cdk-iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [kafka](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonmanagedstreamingforapachekafka.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Kafka extends PolicyStatement { servicePrefix: string; /** * Grants permission to associate one or more Scram Secrets with an Amazon MSK cluster * * Access Level: Write * * Dependent actions: * - kms:CreateGrant * - kms:RetireGrant * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-scram-secrets.html#BatchAssociateScramSecret */ toBatchAssociateScramSecret(): this; /** * Grants permission to disassociate one or more Scram Secrets from an Amazon MSK cluster * * Access Level: Write * * Dependent actions: * - kms:RetireGrant * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-scram-secrets.html#BatchDisassociateScramSecret */ toBatchDisassociateScramSecret(): this; /** * Grants permission to create an MSK cluster * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - ec2:DescribeSecurityGroups * - ec2:DescribeSubnets * - ec2:DescribeVpcs * - iam:AttachRolePolicy * - iam:CreateServiceLinkedRole * - iam:PutRolePolicy * - kms:CreateGrant * - kms:DescribeKey * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters.html#CreateCluster */ toCreateCluster(): this; /** * Grants permission to create an MSK cluster * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - ec2:CreateTags * - ec2:CreateVpcEndpoint * - ec2:DeleteVpcEndpoints * - ec2:DescribeSecurityGroups * - ec2:DescribeSubnets * - ec2:DescribeVpcAttribute * - ec2:DescribeVpcEndpoints * - ec2:DescribeVpcs * - iam:AttachRolePolicy * - iam:CreateServiceLinkedRole * - iam:PutRolePolicy * - kms:CreateGrant * - kms:DescribeKey * * https://docs.aws.amazon.com/MSK/2.0/APIReference/v2-clusters.html#CreateClusterV2 */ toCreateClusterV2(): this; /** * Grants permission to create an MSK configuration * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/configurations.html#CreateConfiguration */ toCreateConfiguration(): this; /** * Grants permission to create a MSK replicator * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - ec2:DescribeSecurityGroups * - ec2:DescribeSubnets * - ec2:DescribeVpcs * - iam:AttachRolePolicy * - iam:CreateServiceLinkedRole * - iam:PassRole * - iam:PutRolePolicy * - kafka:DescribeClusterV2 * - kafka:GetBootstrapBrokers * * https://docs.aws.amazon.com/msk/latest/developerguide/v1-replicators.html#CreateReplicator */ toCreateReplicator(): this; /** * Grants permission to create a Kafka topic in an MSK cluster * * Access Level: Write * * Dependent actions: * - kafka-cluster:Connect * - kafka-cluster:CreateTopic * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-topics.html */ toCreateTopic(): this; /** * Grants permission to create a MSK VPC connection * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - ec2:CreateTags * - ec2:CreateVpcEndpoint * - ec2:DescribeSecurityGroups * - ec2:DescribeSubnets * - ec2:DescribeVpcAttribute * - ec2:DescribeVpcEndpoints * - ec2:DescribeVpcs * - iam:AttachRolePolicy * - iam:CreateServiceLinkedRole * - iam:PutRolePolicy * * https://docs.aws.amazon.com/msk/1.0/apireference/vpc-connection.html#CreateVpcConnection */ toCreateVpcConnection(): this; /** * Grants permission to delete an MSK cluster * * Access Level: Write * * Dependent actions: * - ec2:DeleteVpcEndpoints * - ec2:DescribeVpcAttribute * - ec2:DescribeVpcEndpoints * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn.html#DeleteCluster */ toDeleteCluster(): this; /** * Grants permission to delete a cluster resource-based policy * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-policy.html#DeleteClusterPolicy */ toDeleteClusterPolicy(): this; /** * Grants permission to delete the specified MSK configuration * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/configurations-arn.html#DeleteConfiguration */ toDeleteConfiguration(): this; /** * Grants permission to delete a MSK replicator * * Access Level: Write * * https://docs.aws.amazon.com/msk/latest/developerguide/v1-replicators.html#DeleteReplicator */ toDeleteReplicator(): this; /** * Grants permission to delete a Kafka topic from an MSK cluster * * Access Level: Write * * Dependent actions: * - kafka-cluster:Connect * - kafka-cluster:DeleteTopic * - kafka-cluster:DescribeTopic * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-topics-topicname.html */ toDeleteTopic(): this; /** * Grants permission to delete a MSK VPC connection * * Access Level: Write * * Dependent actions: * - ec2:DeleteVpcEndpoints * - ec2:DescribeVpcEndpoints * * https://docs.aws.amazon.com/msk/1.0/apireference/vpc-connection-arn.html#DeleteVpcConnection */ toDeleteVpcConnection(): this; /** * Grants permission to describe an MSK cluster * * Access Level: Read * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn.html#DescribeCluster */ toDescribeCluster(): this; /** * Grants