import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [iot](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Iot extends PolicyStatement { servicePrefix: string; /** * Grants permission to accept a pending certificate transfer * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_AcceptCertificateTransfer.html */ toAcceptCertificateTransfer(): this; /** * Grants permission to add a thing to the specified billing group * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_AddThingToBillingGroup.html */ toAddThingToBillingGroup(): this; /** * Grants permission to add a thing to the specified thing group * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_AddThingToThingGroup.html */ toAddThingToThingGroup(): this; /** * Grants permission to associate SBOM files to a package version * * Access Level: Write * * Dependent actions: * - iot:GetIndexingConfiguration * * https://docs.aws.amazon.com/iot/latest/apireference/API_AssociateSbomWithPackageVersion.html */ toAssociateSbomWithPackageVersion(): this; /** * Grants permission to associate a group with a continuous job * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_AssociateTargetsWithJob.html */ toAssociateTargetsWithJob(): this; /** * Grants permission to attach a policy to the specified target * * Access Level: Permissions management * * https://docs.aws.amazon.com/iot/latest/apireference/API_AttachPolicy.html */ toAttachPolicy(): this; /** * Grants permission to attach the specified policy to the specified principal (certificate or other credential) * * Access Level: Permissions management * * https://docs.aws.amazon.com/iot/latest/apireference/API_AttachPrincipalPolicy.html */ toAttachPrincipalPolicy(): this; /** * Grants permission to associate a Device Defender security profile with a thing group or with this account * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_AttachSecurityProfile.html */ toAttachSecurityProfile(): this; /** * Grants permission to attach the specified principal to the specified thing * * Access Level: Write * * Possible conditions: * - .ifThingArn() * * https://docs.aws.amazon.com/iot/latest/apireference/API_AttachThingPrincipal.html */ toAttachThingPrincipal(): this; /** * Grants permission to cancel a mitigation action task that is in progress * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_CancelAuditMitigationActionsTask.html */ toCancelAuditMitigationActionsTask(): this; /** * Grants permission to cancel an audit that is in progress. The audit can be either scheduled or on-demand * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_CancelAuditTask.html */ toCancelAuditTask(): this; /** * Grants permission to cancel a pending transfer for the specified certificate * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_CancelCertificateTransfer.html */ toCancelCertificateTransfer(): this; /** * Grants permission to cancel a Device Defender ML Detect mitigation action * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_CancelDetectMitigationActionsTask.html */ toCancelDetectMitigationActionsTask(): this; /** * Grants permission to cancel a job * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_CancelJob.html */ toCancelJob(): this; /** * Grants permission to cancel a job execution on a particular device * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_CancelJobExecution.html */ toCancelJobExecution(): this; /** * Grants permission to clear the default authorizer * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_ClearDefaultAuthorizer.html */ toClearDefaultAuthorizer(): this; /** * Grants permission to close a tunnel * * Access Level: Write * * Possible conditions: * - .ifDelete() * * https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_CloseTunnel.html */ toCloseTunnel(): this; /** * Grants permission to confirm a http url TopicRuleDestinationDestination * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_ConfirmTopicRuleDestination.html */ toConfirmTopicRuleDestination(): this; /** * Grants permission to connect as the specified client * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toConnect(): this; /** * Grants permission to create a Device Defender audit suppression * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateAuditSuppression.html */ toCreateAuditSuppression(): this; /** * Grants permission to create an authorizer * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateAuthorizer.html */ toCreateAuthorizer(): this; /** * Grants permission to create a billing group * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateBillingGroup.html */ toCreateBillingGroup(): this; /** * Grants permission to create an X.509 certificate using the specified certificate signing request * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCertificateFromCsr.html */ toCreateCertificateFromCsr(): this; /** * Grants permission to create a certificate provider * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCertificateProvider.html */ toCreateCertificateProvider(): this; /** * Grants permission to create a command that can be used to start new executions against a device * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCommand.html */ toCreateCommand(): this; /** * Grants permission to create a custom metric for device side metric reporting and monitoring * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCustomMetric.html */ toCreateCustomMetric(): this; /** * Grants permission to define a dimension that can be used to to limit the scope of a metric used in a security profile * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateDimension.html */ toCreateDimension(): this; /** * Grants permission to create a domain configuration * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifDomainName() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateDomainConfiguration.html */ toCreateDomainConfiguration(): this; /** * Grants permission to create a Dynamic Thing Group * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateDynamicThingGroup.html */ toCreateDynamicThingGroup(): this; /** * Grants permission to create a fleet metric * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateFleetMetric.html */ toCreateFleetMetric(): this; /** * Grants permission to create a job * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateJob.html */ toCreateJob(): this; /** * Grants permission to create a job template * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateJobTemplate.html */ toCreateJobTemplate(): this; /** * Grants permission to create a 2048 bit RSA key pair and issues an X.509 certificate using the issued public key * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateKeysAndCertificate.html */ toCreateKeysAndCertificate(): this; /** * Grants permission to define an action that can be applied to audit findings by using StartAuditMitigationActionsTask * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateMitigationAction.html */ toCreateMitigationAction(): this; /** * Grants permission to create an OTA update job * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateOTAUpdate.html */ toCreateOTAUpdate(): this; /** * Grants permission to create a software package that you can deploy to your devices * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iot:GetIndexingConfiguration * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePackage.html */ toCreatePackage(): this; /** * Grants permission to create a version under the specified package * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iot:GetIndexingConfiguration * - s3:GetObjectVersion * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePackageVersion.html */ toCreatePackageVersion(): this; /** * Grants permission to create an AWS IoT policy * * Access Level: Permissions management * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePolicy.html */ toCreatePolicy(): this; /** * Grants permission to create a new version of the specified AWS IoT policy * * Access Level: Permissions management * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePolicyVersion.html */ toCreatePolicyVersion(): this; /** * Grants permission to create a provisioning claim * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateProvisioningClaim.html */ toCreateProvisioningClaim(): this; /** * Grants permission to create a fleet provisioning template * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateProvisioningTemplate.html */ toCreateProvisioningTemplate(): this; /** * Grants permission to create a new version of a fleet provisioning template * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateProvisioningTemplateVersion.html */ toCreateProvisioningTemplateVersion(): this; /** * Grants permission to create a role alias * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateRoleAlias.html */ toCreateRoleAlias(): this; /** * Grants permission to create a scheduled audit that is run at a specified time interval * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateScheduledAudit.html */ toCreateScheduledAudit(): this; /** * Grants permission to create a Device Defender security profile * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateSecurityProfile.html */ toCreateSecurityProfile(): this; /** * Grants permission to create a new AWS IoT stream * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateStream.html */ toCreateStream(): this; /** * Grants permission to create a thing in the thing registry * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateThing.html */ toCreateThing(): this; /** * Grants permission to create a thing group * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateThingGroup.html */ toCreateThingGroup(): this; /** * Grants permission to create a new thing type * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateThingType.html */ toCreateThingType(): this; /** * Grants permission to create a rule * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateTopicRule.html */ toCreateTopicRule(): this; /** * Grants permission to create a TopicRuleDestination * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_CreateTopicRuleDestination.html */ toCreateTopicRuleDestination(): this; /** * Grants permission to delete the audit configuration associated with the account * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteAccountAuditConfiguration.html */ toDeleteAccountAuditConfiguration(): this; /** * Grants permission to delete a Device Defender audit suppression * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteAuditSuppression.html */ toDeleteAuditSuppression(): this; /** * Grants permission to delete the specified authorizer * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteAuthorizer.html */ toDeleteAuthorizer(): this; /** * Grants permission to delete the specified billing group * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteBillingGroup.html */ toDeleteBillingGroup(): this; /** * Grants permission to delete a registered CA certificate * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCACertificate.html */ toDeleteCACertificate(): this; /** * Grants permission to delete the specified certificate * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCertificate.html */ toDeleteCertificate(): this; /** * Grants permission to delete a certificate provider * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCertificateProvider.html */ toDeleteCertificateProvider(): this; /** * Grants permission to delete a command * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCommand.html */ toDeleteCommand(): this; /** * Grants permission to delete a command execution * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCommandExecution.html */ toDeleteCommandExecution(): this; /** * Grants permission to disconnect the specified connection * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toDeleteConnection(): this; /** * Grants permission to deletes the specified custom metric from your AWS account * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCustomMetric.html */ toDeleteCustomMetric(): this; /** * Grants permission to remove the specified dimension from your AWS account * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteDimension.html */ toDeleteDimension(): this; /** * Grants permission to delete a domain configuration * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteDomainConfiguration.html */ toDeleteDomainConfiguration(): this; /** * Grants permission to delete the specified Dynamic Thing Group * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteDynamicThingGroup.html */ toDeleteDynamicThingGroup(): this; /** * Grants permission to delete the specified fleet metric * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteFleetMetric.html */ toDeleteFleetMetric(): this; /** * Grants permission to delete a job and its related job executions * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteJob.html */ toDeleteJob(): this; /** * Grants permission to delete a job execution * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteJobExecution.html */ toDeleteJobExecution(): this; /** * Grants permission to delete a job template * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteJobTemplate.html */ toDeleteJobTemplate(): this; /** * Grants permission to delete a defined mitigation action from your AWS account * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteMitigationAction.html */ toDeleteMitigationAction(): this; /** * Grants permission to delete an OTA update job * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteOTAUpdate.html */ toDeleteOTAUpdate(): this; /** * Grants permission to delete a package * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeletePackage.html */ toDeletePackage(): this; /** * Grants permission to delete a version of the specified package * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeletePackageVersion.html */ toDeletePackageVersion(): this; /** * Grants permission to delete the specified policy * * Access Level: Permissions management * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeletePolicy.html */ toDeletePolicy(): this; /** * Grants permission to Delete the specified version of the specified policy * * Access Level: Permissions management * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeletePolicyVersion.html */ toDeletePolicyVersion(): this; /** * Grants permission to delete a fleet provisioning template * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteProvisioningTemplate.html */ toDeleteProvisioningTemplate(): this; /** * Grants permission to delete a fleet provisioning template version * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteProvisioningTemplateVersion.html */ toDeleteProvisioningTemplateVersion(): this; /** * Grants permission to delete a CA certificate registration code * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteRegistrationCode.html */ toDeleteRegistrationCode(): this; /** * Grants permission to delete the specified role alias * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteRoleAlias.html */ toDeleteRoleAlias(): this; /** * Grants permission to delete a scheduled audit * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteScheduledAudit.html */ toDeleteScheduledAudit(): this; /** * Grants permission to delete a Device Defender security profile * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteSecurityProfile.html */ toDeleteSecurityProfile(): this; /** * Grants permission to delete a specified stream * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteStream.html */ toDeleteStream(): this; /** * Grants permission to delete the specified thing * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteThing.html */ toDeleteThing(): this; /** * Grants permission to delete the specified thing group * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteThingGroup.html */ toDeleteThingGroup(): this; /** * Grants permission to delete the specified thing shadow * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toDeleteThingShadow(): this; /** * Grants permission to delete the specified thing type * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteThingType.html */ toDeleteThingType(): this; /** * Grants permission to delete the specified rule * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteTopicRule.html */ toDeleteTopicRule(): this; /** * Grants permission to delete a TopicRuleDestination * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteTopicRuleDestination.html */ toDeleteTopicRuleDestination(): this; /** * Grants permission to delete the specified v2 logging level * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteV2LoggingLevel.html */ toDeleteV2LoggingLevel(): this; /** * Grants permission to deprecate the specified thing type * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DeprecateThingType.html */ toDeprecateThingType(): this; /** * Grants permission to get information about audit configurations for the account * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAccountAuditConfiguration.html */ toDescribeAccountAuditConfiguration(): this; /** * Grants permission to get information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and when the audit that returned the finding was started * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuditFinding.html */ toDescribeAuditFinding(): this; /** * Grants permission to get information about an audit mitigation task that is used to apply mitigation actions to a set of audit findings * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuditMitigationActionsTask.html */ toDescribeAuditMitigationActionsTask(): this; /** * Grants permission to get information about a Device Defender audit suppression * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuditSuppression.html */ toDescribeAuditSuppression(): this; /** * Grants permission to get information about a Device Defender audit * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuditTask.html */ toDescribeAuditTask(): this; /** * Grants permission to describe an authorizer * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuthorizer.html */ toDescribeAuthorizer(): this; /** * Grants permission to get information about the specified billing group * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeBillingGroup.html */ toDescribeBillingGroup(): this; /** * Grants permission to describe a registered CA certificate * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeCACertificate.html */ toDescribeCACertificate(): this; /** * Grants permission to get information about the specified certificate * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeCertificate.html */ toDescribeCertificate(): this; /** * Grants permission to describe a certificate provider * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeCertificateProvider.html */ toDescribeCertificateProvider(): this; /** * Grants permission to describe a custom metric that is defined in your AWS account * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeCustomMetric.html */ toDescribeCustomMetric(): this; /** * Grants permission to describe the default authorizer * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeDefaultAuthorizer.html */ toDescribeDefaultAuthorizer(): this; /** * Grants permission to describe a Device Defender ML Detect mitigation action * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeDetectMitigationActionsTask.html */ toDescribeDetectMitigationActionsTask(): this; /** * Grants permission to get details about a dimension that is defined in your AWS account * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeDimension.html */ toDescribeDimension(): this; /** * Grants permission to get information about the domain configuration * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeDomainConfiguration.html */ toDescribeDomainConfiguration(): this; /** * Grants permission to describe the encryption configuration for the account * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeEncryptionConfiguration.html */ toDescribeEncryptionConfiguration(): this; /** * Grants permission to get a unique endpoint specific to the AWS account making the call * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeEndpoint.html */ toDescribeEndpoint(): this; /** * Grants permission to get account event configurations * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeEventConfigurations.html */ toDescribeEventConfigurations(): this; /** * Grants permission to get information about the specified fleet metric * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeFleetMetric.html */ toDescribeFleetMetric(): this; /** * Grants permission to get information about the specified index * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeIndex.html */ toDescribeIndex(): this; /** * Grants permission to describe a job * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeJob.html */ toDescribeJob(): this; /** * Grants permission to describe a job execution * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeJobExecution.html */ toDescribeJobExecution(): this; /** * Grants permission to describe a job template * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeJobTemplate.html */ toDescribeJobTemplate(): this; /** * Grants permission to describe a managed job template * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeManagedJobTemplate.html */ toDescribeManagedJobTemplate(): this; /** * Grants permission to get information about a mitigation action * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeMitigationAction.html */ toDescribeMitigationAction(): this; /** * Grants permission to get information about a fleet provisioning template * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeProvisioningTemplate.html */ toDescribeProvisioningTemplate(): this; /** * Grants permission to get information about a fleet provisioning template version * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeProvisioningTemplateVersion.html */ toDescribeProvisioningTemplateVersion(): this; /** * Grants permission to describe a role alias * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeRoleAlias.html */ toDescribeRoleAlias(): this; /** * Grants permission to get information about a scheduled audit * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeScheduledAudit.html */ toDescribeScheduledAudit(): this; /** * Grants permission to get information about a Device Defender security profile * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeSecurityProfile.html */ toDescribeSecurityProfile(): this; /** * Grants permission to get information about the specified stream * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeStream.html */ toDescribeStream(): this; /** * Grants permission to get information about the specified thing * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeThing.html */ toDescribeThing(): this; /** * Grants permission to get information about the specified thing group * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeThingGroup.html */ toDescribeThingGroup(): this; /** * Grants permission to get information about the bulk thing registration task * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeThingRegistrationTask.html */ toDescribeThingRegistrationTask(): this; /** * Grants permission to get information about the specified thing type * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeThingType.html */ toDescribeThingType(): this; /** * Grants permission to describe a tunnel * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_DescribeTunnel.html */ toDescribeTunnel(): this; /** * Grants permission to detach a policy from the specified target * * Access Level: Permissions management * * https://docs.aws.amazon.com/iot/latest/apireference/API_DetachPolicy.html */ toDetachPolicy(): this; /** * Grants permission to remove the specified policy from the specified certificate * * Access Level: Permissions management * * https://docs.aws.amazon.com/iot/latest/apireference/API_DetachPrincipalPolicy.html */ toDetachPrincipalPolicy(): this; /** * Grants permission to disassociate a Device Defender security profile from a thing group or from this account * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DetachSecurityProfile.html */ toDetachSecurityProfile(): this; /** * Grants permission to detach the specified principal from the specified thing * * Access Level: Write * * Possible conditions: * - .ifThingArn() * * https://docs.aws.amazon.com/iot/latest/apireference/API_DetachThingPrincipal.html */ toDetachThingPrincipal(): this; /** * Grants permission to disable the specified rule * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DisableTopicRule.html */ toDisableTopicRule(): this; /** * Grants permission to disassociate SBOM files from a package version * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_DisassociateSbomFromPackageVersion.html */ toDisassociateSbomFromPackageVersion(): this; /** * Grants permission to enable the specified rule * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_EnableTopicRule.html */ toEnableTopicRule(): this; /** * Grants permission to fetch a Device Defender's ML Detect Security Profile training model's status * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetBehaviorModelTrainingSummaries.html */ toGetBehaviorModelTrainingSummaries(): this; /** * Grants permission to get buckets aggregation for IoT fleet index * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetBucketsAggregation.html */ toGetBucketsAggregation(): this; /** * Grants permission to get cardinality for IoT fleet index * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetCardinality.html */ toGetCardinality(): this; /** * Grants permission to get the information about the command * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetCommand.html */ toGetCommand(): this; /** * Grants permission to get the information of a command execution * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetCommandExecution.html */ toGetCommandExecution(): this; /** * Grants permission to retrieve the specified connection information * * Access Level: Write * * Possible conditions: * - .ifIncludeSocketInformation() * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toGetConnection(): this; /** * Grants permission to get effective policies * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetEffectivePolicies.html */ toGetEffectivePolicies(): this; /** * Grants permission to get current fleet indexing configuration * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetIndexingConfiguration.html */ toGetIndexingConfiguration(): this; /** * Grants permission to get a job document * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetJobDocument.html */ toGetJobDocument(): this; /** * Grants permission to get the logging options * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetLoggingOptions.html */ toGetLoggingOptions(): this; /** * Grants permission to get the information about the OTA update job * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetOTAUpdate.html */ toGetOTAUpdate(): this; /** * Grants permission to get the information about the package * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetPackage.html */ toGetPackage(): this; /** * Grants permission to get the package configuration of the account * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetPackageConfiguration.html */ toGetPackageConfiguration(): this; /** * Grants permission to get the version of the package * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetPackageVersion.html */ toGetPackageVersion(): this; /** * Grants permission to get percentiles for IoT fleet index * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetPercentiles.html */ toGetPercentiles(): this; /** * Grants permission to get information about the specified policy with the policy document of the default version * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetPolicy.html */ toGetPolicy(): this; /** * Grants permission to get information about the specified policy version * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetPolicyVersion.html */ toGetPolicyVersion(): this; /** * Grants permission to get a registration code used to register a CA certificate with AWS IoT * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetRegistrationCode.html */ toGetRegistrationCode(): this; /** * Grants permission to get the retained message on the specified topic * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toGetRetainedMessage(): this; /** * Grants permission to get statistics for IoT fleet index * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetStatistics.html */ toGetStatistics(): this; /** * Grants permission to get the thing's connectivity data * * Access Level: Read * * Possible conditions: * - .ifIncludeSocketInformation() * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetThingConnectivityData.html */ toGetThingConnectivityData(): this; /** * Grants permission to get the thing shadow * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toGetThingShadow(): this; /** * Grants permission to get information about the specified rule * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetTopicRule.html */ toGetTopicRule(): this; /** * Grants permission to get a TopicRuleDestination * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetTopicRuleDestination.html */ toGetTopicRuleDestination(): this; /** * Grants permission to get v2 logging options * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_GetV2LoggingOptions.html */ toGetV2LoggingOptions(): this; /** * Grants permission to list the active violations for a given Device Defender security profile or Thing * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListActiveViolations.html */ toListActiveViolations(): this; /** * Grants permission to list the policies attached to the specified thing group * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListAttachedPolicies.html */ toListAttachedPolicies(): this; /** * Grants permission to list the findings (results) of a Device Defender audit or of the audits performed during a specified time period * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditFindings.html */ toListAuditFindings(): this; /** * Grants permission to get the status of audit mitigation action tasks that were executed * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditMitigationActionsExecutions.html */ toListAuditMitigationActionsExecutions(): this; /** * Grants permission to get a list of audit mitigation action tasks that match the specified filters * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditMitigationActionsTasks.html */ toListAuditMitigationActionsTasks(): this; /** * Grants permission to list your Device Defender audit suppressions * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditSuppressions.html */ toListAuditSuppressions(): this; /** * Grants permission to list the Device Defender audits that have been performed during a given time period * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditTasks.html */ toListAuditTasks(): this; /** * Grants permission to list the authorizers registered in your account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuthorizers.html */ toListAuthorizers(): this; /** * Grants permission to list all billing groups * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListBillingGroups.html */ toListBillingGroups(): this; /** * Grants permission to list the CA certificates registered for your AWS account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListCACertificates.html */ toListCACertificates(): this; /** * Grants permission to list certificate providers in the account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListCertificateProviders.html */ toListCertificateProviders(): this; /** * Grants permission to list your certificates * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListCertificates.html */ toListCertificates(): this; /** * Grants permission to list the device certificates signed by the specified CA certificate * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListCertificatesByCA.html */ toListCertificatesByCA(): this; /** * Grants permission to list commands executions in the account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListCommandExecutions.html */ toListCommandExecutions(): this; /** * Grants permission to list commands in the account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListCommands.html */ toListCommands(): this; /** * Grants permission to list the custom metrics in your AWS account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListCustomMetrics.html */ toListCustomMetrics(): this; /** * Grants permission to lists mitigation actions executions for a Device Defender ML Detect Security Profile * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListDetectMitigationActionsExecutions.html */ toListDetectMitigationActionsExecutions(): this; /** * Grants permission to list Device Defender ML Detect mitigation actions tasks * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListDetectMitigationActionsTasks.html */ toListDetectMitigationActionsTasks(): this; /** * Grants permission to list the dimensions that are defined for your AWS account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListDimensions.html */ toListDimensions(): this; /** * Grants permission to list the domain configuration created by your AWS account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListDomainConfigurations.html */ toListDomainConfigurations(): this; /** * Grants permission to list the fleet metrics in your account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListFleetMetrics.html */ toListFleetMetrics(): this; /** * Grants permission to list all indices for fleet index * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListIndices.html */ toListIndices(): this; /** * Grants permission to list the job executions for a job * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListJobExecutionsForJob.html */ toListJobExecutionsForJob(): this; /** * Grants permission to list the job executions for the specified thing * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListJobExecutionsForThing.html */ toListJobExecutionsForThing(): this; /** * Grants permission to list job templates * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListJobTemplates.html */ toListJobTemplates(): this; /** * Grants permission to list jobs * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListJobs.html */ toListJobs(): this; /** * Grants permission to list managed job templates * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListManagedJobTemplates.html */ toListManagedJobTemplates(): this; /** * Grants permissions to list the metric values for a thing based on the metricName, and dimension if specified * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListMetricValues.html */ toListMetricValues(): this; /** * Grants permission to get a list of all mitigation actions that match the specified filter criteria * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListMitigationActions.html */ toListMitigationActions(): this; /** * Grants permission to list all named shadows for a given thing * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListNamedShadowsForThing.html */ toListNamedShadowsForThing(): this; /** * Grants permission to list OTA update jobs in the account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListOTAUpdates.html */ toListOTAUpdates(): this; /** * Grants permission to list certificates that are being transfered but not yet accepted * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListOutgoingCertificates.html */ toListOutgoingCertificates(): this; /** * Grants