import * as cdk from "../../core/lib"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; import { IPermissionRef, IResourceShareRef, PermissionReference, ResourceShareReference } from "../../interfaces/generated/aws-ram-interfaces.generated"; /** * Creates a customer managed permission for a specified resource type that you can attach to resource shares. * * It is created in the AWS Region in which you call the operation. * * @cloudformationResource AWS::RAM::Permission * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-permission.html */ export declare class CfnPermission extends cdk.CfnResource implements cdk.IInspectable, IPermissionRef, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnPermission from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnPermission; /** * Checks whether the given object is a CfnPermission */ static isCfnPermission(x: any): x is CfnPermission; static arnForPermission(resource: IPermissionRef): string; /** * Specifies the name of the customer managed permission. */ private _name; /** * A string in JSON format string that contains the following elements of a resource-based policy:. */ private _policyTemplate; /** * Specifies the name of the resource type that this customer managed permission applies to. */ private _resourceType; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Specifies a list of one or more tag key and value pairs to attach to the permission. */ private _tagsRaw?; /** * Create a new `AWS::RAM::Permission`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnPermissionProps); get permissionRef(): PermissionReference; /** * Specifies the name of the customer managed permission. */ get name(): string; /** * Specifies the name of the customer managed permission. */ set name(value: string); /** * A string in JSON format string that contains the following elements of a resource-based policy:. */ get policyTemplate(): any | cdk.IResolvable; /** * A string in JSON format string that contains the following elements of a resource-based policy:. */ set policyTemplate(value: any | cdk.IResolvable); /** * Specifies the name of the resource type that this customer managed permission applies to. */ get resourceType(): string; /** * Specifies the name of the resource type that this customer managed permission applies to. */ set resourceType(value: string); /** * Specifies a list of one or more tag key and value pairs to attach to the permission. */ get tagsRaw(): Array | undefined; /** * Specifies a list of one or more tag key and value pairs to attach to the permission. */ set tagsRaw(value: Array | undefined); /** * The Amazon Resource Name (ARN) of the new permission. * * @cloudformationAttribute Arn */ get attrArn(): string; /** * Specifies whether this permission is the default for new resource shares that include resources of the associated resource type. * * @cloudformationAttribute IsResourceTypeDefault */ get attrIsResourceTypeDefault(): cdk.IResolvable; /** * The type of managed permission. This can be one of the following values: * * - *AWS_MANAGED_PERMISSION* – AWS created and manages this managed permission. You can associate it with your resource shares, but you can't modify it. * - *CUSTOMER_MANAGED_PERMISSION* – You, or another principal in your account created this managed permission. You can associate it with your resource shares and create new versions that have different permissions. * * @cloudformationAttribute PermissionType */ get attrPermissionType(): string; /** * The version number for this version of the permission. * * @cloudformationAttribute Version */ get attrVersion(): string; protected get cfnProperties(): Record; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record): Record; } /** * Properties for defining a `CfnPermission` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-permission.html */ export interface CfnPermissionProps { /** * Specifies the name of the customer managed permission. * * The name must be unique within the AWS Region . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-permission.html#cfn-ram-permission-name */ readonly name: string; /** * A string in JSON format string that contains the following elements of a resource-based policy:. * * - *Effect* : must be set to `ALLOW` . * - *Action* : specifies the actions that are allowed by this customer managed permission. The list must contain only actions that are supported by the specified resource type. For a list of all actions supported by each resource type, see [Actions, resources, and condition keys for AWS services](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) in the *AWS Identity and Access Management User Guide* . * - *Condition* : (optional) specifies conditional parameters that must evaluate to true when a user attempts an action for that action to be allowed. For more information about the Condition element, see [IAM policies: Condition element](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html) in the *AWS Identity and Access Management User Guide* . * * This template can't include either the `Resource` or `Principal` elements. Those are both filled in by AWS RAM when it instantiates the resource-based policy on each resource shared using this managed permission. The `Resource` comes from the ARN of the specific resource that you are sharing. The `Principal` comes from the list of identities added to the resource share. