatedrole-get.html */ toGetAssociatedRole(): this; /** * Grants permission to return the status of a bulk deployment * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getbulkdeploymentstatus-get.html */ toGetBulkDeploymentStatus(): this; /** * Grants permission to retrieve the connectivity information for a core * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getconnectivityinfo-get.html */ toGetConnectivityInfo(): this; /** * Grants permission to retrieve information about a connector definition * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getconnectordefinition-get.html */ toGetConnectorDefinition(): this; /** * Grants permission to retrieve information about a connector definition version * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getconnectordefinitionversion-get.html */ toGetConnectorDefinitionVersion(): this; /** * Grants permission to retrieve information about a core definition * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getcoredefinition-get.html */ toGetCoreDefinition(): this; /** * Grants permission to retrieve information about a core definition version * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getcoredefinitionversion-get.html */ toGetCoreDefinitionVersion(): this; /** * Grants permission to return the status of a deployment * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getdeploymentstatus-get.html */ toGetDeploymentStatus(): this; /** * Grants permission to retrieve information about a device definition * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getdevicedefinition-get.html */ toGetDeviceDefinition(): this; /** * Grants permission to retrieve information about a device definition version * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getdevicedefinitionversion-get.html */ toGetDeviceDefinitionVersion(): this; /** * Grants permission to retrieve information about a Lambda function definition, such as its creation time and latest version * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getfunctiondefinition-get.html */ toGetFunctionDefinition(): this; /** * Grants permission to retrieve information about a Lambda function definition version, such as which Lambda functions are included in the version and their configurations * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getfunctiondefinitionversion-get.html */ toGetFunctionDefinitionVersion(): this; /** * Grants permission to retrieve information about a group * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getgroup-get.html */ toGetGroup(): this; /** * Grants permission to return the public key of the CA associated with a group * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getgroupcertificateauthority-get.html */ toGetGroupCertificateAuthority(): this; /** * Grants permission to retrieve the current configuration for the CA used by a group * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getgroupcertificateconfiguration-get.html */ toGetGroupCertificateConfiguration(): this; /** * Grants permission to retrieve information about a group version * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getgroupversion-get.html */ toGetGroupVersion(): this; /** * Grants permission to retrieve information about a logger definition * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getloggerdefinition-get.html */ toGetLoggerDefinition(): this; /** * Grants permission to retrieve information about a logger definition version * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getloggerdefinitionversion-get.html */ toGetLoggerDefinitionVersion(): this; /** * Grants permission to retrieve information about a resource definition, such as its creation time and latest version * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getresourcedefinition-get.html */ toGetResourceDefinition(): this; /** * Grants permission to retrieve information about a resource definition version, such as which resources are included in the version * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getresourcedefinitionversion-get.html */ toGetResourceDefinitionVersion(): this; /** * Grants permission to retrieve the service role that is attached to an account * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getserviceroleforaccount-get.html */ toGetServiceRoleForAccount(): this; /** * Grants permission to retrieve information about a subscription definition * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getsubscriptiondefinition-get.html */ toGetSubscriptionDefinition(): this; /** * Grants permission to retrieve information about a subscription definition version * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getsubscriptiondefinitionversion-get.html */ toGetSubscriptionDefinitionVersion(): this; /** * Grants permission to retrieve runtime configuration of a thing * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/getthingruntimeconfiguration-get.html */ toGetThingRuntimeConfiguration(): this; /** * Grants permission to retrieve a paginated list of the deployments that have been started in a bulk deployment operation and their current deployment status * * Access Level: Read * * https://docs.aws.amazon.com/greengrass/v1/apireference/listbulkdeploymentdetailedreports-get.html */ toListBulkDeploymentDetailedReports(): this; /** * Grants permission to retrieve a list of bulk deployments * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listbulkdeployments-get.html */ toListBulkDeployments(): this; /** * Grants permission to list the versions of a connector definition * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listconnectordefinitionversions-get.html */ toListConnectorDefinitionVersions(): this; /** * Grants permission to retrieve a list of connector definitions * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listconnectordefinitions-get.html */ toListConnectorDefinitions(): this; /** * Grants permission to list the versions of a core definition * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listcoredefinitionversions-get.html */ toListCoreDefinitionVersions(): this; /** * Grants permission to retrieve a list of core definitions * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listcoredefinitions-get.html */ toListCoreDefinitions(): this; /** * Grants permission to retrieve a list of all deployments for a group * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listdeployments-get.html */ toListDeployments(): this; /** * Grants permission to list the versions of a device definition * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listdevicedefinitionversions-get.html */ toListDeviceDefinitionVersions(): this; /** * Grants permission to retrieve a list of device definitions * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listdevicedefinitions-get.html */ toListDeviceDefinitions(): this; /** * Grants permission to list the versions of a Lambda function definition * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listfunctiondefinitionversions-get.html */ toListFunctionDefinitionVersions(): this; /** * Grants permission to retrieve a list of Lambda function