UNPKG

131 kBTypeScriptView Raw
1import * as cdk from '@aws-cdk/core';
2import * as cfn_parse from '@aws-cdk/core/lib/helpers-internal';
3/**
4 * Properties for defining a `CfnAccessKey`
5 *
6 * @struct
7 * @stability external
8 *
9 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html
10 */
11export interface CfnAccessKeyProps {
12 /**
13 * The name of the IAM user that the new key will belong to.
14 *
15 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
16 *
17 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-username
18 */
19 readonly userName: string;
20 /**
21 * This value is specific to CloudFormation and can only be *incremented* . Incrementing this value notifies CloudFormation that you want to rotate your access key. When you update your stack, CloudFormation will replace the existing access key with a new key.
22 *
23 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-serial
24 */
25 readonly serial?: number;
26 /**
27 * The status of the access key. `Active` means that the key is valid for API calls, while `Inactive` means it is not.
28 *
29 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-status
30 */
31 readonly status?: string;
32}
33/**
34 * A CloudFormation `AWS::IAM::AccessKey`
35 *
36 * Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is `Active` .
37 *
38 * For information about quotas on the number of keys you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .
39 *
40 * > To ensure the security of your AWS account , the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can rotate access keys by increasing the value of the `serial` property.
41 *
42 * @cloudformationResource AWS::IAM::AccessKey
43 * @stability external
44 *
45 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html
46 */
47export declare class CfnAccessKey extends cdk.CfnResource implements cdk.IInspectable {
48 /**
49 * The CloudFormation resource type name for this resource class.
50 */
51 static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IAM::AccessKey";
52 /**
53 * A factory method that creates a new instance of this class from an object
54 * containing the CloudFormation properties of this resource.
55 * Used in the @aws-cdk/cloudformation-include module.
56 *
57 * @internal
58 */
59 static _fromCloudFormation(scope: cdk.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAccessKey;
60 /**
61 * Returns the secret access key for the specified AWS::IAM::AccessKey resource. For example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY.
62 * @cloudformationAttribute SecretAccessKey
63 */
64 readonly attrSecretAccessKey: string;
65 /**
66 * The name of the IAM user that the new key will belong to.
67 *
68 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
69 *
70 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-username
71 */
72 userName: string;
73 /**
74 * This value is specific to CloudFormation and can only be *incremented* . Incrementing this value notifies CloudFormation that you want to rotate your access key. When you update your stack, CloudFormation will replace the existing access key with a new key.
75 *
76 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-serial
77 */
78 serial: number | undefined;
79 /**
80 * The status of the access key. `Active` means that the key is valid for API calls, while `Inactive` means it is not.
81 *
82 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html#cfn-iam-accesskey-status
83 */
84 status: string | undefined;
85 /**
86 * Create a new `AWS::IAM::AccessKey`.
87 *
88 * @param scope - scope in which this resource is defined
89 * @param id - scoped id of the resource
90 * @param props - resource properties
91 */
92 constructor(scope: cdk.Construct, id: string, props: CfnAccessKeyProps);
93 /**
94 * Examines the CloudFormation resource and discloses attributes.
95 *
96 * @param inspector - tree inspector to collect and process attributes
97 *
98 */
99 inspect(inspector: cdk.TreeInspector): void;
100 protected get cfnProperties(): {
101 [key: string]: any;
102 };
103 protected renderProperties(props: {
104 [key: string]: any;
105 }): {
106 [key: string]: any;
107 };
108}
109/**
110 * Properties for defining a `CfnGroup`
111 *
112 * @struct
113 * @stability external
114 *
115 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html
116 */
117export interface CfnGroupProps {
118 /**
119 * The name of the group to create. Do not include the path in this value.
120 *
121 * The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.
122 *
123 * > If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
124 *
125 * If you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .
126 *
127 * > Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}` .
128 *
129 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-groupname
130 */
131 readonly groupName?: string;
132 /**
133 * The Amazon Resource Name (ARN) of the IAM policy you want to attach.
134 *
135 * For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .
136 *
137 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-managepolicyarns
138 */
139 readonly managedPolicyArns?: string[];
140 /**
141 * The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
142 *
143 * This parameter is optional. If it is not included, it defaults to a slash (/).
144 *
145 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
146 *
147 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-path
148 */
149 readonly path?: string;
150 /**
151 * Adds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an IAM Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group) .
152 *
153 * > The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
154 *
155 * For information about limits on the number of inline policies that you can embed in a group, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .
156 *
157 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-policies
158 */
159 readonly policies?: Array<CfnGroup.PolicyProperty | cdk.IResolvable> | cdk.IResolvable;
160}
161/**
162 * A CloudFormation `AWS::IAM::Group`
163 *
164 * Creates a new group.
165 *
166 * For information about the number of groups you can create, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .
167 *
168 * @cloudformationResource AWS::IAM::Group
169 * @stability external
170 *
171 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html
172 */
173export declare class CfnGroup extends cdk.CfnResource implements cdk.IInspectable {
174 /**
175 * The CloudFormation resource type name for this resource class.
176 */
177 static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IAM::Group";
178 /**
179 * A factory method that creates a new instance of this class from an object
180 * containing the CloudFormation properties of this resource.
181 * Used in the @aws-cdk/cloudformation-include module.
182 *
183 * @internal
184 */
185 static _fromCloudFormation(scope: cdk.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnGroup;
186 /**
187 * Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::Group` resource. For example: `arn:aws:iam::123456789012:group/mystack-mygroup-1DZETITOWEKVO` .
188 * @cloudformationAttribute Arn
189 */
190 readonly attrArn: string;
191 /**
192 * The name of the group to create. Do not include the path in this value.
193 *
194 * The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.
195 *
196 * > If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
197 *
198 * If you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .
199 *
200 * > Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}` .
201 *
202 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-groupname
203 */
204 groupName: string | undefined;
205 /**
206 * The Amazon Resource Name (ARN) of the IAM policy you want to attach.
207 *
208 * For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .
209 *
210 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-managepolicyarns
211 */
212 managedPolicyArns: string[] | undefined;
213 /**
214 * The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
215 *
216 * This parameter is optional. If it is not included, it defaults to a slash (/).
217 *
218 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
219 *
220 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-path
221 */
222 path: string | undefined;
223 /**
224 * Adds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an IAM Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group) .
225 *
226 * > The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
227 *
228 * For information about limits on the number of inline policies that you can embed in a group, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .
229 *
230 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-policies
231 */
232 policies: Array<CfnGroup.PolicyProperty | cdk.IResolvable> | cdk.IResolvable | undefined;
233 /**
234 * Create a new `AWS::IAM::Group`.
235 *
236 * @param scope - scope in which this resource is defined
237 * @param id - scoped id of the resource
238 * @param props - resource properties
239 */
240 constructor(scope: cdk.Construct, id: string, props?: CfnGroupProps);
241 /**
242 * Examines the CloudFormation resource and discloses attributes.
243 *
244 * @param inspector - tree inspector to collect and process attributes
245 *
246 */
247 inspect(inspector: cdk.TreeInspector): void;
248 protected get cfnProperties(): {
249 [key: string]: any;
250 };
251 protected renderProperties(props: {
252 [key: string]: any;
253 }): {
254 [key: string]: any;
255 };
256}
257export declare namespace CfnGroup {
258 /**
259 * Contains information about an attached policy.
260 *
261 * An attached policy is a managed policy that has been attached to a user, group, or role.
262 *
263 * For more information about managed policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .
264 *
265 * @struct
266 * @stability external
267 *
268 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html
269 */
270 interface PolicyProperty {
271 /**
272 * The policy document.
