import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [elasticfilesystem](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticfilesystem.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Elasticfilesystem extends PolicyStatement { servicePrefix: string; /** * Grants permission to start a backup job for an existing file system * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/efs-backup-solutions.html */ toBackup(): this; /** * Grants permission to allow an NFS client read-access to a file system * * Access Level: Read * * Possible conditions: * - .ifAccessPointArn() * - .ifAccessedViaMountTarget() * * https://docs.aws.amazon.com/efs/latest/ug/efs-client-authorization.html */ toClientMount(): this; /** * Grants permission to allow an NFS client root-access to a file system * * Access Level: Write * * Possible conditions: * - .ifAccessPointArn() * - .ifAccessedViaMountTarget() * * https://docs.aws.amazon.com/efs/latest/ug/efs-client-authorization.html */ toClientRootAccess(): this; /** * Grants permission to allow an NFS client write-access to a file system * * Access Level: Write * * Possible conditions: * - .ifAccessPointArn() * - .ifAccessedViaMountTarget() * * https://docs.aws.amazon.com/efs/latest/ug/efs-client-authorization.html */ toClientWrite(): this; /** * Grants permission to create an access point for the specified file system * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * Dependent actions: * - elasticfilesystem:TagResource * * https://docs.aws.amazon.com/efs/latest/ug/API_CreateAccessPoint.html */ toCreateAccessPoint(): this; /** * Grants permission to create a new, empty file system * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifEncrypted() * * Dependent actions: * - elasticfilesystem:TagResource * * https://docs.aws.amazon.com/efs/latest/ug/API_CreateFileSystem.html */ toCreateFileSystem(): this; /** * Grants permission to create a mount target for a file system * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/API_CreateMountTarget.html */ toCreateMountTarget(): this; /** * Grants permission to create a new replication configuration * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/API_CreateReplicationConfiguration.html */ toCreateReplicationConfiguration(): this; /** * Grants permission to create or overwrite tags associated with a file system; deprecated, see TagResource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/efs/latest/ug/API_CreateTags.html */ toCreateTags(): this; /** * Grants permission to delete the specified access point * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/API_DeleteAccessPoint.html */ toDeleteAccessPoint(): this; /** * Grants permission to delete a file system, permanently severing access to its contents * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/API_DeleteFileSystem.html */ toDeleteFileSystem(): this; /** * Grants permission to delete the resource-level policy for a file system * * Access Level: Permissions management * * https://docs.aws.amazon.com/efs/latest/ug/API_DeleteFileSystemPolicy.html */ toDeleteFileSystemPolicy(): this; /** * Grants permission to delete the specified mount target * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/API_DeleteMountTarget.html */ toDeleteMountTarget(): this; /** * Grants permission to delete a replication configuration * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/API_DeleteReplicationConfiguration.html */ toDeleteReplicationConfiguration(): this; /** * Grants permission to delete the specified tags from a file system; deprecated, see UntagResource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/efs/latest/ug/API_DeleteTags.html */ toDeleteTags(): this; /** * Grants permission to view the descriptions of Amazon EFS access points * * Access Level: List * * https://docs.aws.amazon.com/efs/latest/ug/API_DescribeAccessPoints.html */ toDescribeAccessPoints(): this; /** * Grants permission to view the account preferences in effect for an account * * Access Level: List * * https://docs.aws.amazon.com/efs/latest/ug/API_DescribeAccountPreferences.html */ toDescribeAccountPreferences(): this; /** * Grants permission to view the BackupPolicy object for an Amazon EFS file system * * Access Level: Read * * https://docs.aws.amazon.com/efs/latest/ug/API_DescribeBackupPolicy.html */ toDescribeBackupPolicy(): this; /** * Grants permission to view the resource-level policy for an Amazon EFS file system * * Access Level: Read * * https://docs.aws.amazon.com/efs/latest/ug/API_DescribeFileSystemPolicy.html */ toDescribeFileSystemPolicy(): this; /** * Grants permission to view the description of an Amazon EFS file system specified by file system CreationToken or FileSystemId; or to view the description of all file systems owned by the caller's AWS account in the AWS region of the endpoint that is being called * * Access Level: List * * https://docs.aws.amazon.com/efs/latest/ug/API_DescribeFileSystems.html */ toDescribeFileSystems(): this; /** * Grants permission to view the LifecycleConfiguration object for an Amazon EFS file system * * Access Level: Read * * https://docs.aws.amazon.com/efs/latest/ug/API_DescribeLifecycleConfiguration.html */ toDescribeLifecycleConfiguration(): this; /** * Grants permission to view the security groups in effect for a mount target * * Access Level: Read * * https://docs.aws.amazon.com/efs/latest/ug/API_DescribeMountTargetSecurityGroups.html */ toDescribeMountTargetSecurityGroups(): this; /** * Grants permission to view the descriptions of all mount targets, or a specific mount target, for a file system * * Access Level: Read * * https://docs.aws.amazon.com/efs/latest/ug/API_DescribeMountTargets.html */ toDescribeMountTargets(): this; /** * Grants permission to view the description of an Amazon EFS replication configuration specified by FileSystemId; or to view the description of all replication configurations owned