definitions * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listfunctiondefinitions-get.html */ toListFunctionDefinitions(): this; /** * Grants permission to retrieve a list of current CAs for a group * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listgroupcertificateauthorities-get.html */ toListGroupCertificateAuthorities(): this; /** * Grants permission to list the versions of a group * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listgroupversions-get.html */ toListGroupVersions(): this; /** * Grants permission to retrieve a list of groups * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listgroups-get.html */ toListGroups(): this; /** * Grants permission to list the versions of a logger definition * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listloggerdefinitionversions-get.html */ toListLoggerDefinitionVersions(): this; /** * Grants permission to retrieve a list of logger definitions * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listloggerdefinitions-get.html */ toListLoggerDefinitions(): this; /** * Grants permission to list the versions of a resource definition * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listresourcedefinitionversions-get.html */ toListResourceDefinitionVersions(): this; /** * Grants permission to retrieve a list of resource definitions * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listresourcedefinitions-get.html */ toListResourceDefinitions(): this; /** * Grants permission to list the versions of a subscription definition * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listsubscriptiondefinitionversions-get.html */ toListSubscriptionDefinitionVersions(): this; /** * Grants permission to retrieve a list of subscription definitions * * Access Level: List * * https://docs.aws.amazon.com/greengrass/v1/apireference/listsubscriptiondefinitions-get.html */ toListSubscriptionDefinitions(): this; /** * Grants permission to list the tags for a resource * * Access Level: Read * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/greengrass/v1/apireference/listtagsforresource-get.html */ toListTagsForResource(): this; /** * Grants permission to reset a group's deployments * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/resetdeployments-post.html */ toResetDeployments(): this; /** * Grants permission to deploy multiple groups in one operation * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/greengrass/v1/apireference/startbulkdeployment-post.html */ toStartBulkDeployment(): this; /** * Grants permission to stop the execution of a bulk deployment * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/stopbulkdeployment-put.html */ toStopBulkDeployment(): this; /** * Grants permission to add tags to a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/greengrass/v1/apireference/tagresource-post.html */ toTagResource(): this; /** * Grants permission to remove tags from a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/greengrass/v1/apireference/untagresource-delete.html */ toUntagResource(): this; /** * Grants permission to update the connectivity information for a Greengrass core. Any devices that belong to the group that has this core will receive this information in order to find the location of the core and connect to it * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/updateconnectivityinfo-put.html */ toUpdateConnectivityInfo(): this; /** * Grants permission to update a connector definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/updateconnectordefinition-put.html */ toUpdateConnectorDefinition(): this; /** * Grants permission to update a core definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/updatecoredefinition-put.html */ toUpdateCoreDefinition(): this; /** * Grants permission to update a device definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/updatedevicedefinition-put.html */ toUpdateDeviceDefinition(): this; /** * Grants permission to update a Lambda function definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/updatefunctiondefinition-put.html */ toUpdateFunctionDefinition(): this; /** * Grants permission to update a group * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/updategroup-put.html */ toUpdateGroup(): this; /** * Grants permission to update the certificate expiry time for a group * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/updategroupcertificateconfiguration-put.html */ toUpdateGroupCertificateConfiguration(): this; /** * Grants permission to update a logger definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/updateloggerdefinition-put.html */ toUpdateLoggerDefinition(): this; /** * Grants permission to update a resource definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/updateresourcedefinition-put.html */ toUpdateResourceDefinition(): this; /** * Grants permission to update a subscription definition * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/updatesubscriptiondefinition-put.html */ toUpdateSubscriptionDefinition(): this; /** * Grants permission to update runtime configuration of a thing * * Access Level: Write * * https://docs.aws.amazon.com/greengrass/v1/apireference/updatethingruntimeconfiguration-put.html */ toUpdateThingRuntimeConfiguration(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type connectivityInfo to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-connectivityinfo.html * * @param thingName - Identifier for the thingName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onConnectivityInfo(thingName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type certificateAuthority to the statement * * https://docs.aws.amazon.com/greengrass/latest/developerguide/gg-sec.html * * @param groupId - Identifier for the groupId. * @param certificateAuthorityId - Identifier for the certificateAuthorityId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onCertificateAuthority(groupId: string, certificateAuthorityId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type deployment to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-createdeploymentrequest.html * * @param groupId - Identifier for the groupId. * @param deploymentId - Identifier for the deploymentId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onDeployment(groupId: string, deploymentId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type bulkDeployment to the statement * * https://docs.aws.amazon.com/greengrass/latest/developerguide/bulk-deploy-cli.html * * @param bulkDeploymentId - Identifier for the bulkDeploymentId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onBulkDeployment(bulkDeploymentId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type group to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-groupinformation.html * * @param groupId - Identifier for the groupId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onGroup(groupId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type groupVersion to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-groupversion.html * * @param groupId - Identifier for the groupId. * @param versionId - Identifier