import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [s3-outposts](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3onoutposts.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class S3Outposts extends PolicyStatement { servicePrefix: string; /** * Grants permission to abort a multipart upload * * Access Level: Write * * Possible conditions: * - .ifDataAccessPointArn() * - .ifDataAccessPointAccount() * - .ifAccessPointNetworkOrigin() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html */ toAbortMultipartUpload(): this; /** * Grants permission to create a new access point * * Access Level: Write * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPoint.html */ toCreateAccessPoint(): this; /** * Grants permission to create a new bucket * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html */ toCreateBucket(): this; /** * Grants permission to create a new endpoint * * Access Level: Write * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_CreateEndpoint.html */ toCreateEndpoint(): this; /** * Grants permission to delete the access point named in the URI * * Access Level: Write * * Possible conditions: * - .ifDataAccessPointArn() * - .ifDataAccessPointAccount() * - .ifAccessPointNetworkOrigin() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPoint.html */ toDeleteAccessPoint(): this; /** * Grants permission to delete the policy on a specified access point * * Access Level: Permissions management * * Possible conditions: * - .ifDataAccessPointArn() * - .ifDataAccessPointAccount() * - .ifAccessPointNetworkOrigin() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointPolicy.html */ toDeleteAccessPointPolicy(): this; /** * Grants permission to delete the bucket named in the URI * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucket.html */ toDeleteBucket(): this; /** * Grants permission to delete the policy on a specified bucket * * Access Level: Permissions management * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketPolicy.html */ toDeleteBucketPolicy(): this; /** * Grants permission to delete the endpoint named in the URI * * Access Level: Write * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_DeleteEndpoint.html */ toDeleteEndpoint(): this; /** * Grants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the object * * Access Level: Write * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html */ toDeleteObject(): this; /** * Grants permission to use the tagging subresource to remove the entire tag set from the specified object * * Access Level: Tagging * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifExistingObjectTag() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html */ toDeleteObjectTagging(): this; /** * Grants permission to remove a specific version of an object * * Access Level: Write * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifVersionid() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html */ toDeleteObjectVersion(): this; /** * Grants permission to remove the entire tag set for a specific version of the object * * Access Level: Tagging * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifExistingObjectTag() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifVersionid() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html */ toDeleteObjectVersionTagging(): this; /** * Grants permission to return configuration information about the specified access point * * Access Level: Read * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPoint.html */ toGetAccessPoint(): this; /** * Grants permission to returns the access point policy associated with the specified access point * * Access Level: Read * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointPolicy.html */ toGetAccessPointPolicy(): this; /** * Grants permission to return the bucket configuration associated with an Amazon S3 bucket * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucket.html */ toGetBucket(): this; /** * Grants permission to return the policy of the specified bucket * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html */ toGetBucketPolicy(): this; /** * Grants permission to return the tag set associated with an Amazon S3 bucket * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketTagging.html */ toGetBucketTagging(): this; /** * Grants permission to return the versioning state of an Amazon S3 bucket * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html */ toGetBucketVersioning(): this; /** * Grants permission to return the lifecycle configuration information set on an Amazon S3 bucket * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketLifecycleConfiguration.html */ toGetLifecycleConfiguration(): this; /** * Grants permission to retrieve objects from Amazon S3 * * Access Level: Read * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifExistingObjectTag() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html */ toGetObject(): this; /** * Grants permission to return the tag set of an object * * Access Level: Read * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifExistingObjectTag() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html */ toGetObjectTagging(): this; /** * Grants permission to retrieve a specific version of an object * * Access Level: Read * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifExistingObjectTag() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifVersionid() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html */ toGetObjectVersion(): this; /** * Grants permission to replicate both unencrypted objects and objects encrypted with SSE-KMS * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html */ toGetObjectVersionForReplication(): this; /** * Grants permission to return the tag set for a specific version of the object * * Access Level: Read * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifExistingObjectTag() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifVersionid() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html */ toGetObjectVersionTagging(): this; /** * Grants permission to get the replication configuration information set on an Amazon S3 bucket * * Access Level: Read * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketReplication.html */ toGetReplicationConfiguration(): this; /** * Grants permission to list access points * * Access Level: List * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListAccessPoints.html */ toListAccessPoints(): this; /** * Grants permission to list some or all of the objects in an Amazon S3 bucket (up to 1000) * * Access Level: List * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifAuthType() * - .ifDelimiter() * - .ifMaxKeys() * - .ifPrefix() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html */ toListBucket(): this; /** * Grants permission to list in-progress multipart uploads * * Access Level: List * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html */ toListBucketMultipartUploads(): this; /** * Grants permission to list metadata about all the versions of objects in an Amazon S3 bucket * * Access Level: List * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifAuthType() * - .ifDelimiter() * - .ifMaxKeys() * - .ifPrefix() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectVersions.html */ toListBucketVersions(): this; /** * Grants permission to list endpoints * * Access Level: List * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_ListEndpoints.html */ toListEndpoints(): this; /** * Grants permission to list the parts that have been uploaded for a specific multipart upload * * Access Level: List * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html */ toListMultipartUploadParts(): this; /** * Grants permission to list outposts with S3 capacity * * Access Level: List * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_ListOutpostsWithS3.html */ toListOutpostsWithS3(): this; /** * Grants permission to list all buckets owned by the authenticated sender of the request * * Access Level: List * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListRegionalBuckets.html */ toListRegionalBuckets(): this; /** * Grants permission to list shared endpoints * * Access Level: List * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_ListSharedEndpoints.html */ toListSharedEndpoints(): this; /** * Grants permission to associate an access policy with a specified access point * * Access Level: Permissions management * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutAccessPointPolicy.html */ toPutAccessPointPolicy(): this; /** * Grants permission to add or replace a bucket policy on a bucket * * Access Level: Permissions management * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html */ toPutBucketPolicy(): this; /** * Grants permission to add a set of tags to an existing Amazon S3 bucket * * Access Level: Tagging * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketTagging.html */ toPutBucketTagging(): this; /** * Grants permission to set the versioning state of an existing Amazon S3 bucket * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html */ toPutBucketVersioning(): this; /** * Grants permission to create a new lifecycle configuration for the bucket or replace an existing lifecycle configuration * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketLifecycleConfiguration.html */ toPutLifecycleConfiguration(): this; /** * Grants permission to add an object to a bucket * * Access Level: Write * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifRequestObjectTag() * - .ifRequestObjectTagKeys() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzAcl() * - .ifXAmzContentSha256() * - .ifXAmzCopySource() * - .ifXAmzMetadataDirective() * - .ifXAmzServerSideEncryption() * - .ifXAmzStorageClass() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html */ toPutObject(): this; /** * Grants permission to set the access control list (ACL) permissions for an object that already exists in a bucket * * Access Level: Permissions management * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifExistingObjectTag() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzAcl() * - .ifXAmzContentSha256() * - .ifXAmzStorageClass() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectAcl.html */ toPutObjectAcl(): this; /** * Grants permission to set the supplied tag-set to an object that already exists in a bucket * * Access Level: Tagging * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifExistingObjectTag() * - .ifRequestObjectTag() * - .ifRequestObjectTagKeys() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html */ toPutObjectTagging(): this; /** * Grants permission to set the supplied tag-set for a specific version of an object * * Access Level: Tagging * * Possible conditions: * - .ifDataAccessPointAccount() * - .ifDataAccessPointArn() * - .ifAccessPointNetworkOrigin() * - .ifExistingObjectTag() * - .ifRequestObjectTag() * - .ifRequestObjectTagKeys() * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifVersionid() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html */ toPutObjectVersionTagging(): this; /** * Grants permission to create a new replication configuration or replace an existing one * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketReplication.html */ toPutReplicationConfiguration(): this; /** * Grants permission to replicate delete markers to the destination bucket * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html */ toReplicateDelete(): this; /** * Grants permission to replicate objects and object tags to the destination bucket * * Access Level: Write * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * - .ifXAmzServerSideEncryption() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html */ toReplicateObject(): this; /** * Grants permission to replicate object tags to the destination bucket * * Access Level: Tagging * * Possible conditions: * - .ifAuthType() * - .ifSignatureAge() * - .ifSignatureversion() * - .ifXAmzContentSha256() * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html */ toReplicateTags(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type accesspoint to the statement * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html * * @param outpostId - Identifier for the outpostId. * @param accessPointName - Identifier for the accessPointName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onAccesspoint(outpostId: string, accessPointName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type bucket to the statement * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingBucket.html * * @param outpostId - Identifier for the outpostId. * @param bucketName - Identifier for the bucketName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onBucket(outpostId: string, bucketName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type endpoint to the statement * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/outposts-endpoints.html * * @param outpostId - Identifier for the outpostId. * @param endpointId - Identifier for the endpointId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onEndpoint(outpostId: string, endpointId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type object to the statement * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingObjects.html * * @param outpostId - Identifier for the outpostId. * @param bucketName - Identifier for the bucketName. * @param objectName - Identifier for the objectName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onObject(outpostId: string, bucketName: string, objectName: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the network origin (Internet or VPC) * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-access-points.html#access-points-policies * * Applies to actions: * - .toAbortMultipartUpload() * - .toCreateAccessPoint() * - .toDeleteAccessPoint() * - .toDeleteAccessPointPolicy() * - .toDeleteObject() * - .toDeleteObjectTagging() * - .toDeleteObjectVersion() * - .toDeleteObjectVersionTagging() * - .toGetAccessPoint() * - .toGetAccessPointPolicy() * - .toGetObject() * - .toGetObjectTagging() * - .toGetObjectVersion() * - .toGetObjectVersionTagging() * - .toListBucket() * - .toListBucketMultipartUploads() * - .toListBucketVersions() * - .toListMultipartUploadParts() * - .toPutAccessPointPolicy() * - .toPutObject() * - .toPutObjectAcl() * - .toPutObjectTagging() * - .toPutObjectVersionTagging() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAccessPointNetworkOrigin(value: string | string[], operator?: Operator | string): this; /** * Filters access by the AWS Account ID that owns the access point * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-access-points.html#access-points-policies * * Applies to actions: * - .toAbortMultipartUpload() * - .toCreateAccessPoint() * - .toDeleteAccessPoint() * - .toDeleteAccessPointPolicy() * - .toDeleteObject() * - .toDeleteObjectTagging() * - .toDeleteObjectVersion() * - .toDeleteObjectVersionTagging() * - .toGetAccessPoint() * - .toGetAccessPointPolicy() * - .toGetObject() * - .toGetObjectTagging() * - .toGetObjectVersion() * - .toGetObjectVersionTagging() * - .toListBucket() * - .toListBucketMultipartUploads() * - .toListBucketVersions() * - .toListMultipartUploadParts() * - .toPutAccessPointPolicy() * - .toPutObject() * - .toPutObjectAcl() * - .toPutObjectTagging() * - .toPutObjectVersionTagging() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifDataAccessPointAccount(value: string | string[], operator?: Operator | string): this; /** * Filters access by an access point Amazon Resource Name (ARN) * * Applies to actions: * - .toAbortMultipartUpload() * - .toCreateAccessPoint() * - .toDeleteAccessPoint() * - .toDeleteAccessPointPolicy() * - .toDeleteObject() * - .toDeleteObjectTagging() * - .toDeleteObjectVersion() * - .toDeleteObjectVersionTagging() * - .toGetAccessPoint() * - .toGetAccessPointPolicy() * - .toGetObject() * - .toGetObjectTagging() * - .toGetObjectVersion() * - .toGetObjectVersionTagging() * - .toListBucket() * - .toListBucketMultipartUploads() * - .toListBucketVersions() * - .toListMultipartUploadParts() * - .toPutAccessPointPolicy() * - .toPutObject() * - .toPutObjectAcl() * - .toPutObjectTagging() * - .toPutObjectVersionTagging() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifDataAccessPointArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by requiring that an existing object tag