cdk-iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [servicecatalog](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsservicecatalog.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Servicecatalog extends PolicyStatement { servicePrefix: string; /** * Grants permission to accept a portfolio that has been shared with you * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_AcceptPortfolioShare.html */ toAcceptPortfolioShare(): this; /** * Grants permission to associate an attribute group with an application * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_AssociateAttributeGroup.html */ toAssociateAttributeGroup(): this; /** * Grants permission to associate a budget with a resource * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_AssociateBudgetWithResource.html */ toAssociateBudgetWithResource(): this; /** * Grants permission to associate an IAM principal with a portfolio, giving the specified principal access to any products associated with the specified portfolio * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_AssociatePrincipalWithPortfolio.html */ toAssociatePrincipalWithPortfolio(): this; /** * Grants permission to associate a product with a portfolio * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_AssociateProductWithPortfolio.html */ toAssociateProductWithPortfolio(): this; /** * Grants permission to associate a resource with an application * * Access Level: Write * * Possible conditions: * - .ifResourceType() * - .ifResource() * * Dependent actions: * - cloudformation:DescribeStacks * - resource-groups:CreateGroup * - resource-groups:GetGroup * - resource-groups:Tag * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_AssociateResource.html */ toAssociateResource(): this; /** * Grants permission to associate an action with a provisioning artifact * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_AssociateServiceActionWithProvisioningArtifact.html */ toAssociateServiceActionWithProvisioningArtifact(): this; /** * Grants permission to associate the specified TagOption with the specified portfolio or product * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_AssociateTagOptionWithResource.html */ toAssociateTagOptionWithResource(): this; /** * Grants permission to associate multiple self-service actions with provisioning artifacts * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_BatchAssociateServiceActionWithProvisioningArtifact.html */ toBatchAssociateServiceActionWithProvisioningArtifact(): this; /** * Grants permission to disassociate a batch of self-service actions from the specified provisioning artifact * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_BatchDisassociateServiceActionFromProvisioningArtifact.html */ toBatchDisassociateServiceActionFromProvisioningArtifact(): this; /** * Grants permission to copy the specified source product to the specified target product or a new product * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_CopyProduct.html */ toCopyProduct(): this; /** * Grants permission to create an application * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:CreateServiceLinkedRole * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_CreateApplication.html */ toCreateApplication(): this; /** * Grants permission to create an attribute group * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_CreateAttributeGroup.html */ toCreateAttributeGroup(): this; /** * Grants permission to create a constraint on an associated product and portfolio * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_CreateConstraint.html */ toCreateConstraint(): this; /** * Grants permission to create a portfolio * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_CreatePortfolio.html */ toCreatePortfolio(): this; /** * Grants permission to share a portfolio you own with another AWS account * * Access Level: Permissions management * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_CreatePortfolioShare.html */ toCreatePortfolioShare(): this; /** * Grants permission to create a product and that product's first provisioning artifact * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_CreateProduct.html */ toCreateProduct(): this; /** * Grants permission to add a new provisioned product plan * * Access Level: Write * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_CreateProvisionedProductPlan.html */ toCreateProvisionedProductPlan(): this; /** * Grants permission to add a new provisioning artifact to an existing product * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_CreateProvisioningArtifact.html */ toCreateProvisioningArtifact(): this; /** * Grants permission to create a self-service action * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_CreateServiceAction.html */ toCreateServiceAction(): this; /** * Grants permission to create a TagOption * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_CreateTagOption.html */ toCreateTagOption(): this; /** * Grants permission to delete an application if all associations have been removed from the application * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_DeleteApplication.html */ toDeleteApplication(): this; /** * Grants permission to delete an attribute group if all associations have been removed from the attribute group * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_DeleteAttributeGroup.html */ toDeleteAttributeGroup(): this; /** * Grants permission to remove and delete an existing constraint from an associated product and portfolio * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DeleteConstraint.html */ toDeleteConstraint(): this; /** * Grants permission to delete a portfolio if all associations and shares have been removed from the portfolio * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DeletePortfolio.html */ toDeletePortfolio(): this; /** * Grants permission to unshare a portfolio you own from an AWS account you previously shared the portfolio with * * Access Level: Permissions management * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DeletePortfolioShare.html */ toDeletePortfolioShare(): this; /** * Grants permission to delete a product if all associations have been removed from the product * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DeleteProduct.html */ toDeleteProduct(): this; /** * Grants permission to delete a provisioned product plan * * Access Level: Write * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DeleteProvisionedProductPlan.html */ toDeleteProvisionedProductPlan(): this; /** * Grants permission to delete a provisioning artifact from a product * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DeleteProvisioningArtifact.html */ toDeleteProvisioningArtifact(): this; /** * Grants permission to delete a resource-based policy for the specified resource * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/arguide/sharing-definitions.html */ toDeleteResourcePolicy(): this; /** * Grants permission to delete a self-service action * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DeleteServiceAction.html */ toDeleteServiceAction(): this; /** * Grants permission to delete the specified TagOption * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DeleteTagOption.html */ toDeleteTagOption(): this; /** * Grants permission to describe a constraint * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeConstraint.html */ toDescribeConstraint(): this; /** * Grants permission to get the status of the specified copy product operation * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeCopyProductStatus.html */ toDescribeCopyProductStatus(): this; /** * Grants permission to describe a portfolio * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribePortfolio.html */ toDescribePortfolio(): this; /** * Grants permission to get the status of the specified portfolio share operation * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribePortfolioShareStatus.html */ toDescribePortfolioShareStatus(): this; /** * Grants permission to view a summary of each of the portfolio shares that were created for the specified portfolio * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribePortfolioShares.html */ toDescribePortfolioShares(): this; /** * Grants permission to describe a product as an end-user * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeProduct.html */ toDescribeProduct(): this; /** * Grants permission to describe a product as an admin * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeProductAsAdmin.html */ toDescribeProductAsAdmin(): this; /** * Grants permission to describe a product as an end-user * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeProductView.html */ toDescribeProductView(): this; /** * Grants permission to describe a provisioned product * * Access Level: Read * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeProvisionedProduct.html */ toDescribeProvisionedProduct(): this; /** * Grants permission to describe a provisioned product plan * * Access Level: Read * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeProvisionedProductPlan.html */ toDescribeProvisionedProductPlan(): this; /** * Grants permission to describe a provisioning artifact * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeProvisioningArtifact.html */ toDescribeProvisioningArtifact(): this; /** * Grants permission to describe the parameters that you need to specify to successfully provision a specified provisioning artifact * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeProvisioningParameters.html */ toDescribeProvisioningParameters(): this; /** * Grants permission to describe a record and lists any outputs * * Access Level: Read * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeRecord.html */ toDescribeRecord(): this; /** * Grants permission to describe a self-service action * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeServiceAction.html */ toDescribeServiceAction(): this; /** * Grants permission to get the default parameters if you executed the specified Service Action on the specified Provisioned Product * * Access Level: Read * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeServiceActionExecutionParameters.html */ toDescribeServiceActionExecutionParameters(): this; /** * Grants permission to get information about the specified TagOption * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeTagOption.html */ toDescribeTagOption(): this; /** * Grants permission to disable portfolio sharing through AWS Organizations feature * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DisableAWSOrganizationsAccess.html */ toDisableAWSOrganizationsAccess(): this; /** * Grants permission to disassociate an attribute group from an application * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_DisassociateAttributeGroup.html */ toDisassociateAttributeGroup(): this; /** * Grants permission to disassociate a budget from a resource * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DisassociateBudgetFromResource.html */ toDisassociateBudgetFromResource(): this; /** * Grants permission to disassociate an IAM principal from a portfolio * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DisassociatePrincipalFromPortfolio.html */ toDisassociatePrincipalFromPortfolio(): this; /** * Grants permission to disassociate a product from a portfolio * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DisassociateProductFromPortfolio.html */ toDisassociateProductFromPortfolio(): this; /** * Grants permission to disassociate a resource from an application * * Access Level: Write * * Possible conditions: * - .ifResourceType() * - .ifResource() * * Dependent actions: * - resource-groups:DeleteGroup * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_DisassociateResource.html */ toDisassociateResource(): this; /** * Grants permission to disassociate the specified self-service action association from the specified provisioning artifact * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DisassociateServiceActionFromProvisioningArtifact.html */ toDisassociateServiceActionFromProvisioningArtifact(): this; /** * Grants permission to disassociate the specified TagOption from the specified resource * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DisassociateTagOptionFromResource.html */ toDisassociateTagOptionFromResource(): this; /** * Grants permission to enable portfolio sharing feature through AWS Organizations * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_EnableAWSOrganizationsAccess.html */ toEnableAWSOrganizationsAccess(): this; /** * Grants