permission to list versions for a package in the account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListPackageVersions.html */ toListPackageVersions(): this; /** * Grants permission to list packages in the account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListPackages.html */ toListPackages(): this; /** * Grants permission to list your policies * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListPolicies.html */ toListPolicies(): this; /** * Grants permission to list the principals associated with the specified policy * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListPolicyPrincipals.html */ toListPolicyPrincipals(): this; /** * Grants permission to list the versions of the specified policy, and identifies the default version * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListPolicyVersions.html */ toListPolicyVersions(): this; /** * Grants permission to list the policies attached to the specified principal. If you use an Amazon Cognito identity, the ID needs to be in Amazon Cognito Identity format * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListPrincipalPolicies.html */ toListPrincipalPolicies(): this; /** * Grants permission to list the things associated with the specified principal * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListPrincipalThings.html */ toListPrincipalThings(): this; /** * Grants permission to list the things associated with the specified principal * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListPrincipalThingsV2.html */ toListPrincipalThingsV2(): this; /** * Grants permission to get a list of fleet provisioning template versions * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListProvisioningTemplateVersions.html */ toListProvisioningTemplateVersions(): this; /** * Grants permission to list the fleet provisioning templates in your AWS account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListProvisioningTemplates.html */ toListProvisioningTemplates(): this; /** * Grants permission to list related resources for a single audit finding * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListRelatedResourcesForAuditFinding.html */ toListRelatedResourcesForAuditFinding(): this; /** * Grants permission to list the retained messages for your account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toListRetainedMessages(): this; /** * Grants permission to list role aliases * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListRoleAliases.html */ toListRoleAliases(): this; /** * Grants permission to list SBOM validation results of a package version * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListSbomValidationResults.html */ toListSbomValidationResults(): this; /** * Grants permission to list all of your scheduled audits * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListScheduledAudits.html */ toListScheduledAudits(): this; /** * Grants permission to list the Device Defender security profiles you have created * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListSecurityProfiles.html */ toListSecurityProfiles(): this; /** * Grants permission to list the Device Defender security profiles attached to a target * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListSecurityProfilesForTarget.html */ toListSecurityProfilesForTarget(): this; /** * Grants permission to list the streams in your account * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListStreams.html */ toListStreams(): this; /** * Grants permission to retrieve the specified connection's subscriptions * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toListSubscriptions(): this; /** * Grants permission to list all tags for a given resource * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to list targets for the specified policy * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListTargetsForPolicy.html */ toListTargetsForPolicy(): this; /** * Grants permission to list the targets associated with a given Device Defender security profile * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListTargetsForSecurityProfile.html */ toListTargetsForSecurityProfile(): this; /** * Grants permission to list all thing groups * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingGroups.html */ toListThingGroups(): this; /** * Grants permission to list thing groups to which the specified thing belongs * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingGroupsForThing.html */ toListThingGroupsForThing(): this; /** * Grants permission to list the principals associated with the specified thing * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingPrincipals.html */ toListThingPrincipals(): this; /** * Grants permission to list the principals associated with the specified thing * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingPrincipalsV2.html */ toListThingPrincipalsV2(): this; /** * Grants permission to list information about bulk thing registration tasks * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingRegistrationTaskReports.html */ toListThingRegistrationTaskReports(): this; /** * Grants permission to list bulk thing registration tasks * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingRegistrationTasks.html */ toListThingRegistrationTasks(): this; /** * Grants permission to list all thing types * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingTypes.html */ toListThingTypes(): this; /** * Grants permission to list all things * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListThings.html */ toListThings(): this; /** * Grants permission to list all things in the specified billing group * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingsInBillingGroup.html */ toListThingsInBillingGroup(): this; /** * Grants permission to list all things in the specified thing group * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingsInThingGroup.html */ toListThingsInThingGroup(): this; /** * Grants permission to list all TopicRuleDestinations * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListTopicRuleDestinations.html */ toListTopicRuleDestinations(): this; /** * Grants permission to list the rules for the specific topic * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListTopicRules.html */ toListTopicRules(): this; /** * Grants permission to list tunnels * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_ListTunnels.html */ toListTunnels(): this; /** * Grants permission to list the v2 logging levels * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListV2LoggingLevels.html */ toListV2LoggingLevels(): this; /** * Grants permission to list the Device Defender security profile violations discovered during the given time period * * Access Level: List * * https://docs.aws.amazon.com/iot/latest/apireference/API_ListViolationEvents.html */ toListViolationEvents(): this; /** * Grants permission to open a tunnel * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifThingGroupArn() * - .ifTunnelDestinationService() * * https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_OpenTunnel.html */ toOpenTunnel(): this; /** * Grants permission to publish to the specified topic * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toPublish(): this; /** * Grants permission to put verification state on a violation * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_PutVerificationStateOnViolation.html */ toPutVerificationStateOnViolation(): this; /** * Grants permission to receive from the specified topic * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toReceive(): this; /** * Grants permission to register a CA certificate with AWS IoT * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifAwsResourceTag() * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/iot/latest/apireference/API_RegisterCACertificate.html */ toRegisterCACertificate(): this; /** * Grants permission to register a device certificate with AWS IoT * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_RegisterCertificate.html */ toRegisterCertificate(): this; /** * Grants permission to register a device certificate with AWS IoT without a registered CA (certificate authority) * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_RegisterCertificateWithoutCA.html */ toRegisterCertificateWithoutCA(): this; /** * Grants permission to register your thing * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_RegisterThing.html */ toRegisterThing(): this; /** * Grants permission to reject a pending certificate transfer * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_RejectCertificateTransfer.html */ toRejectCertificateTransfer(): this; /** * Grants permission to remove thing from the specified billing group * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_RemoveThingFromBillingGroup.html */ toRemoveThingFromBillingGroup(): this; /** * Grants permission to remove thing from the specified thing group * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_RemoveThingFromThingGroup.html */ toRemoveThingFromThingGroup(): this; /** * Grants permission to replace the specified rule * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_ReplaceTopicRule.html */ toReplaceTopicRule(): this; /** * Grants permission to publish a retained message to the specified topic * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toRetainPublish(): this; /** * Grants permission to rotate the access token of a tunnel * * Access Level: Write * * Possible conditions: * - .ifThingGroupArn() * - .ifTunnelDestinationService() * - .ifClientMode() * * https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_RotateTunnelAccessToken.html */ toRotateTunnelAccessToken(): this; /** * Grants permission to search IoT fleet index * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_SearchIndex.html */ toSearchIndex(): this; /** * Grants permission to send a direct message to an IoT client * * Access Level: Write * * Possible conditions: * - .ifTopic() * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toSendDirectMessage(): this; /** * Grants permission to set the default authorizer. This will be used if a websocket connection is made without specifying an authorizer * * Access Level: Permissions management * * https://docs.aws.amazon.com/iot/latest/apireference/API_SetDefaultAuthorizer.html */ toSetDefaultAuthorizer(): this; /** * Grants permission to set the specified version of the specified policy as the policy's default (operative) version * * Access Level: Permissions management * * https://docs.aws.amazon.com/iot/latest/apireference/API_SetDefaultPolicyVersion.html */ toSetDefaultPolicyVersion(): this; /** * Grants permission to set the logging options * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_SetLoggingOptions.html */ toSetLoggingOptions(): this; /** * Grants permission to set the v2 logging level * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_SetV2LoggingLevel.html */ toSetV2LoggingLevel(): this; /** * Grants permission to set the v2 logging options * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_SetV2LoggingOptions.html */ toSetV2LoggingOptions(): this; /** * Grants permission to start a task that applies a set of mitigation actions to the specified target * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_StartAuditMitigationActionsTask.html */ toStartAuditMitigationActionsTask(): this; /** * Grants permission to start a new command execution * * Access Level: Write * * Possible conditions: * - .ifCommandExecutionParameterString() * - .ifCommandExecutionParameterBoolean() * - .ifCommandExecutionParameterNumber() * * https://docs.aws.amazon.com/iot/latest/apireference/API_iot-jobs-data_StartCommandExecution.html */ toStartCommandExecution(): this; /** * Grants permission to start a Device Defender ML Detect mitigation actions task * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_StartDetectMitigationActionsTask.html */ toStartDetectMitigationActionsTask(): this; /** * Grants permission to start an on-demand Device Defender audit * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_StartOnDemandAuditTask.html */ toStartOnDemandAuditTask(): this; /** * Grants permission to start a bulk thing registration task * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_StartThingRegistrationTask.html */ toStartThingRegistrationTask(): this; /** * Grants permission to stop a bulk thing registration task * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_StopThingRegistrationTask.html */ toStopThingRegistrationTask(): this; /** * Grants permission to subscribe to the specified TopicFilter * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toSubscribe(): this; /** * Grants permission to tag a specified resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to test the policies evaluation for group policies * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_TestAuthorization.html */ toTestAuthorization(): this; /** * Grants permission to test invoke the specified custom authorizer for testing purposes * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_TestInvokeAuthorizer.html */ toTestInvokeAuthorizer(): this; /** * Grants permission to transfer the specified certificate to the specified AWS account * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_TransferCertificate.html */ toTransferCertificate(): this; /** * Grants permission to untag a specified resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/iot/latest/apireference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to configure or reconfigure the Device Defender audit settings for this account * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateAccountAuditConfiguration.html */ toUpdateAccountAuditConfiguration(): this; /** * Grants permission to update a Device Defender audit suppression * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateAuditSuppression.html */ toUpdateAuditSuppression(): this; /** * Grants permission to update an authorizer * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateAuthorizer.html */ toUpdateAuthorizer(): this; /** * Grants permission to update information associated with the specified billing group * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateBillingGroup.html */ toUpdateBillingGroup(): this; /** * Grants permission to update a registered CA certificate * * Access Level: Write * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCACertificate.html */ toUpdateCACertificate(): this; /** * Grants permission to update the status of the specified certificate. This operation is idempotent * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCertificate.html */ toUpdateCertificate(): this; /** * Grants permission to update a certificate provider * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCertificateProvider.html */ toUpdateCertificateProvider(): this; /** * Grants permission to update a command * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCommand.html */ toUpdateCommand(): this; /** * Grants permission to update the specified custom metric * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCustomMetric.html */ toUpdateCustomMetric(): this; /** * Grants permission to update the definition for a dimension * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateDimension.html */ toUpdateDimension(): this; /** * Grants permission to update a domain configuration * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateDomainConfiguration.html */ toUpdateDomainConfiguration(): this; /** * Grants permission to update a Dynamic Thing Group * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateDynamicThingGroup.html */ toUpdateDynamicThingGroup(): this; /** * Grants permission to update the encryption configuration for the account * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateEncryptionConfiguration.html */ toUpdateEncryptionConfiguration(): this; /** * Grants permission to update event configurations * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateEventConfigurations.html */ toUpdateEventConfigurations(): this; /** * Grants permission to update a fleet metric * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateFleetMetric.html */ toUpdateFleetMetric(): this; /** * Grants permission to update fleet indexing configuration * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateIndexingConfiguration.html */ toUpdateIndexingConfiguration(): this; /** * Grants permission to update a job * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateJob.html */ toUpdateJob(): this; /** * Grants permission to update the definition for the specified mitigation action * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateMitigationAction.html */ toUpdateMitigationAction(): this; /** * Grants permission to update a package * * Access Level: Write * * Dependent actions: * - iot:GetIndexingConfiguration * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdatePackage.html */ toUpdatePackage(): this; /** * Grants permission to update the package configuration of the account * * Access Level: Write * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdatePackageConfiguration.html */ toUpdatePackageConfiguration(): this; /** * Grants permission to update the version of the specified package * * Access Level: Write * * Dependent actions: * - iot:GetIndexingConfiguration * - s3:GetObjectVersion * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdatePackageVersion.html */ toUpdatePackageVersion(): this; /** * Grants permission to update a fleet provisioning template * * Access Level: Write * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateProvisioningTemplate.html */ toUpdateProvisioningTemplate(): this; /** * Grants permission to update the role alias * * Access Level: Write * * Dependent actions: * - iam:PassRole * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateRoleAlias.html */ toUpdateRoleAlias(): this; /** * Grants