import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [bedrock-agentcore](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonbedrockagentcore.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class BedrockAgentcore extends PolicyStatement { servicePrefix: string; /** * Grants permission to configure vended telemetry for a resource * * Access Level: Permissions management * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/ */ toAllowVendedLogDeliveryForResource(): this; /** * Grants permission to evaluate Cedar policies for authorization requests * * Access Level: Permissions management * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html */ toAuthorizeAction(): this; /** * Grants permission to create one or more memory records * * Access Level: Write * * Possible conditions: * - .ifNamespace() * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchCreateMemoryRecords.html */ toBatchCreateMemoryRecords(): this; /** * Grants permission to delete one or more memory records * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchDeleteMemoryRecords.html */ toBatchDeleteMemoryRecords(): this; /** * Grants permission to update one or more memory records * * Access Level: Write * * Possible conditions: * - .ifNamespace() * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchUpdateMemoryRecords.html */ toBatchUpdateMemoryRecords(): this; /** * Grants permission to retrieve access token with OAuth2 for 3LO flow to access external resource * * Access Level: Read * * Possible conditions: * - .ifInboundJwtClaimIss() * - .ifInboundJwtClaimSub() * - .ifInboundJwtClaimAud() * - .ifInboundJwtClaimScope() * - .ifInboundJwtClaimClientId() * - .ifUserid() * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CompleteResourceTokenAuth.html */ toCompleteResourceTokenAuth(): this; /** * Grants permission to connect to a browser automation stream * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ConnectBrowserAutomationStream.html */ toConnectBrowserAutomationStream(): this; /** * Grants permission to connect to a browser live view stream * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ConnectBrowserLiveViewStream.html */ toConnectBrowserLiveViewStream(): this; /** * Grants permission to create an A/B test * * Access Level: Write * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CreateABTest.html */ toCreateABTest(): this; /** * Grants permission to create a new agent runtime * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifSubnets() * - .ifSecurityGroups() * - .ifRuntimeAuthorizerType() * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateAgentRuntime.html */ toCreateAgentRuntime(): this; /** * Grants permission to create a new agent runtime endpoint * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateAgentRuntimeEndpoint.html */ toCreateAgentRuntimeEndpoint(): this; /** * Grants permission to create a new API Key Credential Provider * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateApiKeyCredentialProvider.html */ toCreateApiKeyCredentialProvider(): this; /** * Grants permission to create a new custom browser * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifSubnets() * - .ifSecurityGroups() * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateBrowser.html */ toCreateBrowser(): this; /** * Grants permission to create a new browser profile * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateBrowserProfile.html */ toCreateBrowserProfile(): this; /** * Grants permission to create a new custom code interpreter * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifSubnets() * - .ifSecurityGroups() * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateCodeInterpreter.html */ toCreateCodeInterpreter(): this; /** * Grants permission to create a new configuration bundle * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateConfigurationBundle.html */ toCreateConfigurationBundle(): this; /** * Grants permission to create a new evaluator * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsResourceTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateEvaluator.html */ toCreateEvaluator(): this; /** * Grants permission to create an Event * * Access Level: Write * * Possible conditions: * - .ifSessionId() * - .ifActorId() * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CreateEvent.html */ toCreateEvent(): this; /** * Grants permission to create a new gateway * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGateway.html */ toCreateGateway(): this; /** * Grants permission to create a new rule in an existing gateway * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGatewayRule.html */ toCreateGatewayRule(): this; /** * Grants permission to create a new target in an existing gateway * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGatewayTarget.html */ toCreateGatewayTarget(): this; /** * Grants permission to create a new harness * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - bedrock-agentcore:CreateAgentRuntime * - bedrock-agentcore:GetAgentRuntime * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateHarness.html */ toCreateHarness(): this; /** * Grants permission to create a Memory resource * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifKmsKeyArn() * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateMemory.html */ toCreateMemory(): this; /** * Grants permission to create a new Credential Provider to access external resources with OAuth2 protocol * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateOauth2CredentialProvider.html */ toCreateOauth2CredentialProvider(): this; /** * Grants permission to create a new online evaluation configuration * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsResourceTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateOnlineEvaluationConfig.html */ toCreateOnlineEvaluationConfig(): this; /** * Grants permission to create a new payment connector under a payment manager * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentConnector.html */ toCreatePaymentConnector(): this; /** * Grants permission to create a new Payment Credential Provider * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentCredentialProvider.html */ toCreatePaymentCredentialProvider(): this; /** * Grants permission to create a new payment instrument * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentInstrument.html */ toCreatePaymentInstrument(): this; /** * Grants permission to create a new payment manager * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentManager.html */ toCreatePaymentManager(): this; /** * Grants permission to create a new payment session * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentSession.html */ toCreatePaymentSession(): this; /** * Grants permission to create a new policy within a policy engine * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePolicy.html */ toCreatePolicy(): this; /** * Grants permission to create a new policy engine * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePolicyEngine.html */ toCreatePolicyEngine(): this; /** * Grants permission to create a new registry * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateRegistry.html */ toCreateRegistry(): this; /** * Grants permission to create a new registry record * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateRegistryRecord.html */ toCreateRegistryRecord(): this; /** * Grants permission to create a new Workload Identity * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateWorkloadIdentity.html */ toCreateWorkloadIdentity(): this; /** * Grants permission to delete an A/B test * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteABTest.html */ toDeleteABTest(): this; /** * Grants permission to delete an agent runtime * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteAgentRuntime.html */ toDeleteAgentRuntime(): this; /** * Grants permission to delete an agent runtime endpoint * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteAgentRuntimeEndpoint.html */ toDeleteAgentRuntimeEndpoint(): this; /** * Grants permission to delete a registered API Key Credential Provider * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteApiKeyCredentialProvider.html */ toDeleteApiKeyCredentialProvider(): this; /** * Grants permission to delete a batch evaluation * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteBatchEvaluation.html */ toDeleteBatchEvaluation(): this; /** * Grants permission to delete a custom browser * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteBrowser.html */ toDeleteBrowser(): this; /** * Grants permission to delete a browser profile * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteBrowserProfile.html */ toDeleteBrowserProfile(): this; /** * Grants permission to delete a custom code interpreter * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteCodeInterpreter.html */ toDeleteCodeInterpreter(): this; /** * Grants permission to delete a configuration bundle * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteConfigurationBundle.html */ toDeleteConfigurationBundle(): this; /** * Grants permission to delete an evaluator * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteEvaluator.html */ toDeleteEvaluator(): this; /** * Grants permission to delete an Event * * Access Level: Write * * Possible conditions: * - .ifSessionId() * - .ifActorId() * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteEvent.html */ toDeleteEvent(): this; /** * Grants permission to delete an existing gateway * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGateway.html */ toDeleteGateway(): this; /** * Grants permission to delete an existing gateway rule * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGatewayRule.html */ toDeleteGatewayRule(): this; /** * Grants permission to delete an existing gateway target * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGatewayTarget.html */ toDeleteGatewayTarget(): this; /** * Grants permission to delete a harness * * Access Level: Write * * Dependent actions: * - bedrock-agentcore:DeleteAgentRuntime * - bedrock-agentcore:GetAgentRuntime * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteHarness.html */ toDeleteHarness(): this; /** * Grants permission to delete a Memory resource * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteMemory.html */ toDeleteMemory(): this; /** * Grants permission to delete a Memory Record * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteMemoryRecord.html */ toDeleteMemoryRecord(): this; /** * Grants permission to delete a registered OAuth2 Credential Provider * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteOauth2CredentialProvider.html */ toDeleteOauth2CredentialProvider(): this; /** * Grants permission to delete an online evaluation configuration * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteOnlineEvaluationConfig.html */ toDeleteOnlineEvaluationConfig(): this; /** * Grants permission to delete a payment connector * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentConnector.html */ toDeletePaymentConnector(): this; /** * Grants permission to delete a registered Payment Credential Provider * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentCredentialProvider.html */ toDeletePaymentCredentialProvider(): this; /** * Grants permission to delete a payment instrument * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentInstrument.html */ toDeletePaymentInstrument(): this; /** * Grants permission to delete a payment manager * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentManager.html */ toDeletePaymentManager(): this; /** * Grants permission to delete a payment session * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentSession.html */ toDeletePaymentSession(): this; /** * Grants permission to delete a policy * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePolicy.html */ toDeletePolicy(): this; /** * Grants permission to delete a policy engine * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePolicyEngine.html */ toDeletePolicyEngine(): this; /** * Grants permission to delete a recommendation * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteRecommendation.html */ toDeleteRecommendation(): this; /** * Grants permission to delete an existing registry * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteRegistry.html */ toDeleteRegistry(): this; /** * Grants permission to delete an existing registry record * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteRegistryRecord.html */ toDeleteRegistryRecord(): this; /** * Grants permission to delete the resource-based policy for a Bedrock resource * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteResourcePolicy.html */ toDeleteResourcePolicy(): this; /** * Grants permission to delete a registered Workload Identity * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteWorkloadIdentity.html */ toDeleteWorkloadIdentity(): this; /** * Grants permission to run an evaluation using an evaluator * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_Evaluate.html */ toEvaluate(): this; /** * Grants permission to get details of an A/B test * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetABTest.html */ toGetABTest(): this; /** * Grants permission to retrieve an agent card for A2A * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetAgentCard.html */ toGetAgentCard(): this; /** * Grants permission to get details of an agent runtime * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetAgentRuntime.html */ toGetAgentRuntime(): this; /** * Grants permission to get details of an agent runtime endpoint * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetAgentRuntimeEndpoint.html */ toGetAgentRuntimeEndpoint(): this; /** * Grants permission to fetch a registered API Key Credential Provider by its name * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetApiKeyCredentialProvider.html */ toGetApiKeyCredentialProvider(): this; /** * Grants permission to get details of a batch evaluation * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetBatchEvaluation.html */ toGetBatchEvaluation(): this; /** * Grants permission to get details of a browser * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetBrowser.html */ toGetBrowser(): this; /** * Grants permission to get details of a browser profile * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetBrowserProfile.html */ toGetBrowserProfile(): this; /** * Grants permission to get details of a browser session * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetBrowserSession.html */ toGetBrowserSession(): this; /** * Grants permission to get details of a code interpreter * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetCodeInterpreter.html */ toGetCodeInterpreter(): this; /** * Grants permission to get details of a code interpreter session * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetCodeInterpreterSession.html */ toGetCodeInterpreterSession(): this; /** * Grants permission to get details of a configuration bundle * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetConfigurationBundle.html */ toGetConfigurationBundle(): this; /** * Grants permission to get a specific version of a configuration bundle * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetConfigurationBundleVersion.html */ toGetConfigurationBundleVersion(): this; /** * Grants permission to get details of an evaluator * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetEvaluator.html */ toGetEvaluator(): this; /** * Grants permission to fetch an Event * * Access Level: Read * * Possible conditions: * - .ifSessionId() * - .ifActorId() * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetEvent.html */ toGetEvent(): this; /** * Grants permission to retrieve an existing gateway * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGateway.html */ toGetGateway(): this; /** * Grants permission to retrieve an existing gateway rule * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGatewayRule.html */ toGetGatewayRule(): this; /** * Grants permission to retrieve an existing gateway target * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGatewayTarget.html */ toGetGatewayTarget(): this; /** * Grants permission to get details of a harness * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetHarness.html */ toGetHarness(): this; /** * Grants permission to fetch details for a Memory resource * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetMemory.html */ toGetMemory(): this; /** * Grants permission to fetch a Memory Record * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetMemoryRecord.html */ toGetMemoryRecord(): this; /** * Grants permission to fetch a registered OAuth2 Credential Provider by its name * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetOauth2CredentialProvider.html */ toGetOauth2CredentialProvider(): this; /** * Grants permission to get details of an online evaluation configuration * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetOnlineEvaluationConfig.html */ toGetOnlineEvaluationConfig(): this; /** * Grants permission to retrieve details of a payment connector * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentConnector.html */ toGetPaymentConnector(): this; /** * Grants permission to fetch a registered Payment Credential Provider by its name * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentCredentialProvider.html */ toGetPaymentCredentialProvider(): this; /** * Grants permission to retrieve details of a payment instrument * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentInstrument.html */ toGetPaymentInstrument(): this; /** * Grants permission to retrieve the balance of a payment instrument * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentInstrumentBalance.html */ toGetPaymentInstrumentBalance(): this; /** * Grants permission to retrieve details of a payment manager * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentManager.html */ toGetPaymentManager(): this; /** * Grants permission to retrieve details of a payment session * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentSession.html */ toGetPaymentSession(): this; /** * Grants permission to retrieve a policy * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicy.html */ toGetPolicy(): this; /** * Grants permission to retrieve a policy engine * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyEngine.html */ toGetPolicyEngine(): this; /** * Grants permission to retrieve a summary of a policy engine * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyEngineSummary.html */ toGetPolicyEngineSummary(): this; /** * Grants permission to retrieve status and results of a policy generation request * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyGeneration.html */ toGetPolicyGeneration(): this; /** * Grants permission to retrieve a summary of a policy generation request * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyGenerationSummary.html */ toGetPolicyGenerationSummary(): this; /** * Grants permission to retrieve a summary of a policy * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicySummary.html */ toGetPolicySummary(): this; /** * Grants permission to get details of a recommendation * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetRecommendation.html */ toGetRecommendation(): this; /** * Grants permission to retrieve an existing registry * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetRegistry.html */ toGetRegistry(): this; /** * Grants permission to retrieve an existing registry record * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetRegistryRecord.html */ toGetRegistryRecord(): this; /** * Grants permission to retrieve an API Key associated with an Api Key Credential Provider * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetResourceApiKey.html */ toGetResourceApiKey(): this; /** * Grants permission to retrieve access token with OAuth2 2LO or 3LO flow to access external resource * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetResourceOauth2Token.html */ toGetResourceOauth2Token(): this; /** * Grants permission to retrieve a payment authentication token associated with a Payment Credential Provider * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetResourcePaymentToken.html */ toGetResourcePaymentToken(): this; /** * Grants permission to retrieve the resource-based policy for a Bedrock resource * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetResourcePolicy.html */ toGetResourcePolicy(): this; /** * Grants permission to fetch the current configuration of the TokenVault, including encryption settings * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetTokenVault.html */ toGetTokenVault(): this; /** * Grants permission to retrieve an Workload access token for agentic workloads not acting on behalf of a user * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessToken.html */ toGetWorkloadAccessToken(): this; /** * Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with JWT token * * Access Level: Write * * Possible conditions: * - .ifInboundJwtClaimIss() * - .ifInboundJwtClaimSub() * - .ifInboundJwtClaimAud() * - .ifInboundJwtClaimScope() * - .ifInboundJwtClaimClientId() * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessTokenForJWT.html */ toGetWorkloadAccessTokenForJWT(): this; /** * Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with User Id * * Access Level: Write * * Possible conditions: * - .ifUserid() * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessTokenForUserId.html */ toGetWorkloadAccessTokenForUserId(): this; /** * Grants permission to fetch details for a specific Workload identity, including its name and allowed OAuth2 return URLs * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetWorkloadIdentity.html */ toGetWorkloadIdentity(): this; /** * Grants permission to invoke an agent runtime endpoint * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntime.html */ toInvokeAgentRuntime(): this; /** * Grants permission to invoke commands on an agent runtime endpoint * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeCommand.html */ toInvokeAgentRuntimeCommand(): this; /** * Grants permission to invoke an agent runtime endpoint with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntime.html */ toInvokeAgentRuntimeForUser(): this; /** * Grants permission to invoke an agent runtime endpoint with WebSocket stream * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeWithWebSocketStream.html */ toInvokeAgentRuntimeWithWebSocketStream(): this; /** * Grants permission to invoke an agent runtime endpoint with WebSocket stream and with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeWithWebSocketStream.html */ toInvokeAgentRuntimeWithWebSocketStreamForUser(): this; /** * Grants permission to invoke a code interpreter session * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeCodeInterpreter.html */ toInvokeCodeInterpreter(): this; /** * Grants permission to invoke a gateway * * Access Level: Permissions management * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html */ toInvokeGateway(): this; /** * Grants permission to invoke a harness * * Access Level: Write * * Dependent actions: * - bedrock-agentcore:InvokeAgentRuntime * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeHarness.html */ toInvokeHarness(): this; /** * Grants permission to invoke an MCP operation against an existing registry * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html */ toInvokeRegistryMcp(): this; /** * Grants permission to list A/B tests * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListABTests.html */ toListABTests(): this; /** * Grants permission to list Actors * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListActors.html */ toListActors(): this; /** * Grants permission to list agent runtime endpoints * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimeEndpoints.html */ toListAgentRuntimeEndpoints(): this; /** * Grants permission to list agent runtime versions * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimeVersions.html */ toListAgentRuntimeVersions(): this; /** * Grants permission to list agent runtimes * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimes.html */ toListAgentRuntimes(): this; /** * Grants permission to list all API Key Credential Providers in the Token Vault * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListApiKeyCredentialProviders.html */ toListApiKeyCredentialProviders(): this; /** * Grants permission to list batch evaluations * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListBatchEvaluations.html */ toListBatchEvaluations(): this; /** * Grants permission to list browser profiles * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListBrowserProfiles.html */ toListBrowserProfiles(): this; /** * Grants permission to list browser sessions * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListBrowserSessions.html */ toListBrowserSessions(): this; /** * Grants permission to list browsers * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListBrowsers.html */ toListBrowsers(): this; /** * Grants permission to list code interpreter sessions * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListCodeInterpreterSessions.html */ toListCodeInterpreterSessions(): this; /** * Grants permission to list code interpreters * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListCodeInterpreters.html */ toListCodeInterpreters(): this; /** * Grants permission to list versions of a configuration bundle * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListConfigurationBundleVersions.html */ toListConfigurationBundleVersions(): this; /** * Grants permission to list configuration bundles * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListConfigurationBundles.html */ toListConfigurationBundles(): this; /** * Grants permission to list evaluators * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListEvaluators.html */ toListEvaluators(): this; /** * Grants permission to list events * * Access Level: List * * Possible conditions: * - .ifSessionId() * - .ifActorId() * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListEvents.html */ toListEvents(): this; /** * Grants permission to list existing gateway rules * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGatewayRules.html */ toListGatewayRules(): this; /** * Grants permission to list existing gateway targets * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGatewayTargets.html */ toListGatewayTargets(): this; /** * Grants permission to list existing gateways * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGateways.html */ toListGateways(): this; /** * Grants permission to list harnesses * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListHarnesses.html */ toListHarnesses(): this; /** * Grants permission to list memory resources * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListMemories.html */ toListMemories(): this; /** * Grants permission to list extraction jobs for this memory * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListMemoryExtractionJobs.html */ toListMemoryExtractionJobs(): this; /** * Grants permission to list memory records * * Access Level: List * * Possible conditions: * - .ifNamespace() * - .ifStrategyId() * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListMemoryRecords.html */ toListMemoryRecords(): this; /** * Grants permission to list all OAuth2 Credential Providers in the Token Vault * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListOauth2CredentialProviders.html */ toListOauth2CredentialProviders(): this; /** * Grants permission to list online evaluation configurations * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListOnlineEvaluationConfigs.html */ toListOnlineEvaluationConfigs(): this; /** * Grants permission to list payment connectors under a payment manager * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentConnectors.html */ toListPaymentConnectors(): this; /** * Grants