iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; /** * Statement provider for service [s3-object-lambda](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3objectlambda.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class S3ObjectLambda extends PolicyStatement { servicePrefix: string; /** * Statement provider for service [s3-object-lambda](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3objectlambda.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ constructor(sid?: string); /** * Grants permission to abort a multipart upload * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html */ toAbortMultipartUpload(): this; /** * Grants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the object * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html */ toDeleteObject(): this; /** * Grants permission to use the tagging subresource to remove the entire tag set from the specified object * * Access Level: Tagging * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html */ toDeleteObjectTagging(): this; /** * Grants permission to remove a specific version of an object * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * - .ifVersionid() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html */ toDeleteObjectVersion(): this; /** * Grants permission to remove the entire tag set for a specific version of the object * * Access Level: Tagging * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * - .ifVersionid() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html */ toDeleteObjectVersionTagging(): this; /** * Grants permission to retrieve objects from Amazon S3 * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html */ toGetObject(): this; /** * Grants permission to return the access control list (ACL) of an object * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html */ toGetObjectAcl(): this; /** * Grants permission to get an object's current Legal Hold status * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html */ toGetObjectLegalHold(): this; /** * Grants permission to retrieve the retention settings for an object * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectRetention.html */ toGetObjectRetention(): this; /** * Grants permission to return the tag set of an object * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html */ toGetObjectTagging(): this; /** * Grants permission to retrieve a specific version of an object * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * - .ifVersionid() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html */ toGetObjectVersion(): this; /** * Grants permission to return the access control list (ACL) of a specific object version * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * - .ifVersionid() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html */ toGetObjectVersionAcl(): this; /** * Grants permission to return the tag set for a specific version of the object * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * - .ifVersionid() * * https://docs.aws.amazon.com/AmazonS3/latest/dev/setting-repl-config-perm-overview.html */ toGetObjectVersionTagging(): this; /** * Grants permission to list some or all of the objects in an Amazon S3 bucket (up to 1000) * * Access Level: List * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html */ toListBucket(): this; /** * Grants permission to list in-progress multipart uploads * * Access Level: List * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html */ toListBucketMultipartUploads(): this; /** * Grants permission to list metadata about all the versions of objects in an Amazon S3 bucket * * Access Level: List * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectVersions.html */ toListBucketVersions(): this; /** * Grants permission to list the parts that have been uploaded for a specific multipart upload * * Access Level: List * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html */ toListMultipartUploadParts(): this; /** * Grants permission to add an object to a bucket * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html */ toPutObject(): this; /** * Grants permission to set the access control list (ACL) permissions for new or existing objects in an S3 bucket * * Access Level: Permissions management * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectAcl.html */ toPutObjectAcl(): this; /** * Grants permission to apply a Legal Hold configuration to the specified object * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectLegalHold.html */ toPutObjectLegalHold(): this; /** * Grants permission to place an Object Retention configuration on an object * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectRetention.html */ toPutObjectRetention(): this; /** * Grants permission to set the supplied tag-set to an object that already exists in a bucket * * Access Level: Tagging * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html */ toPutObjectTagging(): this; /** * Grants permission to use the acl subresource to set the access control list (ACL) permissions for an object that already exists in a