permission to update a scheduled audit, including what checks are performed and how often the audit takes place * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateScheduledAudit.html */ toUpdateScheduledAudit(): this; /** * Grants permission to update a Device Defender security profile * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateSecurityProfile.html */ toUpdateSecurityProfile(): this; /** * Grants permission to update the data for a stream * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateStream.html */ toUpdateStream(): this; /** * Grants permission to update information associated with the specified thing * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateThing.html */ toUpdateThing(): this; /** * Grants permission to update information associated with the specified thing group * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateThingGroup.html */ toUpdateThingGroup(): this; /** * Grants permission to update the thing groups to which the thing belongs * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateThingGroupsForThing.html */ toUpdateThingGroupsForThing(): this; /** * Grants permission to update the thing shadow * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html */ toUpdateThingShadow(): this; /** * Grants permission to update information associated with the specified thing type * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateThingType.html */ toUpdateThingType(): this; /** * Grants permission to update a TopicRuleDestination * * Access Level: Write * * https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateTopicRuleDestination.html */ toUpdateTopicRuleDestination(): this; /** * Grants permission to validate a Device Defender security profile behaviors specification * * Access Level: Read * * https://docs.aws.amazon.com/iot/latest/apireference/API_ValidateSecurityProfileBehaviors.html */ toValidateSecurityProfileBehaviors(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type client to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/iot-message-broker.html * * @param clientId - Identifier for the clientId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onClient(clientId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type index to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/iot-indexing.html * * @param indexName - Identifier for the indexName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onIndex(indexName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type fleetmetric to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/iot-indexing.html * * @param fleetMetricName - Identifier for the fleetMetricName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFleetmetric(fleetMetricName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type job to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/iot-jobs.html * * @param jobId - Identifier for the jobId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onJob(jobId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type jobtemplate to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/job-templates.html * * @param jobTemplateId - Identifier for the jobTemplateId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onJobtemplate(jobTemplateId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type tunnel to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/iot-tunnels.html * * @param tunnelId - Identifier for the tunnelId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onTunnel(tunnelId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type thing to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/thing-registry.html * * @param thingName - Identifier for the thingName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onThing(thingName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type thinggroup to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/thing-groups.html * * @param thingGroupName - Identifier for the thingGroupName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onThinggroup(thingGroupName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type billinggroup to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/billing-groups.html * * @param billingGroupName - Identifier for the billingGroupName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onBillinggroup(billingGroupName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type dynamicthinggroup to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/dynamic-thing-groups.html * * @param thingGroupName - Identifier for the thingGroupName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDynamicthinggroup(thingGroupName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type thingtype to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/thing-types.html * * @param thingTypeName - Identifier for the thingTypeName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onThingtype(thingTypeName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type topic to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/iot-message-broker.html * * @param topicName - Identifier for the topicName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onTopic(topicName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type topicfilter to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/topics.html * * @param topicFilter - Identifier for the topicFilter. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onTopicfilter(topicFilter: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type rolealias to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html * * @param roleAlias - Identifier for the roleAlias. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onRolealias(roleAlias: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type authorizer to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/custom-authorizer.html * * @param authorizerName - Identifier for the authorizerName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAuthorizer(authorizerName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type policy to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html * * @param policyName - Identifier for the policyName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onPolicy(policyName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type cert to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/x509-certs.html * * @param certificate - Identifier for the certificate. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onCert(certificate: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type cacert to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/x509-certs.html * * @param cACertificate - Identifier for the cACertificate. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCacert(cACertificate: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type stream to the statement * * https://docs.aws.amazon.com/freertos/latest/userguide/freertos-ota-dev.html * * @param streamId - Identifier for the streamId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onStream(streamId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type otaupdate to the statement * * https://docs.aws.amazon.com/freertos/latest/userguide/freertos-ota-dev.html * * @param otaUpdateId - Identifier for the otaUpdateId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onOtaupdate(otaUpdateId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type scheduledaudit to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit.html * * @param scheduleName - Identifier for the scheduleName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onScheduledaudit(scheduleName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type mitigationaction to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-mitigation-actions.html * * @param mitigationActionName - Identifier for the mitigationActionName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onMitigationaction(mitigationActionName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type securityprofile to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect.html * * @param securityProfileName - Identifier for the securityProfileName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSecurityprofile(securityProfileName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type custommetric to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect.html * * @param metricName - Identifier for the metricName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCustommetric(metricName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type dimension to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect.html * * @param dimensionName - Identifier for the dimensionName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDimension(dimensionName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type rule to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html * * @param ruleName - Identifier for the ruleName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onRule(ruleName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type destination to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/rule-destination.html * * @param destinationType - Identifier for the destinationType. * @param uuid - Identifier for the uuid. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onDestination(destinationType: string, uuid: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type provisioningtemplate to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/provision-template.html * * @param provisioningTemplate - Identifier for the provisioningTemplate. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onProvisioningtemplate(provisioningTemplate: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type domainconfiguration to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/domain-configuration.html * * @param domainConfigurationName - Identifier for the domainConfigurationName. * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDomainconfiguration(domainConfigurationName: string, id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type package to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/software-package-catalog.html * * @param packageName - Identifier for the packageName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onPackage(packageName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type packageversion to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/software-package-catalog.html * * @param packageName - Identifier for the packageName. * @param versionName - Identifier for the versionName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onPackageversion(packageName: string, versionName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type certificateprovider to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/provisioning-cert-provider.html * * @param certificateProviderName - Identifier for the certificateProviderName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCertificateprovider(certificateProviderName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type command to the statement * * https://docs.aws.amazon.com/iot/latest/developerguide/iot-remote-command.html * * @param commandId - Identifier for the commandId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCommand(commandId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by a tag key that is present in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html * * Applies to actions: * - .toCreateAuthorizer() * - .toCreateBillingGroup() * - .toCreateCertificateProvider() * - .toCreateCommand() * - .toCreateCustomMetric() * - .toCreateDimension() * - .toCreateDomainConfiguration() * - .toCreateDynamicThingGroup() * - .toCreateFleetMetric() * - .toCreateJob() * - .toCreateJobTemplate() * - .toCreateMitigationAction() * - .toCreateOTAUpdate() * - .toCreatePackage() * - .toCreatePackageVersion() * - .toCreatePolicy() * - .toCreateProvisioningTemplate() * - .toCreateRoleAlias() * - .toCreateScheduledAudit() * - .toCreateSecurityProfile() * - .toCreateStream() * - .toCreateThingGroup() * - .toCreateThingType() * - .toCreateTopicRule() * - .toOpenTunnel() * - .toRegisterCACertificate() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by a tag key component of a tag associated to the IoT resource in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html * * Applies to actions: * - .toRegisterCACertificate() * * Applies to resource types: * - fleetmetric * - job * - jobtemplate * - tunnel * - thinggroup * - billinggroup * - dynamicthinggroup * - thingtype * - rolealias * - authorizer * - policy * - cacert * - stream * - otaupdate * - scheduledaudit * - mitigationaction * - securityprofile * - custommetric * - dimension * - rule * - provisioningtemplate * - domainconfiguration * - package * - packageversion * - certificateprovider * - command * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by a list of tag keys associated to the IoT resource in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html * * Applies to actions: * - .toCreateAuthorizer() * - .toCreateBillingGroup() * - .toCreateCertificateProvider() * - .toCreateCommand() * - .toCreateCustomMetric() * - .toCreateDimension() * - .toCreateDomainConfiguration() * - .toCreateDynamicThingGroup() * - .toCreateFleetMetric() * - .toCreateJob() * - .toCreateJobTemplate() * - .toCreateMitigationAction() * - .toCreateOTAUpdate() * - .toCreatePackage() * - .toCreatePackageVersion() * - .toCreatePolicy() * - .toCreateProvisioningTemplate() * - .toCreateRoleAlias() * - .toCreateScheduledAudit() * - .toCreateSecurityProfile() * - .toCreateStream() * - .toCreateThingGroup() * - .toCreateThingType() * - .toCreateTopicRule() * - .toOpenTunnel() * - .toRegisterCACertificate() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by the mode of the client for IoT Tunnel * * https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html * * Applies to actions: * - .toRotateTunnelAccessToken() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifClientMode(value: string | string[], operator?: Operator | string): this; /** * Filters access by the command parameter name and boolean value * * https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html * * Applies to actions: * - .toStartCommandExecution() * * @param commandParameterName The tag key to check * @param value `true` or `false`. **Default:** `true` */ ifCommandExecutionParameterBoolean(commandParameterName: string, value?: boolean): this; /** * Filters access by the command parameter name and numeric value * * https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html * * Applies to actions: * - .toStartCommandExecution() * * @param commandParameterName The tag key to check * @param value The value(s) to check * @param operator Works with [numeric operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_Numeric). **Default:** `NumericEquals` */ ifCommandExecutionParameterNumber(commandParameterName: string, value: number | number[], operator?: Operator | string): this; /** * Filters access by the command parameter name and string value * * https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html * * Applies to actions: * - .toStartCommandExecution() * * @param commandParameterName The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifCommandExecutionParameterString(commandParameterName: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by a flag indicating whether or not to also delete an IoT Tunnel immediately when making iot:CloseTunnel request * * https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html * * Applies to actions: * - .toCloseTunnel() * * @param value `true` or `false`. **Default:** `true` */ ifDelete(value?: boolean): this; /** * Filters access by based on the domain name of an IoT DomainConfiguration * * https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html * * Applies to actions: * - .toCreateDomainConfiguration() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifDomainName(value: string | string[], operator?: Operator | string): this; /** * Filters access by GetConnection and GetThingConnectivityData includeSocketInformation request parameter * * https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html * * Applies to actions: * - .toGetConnection() * - .toGetThingConnectivityData() * * @param value `true` or `false`. **Default:** `true` */ ifIncludeSocketInformation(value?: boolean): this; /** * Filters access by a list of IoT Thing Group ARNs that the destination IoT Thing belongs to for an IoT Tunnel * * https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html * * Applies to actions: * - .toOpenTunnel() * - .toRotateTunnelAccessToken() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifThingGroupArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by based on the topic * * https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html * * Applies to actions: * - .toSendDirectMessage() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifTopic(value: string | string[], operator?: Operator | string): this; /** * Filters access by a list of destination services for an IoT Tunnel * * https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html * * Applies to actions: * - .toOpenTunnel() * - .toRotateTunnelAccessToken() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifTunnelDestinationService(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ARN of an IoT Thing * * https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html * * Applies to actions: * - .toAttachThingPrincipal() * - .toDetachThingPrincipal() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifThingArn(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [iot](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html). * */ constructor(props?: iam.PolicyStatementProps); }