import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [sso-directory](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiamidentitycenterdirectory.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class SsoDirectory extends PolicyStatement { servicePrefix: string; /** * Grants permission to add a member to a group in the directory that AWS IAM Identity Center provides by default * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroupMembership.html */ toAddMemberToGroup(): this; /** * Grants permission to complete the creation process of a virtual MFA device * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toCompleteVirtualMfaDeviceRegistration(): this; /** * Grants permission to complete the registration process of a WebAuthn device * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toCompleteWebAuthnDeviceRegistration(): this; /** * Grants permission to create an alias for the directory that AWS IAM Identity Center provides by default * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toCreateAlias(): this; /** * Grants permission to create a bearer token for a given provisioning tenant * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toCreateBearerToken(): this; /** * Grants permission to create an External Identity Provider configuration for the directory * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toCreateExternalIdPConfigurationForDirectory(): this; /** * Grants permission to create a group in the directory that AWS IAM Identity Center provides by default * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroup.html */ toCreateGroup(): this; /** * Grants permission to create a provisioning tenant for a given directory * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toCreateProvisioningTenant(): this; /** * Grants permission to create a user in the directory that AWS IAM Identity Center provides by default * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.html */ toCreateUser(): this; /** * Grants permission to delete a bearer token * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toDeleteBearerToken(): this; /** * Grants permission to delete the given external IdP certificate * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toDeleteExternalIdPCertificate(): this; /** * Grants permission to delete an External Identity Provider configuration associated with the directory * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toDeleteExternalIdPConfigurationForDirectory(): this; /** * Grants permission to delete a group from the directory that AWS IAM Identity Center provides by default * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroup.html */ toDeleteGroup(): this; /** * Grants permission to delete a MFA device by device name for a given user * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toDeleteMfaDeviceForUser(): this; /** * Grants permission to delete the provisioning tenant * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toDeleteProvisioningTenant(): this; /** * Grants permission to delete a user from the directory that AWS IAM Identity Center provides by default * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteUser.html */ toDeleteUser(): this; /** * Grants permission to retrieve information about the directory that AWS IAM Identity Center provides by default * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toDescribeDirectory(): this; /** * Grants permission to query the group data, not including user and group members * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.html */ toDescribeGroup(): this; /** * Grants permission to retrieve information about groups from the directory that AWS IAM Identity Center provides by default * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.html */ toDescribeGroups(): this; /** * Grants permission to describes the provisioning tenant * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toDescribeProvisioningTenant(): this; /** * Grants permission to retrieve information about a user from the directory that AWS IAM Identity Center provides by default * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeUser.html */ toDescribeUser(): this; /** * Grants permission to describe user with a valid unique attribute represented for the user * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toDescribeUserByUniqueAttribute(): this; /** * Grants permission to retrieve information about user from the directory that AWS IAM Identity Center provides by default * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeUser.html */ toDescribeUsers(): this; /** * Grants permission to disable authentication of end users with an External Identity Provider * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toDisableExternalIdPConfigurationForDirectory(): this; /** * Grants permission to deactivate a user in the directory that AWS IAM Identity Center provides by default * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toDisableUser(): this; /** * Grants permission to enable authentication of end users with an External Identity Provider * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toEnableExternalIdPConfigurationForDirectory(): this; /** * Grants permission to activate user in the directory that AWS IAM Identity Center provides by default * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toEnableUser(): this; /** * Grants permission to retrieve the AWS IAM Identity Center Service Provider configurations for the directory * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toGetAWSSPConfigurationForDirectory(): this; /** * Grants permission to retrieve ID information about group from the directory that AWS IAM Identity Center provides by default * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetGroupId.html */ toGetGroupId(): this; /** * Grants permission to retrieve ID information about user from the directory that AWS IAM Identity Center provides by default * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetUserId.html */ toGetUserId(): this; /** * (Deprecated) Grants permission to get UserPool Info * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toGetUserPoolInfo(): this; /** * Grants permission to import the IdP certificate used for verifying external IdP responses * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toImportExternalIdPCertificate(): this; /** * Grants permission to check if a member is a part of the group in the directory that AWS IAM Identity Center provides by default * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_IsMemberInGroups.html */ toIsMemberInGroup(): this; /** * Grants permission to check if a member is a part of multiple groups in the directory that AWS IAM Identity Center provides by default * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_IsMemberInGroups.html */ toIsMemberInGroups(): this; /** * Grants permission to list bearer tokens for a given provisioning tenant * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toListBearerTokens(): this; /** * Grants permission to list the external IdP certificates of a given directory and IdP * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toListExternalIdPCertificates(): this; /** * Grants permission to list all the External Identity Provider configurations created for the directory * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toListExternalIdPConfigurationsForDirectory(): this; /** * Grants permission to list groups from the directory that AWS IAM Identity Center provides by default * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroups.html */ toListGroups(): this; /** * Grants permission to list groups of the target member * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMembershipsForMember.html */ toListGroupsForMember(): this; /** * Grants permission to list groups for a user from the directory that AWS IAM Identity Center provides by default * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMembershipsForMember.html */ toListGroupsForUser(): this; /** * Grants permission to retrieve all members that are part of a group in the directory that AWS IAM Identity Center provides by default * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.html */ toListMembersInGroup(): this; /** * Grants permission to list all active MFA devices and their MFA device metadata for a user * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toListMfaDevicesForUser(): this; /** * Grants permission to list provisioning tenants for a given directory * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toListProvisioningTenants(): this; /** * Grants permission to list users from the directory that AWS IAM Identity Center provides by default * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListUsers.html */ toListUsers(): this; /** * Grants permission to remove a member that is part of a group in the directory that AWS IAM Identity Center provides by default * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroupMembership.html */ toRemoveMemberFromGroup(): this; /** * Grants permission to search for groups within the associated directory * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toSearchGroups(): this; /** * Grants permission to search for users within the associated directory * * Access Level: Read * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toSearchUsers(): this; /** * Grants permission to begin the creation process of virtual mfa device * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toStartVirtualMfaDeviceRegistration(): this; /** * Grants permission to begin the registration process of a WebAuthn device * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toStartWebAuthnDeviceRegistration(): this; /** * Grants permission to update an External Identity Provider configuration associated with the directory * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toUpdateExternalIdPConfigurationForDirectory(): this; /** * Grants permission to update information about a group in the directory that AWS IAM Identity Center provides by default * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_UpdateGroup.html */ toUpdateGroup(): this; /** * Grants permission to update group display name update group display name response * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toUpdateGroupDisplayName(): this; /** * Grants permission to update MFA device information * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toUpdateMfaDeviceForUser(): this; /** * Grants permission to update a password by sending password reset link via email or generating one time password for a user in the directory that AWS IAM Identity Center provides by default * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toUpdatePassword(): this; /** * Grants permission to update user information in the directory that AWS IAM Identity Center provides by default * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_UpdateUser.html */ toUpdateUser(): this; /** * Grants permission to update user name update user name response * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toUpdateUserName(): this; /** * Grants permission to verify an email address of an User * * Access Level: Write * * https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample */ toVerifyEmail(): this; protected accessLevelList: AccessLevelList; /** * Statement provider for service [sso-directory](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiamidentitycenterdirectory.html). * */ constructor(props?: iam.PolicyStatementProps); }