bucket * * Access Level: Permissions management * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * - .ifVersionid() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectAcl.html */ toPutObjectVersionAcl(): this; /** * Grants permission to set the supplied tag-set for a specific version of an object * * Access Level: Tagging * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * - .ifVersionid() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html */ toPutObjectVersionTagging(): this; /** * Grants permission to restore an archived copy of an object back into Amazon S3 * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html */ toRestoreObject(): this; /** * Grants permission to provide data for GetObject requests send to S3 Object Lambda * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifTlsVersion() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_WriteGetObjectResponse.html */ toWriteGetObjectResponse(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type objectlambdaaccesspoint to the statement * * https://docs.aws.amazon.com/AmazonS3/latest/dev/transforming-objects.html * * @param accessPointName - Identifier for the accessPointName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onObjectlambdaaccesspoint(accessPointName: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the TLS version used by the client * * https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html * * Applies to actions: * - .toAbortMultipartUpload() * - .toDeleteObject() * - .toDeleteObjectTagging() * - .toDeleteObjectVersion() * - .toDeleteObjectVersionTagging() * - .toGetObject() * - .toGetObjectAcl() * - .toGetObjectLegalHold() * - .toGetObjectRetention() * - .toGetObjectTagging() * - .toGetObjectVersion() * - .toGetObjectVersionAcl() * - .toGetObjectVersionTagging() * - .toListBucket() * - .toListBucketMultipartUploads() * - .toListBucketVersions() * - .toListMultipartUploadParts() * - .toPutObject() * - .toPutObjectAcl() * - .toPutObjectLegalHold() * - .toPutObjectRetention() * - .toPutObjectTagging() * - .toPutObjectVersionAcl() * - .toPutObjectVersionTagging() * - .toRestoreObject() * - .toWriteGetObjectResponse() * * @param value The value(s) to check * @param operator Works with [numeric operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_Numeric). **Default:** `NumericEquals` */ ifTlsVersion(value: number | number[], operator?: Operator | string): this; /** * Filters access by authentication method * * https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html * * Applies to actions: * - .toAbortMultipartUpload() * - .toDeleteObject() * - .toDeleteObjectTagging() * - .toDeleteObjectVersion() * - .toDeleteObjectVersionTagging() * - .toGetObject() * - .toGetObjectAcl() * - .toGetObjectLegalHold() * - .toGetObjectRetention() * - .toGetObjectTagging() * - .toGetObjectVersion() * - .toGetObjectVersionAcl() * - .toGetObjectVersionTagging() * - .toListBucket() * - .toListBucketMultipartUploads() * - .toListBucketVersions() * - .toListMultipartUploadParts() * - .toPutObject() * - .toPutObjectAcl() * - .toPutObjectLegalHold() * - .toPutObjectRetention() * - .toPutObjectTagging() * - .toPutObjectVersionAcl() * - .toPutObjectVersionTagging() * - .toRestoreObject() * - .toWriteGetObjectResponse() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAuthType(value: string | string[], operator?: Operator | string): this; /** * Filters access by the age in milliseconds of the request signature * * https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html * * Applies to actions: * - .toAbortMultipartUpload() * - .toDeleteObject() * - .toDeleteObjectTagging() * - .toDeleteObjectVersion() * - .toDeleteObjectVersionTagging() * - .toGetObject() * - .toGetObjectAcl() * - .toGetObjectLegalHold() * - .toGetObjectRetention() * - .toGetObjectTagging() * - .toGetObjectVersion() * - .toGetObjectVersionAcl() * - .toGetObjectVersionTagging() * - .toListBucket() * - .toListBucketMultipartUploads() * - .toListBucketVersions() * - .toListMultipartUploadParts() * - .toPutObject() * - .toPutObjectAcl() * - .toPutObjectLegalHold() * - .toPutObjectRetention() * - .toPutObjectTagging() * - .toPutObjectVersionAcl() * - .toPutObjectVersionTagging() * - .toRestoreObject() * - .toWriteGetObjectResponse() * * @param value The value(s) to check * @param operator Works with [numeric operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_Numeric). **Default:** `NumericEquals` */ ifSignatureAge(value: number | number[], operator?: Operator | string): this; /** * Filters access by a specific object version * * https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html/#getobjectversion-limit-access-to-specific-version-3 * * Applies to actions: * - .toDeleteObjectVersion() * - .toDeleteObjectVersionTagging() * - .toGetObjectVersion() * - .toGetObjectVersionAcl() * - .toGetObjectVersionTagging() * - .toPutObjectVersionAcl() * - .toPutObjectVersionTagging() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifVersionid(value: string | string[], operator?: Operator | string): this; }