273 *
274 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument
275 */
276 readonly policyDocument: any | cdk.IResolvable;
277 /**
278 * The friendly name (not ARN) identifying the policy.
279 *
280 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname
281 */
282 readonly policyName: string;
283 }
284}
285/**
286 * Properties for defining a `CfnInstanceProfile`
287 *
288 * @struct
289 * @stability external
290 *
291 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html
292 */
293export interface CfnInstanceProfileProps {
294 /**
295 * The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.
296 *
297 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-roles
298 */
299 readonly roles: string[];
300 /**
301 * The name of the instance profile to create.
302 *
303 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
304 *
305 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-instanceprofilename
306 */
307 readonly instanceProfileName?: string;
308 /**
309 * The path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
310 *
311 * This parameter is optional. If it is not included, it defaults to a slash (/).
312 *
313 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
314 *
315 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-path
316 */
317 readonly path?: string;
318}
319/**
320 * A CloudFormation `AWS::IAM::InstanceProfile`
321 *
322 * Creates a new instance profile. For information about instance profiles, see [Using instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) .
323 *
324 * For information about the number of instance profiles you can create, see [IAM object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .
325 *
326 * @cloudformationResource AWS::IAM::InstanceProfile
327 * @stability external
328 *
329 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html
330 */
331export declare class CfnInstanceProfile extends cdk.CfnResource implements cdk.IInspectable {
332 /**
333 * The CloudFormation resource type name for this resource class.
334 */
335 static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IAM::InstanceProfile";
336 /**
337 * A factory method that creates a new instance of this class from an object
338 * containing the CloudFormation properties of this resource.
339 * Used in the @aws-cdk/cloudformation-include module.
340 *
341 * @internal
342 */
343 static _fromCloudFormation(scope: cdk.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnInstanceProfile;
344 /**
345 * Returns the Amazon Resource Name (ARN) for the instance profile. For example:
346 *
347 * `{"Fn::GetAtt" : ["MyProfile", "Arn"] }`
348 *
349 * This returns a value such as `arn:aws:iam::1234567890:instance-profile/MyProfile-ASDNSDLKJ` .
350 * @cloudformationAttribute Arn
351 */
352 readonly attrArn: string;
353 /**
354 * The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.
355 *
356 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-roles
357 */
358 roles: string[];
359 /**
360 * The name of the instance profile to create.
361 *
362 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
363 *
364 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-instanceprofilename
365 */
366 instanceProfileName: string | undefined;
367 /**
368 * The path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
369 *
370 * This parameter is optional. If it is not included, it defaults to a slash (/).
371 *
372 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
373 *
374 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html#cfn-iam-instanceprofile-path
375 */
376 path: string | undefined;
377 /**
378 * Create a new `AWS::IAM::InstanceProfile`.
379 *
380 * @param scope - scope in which this resource is defined
381 * @param id - scoped id of the resource
382 * @param props - resource properties
383 */
384 constructor(scope: cdk.Construct, id: string, props: CfnInstanceProfileProps);
385 /**
386 * Examines the CloudFormation resource and discloses attributes.
387 *
388 * @param inspector - tree inspector to collect and process attributes
389 *
390 */
391 inspect(inspector: cdk.TreeInspector): void;
392 protected get cfnProperties(): {
393 [key: string]: any;
394 };
395 protected renderProperties(props: {
396 [key: string]: any;
397 }): {
398 [key: string]: any;
399 };
400}
401/**
402 * Properties for defining a `CfnManagedPolicy`
403 *
404 * @struct
405 * @stability external
406 *
407 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html
408 */
409export interface CfnManagedPolicyProps {
410 /**
411 * The JSON policy document that you want to use as the content for the new policy.
412 *
413 * You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
414 *
415 * The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and AWS STS character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length) .
416 *
417 * To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide* .
418 *
419 * The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
420 *
421 * - Any printable ASCII character ranging from the space character ( `\ u0020` ) through the end of the ASCII character range
422 * - The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\ u00FF` )
423 * - The special characters tab ( `\ u0009` ), line feed ( `\ u000A` ), and carriage return ( `\ u000D` )
424 *
425 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-policydocument
426 */
427 readonly policyDocument: any | cdk.IResolvable;
428 /**
429 * A friendly description of the policy.
430 *
431 * Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables."
432 *
433 * The policy description is immutable. After a value is assigned, it cannot be changed.
434 *
435 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-description
436 */
437 readonly description?: string;
438 /**
439 * The name (friendly name, not ARN) of the group to attach the policy to.
440 *
441 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
442 *
443 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-groups
444 */
445 readonly groups?: string[];
446 /**
447 * The friendly name of the policy.
448 *
449 * > If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
450 *
451 * If you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .
452 *
453 * > Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}` .
454 *
455 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-managedpolicyname
456 */
457 readonly managedPolicyName?: string;
458 /**
459 * The path for the policy.
460 *
461 * For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
462 *
463 * This parameter is optional. If it is not included, it defaults to a slash (/).
464 *
465 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
466 *
467 * > You cannot use an asterisk (*) in the path name.
468 *
469 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-ec2-dhcpoptions-path
470 */
471 readonly path?: string;
472 /**
473 * The name (friendly name, not ARN) of the role to attach the policy to.
474 *
475 * This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
476 *
477 * > If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.
478 *
479 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-roles
480 */
481 readonly roles?: string[];
482 /**
483 * The name (friendly name, not ARN) of the IAM user to attach the policy to.
484 *
485 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
486 *
487 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-users
488 */
489 readonly users?: string[];
490}
491/**
492 * A CloudFormation `AWS::IAM::ManagedPolicy`
493 *
494 * Creates a new managed policy for your AWS account .
495 *
496 * This operation creates a policy version with a version identifier of `v1` and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide* .
497 *
498 * As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide* .
499 *
500 * For more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .
501 *
502 * @cloudformationResource AWS::IAM::ManagedPolicy
503 * @stability external
504 *
505 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html
506 */
507export declare class CfnManagedPolicy extends cdk.CfnResource implements cdk.IInspectable {
508 /**
509 * The CloudFormation resource type name for this resource class.
510 */
511 static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IAM::ManagedPolicy";
512 /**
513 * A factory method that creates a new instance of this class from an object
514 * containing the CloudFormation properties of this resource.
515 * Used in the @aws-cdk/cloudformation-include module.
516 *
517 * @internal
518 */
519 static _fromCloudFormation(scope: cdk.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnManagedPolicy;
520 /**
521 * The JSON policy document that you want to use as the content for the new policy.
522 *
523 * You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
524 *
525 * The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and AWS STS character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length) .
526 *
527 * To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide* .
528 *
529 * The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
530 *
531 * - Any printable ASCII character ranging from the space character ( `\ u0020` ) through the end of the ASCII character range
532 * - The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\ u00FF` )
533 * - The special characters tab ( `\ u0009` ), line feed ( `\ u000A` ), and carriage return ( `\ u000D` )
534 *
535 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-policydocument
536 */
537 policyDocument: any | cdk.IResolvable;
538 /**
539 * A friendly description of the policy.
540 *
541 * Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables."
542 *
543 * The policy description is immutable. After a value is assigned, it cannot be changed.
544 *
545 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-description
546 */
547 description: string | undefined;
548 /**
549 * The name (friendly name, not ARN) of the group to attach the policy to.
550 *
551 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
552 *
553 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-groups
554 */
555 groups: string[] | undefined;
556 /**
557 * The friendly name of the policy.
