cdk-iam-floyd/lib/generated/policy-statements/route53globalresolver.d.ts

AWS IAM policy statement generator with fluent interface for AWS CDK

import { AccessLevelList } from '../../shared/access-level';
import { PolicyStatement, Operator } from '../../shared';
import { aws_iam as iam } from "aws-cdk-lib";
/**
 * Statement provider for service [route53globalresolver](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsroute53globalresolver.html).
 *
 * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
 */
export declare class Route53globalresolver extends PolicyStatement {
    servicePrefix: string;
    /**
     * Grants permission to deliver logs for a global resolver
     *
     * Access Level: Permissions management
     */
    toAllowVendedLogDeliveryForResource(): this;
    /**
     * Grants permission to associate a resource to a hosted zone
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_AssociateHostedZone
     */
    toAssociateHostedZone(): this;
    /**
     * Grants permission to create multiple firewall rules
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_BatchCreateFirewallRule
     */
    toBatchCreateFirewallRule(): this;
    /**
     * Grants permission to delete multiple firewall rules
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_BatchDeleteFirewallRule
     */
    toBatchDeleteFirewallRule(): this;
    /**
     * Grants permission to update multiple firewall rules
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_BatchUpdateFirewallRule
     */
    toBatchUpdateFirewallRule(): this;
    /**
     * Grants permission to create an access source
     *
     * Access Level: Write
     *
     * Possible conditions:
     * - .ifAwsRequestTag()
     * - .ifAwsTagKeys()
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_CreateAccessSource
     */
    toCreateAccessSource(): this;
    /**
     * Grants permission to create an access token
     *
     * Access Level: Write
     *
     * Possible conditions:
     * - .ifAwsRequestTag()
     * - .ifAwsTagKeys()
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_CreateAccessToken
     */
    toCreateAccessToken(): this;
    /**
     * Grants permission to create a dns view
     *
     * Access Level: Write
     *
     * Possible conditions:
     * - .ifAwsRequestTag()
     * - .ifAwsTagKeys()
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_CreateDNSView
     */
    toCreateDNSView(): this;
    /**
     * Grants permission to create a firewall domain list
     *
     * Access Level: Write
     *
     * Possible conditions:
     * - .ifAwsRequestTag()
     * - .ifAwsTagKeys()
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_CreateFirewallDomainList
     */
    toCreateFirewallDomainList(): this;
    /**
     * Grants permission to create a firewall rule
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_CreateFirewallRule
     */
    toCreateFirewallRule(): this;
    /**
     * Grants permission to create a global resolver
     *
     * Access Level: Write
     *
     * Possible conditions:
     * - .ifAwsRequestTag()
     * - .ifAwsTagKeys()
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_CreateGlobalResolver
     */
    toCreateGlobalResolver(): this;
    /**
     * Grants permission to delete an access source
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DeleteAccessSource
     */
    toDeleteAccessSource(): this;
    /**
     * Grants permission to delete an access token
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DeleteAccessToken
     */
    toDeleteAccessToken(): this;
    /**
     * Grants permission to delete a dns view
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DeleteDNSView
     */
    toDeleteDNSView(): this;
    /**
     * Grants permission to delete a firewall domain list
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DeleteFirewallDomainList
     */
    toDeleteFirewallDomainList(): this;
    /**
     * Grants permission to delete a firewall rule
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DeleteFirewallRule
     */
    toDeleteFirewallRule(): this;
    /**
     * Grants permission to delete a global resolver
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DeleteGlobalResolver
     */
    toDeleteGlobalResolver(): this;
    /**
     * Grants permission to disable a dns view
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DisableDNSView
     */
    toDisableDNSView(): this;
    /**
     * Grants permission to disassociate a hosted zone from a resource
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DisassociateHostedZone
     */
    toDisassociateHostedZone(): this;
    /**
     * Grants permission to enable a dns view
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_EnableDNSView
     */
    toEnableDNSView(): this;
    /**
     * Grants permission to get an access source
     *
     * Access Level: Read
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetAccessSource
     */
    toGetAccessSource(): this;
    /**
     * Grants permission to get an access token
     *
     * Access Level: Read
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetAccessToken
     */
    toGetAccessToken(): this;
    /**
     * Grants permission to get a dns view
     *
     * Access Level: Read
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetDNSView
     */
    toGetDNSView(): this;
    /**
     * Grants permission to get a firewall domain list
     *
     * Access Level: Read
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetFirewallDomainList
     */
    toGetFirewallDomainList(): this;
    /**
     * Grants permission to get a firewall rule
     *
     * Access Level: Read
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetFirewallRule
     */
    toGetFirewallRule(): this;
    /**
     * Grants permission to get a global resolver
     *
     * Access Level: Read
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetGlobalResolver
     */
    toGetGlobalResolver(): this;
    /**
     * Grants permission to get a hosted zone association
     *
     * Access Level: Read
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetHostedZoneAssociation
     */
    toGetHostedZoneAssociation(): this;
    /**
     * Grants permission to get a managed firewall domain list
     *
     * Access Level: Read
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetManagedFirewallDomainList
     */
    toGetManagedFirewallDomainList(): this;
    /**
     * Grants permission to import firewall domains from an S3 bucket
     *
     * Access Level: Write
     *
     * Dependent actions:
     * - s3:GetObject
     * - s3:ListBucket
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ImportFirewallDomains
     */
    toImportFirewallDomains(): this;
    /**
     * Grants permission to list access sources
     *
     * Access Level: List
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListAccessSources
     */
    toListAccessSources(): this;
    /**
     * Grants permission to list access tokens
     *
     * Access Level: List
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListAccessTokens
     */
    toListAccessTokens(): this;
    /**
     * Grants permission to list dns views
     *
     * Access Level: List
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListDNSViews
     */
    toListDNSViews(): this;
