import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [redshift](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonredshift.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Redshift extends PolicyStatement { servicePrefix: string; /** * Grants permission to exchange a DC1 reserved node for a DC2 reserved node with no changes to the configuration * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_AcceptReservedNodeExchange.html */ toAcceptReservedNodeExchange(): this; /** * Grants permission to add a partner integration to a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_AddPartner.html */ toAddPartner(): this; /** * Grants permission to associate a consumer to a datashare * * Access Level: Write * * Possible conditions: * - .ifConsumerArn() * - .ifAllowWrites() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_AssociateDataShareConsumer.html */ toAssociateDataShareConsumer(): this; /** * Grants permission to add an inbound (ingress) rule to an Amazon Redshift security group * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeClusterSecurityGroupIngress.html */ toAuthorizeClusterSecurityGroupIngress(): this; /** * Grants permission to authorize the specified datashare consumer to consume a datashare * * Access Level: Permissions management * * Possible conditions: * - .ifConsumerIdentifier() * - .ifAllowWrites() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeDataShare.html */ toAuthorizeDataShare(): this; /** * Grants permission to authorize endpoint related activities for redshift-managed vpc endpoint * * Access Level: Permissions management * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeEndpointAccess.html */ toAuthorizeEndpointAccess(): this; /** * Grants permission to Amazon Redshift to continuously validate that the target namespace can receive data replicated from the source ARN * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/mgmt/zero-etl-using.setting-up.html */ toAuthorizeInboundIntegration(): this; /** * Grants permission to the specified AWS account to restore a snapshot * * Access Level: Permissions management * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeSnapshotAccess.html */ toAuthorizeSnapshotAccess(): this; /** * Grants permission to delete snapshots in a batch of size upto 100 * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_BatchDeleteClusterSnapshots.html */ toBatchDeleteClusterSnapshots(): this; /** * Grants permission to modify settings for a list of snapshots * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_BatchModifyClusterSnapshots.html */ toBatchModifyClusterSnapshots(): this; /** * Grants permission to cancel a query through the Amazon Redshift console * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toCancelQuery(): this; /** * Grants permission to see queries in the Amazon Redshift console * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toCancelQuerySession(): this; /** * Grants permission to cancel a resize operation * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CancelResize.html */ toCancelResize(): this; /** * Grants permission to copy a cluster snapshot * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CopyClusterSnapshot.html */ toCopyClusterSnapshot(): this; /** * Grants permission to create an Amazon Redshift authentication profile * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateAuthenticationProfile.html */ toCreateAuthenticationProfile(): this; /** * Grants permission to create a cluster * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - kms:CreateGrant * - kms:Decrypt * - kms:DescribeKey * - kms:GenerateDataKey * - kms:RetireGrant * - secretsmanager:CreateSecret * - secretsmanager:DeleteSecret * - secretsmanager:DescribeSecret * - secretsmanager:GetRandomPassword * - secretsmanager:RotateSecret * - secretsmanager:TagResource * - secretsmanager:UpdateSecret * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateCluster.html */ toCreateCluster(): this; /** * Grants permission to create an Amazon Redshift parameter group * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterParameterGroup.html */ toCreateClusterParameterGroup(): this; /** * Grants permission to create an Amazon Redshift security group * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterSecurityGroup.html */ toCreateClusterSecurityGroup(): this; /** * Grants permission to create a manual snapshot of the specified cluster * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterSnapshot.html */ toCreateClusterSnapshot(): this; /** * Grants permission to create an Amazon Redshift subnet group * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateClusterSubnetGroup.html */ toCreateClusterSubnetGroup(): this; /** * Grants permission to automatically create the specified Amazon Redshift user if it does not exist * * Access Level: Permissions management * * Possible conditions: * - .ifDbUser() * * https://docs.aws.amazon.com/redshift/latest/mgmt/generating-iam-credentials-role-permissions.html */ toCreateClusterUser(): this; /** * Grants