558 *
559 * > If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
560 *
561 * If you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .
562 *
563 * > Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}` .
564 *
565 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-managedpolicyname
566 */
567 managedPolicyName: string | undefined;
568 /**
569 * The path for the policy.
570 *
571 * For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
572 *
573 * This parameter is optional. If it is not included, it defaults to a slash (/).
574 *
575 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
576 *
577 * > You cannot use an asterisk (*) in the path name.
578 *
579 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-ec2-dhcpoptions-path
580 */
581 path: string | undefined;
582 /**
583 * The name (friendly name, not ARN) of the role to attach the policy to.
584 *
585 * This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
586 *
587 * > If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.
588 *
589 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-roles
590 */
591 roles: string[] | undefined;
592 /**
593 * The name (friendly name, not ARN) of the IAM user to attach the policy to.
594 *
595 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
596 *
597 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html#cfn-iam-managedpolicy-users
598 */
599 users: string[] | undefined;
600 /**
601 * Create a new `AWS::IAM::ManagedPolicy`.
602 *
603 * @param scope - scope in which this resource is defined
604 * @param id - scoped id of the resource
605 * @param props - resource properties
606 */
607 constructor(scope: cdk.Construct, id: string, props: CfnManagedPolicyProps);
608 /**
609 * Examines the CloudFormation resource and discloses attributes.
610 *
611 * @param inspector - tree inspector to collect and process attributes
612 *
613 */
614 inspect(inspector: cdk.TreeInspector): void;
615 protected get cfnProperties(): {
616 [key: string]: any;
617 };
618 protected renderProperties(props: {
619 [key: string]: any;
620 }): {
621 [key: string]: any;
622 };
623}
624/**
625 * Properties for defining a `CfnOIDCProvider`
626 *
627 * @struct
628 * @stability external
629 *
630 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html
631 */
632export interface CfnOIDCProviderProps {
633 /**
634 * A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
635 *
636 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-thumbprintlist
637 */
638 readonly thumbprintList: string[];
639 /**
640 * A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
641 *
642 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-clientidlist
643 */
644 readonly clientIdList?: string[];
645 /**
646 * A list of tags that are attached to the specified IAM OIDC provider. The returned list of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
647 *
648 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-tags
649 */
650 readonly tags?: cdk.CfnTag[];
651 /**
652 * The URL that the IAM OIDC provider resource object is associated with. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
653 *
654 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-url
655 */
656 readonly url?: string;
657}
658/**
659 * A CloudFormation `AWS::IAM::OIDCProvider`
660 *
661 * Creates or updates an IAM entity to describe an identity provider (IdP) that supports [OpenID Connect (OIDC)](https://docs.aws.amazon.com/http://openid.net/connect/) .
662 *
663 * The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between AWS and the OIDC provider.
664 *
665 * When you create the IAM OIDC provider, you specify the following:
666 *
667 * - The URL of the OIDC identity provider (IdP) to trust
668 * - A list of client IDs (also known as audiences) that identify the application or applications that are allowed to authenticate using the OIDC provider
669 * - A list of tags that are attached to the specified IAM OIDC provider
670 * - A list of thumbprints of one or more server certificates that the IdP uses
671 *
672 * You get all of this information from the OIDC IdP that you want to use to access AWS .
673 *
674 * When you update the IAM OIDC provider, you specify the following:
675 *
676 * - The URL of the OIDC identity provider (IdP) to trust
677 * - A list of client IDs (also known as audiences) that replaces the existing list of client IDs associated with the OIDC IdP
678 * - A list of tags that replaces the existing list of tags attached to the specified IAM OIDC provider
679 * - A list of thumbprints that replaces the existing list of server certificates thumbprints that the IdP uses
680 *
681 * > The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is best to limit access to the [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) operation to highly privileged users.
682 *
683 * @cloudformationResource AWS::IAM::OIDCProvider
684 * @stability external
685 *
686 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html
687 */
688export declare class CfnOIDCProvider extends cdk.CfnResource implements cdk.IInspectable {
689 /**
690 * The CloudFormation resource type name for this resource class.
691 */
692 static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IAM::OIDCProvider";
693 /**
694 * A factory method that creates a new instance of this class from an object
695 * containing the CloudFormation properties of this resource.
696 * Used in the @aws-cdk/cloudformation-include module.
697 *
698 * @internal
699 */
700 static _fromCloudFormation(scope: cdk.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnOIDCProvider;
701 /**
702 * Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::OIDCProvider` resource.
703 * @cloudformationAttribute Arn
704 */
705 readonly attrArn: string;
706 /**
707 * A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
708 *
709 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-thumbprintlist
710 */
711 thumbprintList: string[];
712 /**
713 * A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
714 *
715 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-clientidlist
716 */
717 clientIdList: string[] | undefined;
718 /**
719 * A list of tags that are attached to the specified IAM OIDC provider. The returned list of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
720 *
721 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-tags
722 */
723 readonly tags: cdk.TagManager;
724 /**
725 * The URL that the IAM OIDC provider resource object is associated with. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
726 *
727 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-oidcprovider.html#cfn-iam-oidcprovider-url
728 */
729 url: string | undefined;
730 /**
731 * Create a new `AWS::IAM::OIDCProvider`.
732 *
733 * @param scope - scope in which this resource is defined
734 * @param id - scoped id of the resource
735 * @param props - resource properties
736 */
737 constructor(scope: cdk.Construct, id: string, props: CfnOIDCProviderProps);
738 /**
739 * Examines the CloudFormation resource and discloses attributes.
740 *
741 * @param inspector - tree inspector to collect and process attributes
742 *
743 */
744 inspect(inspector: cdk.TreeInspector): void;
745 protected get cfnProperties(): {
746 [key: string]: any;
747 };
748 protected renderProperties(props: {
749 [key: string]: any;
750 }): {
751 [key: string]: any;
752 };
753}
754/**
755 * Properties for defining a `CfnPolicy`
756 *
757 * @struct
758 * @stability external
759 *
760 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html
761 */
762export interface CfnPolicyProps {
763 /**
764 * The policy document.
765 *
766 * You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
767 *
768 * The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
769 *
770 * - Any printable ASCII character ranging from the space character ( `\ u0020` ) through the end of the ASCII character range
771 * - The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\ u00FF` )
772 * - The special characters tab ( `\ u0009` ), line feed ( `\ u000A` ), and carriage return ( `\ u000D` )
773 *
774 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument
775 */
776 readonly policyDocument: any | cdk.IResolvable;
777 /**
778 * The name of the policy document.
779 *
780 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
781 *
782 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policyname
783 */
784 readonly policyName: string;
785 /**
786 * The name of the group to associate the policy with.
787 *
788 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.
789 *
790 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-groups
791 */
792 readonly groups?: string[];
793 /**
794 * The name of the role to associate the policy with.
795 *
796 * This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
797 *
798 * > If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.
799 *
800 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-roles
801 */
802 readonly roles?: string[];
803 /**
804 * The name of the user to associate the policy with.
805 *
806 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
807 *
808 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-users
809 */
810 readonly users?: string[];
811}
812/**
813 * A CloudFormation `AWS::IAM::Policy`
814 *
815 * Adds or updates an inline policy document that is embedded in the specified IAM user, group, or role.
816 *
817 * An IAM user can also have a managed policy attached to it. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .
818 *
819 * The Groups, Roles, and Users properties are optional. However, you must specify at least one of these properties.
820 *
821 * For information about policy documents see [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *IAM User Guide* .
822 *
823 * For information about limits on the number of inline policies that you can embed in an identity, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .
824 *
825 * @cloudformationResource AWS::IAM::Policy
826 * @stability external
827 *
828 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html
829 */
830export declare class CfnPolicy extends cdk.CfnResource implements cdk.IInspectable {
831 /**
832 * The CloudFormation resource type name for this resource class.
833 */
834 static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IAM::Policy";
835 /**
836 * A factory method that creates a new instance of this class from an object
837 * containing the CloudFormation properties of this resource.
838 * Used in the @aws-cdk/cloudformation-include module.
839 *
840 * @internal
841 */
842 static _fromCloudFormation(scope: cdk.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnPolicy;
843 /**
844 * The policy document.
845 *
846 * You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
847 *
848 * The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
849 *
850 * - Any printable ASCII character ranging from the space character ( `\ u0020` ) through the end of the ASCII character range
851 * - The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\ u00FF` )
852 * - The special characters tab ( `\ u0009` ), line feed ( `\ u000A` ), and carriage return ( `\ u000D` )
853 *
854 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument
855 */
856 policyDocument: any | cdk.IResolvable;
857 /**
858 * The name of the policy document.
859 *
860 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
861 *
862 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policyname
863 */
864 policyName: string;
865 /**
866 * The name of the group to associate the policy with.
867 *
868 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.
869 *
870 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-groups
871 */
872 groups: string[] | undefined;
873 /**
874 * The name of the role to associate the policy with.
875 *
876 * This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
877 *
878 * > If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.
879 *
880 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-roles
881 */
882 roles: string[] | undefined;
883 /**
884 * The name of the user to associate the policy with.
885 *
886 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
887 *
888 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-users
889 */
890 users: string[] | undefined;
891 /**
892 * Create a new `AWS::IAM::Policy`.
893 *
894 * @param scope - scope in which this resource is defined
895 * @param id - scoped id of the resource
896 * @param props - resource properties
897 */
898 constructor(scope: cdk.Construct, id: string, props: CfnPolicyProps);
899 /**
900 * Examines the CloudFormation resource and discloses attributes.
901 *
902 * @param inspector - tree inspector to collect and process attributes
903 *
904 */
905 inspect(inspector: cdk.TreeInspector): void;
906 protected get cfnProperties(): {
907 [key: string]: any;
908 };
909 protected renderProperties(props: {
910 [key: string]: any;
911 }): {
912 [key: string]: any;
913 };
914}
915/**
916 * Properties for defining a `CfnRole`
917 *
918 * @struct
919 * @stability external
920 *
921 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html
922 */
923export interface CfnRoleProps {
924 /**
925 * The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples) . For more information about the elements that you can use in an IAM policy, see [IAM Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *IAM User Guide* .
926 *
927 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-assumerolepolicydocument
928 */
929 readonly assumeRolePolicyDocument: any | cdk.IResolvable;
930 /**
931 * A description of the role that you provide.
932 *
933 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-description
934 */
935 readonly description?: string;
936 /**
937 * A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
938 *
939 * For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .
940 *
941 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-managepolicyarns
942 */
943 readonly managedPolicyArns?: string[];
944 /**
945 * The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.
946 *
947 * Anyone who assumes the role from the AWS CLI or API can use the `DurationSeconds` API parameter or the `duration-seconds` AWS CLI parameter to request a longer session. The `MaxSessionDuration` setting determines the maximum duration that can be requested using the `DurationSeconds` parameter. If users don't specify a value for the `DurationSeconds` parameter, their security credentials are valid for one hour by default. This applies when you use the `AssumeRole*` API operations or the `assume-role*` AWS CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide* .
948 *
949 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-maxsessionduration
950 */
951 readonly maxSessionDuration?: number;
952 /**
953 * The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
954 *
955 * This parameter is optional. If it is not included, it defaults to a slash (/).
956 *
957 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
958 *
959 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path
960 */
961 readonly path?: string;
962 /**
963 * The ARN of the policy used to set the permissions boundary for the role.
964 *
965 * For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .
966 *
967 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary
968 */
969 readonly permissionsBoundary?: string;
970 /**
971 * Adds or updates an inline policy document that is embedded in the specified IAM role.
972 *
973 * When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) .
974 *
975 * A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .
976 *
977 * For information about limits on the number of inline policies that you can embed with a role, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .
978 *
979 * > If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.
980 *
981 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-policies
982 */
983 readonly policies?: Array<CfnRole.PolicyProperty | cdk.IResolvable> | cdk.IResolvable;
984 /**
985 * A name for the IAM role, up to 64 characters in length. For valid values, see the `RoleName` parameter for the [`CreateRole`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *IAM User Guide* .
986 *
987 * This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1".
988 *
989 * If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name.
990 *
991 * If you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .
992 *
993 * > Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}` .
994 *
995 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-rolename
996 */
997 readonly roleName?: string;
998 /**
999 * A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
1000 *
1001 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-tags
1002 */
1003 readonly tags?: cdk.CfnTag[];
1004}
1005/**
1006 * A CloudFormation `AWS::IAM::Role`
1007 *
1008 * Creates a new role for your AWS account . For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html) . For information about quotas for role names and the number of roles you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .
1009 *
1010 * @cloudformationResource AWS::IAM::Role
1011 * @stability external
1012 *
1013 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html
1014 */
1015export declare class CfnRole extends cdk.CfnResource implements cdk.IInspectable {
1016 /**
1017 * The CloudFormation resource type name for this resource class.
1018 */
1019 static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IAM::Role";
1020 /**
1021 * A factory method that creates a new instance of this class from an object
1022 * containing the CloudFormation properties of this resource.
1023 * Used in the @aws-cdk/cloudformation-include module.
1024 *
1025 * @internal
1026 */
1027 static _fromCloudFormation(scope: cdk.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnRole;
1028 /**
1029 * Returns the Amazon Resource Name (ARN) for the role. For example:
1030 *
1031 * `{"Fn::GetAtt" : ["MyRole", "Arn"] }`
1032 *
1033 * This will return a value such as `arn:aws:iam::1234567890:role/MyRole-AJJHDSKSDF` .
1034 * @cloudformationAttribute Arn
1035 */
1036 readonly attrArn: string;
1037 /**
1038 * Returns the stable and unique string identifying the role. For example, `AIDAJQABLZS4A3QDU576Q` .
1039 *
1040 * For more information about IDs, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in the *IAM User Guide* .
1041 * @cloudformationAttribute RoleId
1042 */
1043 readonly attrRoleId: string;
1044 /**
1045 * The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples) . For more information about the elements that you can use in an IAM policy, see [IAM Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *IAM User Guide* .
1046 *
1047 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-assumerolepolicydocument
1048 */
1049 assumeRolePolicyDocument: any | cdk.IResolvable;
1050 /**
1051 * A description of the role that you provide.
1052 *
1053 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-description
1054 */
1055 description: string | undefined;
1056 /**
1057 * A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
1058 *
1059 * For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .
1060 *
1061 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-managepolicyarns
1062 */
1063 managedPolicyArns: string[] | undefined;
1064 /**
1065 * The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.
1066 *
1067 * Anyone who assumes the role from the AWS CLI or API can use the `DurationSeconds` API parameter or the `duration-seconds` AWS CLI parameter to request a longer session. The `MaxSessionDuration` setting determines the maximum duration that can be requested using the `DurationSeconds` parameter. If users don't specify a value for the `DurationSeconds` parameter, their security credentials are valid for one hour by default. This applies when you use the `AssumeRole*` API operations or the `assume-role*` AWS CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide* .
