import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [cognito-identity](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncognitoidentity.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class CognitoIdentity extends PolicyStatement { servicePrefix: string; /** * Grants permission to create a new identity pool * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_CreateIdentityPool.html */ toCreateIdentityPool(): this; /** * Grants permission to delete identities from an identity pool. You can specify a list of 1-60 identities that you want to delete * * Access Level: Write * * Possible conditions: * - .ifIdentityPoolArn() * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_DeleteIdentities.html */ toDeleteIdentities(): this; /** * Grants permission to delete a user pool. Once a pool is deleted, users will not be able to authenticate with the pool * * Access Level: Write * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_DeleteIdentityPool.html */ toDeleteIdentityPool(): this; /** * Grants permission to return metadata related to the given identity, including when the identity was created and any associated linked logins * * Access Level: Read * * Possible conditions: * - .ifIdentityPoolArn() * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_DescribeIdentity.html */ toDescribeIdentity(): this; /** * Grants permission to get details about a particular identity pool, including the pool name, ID description, creation date, and current number of users * * Access Level: Read * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_DescribeIdentityPool.html */ toDescribeIdentityPool(): this; /** * Grants permission to return credentials for the provided identity ID * * Access Level: Read * * Possible conditions: * - .ifCognitoIdentityUnauthIdentityPoolArn() * - .ifCognitoIdentityUnauthAccountId() * - .ifCognitoIdentityAuthIdentityPoolArn() * - .ifCognitoIdentityAuthAccountId() * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetCredentialsForIdentity.html */ toGetCredentialsForIdentity(): this; /** * Grants permission to generate (or retrieve) a Cognito ID. Supplying multiple logins will create an implicit linked account * * Access Level: Write * * Possible conditions: * - .ifCognitoIdentityUnauthIdentityPoolArn() * - .ifCognitoIdentityUnauthAccountId() * - .ifCognitoIdentityAuthIdentityPoolArn() * - .ifCognitoIdentityAuthAccountId() * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetId.html */ toGetId(): this; /** * Grants permission to get analytics data about the total current identity count for all identity pool identity provider (IdPs) * * Access Level: Read * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetIdentityPoolAnalytics.html */ toGetIdentityPoolAnalytics(): this; /** * Grants permission to get analytics data about the number of new identities and total identities for all identity pool identity providers (IdPs) * * Access Level: Read * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetIdentityPoolDailyAnalytics.html */ toGetIdentityPoolDailyAnalytics(): this; /** * Grants permission to get the roles for an identity pool * * Access Level: Read * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetIdentityPoolRoles.html */ toGetIdentityPoolRoles(): this; /** * Grants permission to get analytics data about the number of new identities and total identities for one identity pool identity provider (IdPs) * * Access Level: Read * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetIdentityProviderDailyAnalytics.html */ toGetIdentityProviderDailyAnalytics(): this; /** * Grants permission to get an OpenID token, using a known Cognito ID * * Access Level: Read * * Possible conditions: * - .ifCognitoIdentityUnauthIdentityPoolArn() * - .ifCognitoIdentityUnauthAccountId() * - .ifCognitoIdentityAuthIdentityPoolArn() * - .ifCognitoIdentityAuthAccountId() * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetOpenIdToken.html */ toGetOpenIdToken(): this; /** * Grants permission to register (or retrieve) a Cognito IdentityId and an OpenID Connect token for a user authenticated by your backend authentication process * * Access Level: Read * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetOpenIdTokenForDeveloperIdentity.html */ toGetOpenIdTokenForDeveloperIdentity(): this; /** * Grants permission to get the principal tags for an identity pool and provider * * Access Level: Read * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetPrincipalTagAttributeMap.html */ toGetPrincipalTagAttributeMap(): this; /** * Grants permission to list the identities in an identity pool * * Access Level: List * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_ListIdentities.html */ toListIdentities(): this; /** * Grants permission to list all of the Cognito identity pools registered for your account * * Access Level: List * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_ListIdentityPools.html */ toListIdentityPools(): this; /** * Grants permission to list the tags that are assigned to an Amazon Cognito identity pool * * Access Level: Read * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to retrieve the IdentityId associated with a DeveloperUserIdentifier or the list of DeveloperUserIdentifiers