permission to list all Payment Credential Providers in the Token Vault * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentCredentialProviders.html */ toListPaymentCredentialProviders(): this; /** * Grants permission to list payment instruments * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentInstruments.html */ toListPaymentInstruments(): this; /** * Grants permission to list payment managers * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentManagers.html */ toListPaymentManagers(): this; /** * Grants permission to list payment sessions * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentSessions.html */ toListPaymentSessions(): this; /** * Grants permission to list policies within a policy engine * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicies.html */ toListPolicies(): this; /** * Grants permission to list policy engine summaries * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngineSummaries.html */ toListPolicyEngineSummaries(): this; /** * Grants permission to list policy engines * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngines.html */ toListPolicyEngines(): this; /** * Grants permission to list generated policy assets from a generation request * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationAssets.html */ toListPolicyGenerationAssets(): this; /** * Grants permission to list policy generation summaries * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationSummaries.html */ toListPolicyGenerationSummaries(): this; /** * Grants permission to list policy generation requests * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerations.html */ toListPolicyGenerations(): this; /** * Grants permission to list policy summaries within a policy engine * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicySummaries.html */ toListPolicySummaries(): this; /** * Grants permission to list recommendations * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListRecommendations.html */ toListRecommendations(): this; /** * Grants permission to list existing registries * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListRegistries.html */ toListRegistries(): this; /** * Grants permission to list existing registry records in a registry * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListRegistryRecords.html */ toListRegistryRecords(): this; /** * Grants permission to list sessions * * Access Level: List * * Possible conditions: * - .ifActorId() * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListSessions.html */ toListSessions(): this; /** * Grants permission to list tags for a Bedrock-AgentCore resource * * Access Level: List * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to list all Workload Identities in the caller's AWS account * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListWorkloadIdentities.html */ toListWorkloadIdentities(): this; /** * Grants permission to create or modify wildcard policies that apply to gateway resources * * Access Level: Permissions management * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html */ toManageAdminPolicy(): this; /** * Grants permission to create or modify policies that apply to specific gateway resources * * Access Level: Permissions management * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html */ toManageResourceScopedPolicy(): this; /** * Grants permission to perform partial evaluation of Cedar policies to authorize a caller to list tools they are allowed to call * * Access Level: Permissions management * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html */ toPartiallyAuthorizeActions(): this; /** * Grants permission to process a payment transaction * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ProcessPayment.html */ toProcessPayment(): this; /** * Grants permission to create or update the resource-based policy for a Bedrock resource * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_PutResourcePolicy.html */ toPutResourcePolicy(): this; /** * Grants permission to retrieve memory records through sematic query * * Access Level: List * * Possible conditions: * - .ifNamespace() * - .ifStrategyId() * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_RetrieveMemoryRecords.html */ toRetrieveMemoryRecords(): this; /** * Grants permission to save a browser session profile * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_SaveBrowserSessionProfile.html */ toSaveBrowserSessionProfile(): this; /** * Grants permission to search for registry records * * Access Level: Read * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_SearchRegistryRecords.html */ toSearchRegistryRecords(): this; /** * Grants permission to associate a Customer Managed Key (CMK) or a Service Managed Key with a specific TokenVault * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_SetTokenVaultCMK.html */ toSetTokenVaultCMK(): this; /** * Grants permission to start a batch evaluation * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartBatchEvaluation.html */ toStartBatchEvaluation(): this; /** * Grants permission to start a new browser session * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartBrowserSession.html */ toStartBrowserSession(): this; /** * Grants permission to start a new code interpreter session * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartCodeInterpreterSession.html */ toStartCodeInterpreterSession(): this; /** * Grants permission to start memory extraction job * * Access Level: Write * * Possible conditions: * - .ifStrategyId() * - .ifSessionId() * - .ifActorId() * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartMemoryExtractionJob.html */ toStartMemoryExtractionJob(): this; /** * Grants permission to start an AI-powered policy generation request * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_StartPolicyGeneration.html */ toStartPolicyGeneration(): this; /** * Grants permission to start a recommendation * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartRecommendation.html */ toStartRecommendation(): this; /** * Grants permission to stop a batch evaluation * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopBatchEvaluation.html */ toStopBatchEvaluation(): this; /** * Grants permission to stop a browser session * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopBrowserSession.html */ toStopBrowserSession(): this; /** * Grants permission to stop a code interpreter session * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopCodeInterpreterSession.html */ toStopCodeInterpreterSession(): this; /** * Grants permission to stop a runtime session * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopRuntimeSession.html */ toStopRuntimeSession(): this; /** * Grants permission to submit a registry record for approval * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_SubmitRegistryRecordForApproval.html */ toSubmitRegistryRecordForApproval(): this; /** * Grants permission to enable search on gateways * * Access Level: Permissions management * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html */ toSynchronizeGatewayTargets(): this; /** * Grants permission to Tag a Bedrock-AgentCore resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to Untag a Bedrock-AgentCore resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update an A/B test * * Access Level: Write * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_UpdateABTest.html */ toUpdateABTest(): this; /** * Grants permission to update an agent runtime * * Access Level: Write * * Possible conditions: * - .ifSubnets() * - .ifSecurityGroups() * - .ifRuntimeAuthorizerType() * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateAgentRuntime.html */ toUpdateAgentRuntime(): this; /** * Grants permission to update an agent runtime endpoint * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateAgentRuntimeEndpoint.html */ toUpdateAgentRuntimeEndpoint(): this; /** * Grants permission to update an existing API Key Credential Provider * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateApiKeyCredentialProvider.html */ toUpdateApiKeyCredentialProvider(): this; /** * Grants permission to update the status of browser session stream * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_UpdateBrowserStream.html */ toUpdateBrowserStream(): this; /** * Grants permission to update a configuration bundle * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateConfigurationBundle.html */ toUpdateConfigurationBundle(): this; /** * Grants permission to update an evaluator * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateEvaluator.html */ toUpdateEvaluator(): this; /** * Grants permission to update an existing gateway * * Access Level: Write * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateGateway.html */ toUpdateGateway(): this; /** * Grants permission to update an existing gateway rule * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateGatewayRule.html */ toUpdateGatewayRule(): this; /** * Grants permission to update an existing gateway target * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateGatewayTarget.html */ toUpdateGatewayTarget(): this; /** * Grants permission to update a harness * * Access Level: Write * * Dependent actions: * - bedrock-agentcore:GetAgentRuntime * - bedrock-agentcore:UpdateAgentRuntime * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateHarness.html */ toUpdateHarness(): this; /** * Grants permission to update a Memory resource * * Access Level: Write * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateMemory.html */ toUpdateMemory(): this; /** * Grants permission to update an existing OAuth2 Credential Provider * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateOauth2CredentialProvider.html */ toUpdateOauth2CredentialProvider(): this; /** * Grants permission to update an online evaluation configuration * * Access Level: Write * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateOnlineEvaluationConfig.html */ toUpdateOnlineEvaluationConfig(): this; /** * Grants permission to update an existing payment connector * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePaymentConnector.html */ toUpdatePaymentConnector(): this; /** * Grants permission to update an existing Payment Credential Provider * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePaymentCredentialProvider.html */ toUpdatePaymentCredentialProvider(): this; /** * Grants permission to update an existing payment manager * * Access Level: Write * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePaymentManager.html */ toUpdatePaymentManager(): this; /** * Grants permission to update an existing policy * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePolicy.html */ toUpdatePolicy(): this; /** * Grants permission to update a policy engine * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePolicyEngine.html */ toUpdatePolicyEngine(): this; /** * Grants permission to update an existing registry * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateRegistry.html */ toUpdateRegistry(): this; /** * Grants permission to update an existing registry record * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateRegistryRecord.html */ toUpdateRegistryRecord(): this; /** * Grants permission to update the status of a registry record * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateRegistryRecordStatus.html */ toUpdateRegistryRecordStatus(): this; /** * Grants permission to update the metadata of an existing Workload Identity * * Access Level: Write * * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateWorkloadIdentity.html */ toUpdateWorkloadIdentity(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type evaluator to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/evaluator.html * * @param evaluatorId - Identifier for the evaluatorId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onEvaluator(evaluatorId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type online-evaluation-config to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/onlineEvaluationConfig.html * * @param onlineEvaluationConfigId - Identifier for the onlineEvaluationConfigId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onOnlineEvaluationConfig(onlineEvaluationConfigId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type memory to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/memory.html * * @param memoryId - Identifier for the memoryId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onMemory(memoryId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type gateway to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/gateway.html * * @param gatewayId - Identifier for the gatewayId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onGateway(gatewayId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type workload-identity to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/workloadIdentity.html * * @param directoryId - Identifier for the directoryId. * @param workloadIdentityName - Identifier for the workloadIdentityName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onWorkloadIdentity(directoryId: string, workloadIdentityName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type oauth2credentialprovider to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/oauth2credentialprovider.html * * @param tokenVaultId - Identifier for the tokenVaultId. * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onOauth2credentialprovider(tokenVaultId: string, name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type apikeycredentialprovider to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/apikeycredentialprovider.html * * @param tokenVaultId - Identifier for the tokenVaultId. * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onApikeycredentialprovider(tokenVaultId: string, name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type runtime to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/runtime.html * * @param runtimeId - Identifier for the runtimeId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onRuntime(runtimeId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type runtime-endpoint to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/runtimeEndpoint.html * * @param runtimeId - Identifier for the runtimeId. * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onRuntimeEndpoint(runtimeId: string, name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type code-interpreter-custom to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/codeInterpreter.html * * @param codeInterpreterId - Identifier for the codeInterpreterId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCodeInterpreterCustom(codeInterpreterId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type code-interpreter to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/codeInterpreter.html * * @param codeInterpreterId - Identifier for the codeInterpreterId. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onCodeInterpreter(codeInterpreterId: string, region?: string, partition?: string): this; /** * Adds a resource of type browser-custom to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/browser.html * * @param browserId - Identifier for the browserId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onBrowserCustom(browserId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type browser to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/browser.html * * @param browserId - Identifier for the browserId. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onBrowser(browserId: string, region?: string, partition?: string): this; /** * Adds a resource of type browser-profile to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/browserProfile.html * * @param browserProfileId - Identifier for the browserProfileId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onBrowserProfile(browserProfileId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type workload-identity-directory to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/workloadIdentityDirectory.html * * @param directoryId - Identifier for the directoryId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onWorkloadIdentityDirectory(directoryId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type token-vault to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/tokenVault.html * * @param tokenVaultId - Identifier for the tokenVaultId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onTokenVault(tokenVaultId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type policy-engine to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/policyEngine.html * * @param policyEngineId - Identifier for the policyEngineId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onPolicyEngine(policyEngineId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type policy to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/policy.html * * @param policyEngineId - Identifier for the policyEngineId. * @param policyId - Identifier for the policyId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onPolicy(policyEngineId: string, policyId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type policy-generation to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/policyGeneration.html * * @param policyEngineId - Identifier for the policyEngineId. * @param policyGenerationId - Identifier for the policyGenerationId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onPolicyGeneration(policyEngineId: string, policyGenerationId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type registry to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/registry.html * * @param registryId - Identifier for the registryId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onRegistry(registryId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type registry-record to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/registryRecord.html * * @param registryId - Identifier for the registryId. * @param recordId - Identifier for the recordId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onRegistryRecord(registryId: string, recordId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type harness to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/harness.html * * @param harnessId - Identifier for the harnessId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onHarness(harnessId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type batch-evaluate to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/batchEvaluation.html * * @param batchEvaluationId - Identifier for the batchEvaluationId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onBatchEvaluate(batchEvaluationId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type ab-test to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/abTest.html * * @param aBTestId - Identifier for the aBTestId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onAbTest(aBTestId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type recommendation to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/recommendation.html * * @param recommendationId - Identifier for the recommendationId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onRecommendation(recommendationId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type configuration-bundle to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/configurationBundle.html * * @param configurationBundleId - Identifier for the configurationBundleId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onConfigurationBundle(configurationBundleId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type payment-manager to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/paymentManager.html * * @param paymentManagerId - Identifier for the paymentManagerId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onPaymentManager(paymentManagerId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type paymentcredentialprovider to the statement * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/paymentcredentialprovider.html * * @param tokenVaultId - Identifier for the tokenVaultId. * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onPaymentcredentialprovider(tokenVaultId: string, name: string, account?: string, region?: string, partition?: string): this; /** * Filters access by creating requests based on the allowed set of values for each of the mandatory tags * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-globally-available * * Applies to actions: * - .toCreateAgentRuntime() * - .toCreateAgentRuntimeEndpoint() * - .toCreateApiKeyCredentialProvider() * - .toCreateBrowser() * - .toCreateBrowserProfile() * - .toCreateCodeInterpreter() * - .toCreateEvaluator() * - .toCreateGateway() * - .toCreateHarness() * - .toCreateMemory() * - .toCreateOauth2CredentialProvider() * - .toCreateOnlineEvaluationConfig() * - .toCreatePaymentCredentialProvider() * - .toCreatePaymentManager() * - .toCreatePolicyEngine() * - .toCreateWorkloadIdentity() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by