iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; /** * Statement provider for service [ram](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsresourceaccessmanagerram.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Ram extends PolicyStatement { servicePrefix: string; /** * Statement provider for service [ram](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsresourceaccessmanagerram.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ constructor(sid?: string); /** * Grants permission to accept the specified resource share invitation * * Access Level: Write * * Possible conditions: * - .ifShareOwnerAccountId() * - .ifResourceShareName() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_AcceptResourceShareInvitation.html */ toAcceptResourceShareInvitation(): this; /** * Grants permission to associate resource(s) and/or principal(s) to a resource share * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * - .ifResourceTag() * - .ifResourceShareName() * - .ifAllowsExternalPrincipals() * - .ifPrincipal() * - .ifRequestedResourceType() * - .ifResourceArn() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_AssociateResourceShare.html */ toAssociateResourceShare(): this; /** * Grants permission to associate a Permission with a Resource Share * * Access Level: Write * * https://docs.aws.amazon.com/ram/latest/APIReference/API_AssociateResourceSharePermission.html */ toAssociateResourceSharePermission(): this; /** * Grants permission to create a Permission that can be associated to a Resource Share * * Access Level: Write * * Possible conditions: * - .ifPermissionArn() * - .ifPermissionResourceType() * - .ifAwsResourceTag() * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - ram:TagResource * * https://docs.aws.amazon.com/ram/latest/APIReference/API_CreatePermission.html */ toCreatePermission(): this; /** * Grants permission to create a new version of a Permission that can be associated to a Resource Share * * Access Level: Write * * Possible conditions: * - .ifPermissionArn() * - .ifPermissionResourceType() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_CreatePermissionVersion.html */ toCreatePermissionVersion(): this; /** * Grants permission to create a resource share with provided resource(s) and/or principal(s) * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifRequestedResourceType() * - .ifResourceArn() * - .ifRequestedAllowsExternalPrincipals() * - .ifPrincipal() * - .ifAllowsExternalPrincipals() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_CreateResourceShare.html */ toCreateResourceShare(): this; /** * Grants permission to delete a specified Permission * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * - .ifPermissionArn() * - .ifPermissionResourceType() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_DeletePermission.html */ toDeletePermission(): this; /** * Grants permission to delete a specified version of a permission * * Access Level: Write * * Possible conditions: * - .ifPermissionArn() * - .ifPermissionResourceType() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_DeletePermissionVersion.html */ toDeletePermissionVersion(): this; /** * Grants permission to delete resource share * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * - .ifResourceTag() * - .ifResourceShareName() * - .ifAllowsExternalPrincipals() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_DeleteResourceShare.html */ toDeleteResourceShare(): this; /** * Grants permission to disassociate resource(s) and/or principal(s) from a resource share * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * - .ifResourceTag() * - .ifResourceShareName() * - .ifAllowsExternalPrincipals() * - .ifPrincipal() * - .ifRequestedResourceType() * - .ifResourceArn() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_DisassociateResourceShare.html */ toDisassociateResourceShare(): this; /** * Grants permission to disassociate a Permission from a Resource Share * * Access Level: Write * * https://docs.aws.amazon.com/ram/latest/APIReference/API_DisassociateResourceSharePermission.html */ toDisassociateResourceSharePermission(): this; /** * Grants permission to access customer's organization and create a SLR in the customer's account * * Access Level: Permissions management * * Dependent actions: * - iam:CreateServiceLinkedRole * - organizations:DescribeOrganization * - organizations:EnableAWSServiceAccess * * https://docs.aws.amazon.com/ram/latest/APIReference/API_EnableSharingWithAwsOrganization.html */ toEnableSharingWithAwsOrganization(): this; /** * Grants permission to get the contents of an AWS RAM permission * * Access Level: Read * * Possible conditions: * - .ifPermissionArn() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_GetPermission.html */ toGetPermission(): this; /** * Grants permission to get the policies for the specified resources that you own and have shared * * Access Level: Read * * https://docs.aws.amazon.com/ram/latest/APIReference/API_GetResourcePolicies.html */ toGetResourcePolicies(): this; /** * Grants permission to get a set of resource share associations from a provided list or with a specified status of the specified type * * Access Level: Read * * https://docs.aws.amazon.com/ram/latest/APIReference/API_GetResourceShareAssociations.html */ toGetResourceShareAssociations(): this; /** * Grants permission to get resource share invitations by the specified invitation arn or those for the resource share * * Access Level: Read * * https://docs.aws.amazon.com/ram/latest/APIReference/API_GetResourceShareInvitations.html */ toGetResourceShareInvitations(): this; /** * Grants permission to get a set of resource shares from a provided list or with a specified status * * Access Level: Read * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_GetResourceShares.html */ toGetResourceShares(): this; /** * Grants permission to list the resources in a resource share that is shared with you but that the invitation is still pending for * * Access Level: Read * * Possible conditions: * - .ifResourceShareName() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ListPendingInvitationResources.html */ toListPendingInvitationResources(): this; /** * Grants permission to list information about the permission and any associations * * Access Level: List * * Possible conditions: * - .ifPermissionArn() * - .ifPermissionResourceType() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ListPermissionAssociations.html */ toListPermissionAssociations(): this; /** * Grants permission to list the versions of an AWS RAM permission * * Access Level: List * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ListPermissionVersions.html */ toListPermissionVersions(): this; /** * Grants permission to list the AWS RAM permissions * * Access Level: List * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ListPermissions.html */ toListPermissions(): this; /** * Grants permission to list the principals that you have shared resources with or that have shared resources with you * * Access Level: List * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ListPrincipals.html */ toListPrincipals(): this; /** * Grants permission to retrieve the status of the asynchronous permission replacement * * Access Level: List * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ListReplacePermissionAssociationsWork.html */ toListReplacePermissionAssociationsWork(): this; /** * Grants permission to list the Permissions associated with a Resource Share * * Access Level: List * * Possible conditions: * - .ifAwsResourceTag() * - .ifResourceShareName() * - .ifAllowsExternalPrincipals() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ListResourceSharePermissions.html */ toListResourceSharePermissions(): this; /** * Grants permission to list the shareable resource types supported by AWS RAM * * Access Level: List * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ListResourceTypes.html */ toListResourceTypes(): this; /** * Grants permission to list the resources that you added to resource shares or the resources that are shared with you * * Access Level: List * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ListResources.html */ toListResources(): this; /** * Grants permission to create a separate, fully manageable customer managed permission * * Access Level: Write * * Possible conditions: * - .ifPermissionArn() * - .ifPermissionResourceType() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_PromotePermissionCreatedFromPolicy.html */ toPromotePermissionCreatedFromPolicy(): this; /** * Grants permission to promote the specified resource share * * Access Level: Write * * https://docs.aws.amazon.com/ram/latest/APIReference/API_PromoteResourceShareCreatedFromPolicy.html */ toPromoteResourceShareCreatedFromPolicy(): this; /** * Grants permission to reject the specified resource share invitation * * Access Level: Write * * Possible conditions: * - .ifShareOwnerAccountId() * - .ifResourceShareName() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_RejectResourceShareInvitation.html */ toRejectResourceShareInvitation(): this; /** * Grants permission to update all resource shares to a new permission * * Access Level: Write * * Possible conditions: * - .ifPermissionArn() * - .ifPermissionResourceType() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ReplacePermissionAssociations.html */ toReplacePermissionAssociations(): this; /** * Grants permission to specify a version number as the default version for the respective customer managed permission * * Access Level: Write * * Possible conditions: * - .ifPermissionArn() * - .ifPermissionResourceType() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_SetDefaultPermissionVersion.html */ toSetDefaultPermissionVersion(): this; /** * Grants permission to tag the specified resource share or permission * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to untag the specified resource share or permission * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update attributes of the resource share * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * - .ifResourceTag() * - .ifResourceShareName() * - .ifAllowsExternalPrincipals() * - .ifRequestedAllowsExternalPrincipals() * * https://docs.aws.amazon.com/ram/latest/APIReference/API_UpdateResourceShare.html */ toUpdateResourceShare(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type resource-share to the statement * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ResourceShare.html * * @param resourcePath - Identifier for the resourcePath. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() * - .ifAllowsExternalPrincipals() * - .ifResourceShareName() */ onResourceShare(resourcePath: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type resource-share-invitation to the statement * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ResourceShareInvitation.html * * @param resourcePath - Identifier for the resourcePath. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifShareOwnerAccountId() */ onResourceShareInvitation(resourcePath: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type permission to the statement * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ResourceSharePermissionDetail.html * * @param resourcePath - Identifier for the resourcePath. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifPermissionArn() * - .ifPermissionResourceType() */ onPermission(resourcePath: string, account?: string, partition?: string): this; /** * Adds a resource of type customer-managed-permission to the statement * * https://docs.aws.amazon.com/ram/latest/APIReference/API_ResourceSharePermissionDetail.html * * @param resourcePath - Identifier for the resourcePath. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() * - .ifPermissionArn() * - .ifPermissionResourceType() */ onCustomerManagedPermission(resourcePath: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the tags that are passed in the request when creating or tagging a resource share. If users don't pass these specific tags, or if they don't specify tags at all, the request fails * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreatePermission() * - .toCreateResourceShare() * - .toGetResourceShares() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tags associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to actions: * - .toAssociateResourceShare() * - .toCreatePermission() * - .toDeletePermission() * - .toDeleteResourceShare() * - .toDisassociateResourceShare() * - .toListResourceSharePermissions() * - .toUpdateResourceShare() * * Applies to resource types: * - resource-share * - customer-managed-permission * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag keys that are passed when creating or tagging a resource share * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreatePermission() * - .toCreateResourceShare() * - .toGetResourceShares() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by resource shares that allow or deny sharing with external principals. For example, specify true if the action can only be performed on resource shares that allow sharing with external principals. External principals are AWS accounts that are outside of its AWS organization * * https://docs.aws.amazon.com/ram/latest/userguide/iam-policies.html#iam-policies-condition * * Applies to actions: * - .toAssociateResourceShare() * - .toCreateResourceShare() * - .toDeleteResourceShare() * - .toDisassociateResourceShare() * - .toListResourceSharePermissions() * - .toUpdateResourceShare() * * Applies to resource types: * - resource-share * * @param value `true` or `false`. **Default:** `true` */ ifAllowsExternalPrincipals(value?: boolean): this; /** * Filters access by the specified Permission ARN * * https://docs.aws.amazon.com/ram/latest/userguide/iam-policies.html#iam-policies-condition * * Applies to actions: * - .toCreatePermission() * - .toCreatePermissionVersion() * - .toDeletePermission() * - .toDeletePermissionVersion() * - .toGetPermission() * - .toListPermissionAssociations() * - .toPromotePermissionCreatedFromPolicy() * - .toReplacePermissionAssociations() * - .toSetDefaultPermissionVersion() * * Applies to resource types: * - permission * - customer-managed-permission * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifPermissionArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by permissions of specified resource type * * https://docs.aws.amazon.com/ram/latest/userguide/iam-policies.html#iam-policies-condition * * Applies to actions: * - .toCreatePermission() * - .toCreatePermissionVersion() * - .toDeletePermission() * - .toDeletePermissionVersion() * - .toListPermissionAssociations() * - .toPromotePermissionCreatedFromPolicy() * - .toReplacePermissionAssociations() * - .toSetDefaultPermissionVersion() * * Applies to resource types: * - permission * - customer-managed-permission * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifPermissionResourceType(value: string | string[], operator?: Operator | string): this; /** * Filters access by format of the specified principal * * https://docs.aws.amazon.com/ram/latest/userguide/iam-policies.html#iam-policies-condition * * Applies to actions: * - .toAssociateResourceShare() * - .toCreateResourceShare() * - .toDisassociateResourceShare() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifPrincipal(value: string | string[], operator?: Operator | string): this; /** * Filters access by the specified value for 'allowExternalPrincipals'. External principals are AWS accounts that are outside of its AWS Organization * * https://docs.aws.amazon.com/ram/latest/userguide/iam-policies.html#iam-policies-condition * * Applies to actions: * - .toCreateResourceShare() * - .toUpdateResourceShare() * * @param value `true` or `false`. **Default:** `true` */ ifRequestedAllowsExternalPrincipals(value?: boolean): this; /** * Filters access by the specified resource type * * https://docs.aws.amazon.com/ram/latest/userguide/iam-policies.html#iam-policies-condition * * Applies to actions: * - .toAssociateResourceShare() * - .toCreateResourceShare() * - .toDisassociateResourceShare() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifRequestedResourceType(value: string | string[], operator?: Operator | string): this; /** * Filters access by the specified ARN * * https://docs.aws.amazon.com/ram/latest/userguide/iam-policies.html#iam-policies-condition * * Applies to actions: * - .toAssociateResourceShare() * - .toCreateResourceShare() * - .toDisassociateResourceShare() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifResourceArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by a resource share with the specified name * * https://docs.aws.amazon.com/ram/latest/userguide/iam-policies.html#iam-policies-condition * * Applies to actions: * - .toAcceptResourceShareInvitation() * - .toAssociateResourceShare() * - .toDeleteResourceShare() * - .toDisassociateResourceShare() * - .toListPendingInvitationResources() * - .toListResourceSharePermissions() * - .toRejectResourceShareInvitation() * - .toUpdateResourceShare() * * Applies to resource types: * - resource-share * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifResourceShareName(value: string | string[], operator?: Operator | string): this; /** * Filters access by the tags associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to actions: * - .toAssociateResourceShare() * - .toDeleteResourceShare() * - .toDisassociateResourceShare() * - .toUpdateResourceShare() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by resource shares owned by a specific account. For example, you can use this condition key to specify which resource share invitations can be accepted or rejected based on the resource share owner's account ID * * https://docs.aws.amazon.com/ram/latest/userguide/iam-policies.html#iam-policies-condition * * Applies to actions: * - .toAcceptResourceShareInvitation() * - .toRejectResourceShareInvitation() * * Applies to resource types: * - resource-share-invitation * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifShareOwnerAccountId(value: string | string[], operator?: Operator | string): this; }