permission to execute a provisioned product plan * * Access Level: Write * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ExecuteProvisionedProductPlan.html */ toExecuteProvisionedProductPlan(): this; /** * Grants permission to executes a provisioned product plan * * Access Level: Write * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ExecuteProvisionedProductServiceAction.html */ toExecuteProvisionedProductServiceAction(): this; /** * Grants permission to get the access status of AWS Organization portfolio share feature * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_GetAWSOrganizationsAccessStatus.html */ toGetAWSOrganizationsAccessStatus(): this; /** * Grants permission to get an application * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_GetApplication.html */ toGetApplication(): this; /** * Grants permission to get information about a resource associated to an application * * Access Level: Read * * Possible conditions: * - .ifResourceType() * - .ifResource() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_GetAssociatedResource.html */ toGetAssociatedResource(): this; /** * Grants permission to get an attribute group * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_GetAttributeGroup.html */ toGetAttributeGroup(): this; /** * Grants permission to read AppRegistry configurations * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_GetConfiguration.html */ toGetConfiguration(): this; /** * Grants permission to get the provisioned product output with either provisioned product id or name * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_GetProvisionedProductOutputs.html */ toGetProvisionedProductOutputs(): this; /** * Grants permission to get a resource-based policy for the specified resource * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/arguide/sharing-definitions.html */ toGetResourcePolicy(): this; /** * Grants permission to import a resource into a provisioned product * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ImportAsProvisionedProduct.html */ toImportAsProvisionedProduct(): this; /** * Grants permission to list the portfolios that have been shared with you and you have accepted * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListAcceptedPortfolioShares.html */ toListAcceptedPortfolioShares(): this; /** * Grants permission to list your applications * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_ListApplications.html */ toListApplications(): this; /** * Grants permission to list the attribute groups associated with an application * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_ListAssociatedAttributeGroups.html */ toListAssociatedAttributeGroups(): this; /** * Grants permission to list the resources associated with an application * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_ListAssociatedResources.html */ toListAssociatedResources(): this; /** * Grants permission to list your attribute groups * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_ListAttributeGroups.html */ toListAttributeGroups(): this; /** * Grants permission to list the associated attribute groups for a given application * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_ListAttributeGroupsForApplication.html */ toListAttributeGroupsForApplication(): this; /** * Grants permission to list all the budgets associated to a resource * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListBudgetsForResource.html */ toListBudgetsForResource(): this; /** * Grants permission to list constraints associated with a given portfolio * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListConstraintsForPortfolio.html */ toListConstraintsForPortfolio(): this; /** * Grants permission to list the different ways to launch a given product as an end-user * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListLaunchPaths.html */ toListLaunchPaths(): this; /** * Grants permission to list the organization nodes that have access to the specified portfolio * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListOrganizationPortfolioAccess.html */ toListOrganizationPortfolioAccess(): this; /** * Grants permission to list the AWS accounts you have shared a given portfolio with * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListPortfolioAccess.html */ toListPortfolioAccess(): this; /** * Grants permission to list the portfolios in your account * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListPortfolios.html */ toListPortfolios(): this; /** * Grants permission to list the portfolios associated with a given product * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListPortfoliosForProduct.html */ toListPortfoliosForProduct(): this; /** * Grants permission to list the IAM principals associated with a given portfolio * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListPrincipalsForPortfolio.html */ toListPrincipalsForPortfolio(): this; /** * Grants permission to list the provisioned product plans * * Access Level: List * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListProvisionedProductPlans.html */ toListProvisionedProductPlans(): this; /** * Grants permission to list the provisioning artifacts associated with a given product * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListProvisioningArtifacts.html */ toListProvisioningArtifacts(): this; /** * Grants permission to list all provisioning artifacts for the specified self-service action * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListProvisioningArtifactsForServiceAction.html */ toListProvisioningArtifactsForServiceAction(): this; /** * Grants permission to list all the records in your account or all the records related to a given provisioned product * * Access Level: List * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListRecordHistory.html */ toListRecordHistory(): this; /** * Grants permission to list the resources associated with the specified TagOption * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListResourcesForTagOption.html */ toListResourcesForTagOption(): this; /** * Grants permission to list all self-service actions * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListServiceActions.html */ toListServiceActions(): this; /** * Grants permission to list