import { AddToResourcePolicyResult, PolicyDocument } from 'aws-cdk-lib/aws-iam';
import { IQueue } from 'aws-cdk-lib/aws-sqs';
import { IAccessSpec } from './k9policy';
export interface K9SQSResourcePolicyProps {
    readonly queue: IQueue;
    readonly k9DesiredAccess: Array<IAccessSpec>;
}
export declare const SID_DENY_EVERYONE_ELSE = "DenyEveryoneElse";
/**
 * Generate a SQS resource policy from the provided props that can be attached to a queue.
 *
 * @param props specifying desired access
 * @return a PolicyDocument that can be attached to an SQS queue
 */
export declare function makeResourcePolicy(props: K9SQSResourcePolicyProps): PolicyDocument;
/**
 * Grant access to a queue via resource policy using k9 IAccessSpec definitions. This function
 * is the preferred interface for granting access to a queue.
 *
 * The grant and make operations are split because SQS policies can only be managed via the
 * IQueue.addToResourcePolicy method but IQueue does not offer a way to read the policy.
 * So making the policy is done in a separate function so policy generation can be tested.
 *
 * @param props specifying the queue and desired access
 *
 * @return the results for adding each statement
 */
export declare function grantAccessViaResourcePolicy(props: K9SQSResourcePolicyProps): AddToResourcePolicyResult[];