iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; /** * Statement provider for service [networkmanager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsnetworkmanager.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Networkmanager extends PolicyStatement { servicePrefix: string; /** * Statement provider for service [networkmanager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsnetworkmanager.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ constructor(sid?: string); /** * Grants permission to accept creation of an attachment between a source and destination in a core network * * Access Level: Write * * Dependent actions: * - ec2:DescribeRegions * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_AcceptAttachment.html */ toAcceptAttachment(): this; /** * Grants permission to associate a Connect Peer * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_AssociateConnectPeer.html */ toAssociateConnectPeer(): this; /** * Grants permission to associate a customer gateway to a device * * Access Level: Write * * Possible conditions: * - .ifCgwArn() * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_AssociateCustomerGateway.html */ toAssociateCustomerGateway(): this; /** * Grants permission to associate a link to a device * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_AssociateLink.html */ toAssociateLink(): this; /** * Grants permission to associate a transit gateway connect peer to a device * * Access Level: Write * * Possible conditions: * - .ifTgwConnectPeerArn() * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_AssociateTransitGatewayConnectPeer.html */ toAssociateTransitGatewayConnectPeer(): this; /** * Grants permission to create a Connect attachment * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - ec2:DescribeRegions * - networkmanager:TagResource * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_CreateConnectAttachment.html */ toCreateConnectAttachment(): this; /** * Grants permission to create a Connect Peer connection * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - ec2:DescribeRegions * - networkmanager:TagResource * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_CreateConnectPeer.html */ toCreateConnectPeer(): this; /** * Grants permission to create a new connection * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - networkmanager:TagResource * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_CreateConnection.html */ toCreateConnection(): this; /** * Grants permission to create a new core network * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - ec2:DescribeRegions * - networkmanager:TagResource * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_CreateCoreNetwork.html */ toCreateCoreNetwork(): this; /** * Grants permission to create a new device * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - networkmanager:TagResource * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_CreateDevice.html */ toCreateDevice(): this; /** * Grants permission to create a Direct Connect gateway attachment * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifDirectConnectGatewayArn() * - .ifEdgeLocations() * * Dependent actions: * - ec2:DescribeRegions * - networkmanager:TagResource * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_CreateDirectConnectGatewayAttachment.html */ toCreateDirectConnectGatewayAttachment(): this; /** * Grants permission to create a new global network * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:CreateServiceLinkedRole * - networkmanager:TagResource * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_CreateGlobalNetwork.html */ toCreateGlobalNetwork(): this; /** * Grants permission to create a new link * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - networkmanager:TagResource * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_CreateLink.html */ toCreateLink(): this; /** * Grants permission to create a new site * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - networkmanager:TagResource * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_CreateSite.html */ toCreateSite(): this; /** * Grants permission to create a site-to-site VPN attachment * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifVpnConnectionArn() * * Dependent actions: * - ec2:DescribeRegions * - networkmanager:TagResource * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_CreateSiteToSiteVpnAttachment.html */ toCreateSiteToSiteVpnAttachment(): this; /** * Grants permission to create a Transit Gateway peering * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifTgwArn() * * Dependent actions: * - ec2:DescribeRegions * - networkmanager:TagResource * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_CreateTransitGatewayPeering.html */ toCreateTransitGatewayPeering(): this; /** * Grants permission to create a TGW RTB attachment * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifTgwRtbArn() * * Dependent actions: * - ec2:DescribeRegions * - networkmanager:TagResource * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_CreateTransitGatewayRouteTableAttachment.html */ toCreateTransitGatewayRouteTableAttachment(): this; /** * Grants permission to create a VPC attachment * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifVpcArn() * - .ifSubnetArns() * * Dependent actions: * - ec2:DescribeRegions * - networkmanager:TagResource * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_CreateVpcAttachment.html */ toCreateVpcAttachment(): this; /** * Grants permission to delete an attachment * * Access Level: Write * * Dependent actions: * - ec2:DescribeRegions * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DeleteAttachment.html */ toDeleteAttachment(): this; /** * Grants permission to delete a Connect Peer * * Access Level: Write * * Dependent actions: * - ec2:DescribeRegions * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DeleteConnectPeer.html */ toDeleteConnectPeer(): this; /** * Grants permission to delete a connection * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DeleteConnection.html */ toDeleteConnection(): this; /** * Grants permission to delete a core network * * Access Level: Write * * Dependent actions: * - ec2:DescribeRegions * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DeleteCoreNetwork.html */ toDeleteCoreNetwork(): this; /** * Grants permission to delete the core network policy version * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DeleteCoreNetworkPolicyVersion.html */ toDeleteCoreNetworkPolicyVersion(): this; /** * Grants permission to delete a device * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DeleteDevice.html */ toDeleteDevice(): this; /** * Grants permission to delete a global network * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DeleteGlobalNetwork.html */ toDeleteGlobalNetwork(): this; /** * Grants permission to delete a link * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DeleteLink.html */ toDeleteLink(): this; /** * Grants permission to delete a peering * * Access Level: Write * * Dependent actions: * - ec2:DescribeRegions * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DeletePeering.html */ toDeletePeering(): this; /** * Grants permission to delete a resource * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DeleteResourcePolicy.html */ toDeleteResourcePolicy(): this; /** * Grants permission to delete a site * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DeleteSite.html */ toDeleteSite(): this; /** * Grants permission to deregister a transit gateway from a global network * * Access Level: Write * * Possible conditions: * - .ifTgwArn() * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DeregisterTransitGateway.html */ toDeregisterTransitGateway(): this; /** * Grants permission to describe global networks * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DescribeGlobalNetworks.html */ toDescribeGlobalNetworks(): this; /** * Grants permission to disassociate a Connect Peer * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DisassociateConnectPeer.html */ toDisassociateConnectPeer(): this; /** * Grants permission to disassociate a customer gateway from a device * * Access Level: Write * * Possible conditions: * - .ifCgwArn() * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DisassociateCustomerGateway.html */ toDisassociateCustomerGateway(): this; /** * Grants permission to disassociate a link from a device * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DisassociateLink.html */ toDisassociateLink(): this; /** * Grants permission to disassociate a transit gateway connect peer from a device * * Access Level: Write * * Possible conditions: * - .ifTgwConnectPeerArn() * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_DisassociateTransitGatewayConnectPeer.html */ toDisassociateTransitGatewayConnectPeer(): this; /** * Grants permission to apply changes to the core network * * Access Level: Write * * Dependent actions: * - ec2:DescribeRegions * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_ExecuteCoreNetworkChangeSet.html */ toExecuteCoreNetworkChangeSet(): this; /** * Grants permission to retrieve a Connect attachment * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetConnectAttachment.html */ toGetConnectAttachment(): this; /** * Grants permission to retrieve a Connect Peer * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetConnectPeer.html */ toGetConnectPeer(): this; /** * Grants permission to describe Connect Peer associations * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetConnectPeerAssociations.html */ toGetConnectPeerAssociations(): this; /** * Grants permission to describe connections * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetConnections.html */ toGetConnections(): this; /** * Grants permission to retrieve a core network * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetCoreNetwork.html */ toGetCoreNetwork(): this; /** * Grants permission to retrieve a list of core network change events * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetCoreNetworkChangeEvents.html */ toGetCoreNetworkChangeEvents(): this; /** * Grants permission to retrieve a list of core network change sets * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetCoreNetworkChangeSet.html */ toGetCoreNetworkChangeSet(): this; /** * Grants permission to retrieve core network policy * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetCoreNetworkPolicy.html */ toGetCoreNetworkPolicy(): this; /** * Grants permission to describe customer gateway associations * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetCustomerGatewayAssociations.html */ toGetCustomerGatewayAssociations(): this; /** * Grants permission to describe devices * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetDevices.html */ toGetDevices(): this; /** * Grants permission to retrieve a Direct Connect gateway attachment * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetDirectConnectGatewayAttachment.html */ toGetDirectConnectGatewayAttachment(): this; /** * Grants permission to describe link associations * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetLinkAssociations.html */ toGetLinkAssociations(): this; /** * Grants permission to describe links * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetLinks.html */ toGetLinks(): this; /** * Grants permission to return the number of resources for a global network grouped by type * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetNetworkResourceCounts.html */ toGetNetworkResourceCounts(): this; /** * Grants permission to retrieve related resources for a resource within the global network * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetNetworkResourceRelationships.html */ toGetNetworkResourceRelationships(): this; /** * Grants permission to retrieve a global network resource * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetNetworkResources.html */ toGetNetworkResources(): this; /** * Grants permission to retrieve routes for a route table within the global network * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetNetworkRoutes.html */ toGetNetworkRoutes(): this; /** * Grants permission to retrieve network telemetry objects for the global network * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetNetworkTelemetry.html */ toGetNetworkTelemetry(): this; /** * Grants permission to retrieve a resource policy * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetResourcePolicy.html */ toGetResourcePolicy(): this; /** * Grants permission to retrieve a route analysis configuration and result * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetRouteAnalysis.html */ toGetRouteAnalysis(): this; /** * Grants permission to retrieve a site-to-site VPN attachment * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetSiteToSiteVpnAttachment.html */ toGetSiteToSiteVpnAttachment(): this; /** * Grants permission to describe global networks * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetSites.html */ toGetSites(): this; /** * Grants permission to describe transit gateway connect peer associations * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetTransitGatewayConnectPeerAssociations.html */ toGetTransitGatewayConnectPeerAssociations(): this; /** * Grants permission to retrieve a Transit Gateway peering * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetTransitGatewayPeering.html */ toGetTransitGatewayPeering(): this; /** * Grants permission to describe transit gateway registrations * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetTransitGatewayRegistrations.html */ toGetTransitGatewayRegistrations(): this; /** * Grants permission to retrieve a TGW RTB attachment * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetTransitGatewayRouteTableAttachment.html */ toGetTransitGatewayRouteTableAttachment(): this; /** * Grants permission to retrieve a VPC attachment * * Access Level: Read * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_GetVpcAttachment.html */ toGetVpcAttachment(): this; /** * Grants permission to describe attachments * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_ListAttachments.html */ toListAttachments(): this; /** * Grants permission to describe Connect Peers * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_ListConnectPeers.html */ toListConnectPeers(): this; /** * Grants permission to list core network policy versions * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_ListCoreNetworkPolicyVersions.html */ toListCoreNetworkPolicyVersions(): this; /** * Grants permission to list core networks * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_ListCoreNetworks.html */ toListCoreNetworks(): this; /** * Grants permission to list organization service access status * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_ListOrganizationServiceAccessStatus.html */ toListOrganizationServiceAccessStatus(): this; /** * Grants permission to describe peerings * * Access Level: List * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_ListPeerings.html */ toListPeerings(): this; /** * Grants permission to list tags for a Network Manager resource * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to create a core network policy * * Access Level: Write * * Dependent actions: * - ec2:DescribeRegions * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_PutCoreNetworkPolicy.html */ toPutCoreNetworkPolicy(): this; /** * Grants permission to create or update a resource policy * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_PutResourcePolicy.html */ toPutResourcePolicy(): this; /** * Grants permission to register a transit gateway to a global network * * Access Level: Write * * Possible conditions: * - .ifTgwArn() * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_RegisterTransitGateway.html */ toRegisterTransitGateway(): this; /** * Grants permission to reject attachment request * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_RejectAttachment.html */ toRejectAttachment(): this; /** * Grants permission to restore the core network policy to a previous version * * Access Level: Write * * Dependent actions: * - ec2:DescribeRegions * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_RestoreCoreNetworkPolicyVersion.html */ toRestoreCoreNetworkPolicyVersion(): this; /** * Grants permission to start organization service access update * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_StartOrganizationServiceAccessUpdate.html */ toStartOrganizationServiceAccessUpdate(): this; /** * Grants permission to start a route analysis and stores analysis configuration * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_StartRouteAnalysis.html */ toStartRouteAnalysis(): this; /** * Grants permission to tag a Network Manager resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to untag a Network Manager resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update a connection * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_UpdateConnection.html */ toUpdateConnection(): this; /** * Grants permission to update a core network * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_UpdateCoreNetwork.html */ toUpdateCoreNetwork(): this; /** * Grants permission to update a device * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_UpdateDevice.html */ toUpdateDevice(): this; /** * Grants permission to update a Direct Connect gateway attachment * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifEdgeLocations() * * Dependent actions: * - ec2:DescribeRegions * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_UpdateDirectConnectGatewayAttachment.html */ toUpdateDirectConnectGatewayAttachment(): this; /** * Grants permission to update a global network * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_UpdateGlobalNetwork.html */ toUpdateGlobalNetwork(): this; /** * Grants permission to update a link * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_UpdateLink.html */ toUpdateLink(): this; /** * Grants permission to add or update metadata key/value pairs on network resource * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_UpdateNetworkResourceMetadata.html */ toUpdateNetworkResourceMetadata(): this; /** * Grants permission to update a site * * Access Level: Write * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_UpdateSite.html */ toUpdateSite(): this; /** * Grants permission to update a VPC attachment * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifSubnetArns() * * Dependent actions: * - ec2:DescribeRegions * * https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_UpdateVpcAttachment.html */ toUpdateVpcAttachment(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type global-network to the statement * * https://docs.aws.amazon.com/vpc/latest/tgw/what-is-network-manager.html * * @param resourceId - Identifier for the resourceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onGlobalNetwork(resourceId: string, account?: string, partition?: string): this; /** * Adds a resource of type site to the statement * * https://docs.aws.amazon.com/vpc/latest/tgw/what-is-network-manager.html * * @param globalNetworkId - Identifier for the globalNetworkId. * @param resourceId - Identifier for the resourceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSite(globalNetworkId: string, resourceId: string, account?: string, partition?: string): this; /** * Adds a resource of type link to the statement * * https://docs.aws.amazon.com/vpc/latest/tgw/what-is-network-manager.html * * @param globalNetworkId - Identifier for the globalNetworkId. * @param resourceId - Identifier for the resourceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onLink(globalNetworkId: string, resourceId: string, account?: string, partition?: string): this; /** * Adds a resource of type device to the statement * * https://docs.aws.amazon.com/vpc/latest/tgw/what-is-network-manager.html * * @param globalNetworkId - Identifier for the globalNetworkId. * @param resourceId - Identifier for the resourceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDevice(globalNetworkId: string, resourceId: string, account?: string, partition?: string): this; /** * Adds a resource of type connection to the statement * * https://docs.aws.amazon.com/vpc/latest/tgw/what-is-network-manager.html * * @param globalNetworkId - Identifier for the globalNetworkId. * @param resourceId - Identifier for the resourceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onConnection(globalNetworkId: string, resourceId: string, account?: string, partition?: string): this; /** * Adds a resource of type core-network to the statement * * https://docs.aws.amazon.com/vpc/latest/tgw/what-is-network-manager.html * * @param resourceId - Identifier for the resourceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCoreNetwork(resourceId: string, account?: string, partition?: string): this; /** * Adds a resource of type attachment to the statement * * https://docs.aws.amazon.com/vpc/latest/tgw/what-is-network-manager.html * * @param resourceId - Identifier for the resourceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAttachment(resourceId: string, account?: string, partition?: string): this; /** * Adds a resource of type connect-peer to the statement * * https://docs.aws.amazon.com/vpc/latest/tgw/what-is-network-manager.html * * @param resourceId - Identifier for the resourceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onConnectPeer(resourceId: string, account?: string, partition?: string): this; /** * Adds a resource of type peering to the statement * * https://docs.aws.amazon.com/vpc/latest/tgw/what-is-network-manager.html * * @param resourceId - Identifier for the resourceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onPeering(resourceId: string, account?: string, partition?: string): this; /** * Filters access by the tags that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateConnectAttachment() * - .toCreateConnectPeer() * - .toCreateConnection() * - .toCreateCoreNetwork() * - .toCreateDevice() * - .toCreateDirectConnectGatewayAttachment() * - .toCreateGlobalNetwork() * - .toCreateLink() * - .toCreateSite() * - .toCreateSiteToSiteVpnAttachment() * - .toCreateTransitGatewayPeering() * - .toCreateTransitGatewayRouteTableAttachment() * - .toCreateVpcAttachment() * - .toTagResource() * - .toUpdateDirectConnectGatewayAttachment() * - .toUpdateVpcAttachment() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tags associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to actions: * - .toListTagsForResource() * - .toTagResource() * * Applies to resource types: * - global-network * - site * - link * - device * - connection * - core-network * - attachment * - connect-peer * - peering * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag keys that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateConnectAttachment() * - .toCreateConnectPeer() * - .toCreateConnection() * - .toCreateCoreNetwork() * - .toCreateDevice() * - .toCreateDirectConnectGatewayAttachment() * - .toCreateGlobalNetwork() * - .toCreateLink() * - .toCreateSite() * - .toCreateSiteToSiteVpnAttachment() * - .toCreateTransitGatewayPeering() * - .toCreateTransitGatewayRouteTableAttachment() * - .toCreateVpcAttachment() * - .toTagResource() * - .toUntagResource() * - .toUpdateDirectConnectGatewayAttachment() * - .toUpdateVpcAttachment() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by which customer gateways can be associated or disassociated * * https://docs.aws.amazon.com/vpc/latest/tgw/nm-security-iam.html * * Applies to actions: * - .toAssociateCustomerGateway() * - .toDisassociateCustomerGateway() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifCgwArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by which Direct Connect gateway can be used to a create/update attachment * * https://docs.aws.amazon.com/vpc/latest/tgw/nm-security-iam.html * * Applies to actions: * - .toCreateDirectConnectGatewayAttachment() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifDirectConnectGatewayArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by which edge locations can be added or removed from a Direct Connect gateway attachment * * https://docs.aws.amazon.com/vpc/latest/tgw/nm-security-iam.html * * Applies to actions: * - .toCreateDirectConnectGatewayAttachment() * - .toUpdateDirectConnectGatewayAttachment() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifEdgeLocations(value: string | string[], operator?: Operator | string): this; /** * Filters access by which VPC subnets can be added or removed from a VPC attachment * * https://docs.aws.amazon.com/vpc/latest/tgw/nm-security-iam.html * * Applies to actions: * - .toCreateVpcAttachment() * - .toUpdateVpcAttachment() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifSubnetArns(value: string | string[], operator?: Operator | string): this; /** * Filters access by which transit gateways can be registered, deregistered, or peered * * https://docs.aws.amazon.com/vpc/latest/tgw/nm-security-iam.html * * Applies to actions: * - .toCreateTransitGatewayPeering() * - .toDeregisterTransitGateway() * - .toRegisterTransitGateway() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifTgwArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by which transit gateway connect peers can be associated or disassociated * * https://docs.aws.amazon.com/vpc/latest/tgw/nm-security-iam.html * * Applies to actions: * - .toAssociateTransitGatewayConnectPeer() * - .toDisassociateTransitGatewayConnectPeer() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifTgwConnectPeerArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by which Transit Gateway Route Table can be used to create an attachment * * https://docs.aws.amazon.com/vpc/latest/tgw/nm-security-iam.html * * Applies to actions: * - .toCreateTransitGatewayRouteTableAttachment() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifTgwRtbArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by which VPC can be used to a create/update attachment * * https://docs.aws.amazon.com/vpc/latest/tgw/nm-security-iam.html * * Applies to actions: * - .toCreateVpcAttachment() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifVpcArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by which Site-to-Site VPN can be used to a create/update attachment * * https://docs.aws.amazon.com/vpc/latest/tgw/nm-security-iam.html * * Applies to actions: * - .toCreateSiteToSiteVpnAttachment() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifVpnConnectionArn(value: string | string[], operator?: Operator | string): this; }