1068 *
1069 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-maxsessionduration
1070 */
1071 maxSessionDuration: number | undefined;
1072 /**
1073 * The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
1074 *
1075 * This parameter is optional. If it is not included, it defaults to a slash (/).
1076 *
1077 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
1078 *
1079 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path
1080 */
1081 path: string | undefined;
1082 /**
1083 * The ARN of the policy used to set the permissions boundary for the role.
1084 *
1085 * For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .
1086 *
1087 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary
1088 */
1089 permissionsBoundary: string | undefined;
1090 /**
1091 * Adds or updates an inline policy document that is embedded in the specified IAM role.
1092 *
1093 * When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) .
1094 *
1095 * A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .
1096 *
1097 * For information about limits on the number of inline policies that you can embed with a role, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .
1098 *
1099 * > If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.
1100 *
1101 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-policies
1102 */
1103 policies: Array<CfnRole.PolicyProperty | cdk.IResolvable> | cdk.IResolvable | undefined;
1104 /**
1105 * A name for the IAM role, up to 64 characters in length. For valid values, see the `RoleName` parameter for the [`CreateRole`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *IAM User Guide* .
1106 *
1107 * This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1".
1108 *
1109 * If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name.
1110 *
1111 * If you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .
1112 *
1113 * > Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}` .
1114 *
1115 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-rolename
1116 */
1117 roleName: string | undefined;
1118 /**
1119 * A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
1120 *
1121 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-tags
1122 */
1123 readonly tags: cdk.TagManager;
1124 /**
1125 * Create a new `AWS::IAM::Role`.
1126 *
1127 * @param scope - scope in which this resource is defined
1128 * @param id - scoped id of the resource
1129 * @param props - resource properties
1130 */
1131 constructor(scope: cdk.Construct, id: string, props: CfnRoleProps);
1132 /**
1133 * Examines the CloudFormation resource and discloses attributes.
1134 *
1135 * @param inspector - tree inspector to collect and process attributes
1136 *
1137 */
1138 inspect(inspector: cdk.TreeInspector): void;
1139 protected get cfnProperties(): {
1140 [key: string]: any;
1141 };
1142 protected renderProperties(props: {
1143 [key: string]: any;
1144 }): {
1145 [key: string]: any;
1146 };
1147}
1148export declare namespace CfnRole {
1149 /**
1150 * Contains information about an attached policy.
1151 *
1152 * An attached policy is a managed policy that has been attached to a user, group, or role.
1153 *
1154 * For more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .
1155 *
1156 * @struct
1157 * @stability external
1158 *
1159 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html
1160 */
1161 interface PolicyProperty {
1162 /**
1163 * The entire contents of the policy that defines permissions. For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json) .
1164 *
1165 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument
1166 */
1167 readonly policyDocument: any | cdk.IResolvable;
1168 /**
1169 * The friendly name (not ARN) identifying the policy.
1170 *
1171 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname
1172 */
1173 readonly policyName: string;
1174 }
1175}
1176/**
1177 * Properties for defining a `CfnSAMLProvider`
1178 *
1179 * @struct
1180 * @stability external
1181 *
1182 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html
1183 */
1184export interface CfnSAMLProviderProps {
1185 /**
1186 * An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
1187 *
1188 * For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*
1189 *
1190 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-samlmetadatadocument
1191 */
1192 readonly samlMetadataDocument: string;
1193 /**
1194 * The name of the provider to create.
1195 *
1196 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
1197 *
1198 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-name
1199 */
1200 readonly name?: string;
1201 /**
1202 * A list of tags that you want to attach to the new IAM SAML provider. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
1203 *
1204 * > If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
1205 *
1206 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-tags
1207 */
1208 readonly tags?: cdk.CfnTag[];
1209}
1210/**
1211 * A CloudFormation `AWS::IAM::SAMLProvider`
1212 *
1213 * Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.
1214 *
1215 * The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .
1216 *
1217 * When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.
1218 *
1219 * > This operation requires [Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) .
1220 *
1221 * For more information, see [Enabling SAML 2.0 federated users to access the AWS Management Console](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html) and [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide* .
1222 *
1223 * @cloudformationResource AWS::IAM::SAMLProvider
1224 * @stability external
1225 *
1226 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html
1227 */
1228export declare class CfnSAMLProvider extends cdk.CfnResource implements cdk.IInspectable {
1229 /**
1230 * The CloudFormation resource type name for this resource class.
1231 */
1232 static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IAM::SAMLProvider";
1233 /**
1234 * A factory method that creates a new instance of this class from an object
1235 * containing the CloudFormation properties of this resource.
1236 * Used in the @aws-cdk/cloudformation-include module.
1237 *
1238 * @internal
1239 */
1240 static _fromCloudFormation(scope: cdk.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnSAMLProvider;
1241 /**
1242 * Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::SAMLProvider` resource.
1243 * @cloudformationAttribute Arn
1244 */
1245 readonly attrArn: string;
1246 /**
1247 * An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
1248 *
1249 * For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*
1250 *
1251 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-samlmetadatadocument
1252 */
1253 samlMetadataDocument: string;
1254 /**
1255 * The name of the provider to create.
1256 *
1257 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
1258 *
1259 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-name
1260 */
1261 name: string | undefined;
1262 /**
1263 * A list of tags that you want to attach to the new IAM SAML provider. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
1264 *
1265 * > If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
1266 *
1267 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html#cfn-iam-samlprovider-tags
1268 */
1269 readonly tags: cdk.TagManager;
1270 /**
1271 * Create a new `AWS::IAM::SAMLProvider`.
1272 *
1273 * @param scope - scope in which this resource is defined
1274 * @param id - scoped id of the resource
1275 * @param props - resource properties
1276 */
1277 constructor(scope: cdk.Construct, id: string, props: CfnSAMLProviderProps);
1278 /**
1279 * Examines the CloudFormation resource and discloses attributes.
1280 *
1281 * @param inspector - tree inspector to collect and process attributes
1282 *
1283 */
1284 inspect(inspector: cdk.TreeInspector): void;
1285 protected get cfnProperties(): {
1286 [key: string]: any;
1287 };
1288 protected renderProperties(props: {
1289 [key: string]: any;
1290 }): {
1291 [key: string]: any;
1292 };
1293}
1294/**
1295 * Properties for defining a `CfnServerCertificate`
1296 *
1297 * @struct
1298 * @stability external
1299 *
1300 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html
1301 */
1302export interface CfnServerCertificateProps {
1303 /**
1304 * The contents of the public key certificate.
1305 *
1306 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatebody
1307 */
1308 readonly certificateBody?: string;
1309 /**
1310 * The contents of the public key certificate chain.
1311 *
1312 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatechain
1313 */
1314 readonly certificateChain?: string;
1315 /**
1316 * The path for the server certificate. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
1317 *
1318 * This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
1319 *
1320 * > If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the `path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/` ).
1321 *
1322 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-path
1323 */
1324 readonly path?: string;
1325 /**
1326 * The contents of the private key in PEM-encoded format.
1327 *
1328 * The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
1329 *
1330 * - Any printable ASCII character ranging from the space character ( `\ u0020` ) through the end of the ASCII character range
1331 * - The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\ u00FF` )
1332 * - The special characters tab ( `\ u0009` ), line feed ( `\ u000A` ), and carriage return ( `\ u000D` )
1333 *
1334 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-privatekey
1335 */
1336 readonly privateKey?: string;
1337 /**
1338 * The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces.