for the versionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onGroupVersion(groupId: string, versionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type coreDefinition to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-core.html * * @param coreDefinitionId - Identifier for the coreDefinitionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCoreDefinition(coreDefinitionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type coreDefinitionVersion to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-coredefinitionversion.html * * @param coreDefinitionId - Identifier for the coreDefinitionId. * @param versionId - Identifier for the versionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onCoreDefinitionVersion(coreDefinitionId: string, versionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type deviceDefinition to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-device.html * * @param deviceDefinitionId - Identifier for the deviceDefinitionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDeviceDefinition(deviceDefinitionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type deviceDefinitionVersion to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-devicedefinitionversion.html * * @param deviceDefinitionId - Identifier for the deviceDefinitionId. * @param versionId - Identifier for the versionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onDeviceDefinitionVersion(deviceDefinitionId: string, versionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type functionDefinition to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-function.html * * @param functionDefinitionId - Identifier for the functionDefinitionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFunctionDefinition(functionDefinitionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type functionDefinitionVersion to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-functiondefinitionversion.html * * @param functionDefinitionId - Identifier for the functionDefinitionId. * @param versionId - Identifier for the versionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onFunctionDefinitionVersion(functionDefinitionId: string, versionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type subscriptionDefinition to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-subscription.html * * @param subscriptionDefinitionId - Identifier for the subscriptionDefinitionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSubscriptionDefinition(subscriptionDefinitionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type subscriptionDefinitionVersion to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-subscriptiondefinitionversion.html * * @param subscriptionDefinitionId - Identifier for the subscriptionDefinitionId. * @param versionId - Identifier for the versionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onSubscriptionDefinitionVersion(subscriptionDefinitionId: string, versionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type loggerDefinition to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-logger.html * * @param loggerDefinitionId - Identifier for the loggerDefinitionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onLoggerDefinition(loggerDefinitionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type loggerDefinitionVersion to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-loggerdefinitionversion.html * * @param loggerDefinitionId - Identifier for the loggerDefinitionId. * @param versionId - Identifier for the versionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onLoggerDefinitionVersion(loggerDefinitionId: string, versionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type resourceDefinition to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-resource.html * * @param resourceDefinitionId - Identifier for the resourceDefinitionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onResourceDefinition(resourceDefinitionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type resourceDefinitionVersion to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-resourcedefinitionversion.html * * @param resourceDefinitionId - Identifier for the resourceDefinitionId. * @param versionId - Identifier for the versionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onResourceDefinitionVersion(resourceDefinitionId: string, versionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type connectorDefinition to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-connector.html * * @param connectorDefinitionId - Identifier for the connectorDefinitionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onConnectorDefinition(connectorDefinitionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type connectorDefinitionVersion to the statement * * https://docs.aws.amazon.com/greengrass/v1/apireference/definitions-connectordefinitionversion.html * * @param connectorDefinitionId - Identifier for the connectorDefinitionId. * @param versionId - Identifier for the versionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onConnectorDefinitionVersion(connectorDefinitionId: string, versionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type thing to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/thing-registry.html * * @param thingName - Identifier for the thingName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onThing(thingName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type thingRuntimeConfig to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/thing-registry.html * * @param thingName - Identifier for the thingName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onThingRuntimeConfig(thingName: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the allowed set of values for each of the mandatory tags * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateConnectorDefinition() * - .toCreateCoreDefinition() * - .toCreateDeviceDefinition() * - .toCreateFunctionDefinition() * - .toCreateGroup() * - .toCreateLoggerDefinition() * - .toCreateResourceDefinition() * - .toCreateSubscriptionDefinition() * - .toListTagsForResource() * - .toStartBulkDeployment() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag value associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - bulkDeployment * - group * - coreDefinition * - deviceDefinition * - functionDefinition * - subscriptionDefinition * - loggerDefinition * - resourceDefinition * - connectorDefinition * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the presence of mandatory tags in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateConnectorDefinition() * - .toCreateCoreDefinition() * - .toCreateDeviceDefinition() * - .toCreateFunctionDefinition() * - .toCreateGroup() * - .toCreateLoggerDefinition() * - .toCreateResourceDefinition() * - .toCreateSubscriptionDefinition() * - .toListTagsForResource() * - .toStartBulkDeployment() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [greengrass](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiotgreengrass.html). * */ constructor(props?: iam.PolicyStatementProps); }