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-permission.html#cfn-ram-permission-policytemplate */ readonly policyTemplate: any | cdk.IResolvable; /** * Specifies the name of the resource type that this customer managed permission applies to. * * The format is `** : **` and is not case sensitive. For example, to specify an Amazon EC2 Subnet, you can use the string `ec2:subnet` . To see the list of valid values for this parameter, query the [ListResourceTypes](https://docs.aws.amazon.com/ram/latest/APIReference/API_ListResourceTypes.html) operation. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-permission.html#cfn-ram-permission-resourcetype */ readonly resourceType: string; /** * Specifies a list of one or more tag key and value pairs to attach to the permission. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-permission.html#cfn-ram-permission-tags */ readonly tags?: Array; } /** * Creates a resource share. * * You can provide a list of the Amazon Resource Names (ARNs) for the resources that you want to share, a list of principals you want to share the resources with, and the permissions to grant those principals. * * > Sharing a resource makes it available for use by principals outside of the AWS account that created the resource. Sharing doesn't change any permissions or quotas that apply to the resource in the account that created it. * * @cloudformationResource AWS::RAM::ResourceShare * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html */ export declare class CfnResourceShare extends cdk.CfnResource implements cdk.IInspectable, IResourceShareRef, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnResourceShare from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnResourceShare; /** * Checks whether the given object is a CfnResourceShare */ static isCfnResourceShare(x: any): x is CfnResourceShare; static arnForResourceShare(resource: IResourceShareRef): string; /** * Specifies whether principals outside your organization in AWS Organizations can be associated with a resource share. */ private _allowExternalPrincipals?; /** * Specifies the name of the resource share. */ private _name; /** * Specifies the [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) of the AWS RAM permission to associate with the resource share. If you do not specify an ARN for the permission, AWS RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share. */ private _permissionArns?; /** * Specifies the principals to associate with the resource share. The possible values are:. */ private _principals?; /** * Specifies a list of one or more ARNs of the resources to associate with the resource share. */ private _resourceArns?; /** * Specifies from which source accounts the service principal has access to the resources in this resource share. */ private _sources?; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Specifies one or more tags to attach to the resource share itself. */ private _tagsRaw?; /** * Create a new `AWS::RAM::ResourceShare`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnResourceShareProps); get resourceShareRef(): ResourceShareReference; /** * Specifies whether principals outside your organization in AWS Organizations can be associated with a resource share. */ get allowExternalPrincipals(): boolean | cdk.IResolvable | undefined; /** * Specifies whether principals outside your organization in AWS Organizations can be associated with a resource share. */ set allowExternalPrincipals(value: boolean | cdk.IResolvable | undefined); /** * Specifies the name of the resource share. */ get name(): string; /** * Specifies the name of the resource share. */ set name(value: string); /** * Specifies the [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) of the AWS RAM permission to associate with the resource share. If you do not specify an ARN for the permission, AWS RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share. */ get permissionArns(): Array | undefined; /** * Specifies the [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) of the AWS RAM permission to associate with the resource share. If you do not specify an ARN for the permission, AWS RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share. */ set permissionArns(value: Array | undefined); /** * Specifies the principals to associate with the resource share. The possible values are:. */ get principals(): Array | undefined; /** * Specifies the principals to associate with the resource share. The possible values are:. */ set principals(value: Array | undefined); /** * Specifies a list of one or more ARNs of the resources to associate with the resource share. */ get resourceArns(): Array | undefined; /** * Specifies a list of one or more ARNs of the resources to associate with the resource share. */ set resourceArns(value: Array | undefined); /** * Specifies from which source accounts the service principal has access to the resources in this resource share. */ get sources(): Array | undefined; /** * Specifies from which source accounts the service principal has access to the resources in this resource share. */ set sources(value: Array | undefined); /** * Specifies one or more tags to attach to the resource share itself. */ get tagsRaw(): Array | undefined; /** * Specifies one or more tags to attach to the resource share itself. */ set tagsRaw(value: Array | undefined); /** * The Amazon Resource Name (ARN) of the resource share. * * @cloudformationAttribute Arn */ get attrArn(): string; /** * The date and time when the resource share was created. * * @cloudformationAttribute CreationTime */ get attrCreationTime(): string; /** * Indicates what features are available for this resource share. This parameter can have one of the following values: * * - *STANDARD* – A resource share that supports all functionality. These resource shares are visible to all principals you share the resource share with. You can modify these resource shares in AWS RAM using the console or APIs. This resource share might have been created by AWS RAM , or it might have been *CREATED_FROM_POLICY* and then promoted. * - *CREATED_FROM_POLICY* – The customer manually shared a resource by attaching a resource-based policy. That policy did not match any existing managed permissions, so AWS RAM created this customer managed permission automatically on the customer's behalf based on the attached policy document. This type of resource share is visible only to the AWS account that created it. You can't modify it in AWS RAM unless you promote it. For more information, see `PromoteResourceShareCreatedFromPolicy` . * - *PROMOTING_TO_STANDARD* – This resource share was originally `CREATED_FROM_POLICY` , but the customer ran the `PromoteResourceShareCreatedFromPolicy` and that operation is still in progress. This value changes to `STANDARD` when complete. * * @cloudformationAttribute FeatureSet */ get attrFeatureSet(): string; /** * The date and time when the resource share was last updated. * * @cloudformationAttribute LastUpdatedTime */ get attrLastUpdatedTime(): string; /** * The ID of the AWS account that owns the resource share. * * @cloudformationAttribute OwningAccountId */ get attrOwningAccountId(): string; /** * The current status of the resource share. * * @cloudformationAttribute Status */ get attrStatus(): string; protected get cfnProperties(): Record; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record): Record; } /** * Properties for defining a `CfnResourceShare` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html */ export interface CfnResourceShareProps { /** * Specifies whether principals outside your organization in AWS Organizations can be associated with a resource share. * * A value of `true` lets you share with individual AWS accounts that are *not* in your organization. A value of `false` only has meaning if your account is a member of an AWS Organization. The default value is `true` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html#cfn-ram-resourceshare-allowexternalprincipals */ readonly allowExternalPrincipals?: boolean | cdk.IResolvable; /** * Specifies the name of the resource share. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html#cfn-ram-resourceshare-name */ readonly name: string; /** * Specifies the [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) of the AWS RAM permission to associate with the resource share. If you do not specify an ARN for the permission, AWS RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html#cfn-ram-resourceshare-permissionarns */ readonly permissionArns?: Array; /** * Specifies the principals to associate with the resource share. The possible values are:. * * - An AWS account ID * - An Amazon Resource Name (ARN) of an organization in AWS Organizations * - An ARN of an organizational unit (OU) in AWS Organizations * - An ARN of an IAM role * - An ARN of an IAM user * * > Not all resource types can be shared with IAM roles and users. For more information, see the column *Can share with IAM roles and users* in the tables on [Shareable AWS resources](https://docs.aws.amazon.com/ram/latest/userguide/shareable.html) in the *AWS Resource Access Manager User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html#cfn-ram-resourceshare-principals */ readonly principals?: Array; /** * Specifies a list of one or more ARNs of the resources to associate with the resource share. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html#cfn-ram-resourceshare-resourcearns */ readonly resourceArns?: Array; /** * Specifies from which source accounts the service principal has access to the resources in this resource share. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html#cfn-ram-resourceshare-sources */ readonly sources?: Array; /** * Specifies one or more tags to attach to the resource share itself. * * It doesn't attach the tags to the resources associated with the resource share. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html#cfn-ram-resourceshare-tags */ readonly tags?: Array; } export type { IPermissionRef, PermissionReference }; export type { IResourceShareRef, ResourceShareReference };