import * as cdk from "../../core"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; /** * http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html. * * @cloudformationResource AWS::RolesAnywhere::CRL * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html */ export declare class CfnCRL extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnCRL from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCRL; /** * @cloudformationAttribute CrlId */ readonly attrCrlId: string; crlData: string; enabled?: boolean | cdk.IResolvable; name: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; tagsRaw?: Array; /** * The ARN of the TrustAnchor the certificate revocation list (CRL) will provide revocation for. */ trustAnchorArn?: string; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnCRLProps); protected get cfnProperties(): Record; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record): Record; } /** * Properties for defining a `CfnCRL` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html */ export interface CfnCRLProps { /** * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html#cfn-rolesanywhere-crl-crldata */ readonly crlData: string; /** * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html#cfn-rolesanywhere-crl-enabled */ readonly enabled?: boolean | cdk.IResolvable; /** * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html#cfn-rolesanywhere-crl-name */ readonly name: string; /** * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html#cfn-rolesanywhere-crl-tags */ readonly tags?: Array; /** * The ARN of the TrustAnchor the certificate revocation list (CRL) will provide revocation for. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html#cfn-rolesanywhere-crl-trustanchorarn */ readonly trustAnchorArn?: string; } /** * Creates a *profile* , a list of the roles that Roles Anywhere service is trusted to assume. * * You use profiles to intersect permissions with IAM managed policies. * * *Required permissions:* `rolesanywhere:CreateProfile` . * * @cloudformationResource AWS::RolesAnywhere::Profile * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html */ export declare class CfnProfile extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnProfile from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnProfile; /** * The ARN of the profile. * * @cloudformationAttribute ProfileArn */ readonly attrProfileArn: string; /** * The unique primary identifier of the Profile * * @cloudformationAttribute ProfileId */ readonly attrProfileId: string; /** * Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600. */ durationSeconds?: number; /** * Indicates whether the profile is enabled. */ enabled?: boolean | cdk.IResolvable; /** * A list of managed policy ARNs that apply to the vended session credentials. */ managedPolicyArns?: Array; /** * The name of the profile. */ name: string; /** * Specifies whether instance properties are required in temporary credential requests with this profile. */ requireInstanceProperties?: boolean | cdk.IResolvable; /** * A list of IAM role ARNs. */ roleArns: Array; /** * A session policy that applies to the trust boundary of the vended session credentials. */ sessionPolicy?: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * The tags to attach to the profile. */ tagsRaw?: Array; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnProfileProps); protected get cfnProperties(): Record; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record): Record; } /** * Properties for defining a `CfnProfile` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html */ export interface CfnProfileProps { /** * Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-durationseconds */ readonly durationSeconds?: number; /** * Indicates whether the profile is enabled. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-enabled */ readonly enabled?: boolean | cdk.IResolvable; /** * A list of managed policy ARNs that apply to the vended session credentials. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-managedpolicyarns */ readonly managedPolicyArns?: Array; /** * The name of the profile. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-name */ readonly name: string; /** * Specifies whether instance properties are required in temporary credential requests with this profile. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-requireinstanceproperties */ readonly requireInstanceProperties?: boolean | cdk.IResolvable; /** * A list of IAM role ARNs. * * During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-rolearns */ readonly roleArns: Array; /** * A session policy that applies to the trust boundary of the vended session credentials. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-sessionpolicy */ readonly sessionPolicy?: string; /** * The tags to attach to the profile. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-tags */ readonly tags?: Array; } /** * Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA). * * You can define a trust anchor as a reference to an AWS Private Certificate Authority ( AWS Private CA ) or by uploading a CA certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary AWS credentials. * * *Required permissions:* `rolesanywhere:CreateTrustAnchor` . * * @cloudformationResource AWS::RolesAnywhere::TrustAnchor * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-trustanchor.html */ export declare class CfnTrustAnchor extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnTrustAnchor from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnTrustAnchor; /** * The ARN of the trust anchor. * * @cloudformationAttribute TrustAnchorArn */ readonly attrTrustAnchorArn: string; /** * The unique identifier of the trust anchor. * * @cloudformationAttribute TrustAnchorId */ readonly attrTrustAnchorId: string; /** * Indicates whether the trust anchor is enabled. */ enabled?: boolean | cdk.IResolvable; /** * The name of the trust anchor. */ name: string; /** * A list of notification settings to be associated to the trust anchor. */ notificationSettings?: Array | cdk.IResolvable; /** * The trust anchor type and its related certificate data. */ source: cdk.IResolvable | CfnTrustAnchor.SourceProperty; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * The tags to attach to the trust anchor. */ tagsRaw?: Array; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnTrustAnchorProps); protected get cfnProperties(): Record; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record): Record; } export declare namespace CfnTrustAnchor { /** * Customizable notification settings that will be applied to notification events. * * IAM Roles Anywhere consumes these settings while notifying across multiple channels - CloudWatch metrics, EventBridge , and AWS Health Dashboard . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-notificationsetting.html */ interface NotificationSettingProperty { /** * The specified channel of notification. * * IAM Roles Anywhere uses CloudWatch metrics, EventBridge , and AWS Health Dashboard to notify for an event. * * > In the absence of a specific channel, IAM Roles Anywhere applies this setting to 'ALL' channels. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-notificationsetting.html#cfn-rolesanywhere-trustanchor-notificationsetting-channel */ readonly channel?: string; /** * Indicates whether the notification setting is enabled. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-notificationsetting.html#cfn-rolesanywhere-trustanchor-notificationsetting-enabled */ readonly enabled: boolean | cdk.IResolvable; /** * The event to which this notification setting is applied. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-notificationsetting.html#cfn-rolesanywhere-trustanchor-notificationsetting-event */ readonly event: string; /** * The number of days before a notification event. * * This value is required for a notification setting that is enabled. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-notificationsetting.html#cfn-rolesanywhere-trustanchor-notificationsetting-threshold */ readonly threshold?: number; } /** * The trust anchor type and its related certificate data. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-source.html */ interface SourceProperty { /** * The data field of the trust anchor depending on its type. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-source.html#cfn-rolesanywhere-trustanchor-source-sourcedata */ readonly sourceData?: cdk.IResolvable | CfnTrustAnchor.SourceDataProperty; /** * The type of the TrustAnchor. * * > `AWS_ACM_PCA` is not an allowed value in your region. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-source.html#cfn-rolesanywhere-trustanchor-source-sourcetype */ readonly sourceType?: string; } /** * The data field of the trust anchor depending on its type. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-sourcedata.html */ interface SourceDataProperty { /** * The root certificate of the AWS Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. * * Included for trust anchors of type `AWS_ACM_PCA` . * * > This field is not supported in your region. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-sourcedata.html#cfn-rolesanywhere-trustanchor-sourcedata-acmpcaarn */ readonly acmPcaArn?: string; /** * The PEM-encoded data for the certificate anchor. * * Included for trust anchors of type `CERTIFICATE_BUNDLE` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-sourcedata.html#cfn-rolesanywhere-trustanchor-sourcedata-x509certificatedata */ readonly x509CertificateData?: string; } } /** * Properties for defining a `CfnTrustAnchor` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-trustanchor.html */ export interface CfnTrustAnchorProps { /** * Indicates whether the trust anchor is enabled. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-trustanchor.html#cfn-rolesanywhere-trustanchor-enabled */ readonly enabled?: boolean | cdk.IResolvable; /** * The name of the trust anchor. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-trustanchor.html#cfn-rolesanywhere-trustanchor-name */ readonly name: string; /** * A list of notification settings to be associated to the trust anchor. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-trustanchor.html#cfn-rolesanywhere-trustanchor-notificationsettings */ readonly notificationSettings?: Array | cdk.IResolvable; /** * The trust anchor type and its related certificate data. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-trustanchor.html#cfn-rolesanywhere-trustanchor-source */ readonly source: cdk.IResolvable | CfnTrustAnchor.SourceProperty; /** * The tags to attach to the trust anchor. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-trustanchor.html#cfn-rolesanywhere-trustanchor-tags */ readonly tags?: Array; }