all the service actions associated with the specified provisioning artifact in your account * * Access Level: List * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListServiceActionsForProvisioningArtifact.html */ toListServiceActionsForProvisioningArtifact(): this; /** * Grants permission to list account, region and status of each stack instances that are associated with a CFN_STACKSET type provisioned product * * Access Level: List * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListStackInstancesForProvisionedProduct.html */ toListStackInstancesForProvisionedProduct(): this; /** * Grants permission to list the specified TagOptions or all TagOptions * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ListTagOptions.html */ toListTagOptions(): this; /** * Grants permission to list the tags for a service catalog appregistry resource * * Access Level: Read * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to notify the result of the provisioning engine execution * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_NotifyProvisionProductEngineWorkflowResult.html */ toNotifyProvisionProductEngineWorkflowResult(): this; /** * Grants permission to notify the result of the terminate engine execution * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_NotifyTerminateProvisionedProductEngineWorkflowResult.html */ toNotifyTerminateProvisionedProductEngineWorkflowResult(): this; /** * Grants permission to notify the result of the update engine execution * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_NotifyUpdateProvisionedProductEngineWorkflowResult.html */ toNotifyUpdateProvisionedProductEngineWorkflowResult(): this; /** * Grants permission to provision a product with a specified provisioning artifact and launch parameters * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ProvisionProduct.html */ toProvisionProduct(): this; /** * Grants permission to assign AppRegistry configurations * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_PutConfiguration.html */ toPutConfiguration(): this; /** * Grants permission to add a resource-based policy for the specified resource * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/arguide/sharing-definitions.html */ toPutResourcePolicy(): this; /** * Grants permission to reject a portfolio that has been shared with you that you previously accepted * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_RejectPortfolioShare.html */ toRejectPortfolioShare(): this; /** * Grants permission to list all the provisioned products in your account * * Access Level: List * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ScanProvisionedProducts.html */ toScanProvisionedProducts(): this; /** * Grants permission to list the products available to you as an end-user * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_SearchProducts.html */ toSearchProducts(): this; /** * Grants permission to list all the products in your account or all the products associated with a given portfolio * * Access Level: List * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_SearchProductsAsAdmin.html */ toSearchProductsAsAdmin(): this; /** * Grants permission to list all the provisioned products in your account * * Access Level: List * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_SearchProvisionedProducts.html */ toSearchProvisionedProducts(): this; /** * Grants permission to sync a resource with its current state in AppRegistry * * Access Level: Write * * Dependent actions: * - cloudformation:UpdateStack * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_SyncResource.html */ toSyncResource(): this; /** * Grants permission to tag a service catalog appregistry resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_TagResource.html */ toTagResource(): this; /** * Grants permission to terminate an existing provisioned product * * Access Level: Write * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_TerminateProvisionedProduct.html */ toTerminateProvisionedProduct(): this; /** * Grants permission to remove a tag from a service catalog appregistry resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update the attributes of an existing application * * Access Level: Write * * Dependent actions: * - iam:CreateServiceLinkedRole * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_UpdateApplication.html */ toUpdateApplication(): this; /** * Grants permission to update the attributes of an existing attribute group * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_UpdateAttributeGroup.html */ toUpdateAttributeGroup(): this; /** * Grants permission to update the metadata fields of an existing constraint * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_UpdateConstraint.html */ toUpdateConstraint(): this; /** * Grants permission to update the metadata fields and/or tags of an existing portfolio * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_UpdatePortfolio.html */ toUpdatePortfolio(): this; /** * Grants permission to enable or disable resource sharing for an existing portfolio share * * Access Level: Permissions management * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_UpdatePortfolioShare.html */ toUpdatePortfolioShare(): this; /** * Grants permission to update the metadata fields and/or tags of an existing product * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_UpdateProduct.html */ toUpdateProduct(): this; /** * Grants permission to update an existing provisioned product * * Access Level: Write * * Possible conditions: * - .ifAccountLevel() * - .ifRoleLevel() * - .ifUserLevel() * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_UpdateProvisionedProduct.html */ toUpdateProvisionedProduct(): this; /** * Grants permission to update the properties of an existing provisioned product * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_UpdateProvisionedProductProperties.html */ toUpdateProvisionedProductProperties(): this; /** * Grants permission to update the metadata fields of an existing provisioning artifact * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_UpdateProvisioningArtifact.html */ toUpdateProvisioningArtifact(): this; /** * Grants permission to update a self-service action * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_UpdateServiceAction.html */ toUpdateServiceAction(): this; /** * Grants permission to update the specified TagOption * * Access Level: Write * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_UpdateTagOption.html */ toUpdateTagOption(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type Application to the statement * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_CreateApplication.html * * @param applicationId - Identifier for the applicationId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onApplication(applicationId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type AttributeGroup to the statement * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_app-registry_CreateAttributeGroup.html * * @param attributeGroupId - Identifier for the attributeGroupId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAttributeGroup(attributeGroupId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type Portfolio to the statement * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_PortfolioDetail.html * * @param portfolioId - Identifier for the portfolioId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onPortfolio(portfolioId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type Product to the statement * * https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ProductViewDetail.html * * @param productId - Identifier for the productId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onProduct(productId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the presence of tag key-value pairs in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateApplication() * - .toCreateAttributeGroup() * - .toCreatePortfolio() * - .toCreateProduct() * - .toTagResource() * - .toUpdatePortfolio() * - .toUpdateProduct() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by tag key-value pairs attached to the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - Application * - AttributeGroup * - Portfolio * - Product * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the presence of tag keys in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateApplication() * - .toCreateAttributeGroup() * - .toCreatePortfolio() * - .toCreateProduct() * - .toTagResource() * - .toUntagResource() * - .toUpdatePortfolio() * - .toUpdateProduct() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by controlling what value can be specified as the Resource parameter in an AppRegistry associate resource API * * https://docs.aws.amazon.com/servicecatalog/latest/adminguide/permissions-examples.html * * Applies to actions: * - .toAssociateResource() * - .toDisassociateResource() * - .toGetAssociatedResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifResource(value: string | string[], operator?: Operator | string): this; /** * Filters access by controlling what value can be specified as the ResourceType parameter in an AppRegistry associate resource API * * https://docs.aws.amazon.com/servicecatalog/latest/adminguide/permissions-examples.html * * Applies to actions: * - .toAssociateResource() * - .toDisassociateResource() * - .toGetAssociatedResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifResourceType(value: string | string[], operator?: Operator | string): this; /** * Filters access by user to see and perform actions on resources created by anyone in the account * * https://docs.aws.amazon.com/servicecatalog/latest/adminguide/permissions-examples.html * * Applies to actions: * - .toCreateProvisionedProductPlan() * - .toDeleteProvisionedProductPlan() * - .toDescribeProvisionedProduct() * - .toDescribeProvisionedProductPlan() * - .toDescribeRecord() * - .toDescribeServiceActionExecutionParameters() * - .toExecuteProvisionedProductPlan() * - .toExecuteProvisionedProductServiceAction() * - .toListProvisionedProductPlans() * - .toListRecordHistory() * - .toListServiceActionsForProvisioningArtifact() * - .toListStackInstancesForProvisionedProduct() * - .toScanProvisionedProducts() * - .toSearchProvisionedProducts() * - .toTerminateProvisionedProduct() * - .toUpdateProvisionedProduct() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAccountLevel(value: string | string[], operator?: Operator | string): this; /** * Filters access by user to see and perform actions on resources created either by them or by anyone federating into the same role as them * * https://docs.aws.amazon.com/servicecatalog/latest/adminguide/permissions-examples.html * * Applies to actions: * - .toCreateProvisionedProductPlan() * - .toDeleteProvisionedProductPlan() * - .toDescribeProvisionedProduct() * - .toDescribeProvisionedProductPlan() * - .toDescribeRecord() * - .toDescribeServiceActionExecutionParameters() * - .toExecuteProvisionedProductPlan() * - .toExecuteProvisionedProductServiceAction() * - .toListProvisionedProductPlans() * - .toListRecordHistory() * - .toListServiceActionsForProvisioningArtifact() * - .toListStackInstancesForProvisionedProduct() * - .toScanProvisionedProducts() * - .toSearchProvisionedProducts() * - .toTerminateProvisionedProduct() * - .toUpdateProvisionedProduct() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifRoleLevel(value: string | string[], operator?: Operator | string): this; /** * Filters access by user to see and perform actions on only resources that they created * * https://docs.aws.amazon.com/servicecatalog/latest/adminguide/permissions-examples.html * * Applies to actions: * - .toCreateProvisionedProductPlan() * - .toDeleteProvisionedProductPlan() * - .toDescribeProvisionedProduct() * - .toDescribeProvisionedProductPlan() * - .toDescribeRecord() * - .toDescribeServiceActionExecutionParameters() * - .toExecuteProvisionedProductPlan() * - .toExecuteProvisionedProductServiceAction() * - .toListProvisionedProductPlans() * - .toListRecordHistory() * - .toListServiceActionsForProvisioningArtifact() * - .toListStackInstancesForProvisionedProduct() * - .toScanProvisionedProducts() * - .toSearchProvisionedProducts() * - .toTerminateProvisionedProduct() * - .toUpdateProvisionedProduct() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifUserLevel(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [servicecatalog](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsservicecatalog.html). * */ constructor(props?: iam.PolicyStatementProps); }