permission to describe the cluster operation that is specified by the given ARN * * Access Level: Read * * https://docs.aws.amazon.com/msk/1.0/apireference/operations-clusteroperationarn.html#DescribeClusterOperation */ toDescribeClusterOperation(): this; /** * Grants permission to describe the cluster operation that is specified by the given ARN * * Access Level: Read * * https://docs.aws.amazon.com/MSK/2.0/APIReference/v2-operations-clusteroperationarn.html#DescribeClusterOperationV2 */ toDescribeClusterOperationV2(): this; /** * Grants permission to describe an MSK cluster * * Access Level: Read * * https://docs.aws.amazon.com/MSK/2.0/APIReference/v2-clusters-clusterarn.html#DescribeClusterV2 */ toDescribeClusterV2(): this; /** * Grants permission to describe an MSK configuration * * Access Level: Read * * https://docs.aws.amazon.com/msk/1.0/apireference/configurations-arn.html#DescribeConfiguration */ toDescribeConfiguration(): this; /** * Grants permission to describe an MSK configuration revision * * Access Level: Read * * https://docs.aws.amazon.com/msk/1.0/apireference/configurations-arn-revisions-revision.html#DescribeConfigurationRevision */ toDescribeConfigurationRevision(): this; /** * Grants permission to describe a MSK replicator * * Access Level: Read * * https://docs.aws.amazon.com/msk/latest/developerguide/v1-replicators.html#DescribeReplicator */ toDescribeReplicator(): this; /** * Grants permission to return metadata details about a specific Kafka topic * * Access Level: Read * * Dependent actions: * - kafka-cluster:Connect * - kafka-cluster:DescribeTopic * - kafka-cluster:DescribeTopicDynamicConfiguration * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-topics-topicname.html */ toDescribeTopic(): this; /** * Grants permission to list all partitions of a specific topic * * Access Level: Read * * Dependent actions: * - kafka-cluster:Connect * - kafka-cluster:DescribeTopic * - kafka-cluster:DescribeTopicDynamicConfiguration * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-topics-topicname-partitions.html */ toDescribeTopicPartitions(): this; /** * Grants permission to describe a MSK VPC connection * * Access Level: Read * * https://docs.aws.amazon.com/msk/1.0/apireference/vpc-connection-arn.html#DescribeVpcConnection */ toDescribeVpcConnection(): this; /** * Grants permission to get connection details for the brokers in an MSK cluster * * Access Level: Read * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-bootstrap-brokers.html#GetBootstrapBrokers */ toGetBootstrapBrokers(): this; /** * Grants permission to describe a cluster resource-based policy * * Access Level: Read * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-policy.html#GetClusterPolicy */ toGetClusterPolicy(): this; /** * Grants permission to get a list of the Apache Kafka versions to which you can update an MSK cluster * * Access Level: List * * https://docs.aws.amazon.com/msk/1.0/apireference/compatible-kafka-versions.html#GetCompatibleKafkaVersions */ toGetCompatibleKafkaVersions(): this; /** * Grants permission to list all MSK VPC connections created for a cluster * * Access Level: List * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-client-vpc-connections.html#ListClientVpcConnections */ toListClientVpcConnections(): this; /** * Grants permission to return a list of all the operations that have been performed on the specified MSK cluster * * Access Level: List * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-operations.html#ListClusterOperations */ toListClusterOperations(): this; /** * Grants permission to return a list of all the operations that have been performed on the specified MSK cluster * * Access Level: List * * https://docs.aws.amazon.com/MSK/2.0/APIReference/v2-clusters-clusterarn-operations.html#ListClusterOperationsV2 */ toListClusterOperationsV2(): this; /** * Grants permission to list all MSK clusters in this account * * Access Level: List * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters.html#ListClusters */ toListClusters(): this; /** * Grants permission to list all MSK clusters in this account * * Access Level: List * * https://docs.aws.amazon.com/MSK/2.0/APIReference/v2-clusters.html#ListClustersV2 */ toListClustersV2(): this; /** * Grants permission to list all revisions for an MSK configuration in this account * * Access Level: List * * https://docs.aws.amazon.com/msk/1.0/apireference/configurations-arn-revisions.html#ListConfigurationRevisions */ toListConfigurationRevisions(): this; /** * Grants permission to list all MSK configurations in this account * * Access Level: List * * https://docs.aws.amazon.com/msk/1.0/apireference/configurations.html#ListConfigurations */ toListConfigurations(): this; /** * Grants permission to list all Apache Kafka versions supported by Amazon MSK * * Access Level: List * * https://docs.aws.amazon.com/msk/1.0/apireference/kafka-versions.html#ListKafkaVersions */ toListKafkaVersions(): this; /** * Grants permission to list brokers in an MSK cluster * * Access Level: List * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-nodes.html#ListNodes */ toListNodes(): this; /** * Grants permission to list all MSK replicators in this account * * Access Level: List * * https://docs.aws.amazon.com/msk/latest/developerguide/v1-replicators.html#ListReplicators */ toListReplicators(): this; /** * Grants permission to list the Scram Secrets associated with an Amazon MSK cluster * * Access Level: List * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-scram-secrets.html#ListScramSecrets */ toListScramSecrets(): this; /** * Grants permission to list tags of an MSK resource * * Access Level: Read * * https://docs.aws.amazon.com/msk/1.0/apireference/tags-resourcearn.html#ListTagsForResource */ toListTagsForResource(): this; /** * Grants permission to list all Kafka topics for a specified MSK cluster * * Access Level: List * * Dependent actions: * - kafka-cluster:Connect * - kafka-cluster:DescribeTopic * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-topics.html */ toListTopics(): this; /** * Grants permission to list all MSK VPC connections that this account uses * * Access Level: List * * https://docs.aws.amazon.com/msk/1.0/apireference/vpc-connections.html#ListVpcConnections */ toListVpcConnections(): this; /** * Grants permission to create or update the resource-based policy for a cluster * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-policy.html#PutClusterPolicy */ toPutClusterPolicy(): this; /** * Grants permission to reboot broker * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-reboot-broker.html#RebootBroker */ toRebootBroker(): this; /** * Grants permission to reject a MSK VPC connection * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-client-vpc-connection.html#RejectClientVpcConnection */ toRejectClientVpcConnection(): this; /** * Grants permission to tag an MSK resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/msk/1.0/apireference/tags-resourcearn.html#TagResource */ toTagResource(): this; /** * Grants permission to remove tags from an MSK resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/msk/1.0/apireference/tags-resourcearn.html#UntagResource */ toUntagResource(): this; /** * Grants permission to update the number of brokers of the MSK cluster * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-nodes-count.html#UpdateBrokerCount */ toUpdateBrokerCount(): this; /** * Grants permission to update the storage size of the brokers of the MSK cluster * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-nodes-storage.html#UpdateBrokerStorage */ toUpdateBrokerStorage(): this; /** * Grants permission to update the broker type of an Amazon MSK cluster * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-nodes-type.html#UpdateBrokerType */ toUpdateBrokerType(): this; /** * Grants permission to update the configuration of the MSK cluster * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-configuration.html#UpdateClusterConfiguration */ toUpdateClusterConfiguration(): this; /** * Grants permission to update the MSK cluster to the specified Apache Kafka version * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-version.html#UpdateClusterKafkaVersion */ toUpdateClusterKafkaVersion(): this; /** * Grants permission to create a new revision of the MSK configuration * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/configurations-arn.html#UpdateConfiguration */ toUpdateConfiguration(): this; /** * Grants permission to update the connectivity settings for the MSK cluster * * Access Level: Write * * Possible conditions: * - .ifPublicAccessEnabled() * * Dependent actions: * - ec2:DescribeRouteTables * - ec2:DescribeSubnets * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-connectivity.html#UpdateConnectivity */ toUpdateConnectivity(): this; /** * Grants permission to update the monitoring settings for the MSK cluster * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-monitoring.html#UpdateMonitoring */ toUpdateMonitoring(): this; /** * Grants permission to update the intelligent rebalancing status of the MSK cluster * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-rebalancing.html */ toUpdateRebalancing(): this; /** * Grants permission to update the replication info of the MSK replicator * * Access Level: Write * * https://docs.aws.amazon.com/msk/latest/developerguide/v1-replicators.html#UpdateReplicationInfo */ toUpdateReplicationInfo(): this; /** * Grants permission to update the security settings for the MSK cluster * * Access Level: Write * * Dependent actions: * - kms:RetireGrant * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-security.html#UpdateSecurity */ toUpdateSecurity(): this; /** * Grants permission to update the EBS storage (size or provisioned throughput) associated with MSK brokers or set cluster storage mode to TIERED * * Access Level: Write * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-storage.html#UpdateStorage */ toUpdateStorage(): this; /** * Grants permission to update the configuration of a Kafka topic in an MSK cluster * * Access Level: Write * * Dependent actions: * - kafka-cluster:AlterTopic * - kafka-cluster:AlterTopicDynamicConfiguration * - kafka-cluster:Connect * - kafka-cluster:DescribeTopic * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn-topics-topicname.html */ toUpdateTopic(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type cluster to the statement * * https://docs.aws.amazon.com/msk/1.0/apireference/clusters-clusterarn.html * * @param clusterName - Identifier for the clusterName. * @param uuid - Identifier for the uuid. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCluster(clusterName: string, uuid: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type configuration to the statement * * https://docs.aws.amazon.com/msk/1.0/apireference/configurations-arn.html * * @param configurationName - Identifier for the configurationName. * @param uuid - Identifier for the uuid. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onConfiguration(configurationName: string, uuid: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type vpc-connection to the statement * * https://docs.aws.amazon.com/msk/1.0/apireference/vpc-connections-arn.html * * @param vpcOwnerAccount - Identifier for the vpcOwnerAccount. * @param clusterOwnerAccount - Identifier for the clusterOwnerAccount. * @param clusterName - Identifier for the clusterName. * @param uuid - Identifier for the uuid. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onVpcConnection(vpcOwnerAccount: string, clusterOwnerAccount: string, clusterName: string, uuid: string, region?: string, partition?: string): this; /** * Adds a resource of type replicator to the statement * * https://docs.aws.amazon.com/msk/latest/developerguide/v1-replicators.html * * @param replicatorName - Identifier for the replicatorName. * @param uuid - Identifier for the uuid. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onReplicator(replicatorName: string, uuid: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type topic to the statement * * https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html#msk-iam-resources * * @param clusterName - Identifier for the clusterName. * @param clusterUuid - Identifier for the clusterUuid. * @param topicName - Identifier for the topicName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onTopic(clusterName: string, clusterUuid: string, topicName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type group to the statement * * https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html#msk-iam-resources * * @param clusterName - Identifier for the clusterName. * @param clusterUuid - Identifier for the clusterUuid. * @param groupName - Identifier for the groupName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onGroup(clusterName: string, clusterUuid: string, groupName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type transactional-id to the statement * * https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html#msk-iam-resources * * @param clusterName - Identifier for the clusterName. * @param clusterUuid - Identifier for the clusterUuid. * @param transactionalId - Identifier for the transactionalId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onTransactionalId(clusterName: string, clusterUuid: string, transactionalId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the presence of tag key-value pairs in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateCluster() * - .toCreateClusterV2() * - .toCreateReplicator() * - .toCreateVpcConnection() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by tag key-value pairs attached to the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - cluster * - vpc-connection * - replicator * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the presence of tag keys in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateCluster() * - .toCreateClusterV2() * - .toCreateReplicator() * - .toCreateVpcConnection() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by the presence of public access enabled in the request * * https://docs.aws.amazon.com/service-authorization/latest/reference/list_apachekafkaapisforamazonmskclusters.html#apachekafkaapisforamazonmskclusters-policy-keys * * Applies to actions: * - .toUpdateConnectivity() * * @param value `true` or `false`. **Default:** `true` */ ifPublicAccessEnabled(value?: boolean): this; /** * Statement provider for service [kafka](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonmanagedstreamingforapachekafka.html). * */ constructor(props?: iam.PolicyStatementProps); }