    /**
     * Grants permission to list firewall domain lists
     *
     * Access Level: List
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListFirewallDomainLists
     */
    toListFirewallDomainLists(): this;
    /**
     * Grants permission to list firewall domains
     *
     * Access Level: Read
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListFirewallDomains
     */
    toListFirewallDomains(): this;
    /**
     * Grants permission to list firewall rules
     *
     * Access Level: List
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListFirewallRules
     */
    toListFirewallRules(): this;
    /**
     * Grants permission to list global resolvers
     *
     * Access Level: List
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListGlobalResolvers
     */
    toListGlobalResolvers(): this;
    /**
     * Grants permission to list hosted zone associations
     *
     * Access Level: List
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListHostedZoneAssociations
     */
    toListHostedZoneAssociations(): this;
    /**
     * Grants permission to list managed firewall domain lists
     *
     * Access Level: List
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListManagedFirewallDomainLists
     */
    toListManagedFirewallDomainLists(): this;
    /**
     * Grants permission to list tags for a resource
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListTagsForResource
     */
    toListTagsForResource(): this;
    /**
     * Grants permission to tag a resource
     *
     * Access Level: Tagging
     *
     * Possible conditions:
     * - .ifAwsRequestTag()
     * - .ifAwsTagKeys()
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_TagResource
     */
    toTagResource(): this;
    /**
     * Grants permission to untag a resource
     *
     * Access Level: Tagging
     *
     * Possible conditions:
     * - .ifAwsTagKeys()
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UntagResource
     */
    toUntagResource(): this;
    /**
     * Grants permission to update an access source
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateAccessSource
     */
    toUpdateAccessSource(): this;
    /**
     * Grants permission to update an access token
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateAccessToken
     */
    toUpdateAccessToken(): this;
    /**
     * Grants permission to update a dns view
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateDNSView
     */
    toUpdateDNSView(): this;
    /**
     * Grants permission to update firewall domains
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateFirewallDomains
     */
    toUpdateFirewallDomains(): this;
    /**
     * Grants permission to update an firewall rule
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateFirewallRule
     */
    toUpdateFirewallRule(): this;
    /**
     * Grants permission to update a global resolver
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateGlobalResolver
     */
    toUpdateGlobalResolver(): this;
    /**
     * Grants permission to update a hosted zone association
     *
     * Access Level: Write
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateHostedZoneAssociation
     */
    toUpdateHostedZoneAssociation(): this;
    protected accessLevelList: AccessLevelList;
    /**
     * Adds a resource of type access-source to the statement
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_AccessSource.html
     *
     * @param id - Identifier for the id.
     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
     *
     * Possible conditions:
     * - .ifAwsResourceTag()
     */
    onAccessSource(id: string, account?: string, partition?: string): this;
    /**
     * Adds a resource of type access-token to the statement
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_AccessToken.html
     *
     * @param id - Identifier for the id.
     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
     *
     * Possible conditions:
     * - .ifAwsResourceTag()
     */
    onAccessToken(id: string, account?: string, partition?: string): this;
    /**
     * Adds a resource of type dns-view to the statement
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DNSView.html
     *
     * @param id - Identifier for the id.
     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
     *
     * Possible conditions:
     * - .ifAwsResourceTag()
     */
    onDnsView(id: string, account?: string, partition?: string): this;
    /**
     * Adds a resource of type firewall-domain-list to the statement
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_FirewallDomainList.html
     *
     * @param id - Identifier for the id.
     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
     *
     * Possible conditions:
     * - .ifAwsResourceTag()
     */
    onFirewallDomainList(id: string, account?: string, partition?: string): this;
    /**
     * Adds a resource of type global-resolver to the statement
     *
     * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GlobalResolver.html
     *
     * @param id - Identifier for the id.
     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
     *
     * Possible conditions:
     * - .ifAwsResourceTag()
     */
    onGlobalResolver(id: string, account?: string, partition?: string): this;
    /**
     * Filters access by a tag key and value pair that is allowed in the request
     *
     * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
     *
     * Applies to actions:
     * - .toCreateAccessSource()
     * - .toCreateAccessToken()
     * - .toCreateDNSView()
     * - .toCreateFirewallDomainList()
     * - .toCreateGlobalResolver()
     * - .toTagResource()
     *
     * @param tagKey The tag key to check
     * @param value The value(s) to check
     * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
     */
    ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
    /**
     * Filters access by a tag key and value pair of a resource
     *
     * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
     *
     * Applies to actions:
     * - .toAllowVendedLogDeliveryForResource()
     *
     * Applies to resource types:
     * - access-source
     * - access-token
     * - dns-view
     * - firewall-domain-list
     * - global-resolver
     *
     * @param tagKey The tag key to check
     * @param value The value(s) to check
     * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
     */
    ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
    /**
     * Filters access by a list of tag keys that are allowed in the request
     *
     * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
     *
     * Applies to actions:
     * - .toCreateAccessSource()
     * - .toCreateAccessToken()
     * - .toCreateDNSView()
     * - .toCreateFirewallDomainList()
     * - .toCreateGlobalResolver()
     * - .toTagResource()
     * - .toUntagResource()
     *
     * @param value The value(s) to check
     * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
     */
    ifAwsTagKeys(value: string | string[], operator?: Operator | string): this;
    /**
     * Statement provider for service [route53globalresolver](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsroute53globalresolver.html).
     *
     */
    constructor(props?: iam.PolicyStatementProps);
}