1339 *
1340 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
1341 *
1342 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-servercertificatename
1343 */
1344 readonly serverCertificateName?: string;
1345 /**
1346 * A list of tags that are attached to the server certificate. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
1347 *
1348 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-tags
1349 */
1350 readonly tags?: cdk.CfnTag[];
1351}
1352/**
1353 * A CloudFormation `AWS::IAM::ServerCertificate`
1354 *
1355 * Uploads a server certificate entity for the AWS account . The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.
1356 *
1357 * We recommend that you use [AWS Certificate Manager](https://docs.aws.amazon.com/acm/) to provision, manage, and deploy your server certificates. With ACM you can request a certificate, deploy it to AWS resources, and let ACM handle certificate renewals for you. Certificates provided by ACM are free. For more information about using ACM, see the [AWS Certificate Manager User Guide](https://docs.aws.amazon.com/acm/latest/userguide/) .
1358 *
1359 * For more information about working with server certificates, see [Working with server certificates](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) in the *IAM User Guide* . This topic includes a list of AWS services that can use the server certificates that you manage with IAM.
1360 *
1361 * For information about the number of server certificates you can upload, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .
1362 *
1363 * > Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET when calling `UploadServerCertificate` . For information about setting up signatures and authorization through the API, see [Signing AWS API requests](https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) in the *AWS General Reference* . For general information about using the Query API with IAM, see [Calling the API by making HTTP query requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html) in the *IAM User Guide* .
1364 *
1365 * @cloudformationResource AWS::IAM::ServerCertificate
1366 * @stability external
1367 *
1368 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html
1369 */
1370export declare class CfnServerCertificate extends cdk.CfnResource implements cdk.IInspectable {
1371 /**
1372 * The CloudFormation resource type name for this resource class.
1373 */
1374 static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IAM::ServerCertificate";
1375 /**
1376 * A factory method that creates a new instance of this class from an object
1377 * containing the CloudFormation properties of this resource.
1378 * Used in the @aws-cdk/cloudformation-include module.
1379 *
1380 * @internal
1381 */
1382 static _fromCloudFormation(scope: cdk.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnServerCertificate;
1383 /**
1384 * Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::ServerCertificate` resource.
1385 * @cloudformationAttribute Arn
1386 */
1387 readonly attrArn: string;
1388 /**
1389 * The contents of the public key certificate.
1390 *
1391 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatebody
1392 */
1393 certificateBody: string | undefined;
1394 /**
1395 * The contents of the public key certificate chain.
1396 *
1397 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-certificatechain
1398 */
1399 certificateChain: string | undefined;
1400 /**
1401 * The path for the server certificate. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
1402 *
1403 * This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
1404 *
1405 * > If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the `path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/` ).
1406 *
1407 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-path
1408 */
1409 path: string | undefined;
1410 /**
1411 * The contents of the private key in PEM-encoded format.
1412 *
1413 * The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
1414 *
1415 * - Any printable ASCII character ranging from the space character ( `\ u0020` ) through the end of the ASCII character range
1416 * - The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\ u00FF` )
1417 * - The special characters tab ( `\ u0009` ), line feed ( `\ u000A` ), and carriage return ( `\ u000D` )
1418 *
1419 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-privatekey
1420 */
1421 privateKey: string | undefined;
1422 /**
1423 * The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces.
1424 *
1425 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
1426 *
1427 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-servercertificatename
1428 */
1429 serverCertificateName: string | undefined;
1430 /**
1431 * A list of tags that are attached to the server certificate. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
1432 *
1433 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servercertificate.html#cfn-iam-servercertificate-tags
1434 */
1435 readonly tags: cdk.TagManager;
1436 /**
1437 * Create a new `AWS::IAM::ServerCertificate`.
1438 *
1439 * @param scope - scope in which this resource is defined
1440 * @param id - scoped id of the resource
1441 * @param props - resource properties
1442 */
1443 constructor(scope: cdk.Construct, id: string, props?: CfnServerCertificateProps);
1444 /**
1445 * Examines the CloudFormation resource and discloses attributes.
1446 *
1447 * @param inspector - tree inspector to collect and process attributes
1448 *
1449 */
1450 inspect(inspector: cdk.TreeInspector): void;
1451 protected get cfnProperties(): {
1452 [key: string]: any;
1453 };
1454 protected renderProperties(props: {
1455 [key: string]: any;
1456 }): {
1457 [key: string]: any;
1458 };
1459}
1460/**
1461 * Properties for defining a `CfnServiceLinkedRole`
1462 *
1463 * @struct
1464 * @stability external
1465 *
1466 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html
1467 */
1468export interface CfnServiceLinkedRoleProps {
1469 /**
1470 * The service principal for the AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: `elasticbeanstalk.amazonaws.com` .
1471 *
1472 * Service principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the *IAM User Guide* . Look for the services that have *Yes* in the *Service-Linked Role* column. Choose the *Yes* link to view the service-linked role documentation for that service.
1473 *
1474 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-awsservicename
1475 */
1476 readonly awsServiceName: string;
1477 /**
1478 * A string that you provide, which is combined with the service-provided prefix to form the complete role name. If you make multiple requests for the same service, then you must supply a different `CustomSuffix` for each request. Otherwise the request fails with a duplicate role name error. For example, you could add `-1` or `-debug` to the suffix.
1479 *
1480 * Some services do not support the `CustomSuffix` parameter. If you provide an optional suffix and the operation fails, try the operation again without the suffix.
1481 *
1482 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-customsuffix
1483 */
1484 readonly customSuffix?: string;
1485 /**
1486 * The description of the role.
1487 *
1488 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-description
1489 */
1490 readonly description?: string;
1491}
1492/**
1493 * A CloudFormation `AWS::IAM::ServiceLinkedRole`
1494 *
1495 * Creates an IAM role that is linked to a specific AWS service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your AWS resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed. For more information, see [Using service-linked roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) in the *IAM User Guide* .
1496 *
1497 * To attach a policy to this service-linked role, you must make the request using the AWS service that depends on this role.
1498 *
1499 * @cloudformationResource AWS::IAM::ServiceLinkedRole
1500 * @stability external
1501 *
1502 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html
1503 */
1504export declare class CfnServiceLinkedRole extends cdk.CfnResource implements cdk.IInspectable {
1505 /**
1506 * The CloudFormation resource type name for this resource class.
1507 */
1508 static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IAM::ServiceLinkedRole";
1509 /**
1510 * A factory method that creates a new instance of this class from an object
1511 * containing the CloudFormation properties of this resource.
1512 * Used in the @aws-cdk/cloudformation-include module.
1513 *
1514 * @internal
1515 */
1516 static _fromCloudFormation(scope: cdk.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnServiceLinkedRole;
1517 /**
1518 * The service principal for the AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: `elasticbeanstalk.amazonaws.com` .
1519 *
1520 * Service principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the *IAM User Guide* . Look for the services that have *Yes* in the *Service-Linked Role* column. Choose the *Yes* link to view the service-linked role documentation for that service.
1521 *
1522 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-awsservicename
1523 */
1524 awsServiceName: string;
1525 /**
1526 * A string that you provide, which is combined with the service-provided prefix to form the complete role name. If you make multiple requests for the same service, then you must supply a different `CustomSuffix` for each request. Otherwise the request fails with a duplicate role name error. For example, you could add `-1` or `-debug` to the suffix.
1527 *
1528 * Some services do not support the `CustomSuffix` parameter. If you provide an optional suffix and the operation fails, try the operation again without the suffix.
1529 *
1530 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-customsuffix
1531 */
1532 customSuffix: string | undefined;
1533 /**
1534 * The description of the role.