has a specific tag key and value * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html#tagging-and-policies * * Applies to actions: * - .toDeleteObjectTagging() * - .toDeleteObjectVersionTagging() * - .toGetObject() * - .toGetObjectTagging() * - .toGetObjectVersion() * - .toGetObjectVersionTagging() * - .toPutObjectAcl() * - .toPutObjectTagging() * - .toPutObjectVersionTagging() * * @param key The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifExistingObjectTag(key: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by restricting the tag keys and values allowed on objects * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html#tagging-and-policies * * Applies to actions: * - .toPutObject() * - .toPutObjectTagging() * - .toPutObjectVersionTagging() * * @param key The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifRequestObjectTag(key: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by restricting the tag keys allowed on objects * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html#tagging-and-policies * * Applies to actions: * - .toPutObject() * - .toPutObjectTagging() * - .toPutObjectVersionTagging() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifRequestObjectTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by restricting incoming requests to a specific authentication method * * https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html * * Applies to actions: * - .toAbortMultipartUpload() * - .toCreateAccessPoint() * - .toCreateBucket() * - .toDeleteAccessPoint() * - .toDeleteAccessPointPolicy() * - .toDeleteBucket() * - .toDeleteBucketPolicy() * - .toDeleteObject() * - .toDeleteObjectTagging() * - .toDeleteObjectVersion() * - .toDeleteObjectVersionTagging() * - .toGetAccessPoint() * - .toGetAccessPointPolicy() * - .toGetBucket() * - .toGetBucketPolicy() * - .toGetBucketTagging() * - .toGetBucketVersioning() * - .toGetLifecycleConfiguration() * - .toGetObject() * - .toGetObjectTagging() * - .toGetObjectVersion() * - .toGetObjectVersionForReplication() * - .toGetObjectVersionTagging() * - .toGetReplicationConfiguration() * - .toListAccessPoints() * - .toListBucket() * - .toListBucketMultipartUploads() * - .toListBucketVersions() * - .toListMultipartUploadParts() * - .toListRegionalBuckets() * - .toPutAccessPointPolicy() * - .toPutBucketPolicy() * - .toPutBucketTagging() * - .toPutBucketVersioning() * - .toPutLifecycleConfiguration() * - .toPutObject() * - .toPutObjectAcl() * - .toPutObjectTagging() * - .toPutObjectVersionTagging() * - .toPutReplicationConfiguration() * - .toReplicateDelete() * - .toReplicateObject() * - .toReplicateTags() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAuthType(value: string | string[], operator?: Operator | string): this; /** * Filters access by requiring the delimiter parameter * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/walkthrough1.html * * Applies to actions: * - .toListBucket() * - .toListBucketVersions() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifDelimiter(value: string | string[], operator?: Operator | string): this; /** * Filters access by limiting the maximum number of keys returned in a ListBucket request * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#example-numeric-condition-operators * * Applies to actions: * - .toListBucket() * - .toListBucketVersions() * * @param value The value(s) to check * @param operator Works with [numeric operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_Numeric). **Default:** `NumericEquals` */ ifMaxKeys(value: number | number[], operator?: Operator | string): this; /** * Filters access by key name prefix * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#condition-key-bucket-ops-2 * * Applies to actions: * - .toListBucket() * - .toListBucketVersions() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifPrefix(value: string | string[], operator?: Operator | string): this; /** * Filters access by identifying the length of time, in milliseconds, that a signature is valid in an authenticated request * * https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html * * Applies to actions: * - .toAbortMultipartUpload() * - .toCreateAccessPoint() * - .toCreateBucket() * - .toDeleteAccessPoint() * - .toDeleteAccessPointPolicy() * - .toDeleteBucket() * - .toDeleteBucketPolicy() * - .toDeleteObject() * - .toDeleteObjectTagging() * - .toDeleteObjectVersion() * - .toDeleteObjectVersionTagging() * - .toGetAccessPoint() * - .toGetAccessPointPolicy() * - .toGetBucket() * - .toGetBucketPolicy() * - .toGetBucketTagging() * - .toGetBucketVersioning() * - .toGetLifecycleConfiguration() * - .toGetObject() * - .toGetObjectTagging() * - .toGetObjectVersion() * - .toGetObjectVersionForReplication() * - .toGetObjectVersionTagging() * - .toGetReplicationConfiguration() * - .toListAccessPoints() * - .toListBucket() * - .toListBucketMultipartUploads() * - .toListBucketVersions() * - .toListMultipartUploadParts() * - .toListRegionalBuckets() * - .toPutAccessPointPolicy() * - .toPutBucketPolicy() * - .toPutBucketTagging() * - .toPutBucketVersioning() * - .toPutLifecycleConfiguration() * - .toPutObject() * - .toPutObjectAcl() * - .toPutObjectTagging() * - .toPutObjectVersionTagging() * - .toPutReplicationConfiguration() * - .toReplicateDelete() * - .toReplicateObject() * - .toReplicateTags() * * @param value The value(s) to check * @param operator Works with [numeric operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_Numeric). **Default:** `NumericEquals` */ ifSignatureAge(value: number | number[], operator?: Operator | string): this; /** * Filters access by identifying the version of AWS Signature that is supported for authenticated requests * * https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html * * Applies to actions: * - .toAbortMultipartUpload() * - .toCreateAccessPoint() * - .toCreateBucket() * - .toDeleteAccessPoint() * - .toDeleteAccessPointPolicy() * - .toDeleteBucket() * - .toDeleteBucketPolicy() * - .toDeleteObject() * - .toDeleteObjectTagging() * - .toDeleteObjectVersion() * - .toDeleteObjectVersionTagging() * - .toGetAccessPoint() * - .toGetAccessPointPolicy() * - .toGetBucket() * - .toGetBucketPolicy() * - .toGetBucketTagging() * - .toGetBucketVersioning() * - .toGetLifecycleConfiguration() * - .toGetObject() * - .toGetObjectTagging() * - .toGetObjectVersion() * - .toGetObjectVersionForReplication() * - .toGetObjectVersionTagging() * - .toGetReplicationConfiguration() * - .toListAccessPoints() * - .toListBucket() * - .toListBucketMultipartUploads() * - .toListBucketVersions() * - .toListMultipartUploadParts() * - .toListRegionalBuckets() * - .toPutAccessPointPolicy() * - .toPutBucketPolicy() * - .toPutBucketTagging() * - .toPutBucketVersioning() * - .toPutLifecycleConfiguration() * - .toPutObject() * - .toPutObjectAcl() * - .toPutObjectTagging() * - .toPutObjectVersionTagging() * - .toPutReplicationConfiguration() * - .toReplicateDelete() * - .toReplicateObject() * - .toReplicateTags() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifSignatureversion(value: string | string[], operator?: Operator | string): this; /** * Filters access by a specific object version * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#getobjectversion-limit-access-to-specific-version-3 * * Applies to actions: * - .toDeleteObjectVersion() * - .toDeleteObjectVersionTagging() * - .toGetObjectVersion() * - .toGetObjectVersionTagging() * - .toPutObjectVersionTagging() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifVersionid(value: string | string[], operator?: Operator | string): this; /** * Filters access by requiring the x-amz-acl header with a specific canned ACL in a request * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#permissions * * Applies to actions: * - .toPutObject() * - .toPutObjectAcl() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifXAmzAcl(value: string | string[], operator?: Operator | string): this; /** * Filters access by disallowing unsigned content in your bucket * * https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html * * Applies to actions: * - .toAbortMultipartUpload() * - .toCreateAccessPoint() * - .toCreateBucket() * - .toDeleteAccessPoint() * - .toDeleteAccessPointPolicy() * - .toDeleteBucket() * - .toDeleteBucketPolicy() * - .toDeleteObject() * - .toDeleteObjectTagging() * - .toDeleteObjectVersion() * - .toDeleteObjectVersionTagging() * - .toGetAccessPoint() * - .toGetAccessPointPolicy() * - .toGetBucket() * - .toGetBucketPolicy() * - .toGetBucketTagging() * - .toGetBucketVersioning() * - .toGetLifecycleConfiguration() * - .toGetObject() * - .toGetObjectTagging() * - .toGetObjectVersion() * - .toGetObjectVersionForReplication() * - .toGetObjectVersionTagging() * - .toGetReplicationConfiguration() * - .toListAccessPoints() * - .toListBucket() * - .toListBucketMultipartUploads() * - .toListBucketVersions() * - .toListMultipartUploadParts() * - .toListRegionalBuckets() * - .toPutAccessPointPolicy() * - .toPutBucketPolicy() * - .toPutBucketTagging() * - .toPutBucketVersioning() * - .toPutLifecycleConfiguration() * - .toPutObject() * - .toPutObjectAcl() * - .toPutObjectTagging() * - .toPutObjectVersionTagging() * - .toPutReplicationConfiguration() * - .toReplicateDelete() * - .toReplicateObject() * - .toReplicateTags() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifXAmzContentSha256(value: string | string[], operator?: Operator | string): this; /** * Filters access by restricting the copy source to a specific bucket, prefix, or object * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#putobject-limit-copy-source-3 * * Applies to actions: * - .toPutObject() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifXAmzCopySource(value: string | string[], operator?: Operator | string): this; /** * Filters access by enabling enforcement of object metadata behavior (COPY or REPLACE) when objects are copied * * https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html * * Applies to actions: * - .toPutObject() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifXAmzMetadataDirective(value: string | string[], operator?: Operator | string): this; /** * Filters access by requiring server-side encryption * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html * * Applies to actions: * - .toPutObject() * - .toReplicateObject() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifXAmzServerSideEncryption(value: string | string[], operator?: Operator | string): this; /** * Filters access by storage class * * https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html#sc-howtoset * * Applies to actions: * - .toPutObject() * - .toPutObjectAcl() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifXAmzStorageClass(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [s3-outposts](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3onoutposts.html). * */ constructor(props?: iam.PolicyStatementProps); }