iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; /** * Statement provider for service [ec2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Ec2 extends PolicyStatement { servicePrefix: string; /** * Statement provider for service [ec2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ constructor(sid?: string); /** * Grants permission to accept an Elastic IP address transfer * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptAddressTransfer.html */ toAcceptAddressTransfer(): this; /** * Grants permission to accept assign billing of the available capacity of a shared Capacity Reservation to the calling account * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptCapacityReservationBillingOwnership.html */ toAcceptCapacityReservationBillingOwnership(): this; /** * Grants permission to accept a Convertible Reserved Instance exchange quote * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptReservedInstancesExchangeQuote.html */ toAcceptReservedInstancesExchangeQuote(): this; /** * Grants permission to accept a request to associate subnets with a transit gateway multicast domain * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptTransitGatewayMulticastDomainAssociations.html */ toAcceptTransitGatewayMulticastDomainAssociations(): this; /** * Grants permission to accept a transit gateway peering attachment request * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptTransitGatewayPeeringAttachment.html */ toAcceptTransitGatewayPeeringAttachment(): this; /** * Grants permission to accept a request to attach a VPC to a transit gateway * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptTransitGatewayVpcAttachment.html */ toAcceptTransitGatewayVpcAttachment(): this; /** * Grants permission to accept one or more interface VPC endpoint connections to your VPC endpoint service * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptVpcEndpointConnections.html */ toAcceptVpcEndpointConnections(): this; /** * Grants permission to accept a VPC peering connection request * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptVpcPeeringConnection.html */ toAcceptVpcPeeringConnection(): this; /** * Grants permission to advertise an IP address range that is provisioned for use in AWS through bring your own IP addresses (BYOIP) * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AdvertiseByoipCidr.html */ toAdvertiseByoipCidr(): this; /** * Grants permission to allocate an Elastic IP address (EIP) to your account * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AllocateAddress.html */ toAllocateAddress(): this; /** * Grants permission to allocate a Dedicated Host to your account * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AllocateHosts.html */ toAllocateHosts(): this; /** * Grants permission to allocate a CIDR from an Amazon VPC IP Address Manager (IPAM) pool * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AllocateIpamPoolCidr.html */ toAllocateIpamPoolCidr(): this; /** * Grants permission to apply a security group to the association between a Client VPN endpoint and a target network * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ApplySecurityGroupsToClientVpnTargetNetwork.html */ toApplySecurityGroupsToClientVpnTargetNetwork(): this; /** * Grants permission to assign one or more IPv6 addresses to a network interface * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssignIpv6Addresses.html */ toAssignIpv6Addresses(): this; /** * Grants permission to assign one or more secondary private IP addresses to a network interface * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssignPrivateIpAddresses.html */ toAssignPrivateIpAddresses(): this; /** * Grants permission to assign one or more secondary private IP addresses to a private NAT gateway * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssignPrivateNatGatewayAddress.html */ toAssignPrivateNatGatewayAddress(): this; /** * Grants permission to associate an Elastic IP address (EIP) with an instance or a network interface * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateAddress.html */ toAssociateAddress(): this; /** * Grants permission to assign billing of the unused capacity of a shared Capacity Reservation to a consumer account * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateCapacityReservationBillingOwner.html */ toAssociateCapacityReservationBillingOwner(): this; /** * Grants permission to associate a target network with a Client VPN endpoint * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateClientVpnTargetNetwork.html */ toAssociateClientVpnTargetNetwork(): this; /** * Grants permission to associate or disassociate a set of DHCP options with a VPC * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateDhcpOptions.html */ toAssociateDhcpOptions(): this; /** * Grants permission to associate an ACM certificate with an IAM role to be used in an EC2 Enclave * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateEnclaveCertificateIamRole.html */ toAssociateEnclaveCertificateIamRole(): this; /** * Grants permission to associate an IAM instance profile with a running or stopped instance * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html */ toAssociateIamInstanceProfile(): this; /** * Grants permission to associate one or more targets with an event window * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateInstanceEventWindow.html */ toAssociateInstanceEventWindow(): this; /** * Grants permission to associate an Autonomous System Number (ASN) with a BYOIP CIDR * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIpamByoasn.html */ toAssociateIpamByoasn(): this; /** * Grants permission to associate an IPAM resource discovery with an Amazon VPC IPAM * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIpamResourceDiscovery.html */ toAssociateIpamResourceDiscovery(): this; /** * Grants permission to associate an Elastic IP address and private IP address with a public Nat gateway * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateNatGatewayAddress.html */ toAssociateNatGatewayAddress(): this; /** * Grants permission to associate a route server with a VPC * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateRouteServer.html */ toAssociateRouteServer(): this; /** * Grants permission to associate a subnet or gateway with a route table * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateRouteTable.html */ toAssociateRouteTable(): this; /** * Grants permission to associate a security group with another VPC in the same Region * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateSecurityGroupVpc.html */ toAssociateSecurityGroupVpc(): this; /** * Grants permission to associate a CIDR block with a subnet * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateSubnetCidrBlock.html */ toAssociateSubnetCidrBlock(): this; /** * Grants permission to associate an attachment and list of subnets with a transit gateway multicast domain * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateTransitGatewayMulticastDomain.html */ toAssociateTransitGatewayMulticastDomain(): this; /** * Grants permission to associate a policy table with a transit gateway attachment * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateTransitGatewayPolicyTable.html */ toAssociateTransitGatewayPolicyTable(): this; /** * Grants permission to associate an attachment with a transit gateway route table * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateTransitGatewayRouteTable.html */ toAssociateTransitGatewayRouteTable(): this; /** * Grants permission to associate a branch network interface with a trunk network interface * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateTrunkInterface.html */ toAssociateTrunkInterface(): this; /** * Grants permission to associate an AWS Web Application Firewall (WAF) web access control list (ACL) with a Verified Access instance * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/verified-access/latest/ug/waf-integration.html */ toAssociateVerifiedAccessInstanceWebAcl(): this; /** * Grants permission to associate a CIDR block with a VPC * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateVpcCidrBlock.html */ toAssociateVpcCidrBlock(): this; /** * Grants permission to link an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachClassicLinkVpc.html */ toAttachClassicLinkVpc(): this; /** * Grants permission to attach an internet gateway to a VPC * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachInternetGateway.html */ toAttachInternetGateway(): this; /** * Grants permission to attach a network interface to an instance * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachNetworkInterface.html */ toAttachNetworkInterface(): this; /** * Grants permission to attach a trust provider to a Verified Access instance * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachVerifiedAccessTrustProvider.html */ toAttachVerifiedAccessTrustProvider(): this; /** * Grants permission to attach an EBS volume to a running or stopped instance and expose it to the instance with the specified device name * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachVolume.html */ toAttachVolume(): this; /** * Grants permission to attach a virtual private gateway to a VPC * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachVpnGateway.html */ toAttachVpnGateway(): this; /** * Grants permission to add an inbound authorization rule to a Client VPN endpoint * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AuthorizeClientVpnIngress.html */ toAuthorizeClientVpnIngress(): this; /** * Grants permission to add one or more outbound rules to a VPC security group. Policies using the security-group-rule resource-level permission are only enforced when the API request includes TagSpecifications * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AuthorizeSecurityGroupEgress.html */ toAuthorizeSecurityGroupEgress(): this; /** * Grants permission to add one or more inbound rules to a VPC security group. Policies using the security-group-rule resource-level permission are only enforced when the API request includes TagSpecifications * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AuthorizeSecurityGroupIngress.html */ toAuthorizeSecurityGroupIngress(): this; /** * Grants permission to bundle an instance store-backed Windows instance * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_BundleInstance.html */ toBundleInstance(): this; /** * Grants permission to cancel a bundling operation * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelBundleTask.html */ toCancelBundleTask(): this; /** * Grants permission to cancel a Capacity Reservation and release the reserved capacity * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelCapacityReservation.html */ toCancelCapacityReservation(): this; /** * Grants permission to cancel one or more Capacity Reservation Fleets * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CancelCapacityReservation * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelCapacityReservationFleets.html */ toCancelCapacityReservationFleets(): this; /** * Grants permission to cancel an active conversion task * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelConversionTask.html */ toCancelConversionTask(): this; /** * Grants permission to cancel a declarative policies report * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelDeclarativePoliciesReport.html */ toCancelDeclarativePoliciesReport(): this; /** * Grants permission to cancel an active export task * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelExportTask.html */ toCancelExportTask(): this; /** * Grants permission to remove your AWS account from the launch permissions for the specified AMI * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelImageLaunchPermission.html */ toCancelImageLaunchPermission(): this; /** * Grants permission to cancel an in-process import virtual machine or import snapshot task * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelImportTask.html */ toCancelImportTask(): this; /** * Grants permission to cancel a Reserved Instance listing on the Reserved Instance Marketplace * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelReservedInstancesListing.html */ toCancelReservedInstancesListing(): this; /** * Grants permission to cancel one or more Spot Fleet requests * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelSpotFleetRequests.html */ toCancelSpotFleetRequests(): this; /** * Grants permission to cancel one or more Spot Instance requests * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelSpotInstanceRequests.html */ toCancelSpotInstanceRequests(): this; /** * Grants permission to determine whether an owned product code is associated with an instance * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ConfirmProductInstance.html */ toConfirmProductInstance(): this; /** * Grants permission to copy a source Amazon FPGA image (AFI) to the current Region. Resource-level permissions specified for this action apply to the new AFI only. They do not apply to the source AFI * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyFpgaImage.html */ toCopyFpgaImage(): this; /** * Grants permission to copy an Amazon Machine Image (AMI) from a source Region to the current Region * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html */ toCopyImage(): this; /** * Grants permission to copy a point-in-time snapshot of an EBS volume and store it in Amazon S3. Resource-level permissions specified for this action apply to both the snapshot copy and the source snapshot * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopySnapshot.html */ toCopySnapshot(): this; /** * Grants permission to create a Capacity Reservation * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCapacityReservation.html */ toCreateCapacityReservation(): this; /** * Grants permission to create a new Capacity Reservation by splitting the available capacity of the source Capacity Reservation * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCapacityReservationBySplitting.html */ toCreateCapacityReservationBySplitting(): this; /** * Grants permission to create a Capacity Reservation Fleet * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateCapacityReservation * - ec2:CreateTags * - ec2:DescribeCapacityReservations * - ec2:DescribeInstances * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCapacityReservationFleet.html */ toCreateCapacityReservationFleet(): this; /** * Grants permission to create a carrier gateway and provides CSP connectivity to VPC customers * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCarrierGateway.html */ toCreateCarrierGateway(): this; /** * Grants permission to create a Client VPN endpoint * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateClientVpnEndpoint.html */ toCreateClientVpnEndpoint(): this; /** * Grants permission to add a network route to a Client VPN endpoint's route table * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateClientVpnRoute.html */ toCreateClientVpnRoute(): this; /** * Grants permission to create a range of customer-owned IP (CoIP) addresses * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCoipCidr.html */ toCreateCoipCidr(): this; /** * Grants permission to create a pool of customer-owned IP (CoIP) addresses * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCoipPool.html */ toCreateCoipPool(): this; /** * Grants permission to allow a service to access a customer-owned IP (CoIP) pool * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/outposts/latest/userguide/identity-access-management.html */ toCreateCoipPoolPermission(): this; /** * Grants permission to create a customer gateway, which provides information to AWS about your customer gateway device * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCustomerGateway.html */ toCreateCustomerGateway(): this; /** * Grants permission to create a default subnet in a specified Availability Zone in a default VPC * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateDefaultSubnet.html */ toCreateDefaultSubnet(): this; /** * Grants permission to create a default VPC with a default subnet in each Availability Zone * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateDefaultVpc.html */ toCreateDefaultVpc(): this; /** * Grants permission to create a set of DHCP options for a VPC * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateDhcpOptions.html */ toCreateDhcpOptions(): this; /** * Grants permission to create an egress-only internet gateway for a VPC * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateEgressOnlyInternetGateway.html */ toCreateEgressOnlyInternetGateway(): this; /** * Grants permission to launch an EC2 Fleet. Resource-level permissions for this action do not include the resources specified in a launch template. To specify resource-level permissions for resources specified in a launch template, you must include the resources in the RunInstances action statement * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet.html */ toCreateFleet(): this; /** * Grants permission to create one or more flow logs to capture IP traffic for a network interface * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * - ecs:ListClusters * - ecs:ListContainerInstances * - ecs:ListServices * - ecs:ListTaskDefinitions * - ecs:ListTasks * - iam:PassRole * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFlowLogs.html */ toCreateFlowLogs(): this; /** * Grants permission to create an Amazon FPGA Image (AFI) from a design checkpoint (DCP) * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFpgaImage.html */ toCreateFpgaImage(): this; /** * Grants permission to create an Amazon EBS-backed AMI from a stopped or running Amazon EBS-backed instance * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html */ toCreateImage(): this; /** * Grants permission to create an EC2 Instance Connect Endpoint that allows you to connect to an instance without a public IPv4 address * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInstanceConnectEndpoint.html */ toCreateInstanceConnectEndpoint(): this; /** * Grants permission to create an event window in which scheduled events for the associated Amazon EC2 instances can run * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInstanceEventWindow.html */ toCreateInstanceEventWindow(): this; /** * Grants permission to export a running or stopped instance to an Amazon S3 bucket * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInstanceExportTask.html */ toCreateInstanceExportTask(): this; /** * Grants permission to create an internet gateway for a VPC * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInternetGateway.html */ toCreateInternetGateway(): this; /** * Grants permission to create an Amazon VPC IP Address Manager (IPAM) * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * - iam:CreateServiceLinkedRole * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpam.html */ toCreateIpam(): this; /** * Grants permission to create a verification token, which proves ownership of an external resource * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpamExternalResourceVerificationToken.html */ toCreateIpamExternalResourceVerificationToken(): this; /** * Grants permission to create an IP address pool for Amazon VPC IP Address Manager (IPAM), which is a collection of contiguous IP address CIDRs * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpamPool.html */ toCreateIpamPool(): this; /** * Grants permission to create an IPAM resource discovery * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * - iam:CreateServiceLinkedRole * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpamResourceDiscovery.html */ toCreateIpamResourceDiscovery(): this; /** * Grants permission to create an Amazon VPC IP Address Manager (IPAM) scope, which is the highest-level container within IPAM * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpamScope.html */ toCreateIpamScope(): this; /** * Grants permission to create a 2048-bit RSA key pair * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html */ toCreateKeyPair(): this; /** * Grants permission to create a launch template * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * - ssm:GetParameters * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html */ toCreateLaunchTemplate(): this; /** * Grants permission to create a new version of a launch template * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ssm:GetParameters * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplateVersion.html */ toCreateLaunchTemplateVersion(): this; /** * Grants permission to create a static route for a local gateway route table * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayRoute.html */ toCreateLocalGatewayRoute(): this; /** * Grants permission to create a local gateway route table * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayRouteTable.html */ toCreateLocalGatewayRouteTable(): this; /** * Grants permission to allow a service to access a local gateway route table * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/outposts/latest/userguide/identity-access-management.html */ toCreateLocalGatewayRouteTablePermission(): this; /** * Grants permission to create a local gateway route table virtual interface group association * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation.html */ toCreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation(): this; /** * Grants permission to associate a VPC with a local gateway route table * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayRouteTableVpcAssociation.html */ toCreateLocalGatewayRouteTableVpcAssociation(): this; /** * Grants permission to create a local gateway virtual interface * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayVirtualInterface.html */ toCreateLocalGatewayVirtualInterface(): this; /** * Grants permission to create a local gateway virtual interface group * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayVirtualInterfaceGroup.html */ toCreateLocalGatewayVirtualInterfaceGroup(): this; /** * Grants permission to create a managed prefix list * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateManagedPrefixList.html */ toCreateManagedPrefixList(): this; /** * Grants permission to create a NAT gateway in a subnet * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNatGateway.html */ toCreateNatGateway(): this; /** * Grants permission to create a network ACL in a VPC * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkAcl.html */ toCreateNetworkAcl(): this; /** * Grants permission to create a numbered entry (a rule) in a network ACL * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkAclEntry.html */ toCreateNetworkAclEntry(): this; /** * Grants permission to create a Network Access Scope * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInsightsAccessScope.html */ toCreateNetworkInsightsAccessScope(): this; /** * Grants permission to create a path to analyze for reachability * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInsightsPath.html */ toCreateNetworkInsightsPath(): this; /** * Grants permission to create a network interface in a subnet * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html */ toCreateNetworkInterface(): this; /** * Grants permission to create a permission for an AWS-authorized user to perform certain operations on a network interface * * Access Level: Permissions management * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterfacePermission.html */ toCreateNetworkInterfacePermission(): this; /** * Grants permission to create a placement group * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreatePlacementGroup.html */ toCreatePlacementGroup(): this; /** * Grants permission to create a public IPv4 address pool for public IPv4 CIDRs that you own and bring to Amazon to manage with Amazon VPC IP Address Manager (IPAM) * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreatePublicIpv4Pool.html */ toCreatePublicIpv4Pool(): this; /** * Grants permission to create a root volume replacement task * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateReplaceRootVolumeTask.html */ toCreateReplaceRootVolumeTask(): this; /** * Grants permission to create a listing for Standard Reserved Instances to be sold in the Reserved Instance Marketplace * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateReservedInstancesListing.html */ toCreateReservedInstancesListing(): this; /** * Grants permission to start a task that restores an AMI from an S3 object previously created by using CreateStoreImageTask * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRestoreImageTask.html */ toCreateRestoreImageTask(): this; /** * Grants permission to create a route in a VPC route table * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRoute.html */ toCreateRoute(): this; /** * Grants permission to create a route server * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * - sns:CreateTopic * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRouteServer.html */ toCreateRouteServer(): this; /** * Grants permission to create a route server endpoint * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:AuthorizeSecurityGroupIngress * - ec2:CreateNetworkInterface * - ec2:CreateNetworkInterfacePermission * - ec2:CreateSecurityGroup * - ec2:CreateTags * - ec2:DescribeSecurityGroups * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRouteServerEndpoint.html */ toCreateRouteServerEndpoint(): this; /** * Grants permission to create a route server peer * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:AuthorizeSecurityGroupIngress * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRouteServerPeer.html */ toCreateRouteServerPeer(): this; /** * Grants permission to create a route table for a VPC * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRouteTable.html */ toCreateRouteTable(): this; /** * Grants permission to create a security group * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html */ toCreateSecurityGroup(): this; /** * Grants permission to create a snapshot of an EBS volume and store it in Amazon S3 * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSnapshot.html */ toCreateSnapshot(): this; /** * Grants permission to create crash-consistent snapshots of multiple EBS volumes and store them in Amazon S3 * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSnapshots.html */ toCreateSnapshots(): this; /** * Grants permission to create a data feed for Spot Instances to view Spot Instance usage logs * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSpotDatafeedSubscription.html */ toCreateSpotDatafeedSubscription(): this; /** * Grants permission to store an AMI as a single object in an S3 bucket * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html */ toCreateStoreImageTask(): this; /** * Grants permission to create a subnet in a VPC * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSubnet.html */ toCreateSubnet(): this; /** * Grants permission to create a subnet CIDR reservation * * Access Level: Write * * Possible conditions: * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSubnetCidrReservation.html */ toCreateSubnetCidrReservation(): this; /** * Grants permission to add or overwrite one or more tags for Amazon EC2 resources * * Access Level: Tagging * * Possible conditions: * - .ifCreateAction() * - .ifRegion() * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html */ toCreateTags(): this; /** * Grants permission to create a traffic mirror filter * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilter.html */ toCreateTrafficMirrorFilter(): this; /** * Grants permission to create a traffic mirror filter rule * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilterRule.html */ toCreateTrafficMirrorFilterRule(): this; /** * Grants permission to create a traffic mirror session * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorSession.html */ toCreateTrafficMirrorSession(): this; /** * Grants permission to create a traffic mirror target * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorTarget.html */ toCreateTrafficMirrorTarget(): this; /** * Grants permission to create a transit gateway * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGateway.html */ toCreateTransitGateway(): this; /** * Grants permission to create a Connect attachment from a specified transit gateway attachment * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGatewayConnect.html */ toCreateTransitGatewayConnect(): this; /** * Grants permission to create a Connect peer between a transit gateway and an appliance * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTags * * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGatewayConnectPeer.html */ toCreateTransitGatewayConnectPeer(): this; /** * Grants permission to create a multicast domain for a transit gateway * * Access Level: Write * * Possible conditions: * - .ifRegion() * * Dependent actions: * - ec2:CreateTa