1535 *
1536 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html#cfn-iam-servicelinkedrole-description
1537 */
1538 description: string | undefined;
1539 /**
1540 * Create a new `AWS::IAM::ServiceLinkedRole`.
1541 *
1542 * @param scope - scope in which this resource is defined
1543 * @param id - scoped id of the resource
1544 * @param props - resource properties
1545 */
1546 constructor(scope: cdk.Construct, id: string, props: CfnServiceLinkedRoleProps);
1547 /**
1548 * Examines the CloudFormation resource and discloses attributes.
1549 *
1550 * @param inspector - tree inspector to collect and process attributes
1551 *
1552 */
1553 inspect(inspector: cdk.TreeInspector): void;
1554 protected get cfnProperties(): {
1555 [key: string]: any;
1556 };
1557 protected renderProperties(props: {
1558 [key: string]: any;
1559 }): {
1560 [key: string]: any;
1561 };
1562}
1563/**
1564 * Properties for defining a `CfnUser`
1565 *
1566 * @struct
1567 * @stability external
1568 *
1569 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html
1570 */
1571export interface CfnUserProps {
1572 /**
1573 * A list of group names to which you want to add the user.
1574 *
1575 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-groups
1576 */
1577 readonly groups?: string[];
1578 /**
1579 * Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the AWS Management Console .
1580 *
1581 * You can use the AWS CLI , the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the AWS Management Console .
1582 *
1583 * For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .
1584 *
1585 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-loginprofile
1586 */
1587 readonly loginProfile?: CfnUser.LoginProfileProperty | cdk.IResolvable;
1588 /**
1589 * A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user.
1590 *
1591 * For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .
1592 *
1593 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-managepolicyarns
1594 */
1595 readonly managedPolicyArns?: string[];
1596 /**
1597 * The path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
1598 *
1599 * This parameter is optional. If it is not included, it defaults to a slash (/).
1600 *
1601 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
1602 *
1603 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-path
1604 */
1605 readonly path?: string;
1606 /**
1607 * The ARN of the managed policy that is used to set the permissions boundary for the user.
1608 *
1609 * A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .
1610 *
1611 * For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide* .
1612 *
1613 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-permissionsboundary
1614 */
1615 readonly permissionsBoundary?: string;
1616 /**
1617 * Adds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an IAM User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user) .
1618 *
1619 * > The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
1620 *
1621 * For information about limits on the number of inline policies that you can embed in a user, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .
1622 *
1623 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-policies
1624 */
1625 readonly policies?: Array<CfnUser.PolicyProperty | cdk.IResolvable> | cdk.IResolvable;
1626 /**
1627 * A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
1628 *
1629 * > If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
1630 *
1631 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-tags
1632 */
1633 readonly tags?: cdk.CfnTag[];
1634 /**
1635 * The name of the user to create. Do not include the path in this value.
1636 *
1637 * This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john".
1638 *
1639 * If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.
1640 *
1641 * If you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .
1642 *
1643 * > Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}` .
1644 *
1645 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-username
1646 */
1647 readonly userName?: string;
1648}
1649/**
1650 * A CloudFormation `AWS::IAM::User`
1651 *
1652 * Creates a new IAM user for your AWS account .
1653 *
1654 * For information about quotas for the number of IAM users you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .
1655 *
1656 * @cloudformationResource AWS::IAM::User
1657 * @stability external
1658 *
1659 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html
1660 */
1661export declare class CfnUser extends cdk.CfnResource implements cdk.IInspectable {
1662 /**
1663 * The CloudFormation resource type name for this resource class.
1664 */
1665 static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IAM::User";
1666 /**
1667 * A factory method that creates a new instance of this class from an object
1668 * containing the CloudFormation properties of this resource.
1669 * Used in the @aws-cdk/cloudformation-include module.
1670 *
1671 * @internal
1672 */
1673 static _fromCloudFormation(scope: cdk.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnUser;
1674 /**
1675 * Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::User` resource. For example: `arn:aws:iam::123456789012:user/mystack-myuser-1CCXAFG2H2U4D` .
1676 * @cloudformationAttribute Arn
1677 */
1678 readonly attrArn: string;
1679 /**
1680 * A list of group names to which you want to add the user.
1681 *
1682 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-groups
1683 */
1684 groups: string[] | undefined;
1685 /**
1686 * Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the AWS Management Console .
1687 *
1688 * You can use the AWS CLI , the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the AWS Management Console .
1689 *
1690 * For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .
1691 *
1692 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-loginprofile
1693 */
1694 loginProfile: CfnUser.LoginProfileProperty | cdk.IResolvable | undefined;
1695 /**
1696 * A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user.
1697 *
1698 * For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .
1699 *
1700 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-managepolicyarns
1701 */
1702 managedPolicyArns: string[] | undefined;
1703 /**
1704 * The path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
1705 *
1706 * This parameter is optional. If it is not included, it defaults to a slash (/).
1707 *
1708 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
1709 *
1710 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-path
1711 */
1712 path: string | undefined;
1713 /**
1714 * The ARN of the managed policy that is used to set the permissions boundary for the user.
1715 *
1716 * A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .
1717 *
1718 * For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide* .
1719 *
1720 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-permissionsboundary
1721 */
1722 permissionsBoundary: string | undefined;
1723 /**
1724 * Adds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an IAM User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user) .
1725 *
1726 * > The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
1727 *
1728 * For information about limits on the number of inline policies that you can embed in a user, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .
1729 *
1730 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-policies
1731 */
1732 policies: Array<CfnUser.PolicyProperty | cdk.IResolvable> | cdk.IResolvable | undefined;
1733 /**
1734 * A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
1735 *
1736 * > If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
1737 *
1738 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-tags
1739 */
1740 readonly tags: cdk.TagManager;
1741 /**
1742 * The name of the user to create. Do not include the path in this value.
1743 *
1744 * This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john".
1745 *
1746 * If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the user name.
1747 *
1748 * If you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .
1749 *
1750 * > Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}` .
1751 *
1752 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html#cfn-iam-user-username
1753 */
1754 userName: string | undefined;
1755 /**
1756 * Create a new `AWS::IAM::User`.
1757 *
1758 * @param scope - scope in which this resource is defined
1759 * @param id - scoped id of the resource
1760 * @param props - resource properties
1761 */
1762 constructor(scope: cdk.Construct, id: string, props?: CfnUserProps);
1763 /**
1764 * Examines the CloudFormation resource and discloses attributes.
1765 *
1766 * @param inspector - tree inspector to collect and process attributes
1767 *
1768 */
1769 inspect(inspector: cdk.TreeInspector): void;
1770 protected get cfnProperties(): {
1771 [key: string]: any;
1772 };
1773 protected renderProperties(props: {
1774 [key: string]: any;
1775 }): {
1776 [key: string]: any;
1777 };
1778}
1779export declare namespace CfnUser {
1780 /**
1781 * Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console . For more information about managing passwords, see [Managing Passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .
1782 *
1783 * @struct
1784 * @stability external
1785 *
1786 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html
1787 */
1788 interface LoginProfileProperty {
1789 /**
1790 * The user's password.
1791 *
1792 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html#cfn-iam-user-loginprofile-password
1793 */
1794 readonly password: string;
1795 /**
1796 * Specifies whether the user is required to set a new password on next sign-in.
1797 *
1798 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user-loginprofile.html#cfn-iam-user-loginprofile-passwordresetrequired
1799 */
1800 readonly passwordResetRequired?: boolean | cdk.IResolvable;
1801 }
1802}
1803export declare namespace CfnUser {
1804 /**
1805 * Contains information about an attached policy.