associated with an IdentityId for an existing identity * * Access Level: Read * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_LookupDeveloperIdentity.html */ toLookupDeveloperIdentity(): this; /** * Grants permission to merge two users having different IdentityIds, existing in the same identity pool, and identified by the same developer provider * * Access Level: Write * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_MergeDeveloperIdentities.html */ toMergeDeveloperIdentities(): this; /** * Grants permission to set the roles for an identity pool. These roles are used when making calls to GetCredentialsForIdentity action * * Access Level: Write * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_SetIdentityPoolRoles.html */ toSetIdentityPoolRoles(): this; /** * Grants permission to set the principal tags for an identity pool and provider. These tags are used when making calls to GetOpenIdToken action * * Access Level: Write * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_SetPrincipalTagAttributeMap.html */ toSetPrincipalTagAttributeMap(): this; /** * Grants permission to assign a set of tags to an Amazon Cognito identity pool * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to unlink a DeveloperUserIdentifier from an existing identity * * Access Level: Write * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_UnlinkDeveloperIdentity.html */ toUnlinkDeveloperIdentity(): this; /** * Grants permission to unlink a federated identity from an existing account * * Access Level: Write * * Possible conditions: * - .ifCognitoIdentityAuthIdentityPoolArn() * - .ifCognitoIdentityAuthAccountId() * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_UnlinkIdentity.html */ toUnlinkIdentity(): this; /** * Grants permission to remove the specified tags from an Amazon Cognito identity pool * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update an identity pool * * Access Level: Write * * https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_UpdateIdentityPool.html */ toUpdateIdentityPool(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type identitypool to the statement * * https://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html * * @param identityPoolId - Identifier for the identityPoolId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onIdentitypool(identityPoolId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by tag key-value pairs in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateIdentityPool() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by tag key-value pairs attached to the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - identitypool * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by a key that is present in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateIdentityPool() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by the owning AWS account ID for identity pool authenticated users. Applies to unauthenticated (public) API operations * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-auth-account-id * * Applies to actions: * - .toGetCredentialsForIdentity() * - .toGetId() * - .toGetOpenIdToken() * - .toUnlinkIdentity() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifCognitoIdentityAuthAccountId(value: string | string[], operator?: Operator | string): this; /** * Filters access by the identity pool ID for a given authenticated-user identity ID. Applies to unauthenticated (public) API operations * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-auth-identity-pool-arn * * Applies to actions: * - .toGetCredentialsForIdentity() * - .toGetId() * - .toGetOpenIdToken() * - .toUnlinkIdentity() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifCognitoIdentityAuthIdentityPoolArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by the owning AWS account ID of an identity pool for identity pool guest users. Applies to unauthenticated (public) API operations * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-unauth-account-id * * Applies to actions: * - .toGetCredentialsForIdentity() * - .toGetId() * - .toGetOpenIdToken() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifCognitoIdentityUnauthAccountId(value: string | string[], operator?: Operator | string): this; /** * Filters access by the identity pool ID for a given guest-user identity ID. Applies to unauthenticated (public) API operations * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-unauth-identity-pool-arn * * Applies to actions: * - .toGetCredentialsForIdentity() * - .toGetId() * - .toGetOpenIdToken() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifCognitoIdentityUnauthIdentityPoolArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by the identity pool ID for a given identity ID for DeleteIdentities and DescribeIdentity * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-identity-pool-arn * * Applies to actions: * - .toDeleteIdentities() * - .toDescribeIdentity() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifIdentityPoolArn(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [cognito-identity](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncognitoidentity.html). * */ constructor(props?: iam.PolicyStatementProps); }