import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [access-analyzer](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiamaccessanalyzer.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class AccessAnalyzer extends PolicyStatement { servicePrefix: string; /** * Grants permission to apply an archive rule * * Access Level: Write * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ApplyArchiveRule.html */ toApplyArchiveRule(): this; /** * Grants permission to cancel a policy generation * * Access Level: Write * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CancelPolicyGeneration.html */ toCancelPolicyGeneration(): this; /** * Grants permission to check that specified access is not allowed by a policy * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CheckAccessNotGranted.html */ toCheckAccessNotGranted(): this; /** * Grants permission to check that no new access is allowed when compared to an existing policy * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CheckNoNewAccess.html */ toCheckNoNewAccess(): this; /** * Grants permission to check that public access is not allowed by a resource policy * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CheckNoPublicAccess.html */ toCheckNoPublicAccess(): this; /** * Grants permission to create an access preview for the specified analyzer * * Access Level: Write * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAccessPreview.html */ toCreateAccessPreview(): this; /** * Grants permission to create an analyzer * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:CreateServiceLinkedRole * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html */ toCreateAnalyzer(): this; /** * Grants permission to create an archive rule for the specified analyzer * * Access Level: Write * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateArchiveRule.html */ toCreateArchiveRule(): this; /** * Grants permission to delete the specified analyzer * * Access Level: Write * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_DeleteAnalyzer.html */ toDeleteAnalyzer(): this; /** * Grants permission to delete archive rules for the specified analyzer * * Access Level: Write * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_DeleteArchiveRule.html */ toDeleteArchiveRule(): this; /** * Grants permission to generate recommendation steps to resolve a finding * * Access Level: Write * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_GenerateFindingRecommendation.html */ toGenerateFindingRecommendation(): this; /** * Grants permission to retrieve information about an access preview * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_GetAccessPreview.html */ toGetAccessPreview(): this; /** * Grants permission to retrieve information about an analyzed resource * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_GetAnalyzedResource.html */ toGetAnalyzedResource(): this; /** * Grants permission to retrieve information about analyzers * * Access Level: Read * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_GetAnalyzer.html */ toGetAnalyzer(): this; /** * Grants permission to retrieve information about archive rules for the specified analyzer * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_GetArchiveRule.html */ toGetArchiveRule(): this; /** * Grants permission to retrieve findings * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_GetFindingV2.html */ toGetFinding(): this; /** * Grants permission to retrieve recommendation steps to resolve a finding * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_GetFindingRecommendation.html */ toGetFindingRecommendation(): this; /** * Grants permission to retrieve statistics for findings * * Access Level: Read * * https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#access-analyzer-permissions */ toGetFindingsStatistics(): this; /** * Grants permission to retrieve a policy that was generated using StartPolicyGeneration * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_GetGeneratedPolicy.html */ toGetGeneratedPolicy(): this; /** * Grants permission to retrieve a list of findings from an access preview * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ListAccessPreviewFindings.html */ toListAccessPreviewFindings(): this; /** * Grants permission to retrieve a list of access previews * * Access Level: List * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ListAccessPreviews.html */ toListAccessPreviews(): this; /** * Grants permission to retrieve a list of resources that have been analyzed * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ListAnalyzedResources.html */ toListAnalyzedResources(): this; /** * Grants permission to retrieves a list of analyzers * * Access Level: List * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ListAnalyzers.html */ toListAnalyzers(): this; /** * Grants permission to retrieve a list of archive rules from an analyzer * * Access Level: List * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ListArchiveRules.html */ toListArchiveRules(): this; /** * Grants permission to retrieve a list of findings from an analyzer * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ListFindingsV2.html */ toListFindings(): this; /** * Grants permission to list all the recently started policy generations * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ListPolicyGenerations.html */ toListPolicyGenerations(): this; /** * Grants permission to retrieve a list of tags applied to a resource * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to start a policy generation * * Access Level: Write * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_StartPolicyGeneration.html */ toStartPolicyGeneration(): this; /** * Grants permission to start a scan of the policies applied to a resource * * Access Level: Write * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_StartResourceScan.html */ toStartResourceScan(): this; /** * Grants permission to add a tag to a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to remove a tag from a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to modify an analyzer's configuration * * Access Level: Write * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_UpdateAnalyzer.html */ toUpdateAnalyzer(): this; /** * Grants permission to modify an archive rule * * Access Level: Write * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_UpdateArchiveRule.html */ toUpdateArchiveRule(): this; /** * Grants permission to modify findings * * Access Level: Write * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_UpdateFindings.html */ toUpdateFindings(): this; /** * Grants permission to validate a policy * * Access Level: Read * * https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ValidatePolicy.html */ toValidatePolicy(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type Analyzer to the statement * * https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources * * @param analyzerName - Identifier for the analyzerName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAnalyzer(analyzerName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type ArchiveRule to the statement * * https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources * * @param analyzerName - Identifier for the analyzerName. * @param ruleName - Identifier for the ruleName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onArchiveRule(analyzerName: string, ruleName: string, account?: string, region?: string, partition?: string): this; /** * Filters actions based on the presence of tag key-value pairs in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateAnalyzer() * - .toGetAnalyzer() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters actions based on tag key-value pairs attached to the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - Analyzer * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters actions based on the presence of tag keys in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateAnalyzer() * - .toGetAnalyzer() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [access-analyzer](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiamaccessanalyzer.html). * */ constructor(props?: iam.PolicyStatementProps); }