1806 *
1807 * An attached policy is a managed policy that has been attached to a user, group, or role.
1808 *
1809 * For more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .
1810 *
1811 * @struct
1812 * @stability external
1813 *
1814 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html
1815 */
1816 interface PolicyProperty {
1817 /**
1818 * The entire contents of the policy that defines permissions. For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json) .
1819 *
1820 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policydocument
1821 */
1822 readonly policyDocument: any | cdk.IResolvable;
1823 /**
1824 * The friendly name (not ARN) identifying the policy.
1825 *
1826 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html#cfn-iam-policies-policyname
1827 */
1828 readonly policyName: string;
1829 }
1830}
1831/**
1832 * Properties for defining a `CfnUserToGroupAddition`
1833 *
1834 * @struct
1835 * @stability external
1836 *
1837 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html
1838 */
1839export interface CfnUserToGroupAdditionProps {
1840 /**
1841 * The name of the group to update.
1842 *
1843 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
1844 *
1845 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-groupname
1846 */
1847 readonly groupName: string;
1848 /**
1849 * A list of the names of the users that you want to add to the group.
1850 *
1851 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-users
1852 */
1853 readonly users: string[];
1854}
1855/**
1856 * A CloudFormation `AWS::IAM::UserToGroupAddition`
1857 *
1858 * Adds the specified user to the specified group.
1859 *
1860 * @cloudformationResource AWS::IAM::UserToGroupAddition
1861 * @stability external
1862 *
1863 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html
1864 */
1865export declare class CfnUserToGroupAddition extends cdk.CfnResource implements cdk.IInspectable {
1866 /**
1867 * The CloudFormation resource type name for this resource class.
1868 */
1869 static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IAM::UserToGroupAddition";
1870 /**
1871 * A factory method that creates a new instance of this class from an object
1872 * containing the CloudFormation properties of this resource.
1873 * Used in the @aws-cdk/cloudformation-include module.
1874 *
1875 * @internal
1876 */
1877 static _fromCloudFormation(scope: cdk.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnUserToGroupAddition;
1878 /**
1879 * The name of the group to update.
1880 *
1881 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
1882 *
1883 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-groupname
1884 */
1885 groupName: string;
1886 /**
1887 * A list of the names of the users that you want to add to the group.
1888 *
1889 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html#cfn-iam-addusertogroup-users
1890 */
1891 users: string[];
1892 /**
1893 * Create a new `AWS::IAM::UserToGroupAddition`.
1894 *
1895 * @param scope - scope in which this resource is defined
1896 * @param id - scoped id of the resource
1897 * @param props - resource properties
1898 */
1899 constructor(scope: cdk.Construct, id: string, props: CfnUserToGroupAdditionProps);
1900 /**
1901 * Examines the CloudFormation resource and discloses attributes.
1902 *
1903 * @param inspector - tree inspector to collect and process attributes
1904 *
1905 */
1906 inspect(inspector: cdk.TreeInspector): void;
1907 protected get cfnProperties(): {
1908 [key: string]: any;
1909 };
1910 protected renderProperties(props: {
1911 [key: string]: any;
1912 }): {
1913 [key: string]: any;
1914 };
1915}
1916/**
1917 * Properties for defining a `CfnVirtualMFADevice`
1918 *
1919 * @struct
1920 * @stability external
1921 *
1922 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html
1923 */
1924export interface CfnVirtualMFADeviceProps {
1925 /**
1926 * The IAM user associated with this virtual MFA device.
1927 *
1928 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-users
1929 */
1930 readonly users: string[];
1931 /**
1932 * The path for the virtual MFA device. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
1933 *
1934 * This parameter is optional. If it is not included, it defaults to a slash (/).
1935 *
1936 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
1937 *
1938 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-path
1939 */
1940 readonly path?: string;
1941 /**
1942 * A list of tags that you want to attach to the new IAM virtual MFA device. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
1943 *
1944 * > If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
1945 *
1946 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-tags
1947 */
1948 readonly tags?: cdk.CfnTag[];
1949 /**
1950 * The name of the virtual MFA device, which must be unique. Use with path to uniquely identify a virtual MFA device.
1951 *
1952 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
1953 *
1954 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-virtualmfadevicename
1955 */
1956 readonly virtualMfaDeviceName?: string;
1957}
1958/**
1959 * A CloudFormation `AWS::IAM::VirtualMFADevice`
1960 *
1961 * Creates a new virtual MFA device for the AWS account . After creating the virtual MFA, use [EnableMFADevice](https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html) to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, see [Using a virtual MFA device](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) in the *IAM User Guide* .
1962 *
1963 * For information about the maximum number of MFA devices you can create, see [IAM and AWS STS quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide* .
1964 *
1965 * > The seed information contained in the QR code and the Base32 string should be treated like any other secret access information. In other words, protect the seed information as you would your AWS access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.
1966 *
1967 * @cloudformationResource AWS::IAM::VirtualMFADevice
1968 * @stability external
1969 *
1970 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html
1971 */
1972export declare class CfnVirtualMFADevice extends cdk.CfnResource implements cdk.IInspectable {
1973 /**
1974 * The CloudFormation resource type name for this resource class.
1975 */
1976 static readonly CFN_RESOURCE_TYPE_NAME = "AWS::IAM::VirtualMFADevice";
1977 /**
1978 * A factory method that creates a new instance of this class from an object
1979 * containing the CloudFormation properties of this resource.
1980 * Used in the @aws-cdk/cloudformation-include module.
1981 *
1982 * @internal
1983 */
1984 static _fromCloudFormation(scope: cdk.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnVirtualMFADevice;
1985 /**
1986 * Returns the serial number for the specified `AWS::IAM::VirtualMFADevice` resource.
1987 * @cloudformationAttribute SerialNumber
1988 */
1989 readonly attrSerialNumber: string;
1990 /**
1991 * The IAM user associated with this virtual MFA device.
1992 *
1993 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-users
1994 */
1995 users: string[];
1996 /**
1997 * The path for the virtual MFA device. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
1998 *
1999 * This parameter is optional. If it is not included, it defaults to a slash (/).
2000 *
2001 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\ u0021` ) through the DEL character ( `\ u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
2002 *
2003 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-path
2004 */
2005 path: string | undefined;
2006 /**
2007 * A list of tags that you want to attach to the new IAM virtual MFA device. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
2008 *
2009 * > If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
2010 *
2011 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-tags
2012 */
2013 readonly tags: cdk.TagManager;
2014 /**
2015 * The name of the virtual MFA device, which must be unique. Use with path to uniquely identify a virtual MFA device.
2016 *
2017 * This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
2018 *
2019 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-virtualmfadevice.html#cfn-iam-virtualmfadevice-virtualmfadevicename
2020 */
2021 virtualMfaDeviceName: string | undefined;
2022 /**
2023 * Create a new `AWS::IAM::VirtualMFADevice`.
2024 *
2025 * @param scope - scope in which this resource is defined
2026 * @param id - scoped id of the resource
2027 * @param props - resource properties
2028 */
2029 constructor(scope: cdk.Construct, id: string, props: CfnVirtualMFADeviceProps);
2030 /**
2031 * Examines the CloudFormation resource and discloses attributes.
2032 *
2033 * @param inspector - tree inspector to collect and process attributes
2034 *
2035 */
2036 inspect(inspector: cdk.TreeInspector): void;
2037 protected get cfnProperties(): {
2038 [key: string]: any;
2039 };
2040 protected renderProperties(props: {
2041 [key: string]: any;
2042 }): {
2043 [key: string]: any;
2044 };
2045}