by the caller's AWS account in the AWS region of the endpoint that is being called * * Access Level: List * * https://docs.aws.amazon.com/efs/latest/ug/API_DescribeReplicationConfigurations.html */ toDescribeReplicationConfigurations(): this; /** * Grants permission to view the tags associated with a file system * * Access Level: Read * * https://docs.aws.amazon.com/efs/latest/ug/API_DescribeTags.html */ toDescribeTags(): this; /** * Grants permission to view the tags associated with the specified Amazon EFS resource * * Access Level: Read * * https://docs.aws.amazon.com/efs/latest/ug/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to modify the set of security groups in effect for a mount target * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/API_ModifyMountTargetSecurityGroups.html */ toModifyMountTargetSecurityGroups(): this; /** * Grants permission to set the account preferences of an account * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/API_PutAccountPreferences.html */ toPutAccountPreferences(): this; /** * Grants permission to enable or disable automatic backups with AWS Backup by creating a new BackupPolicy object * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/API_PutBackupPolicy.html */ toPutBackupPolicy(): this; /** * Grants permission to apply a resource-level policy that defines the actions allowed or denied from given actors for the specified file system * * Access Level: Permissions management * * https://docs.aws.amazon.com/efs/latest/ug/API_PutFileSystemPolicy.html */ toPutFileSystemPolicy(): this; /** * Grants permission to enable lifecycle management by creating a new LifecycleConfiguration object * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/API_PutLifecycleConfiguration.html */ toPutLifecycleConfiguration(): this; /** * Grants permission to read file system data for replication * * Access Level: Read * * https://docs.aws.amazon.com/efs/latest/ug/efs-replication.html */ toReplicationRead(): this; /** * Grants permission to replicate data to a file system * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/efs-replication.html */ toReplicationWrite(): this; /** * Grants permission to start a restore job for a backup of a file system * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/efs-backup-solutions.html */ toRestore(): this; /** * Grants permission to create or overwrite tags associated with the specified Amazon EFS resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifCreateAction() * * https://docs.aws.amazon.com/efs/latest/ug/API_TagResource.html */ toTagResource(): this; /** * Grants permission to delete the specified tags from an Amazon EFS resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/efs/latest/ug/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update the throughput mode or the amount of provisioned throughput of an existing file system * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/API_UpdateFileSystem.html */ toUpdateFileSystem(): this; /** * Grants permission to update the file system protection of an existing file system * * Access Level: Write * * https://docs.aws.amazon.com/efs/latest/ug/API_UpdateFileSystemProtection.html */ toUpdateFileSystemProtection(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type file-system to the statement * * https://docs.aws.amazon.com/efs/latest/ug/creating-using-create-fs.html * * @param fileSystemId - Identifier for the fileSystemId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFileSystem(fileSystemId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type access-point to the statement * * https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html * * @param accessPointId - Identifier for the accessPointId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAccessPoint(accessPointId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by a tag key and value pair that is allowed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateAccessPoint() * - .toCreateFileSystem() * - .toCreateTags() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by a tag key and value pair of a resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - file-system * - access-point * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by a list of tag keys that are allowed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateAccessPoint() * - .toCreateFileSystem() * - .toCreateTags() * - .toDeleteTags() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ARN of the access point used to mount the file system * * https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html * * Applies to actions: * - .toClientMount() * - .toClientRootAccess() * - .toClientWrite() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifAccessPointArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by whether the file system is accessed via mount targets * * https://docs.aws.amazon.com/efs/latest/ug/mounting-fs.html * * Applies to actions: * - .toClientMount() * - .toClientRootAccess() * - .toClientWrite() * * @param value `true` or `false`. **Default:** `true` */ ifAccessedViaMountTarget(value?: boolean): this; /** * Filters access by the name of a resource-creating API action * * https://docs.aws.amazon.com/efs/latest/ug/using-tags-efs.html * * Applies to actions: * - .toTagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifCreateAction(value: string | string[], operator?: Operator | string): this; /** * Filters access by whether users can create only encrypted or unencrypted file systems * * https://docs.aws.amazon.com/efs/latest/ug/encryption.html * * Applies to actions: * - .toCreateFileSystem() * * @param value `true` or `false`. **Default:** `true` */ ifEncrypted(value?: boolean): this; /** * Statement provider for service [elasticfilesystem](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticfilesystem.html). * */ constructor(props?: iam.PolicyStatementProps); }