having actions based on the tag value associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-globally-available * * Applies to actions: * - .toCreateEvaluator() * - .toCreateOnlineEvaluationConfig() * * Applies to resource types: * - evaluator * - online-evaluation-config * - memory * - gateway * - workload-identity * - oauth2credentialprovider * - apikeycredentialprovider * - runtime * - runtime-endpoint * - code-interpreter-custom * - browser-custom * - browser-profile * - workload-identity-directory * - token-vault * - policy-engine * - harness * - payment-manager * - paymentcredentialprovider * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by creating requests based on the presence of mandatory tags in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-globally-available * * Applies to actions: * - .toCreateAgentRuntime() * - .toCreateAgentRuntimeEndpoint() * - .toCreateApiKeyCredentialProvider() * - .toCreateBrowser() * - .toCreateBrowserProfile() * - .toCreateCodeInterpreter() * - .toCreateEvaluator() * - .toCreateGateway() * - .toCreateHarness() * - .toCreateMemory() * - .toCreateOauth2CredentialProvider() * - .toCreateOnlineEvaluationConfig() * - .toCreatePaymentCredentialProvider() * - .toCreatePaymentManager() * - .toCreatePolicyEngine() * - .toCreateWorkloadIdentity() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by the authorizerType attribute on a Gateway * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-gatewayAuthorizerType * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifGatewayAuthorizerType(value: string | string[], operator?: Operator | string): this; /** * Filters access by the audience claim (aud) in the JWT passed in the request * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-aud * * Applies to actions: * - .toCompleteResourceTokenAuth() * - .toGetWorkloadAccessTokenForJWT() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifInboundJwtClaimAud(value: string | string[], operator?: Operator | string): this; /** * Filters access by the client_id claim in the JWT passed in the request * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-client_id * * Applies to actions: * - .toCompleteResourceTokenAuth() * - .toGetWorkloadAccessTokenForJWT() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifInboundJwtClaimClientId(value: string | string[], operator?: Operator | string): this; /** * Filters access by the issuer (iss) claim present in the JWT passed in the request * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-iss * * Applies to actions: * - .toCompleteResourceTokenAuth() * - .toGetWorkloadAccessTokenForJWT() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifInboundJwtClaimIss(value: string | string[], operator?: Operator | string): this; /** * Filters access by the scope claim in the JWT passed in the request * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-scope * * Applies to actions: * - .toCompleteResourceTokenAuth() * - .toGetWorkloadAccessTokenForJWT() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifInboundJwtClaimScope(value: string | string[], operator?: Operator | string): this; /** * Filters access by the subject claim (sub) in the JWT passed in the request * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-sub * * Applies to actions: * - .toCompleteResourceTokenAuth() * - .toGetWorkloadAccessTokenForJWT() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifInboundJwtClaimSub(value: string | string[], operator?: Operator | string): this; /** * Filters access by KMS Key arn provided * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-kmsKeyArn * * Applies to actions: * - .toCreateMemory() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifKmsKeyArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by the authorizer type configured for the AgentCore runtime * * https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-authorizer-type-condition-key.html * * Applies to actions: * - .toCreateAgentRuntime() * - .toUpdateAgentRuntime() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifRuntimeAuthorizerType(value: string | string[], operator?: Operator | string): this; /** * Filters access by Actor Id * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-actorId * * Applies to actions: * - .toCreateEvent() * - .toDeleteEvent() * - .toGetEvent() * - .toListEvents() * - .toListSessions() * - .toStartMemoryExtractionJob() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifActorId(value: string | string[], operator?: Operator | string): this; /** * Filters access by namespace * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-namespace * * Applies to actions: * - .toBatchCreateMemoryRecords() * - .toBatchUpdateMemoryRecords() * - .toListMemoryRecords() * - .toRetrieveMemoryRecords() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifNamespace(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ID of security groups configured for the AgentCore runtime * * https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/security-vpc-condition.html * * Applies to actions: * - .toCreateAgentRuntime() * - .toCreateBrowser() * - .toCreateCodeInterpreter() * - .toUpdateAgentRuntime() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifSecurityGroups(value: string | string[], operator?: Operator | string): this; /** * Filters access by Session Id * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-sessionId * * Applies to actions: * - .toCreateEvent() * - .toDeleteEvent() * - .toGetEvent() * - .toListEvents() * - .toStartMemoryExtractionJob() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifSessionId(value: string | string[], operator?: Operator | string): this; /** * Filters access by Memory Strategy Id * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-strategyId * * Applies to actions: * - .toListMemoryRecords() * - .toRetrieveMemoryRecords() * - .toStartMemoryExtractionJob() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifStrategyId(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ID of subnets configured for the AgentCore runtime * * https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/security-vpc-condition.html * * Applies to actions: * - .toCreateAgentRuntime() * - .toCreateBrowser() * - .toCreateCodeInterpreter() * - .toUpdateAgentRuntime() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifSubnets(value: string | string[], operator?: Operator | string): this; /** * Filters access by the static user ID value passed in the request * * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-userid * * Applies to actions: * - .toCompleteResourceTokenAuth() * - .toGetWorkloadAccessTokenForUserId() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifUserid(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [bedrock-agentcore](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonbedrockagentcore.html). * */ constructor(props?: iam.PolicyStatementProps); }