permission to create a custom domain name for a cluster * * Access Level: Write * * Dependent actions: * - acm:DescribeCertificate * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateCustomDomainAssociation.html */ toCreateCustomDomainAssociation(): this; /** * Grants permission to create a redshift-managed vpc endpoint * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateEndpointAccess.html */ toCreateEndpointAccess(): this; /** * Grants permission to create an Amazon Redshift event notification subscription * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateEventSubscription.html */ toCreateEventSubscription(): this; /** * Grants permission to create an HSM client certificate that a cluster uses to connect to an HSM * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateHsmClientCertificate.html */ toCreateHsmClientCertificate(): this; /** * Grants permission to create an HSM configuration that contains information required by a cluster to store and use database encryption keys in a hardware security module (HSM) * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateHsmConfiguration.html */ toCreateHsmConfiguration(): this; /** * Grants permission to the source principal to create an integration into the namespace of target data warehouse * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/mgmt/zero-etl-using.setting-up.html */ toCreateInboundIntegration(): this; /** * Grants permission to create an Amazon Redshift zero-ETL integration * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifIntegrationSourceArn() * - .ifIntegrationTargetArn() * * Dependent actions: * - kms:CreateGrant * - kms:DescribeKey * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateIntegration.html */ toCreateIntegration(): this; /** * Grants permission to create a qev2 idc application * * Access Level: Write * * Dependent actions: * - sso:CreateApplication * - sso:PutApplicationAccessScope * - sso:PutApplicationAuthenticationMethod * - sso:PutApplicationGrant * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html */ toCreateQev2IdcApplication(): this; /** * Grants permission to create a redshift idc application * * Access Level: Write * * Dependent actions: * - sso:CreateApplication * - sso:PutApplicationAccessScope * - sso:PutApplicationAuthenticationMethod * - sso:PutApplicationGrant * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateRedshiftIdcApplication.html */ toCreateRedshiftIdcApplication(): this; /** * Grants permission to create saved SQL queries through the Amazon Redshift console * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toCreateSavedQuery(): this; /** * Grants permission to create an Amazon Redshift scheduled action * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateScheduledAction.html */ toCreateScheduledAction(): this; /** * Grants permission to create a snapshot copy grant and encrypt copied snapshots in a destination AWS Region * * Access Level: Permissions management * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateSnapshotCopyGrant.html */ toCreateSnapshotCopyGrant(): this; /** * Grants permission to create a snapshot schedule * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateSnapshotSchedule.html */ toCreateSnapshotSchedule(): this; /** * Grants permission to add one or more tags to a specified resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateTags.html */ toCreateTags(): this; /** * Grants permission to create a usage limit * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateUsageLimit.html */ toCreateUsageLimit(): this; /** * Grants permission to remove permission from the specified datashare consumer to consume a datashare * * Access Level: Permissions management * * Possible conditions: * - .ifConsumerIdentifier() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeauthorizeDataShare.html */ toDeauthorizeDataShare(): this; /** * Grants permission to delete an Amazon Redshift authentication profile * * Access Level: Write */ toDeleteAuthenticationProfile(): this; /** * Grants permission to delete a previously provisioned cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteCluster.html */ toDeleteCluster(): this; /** * Grants permission to delete an Amazon Redshift parameter group * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterParameterGroup.html */ toDeleteClusterParameterGroup(): this; /** * Grants permission to delete an Amazon Redshift security group * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterSecurityGroup.html */ toDeleteClusterSecurityGroup(): this; /** * Grants permission to delete a manual snapshot * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterSnapshot.html */ toDeleteClusterSnapshot(): this; /** * Grants permission to delete a cluster subnet group * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteClusterSubnetGroup.html */ toDeleteClusterSubnetGroup(): this; /** * Grants permission to delete a custom domain name for a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteCustomDomainAssociation.html */ toDeleteCustomDomainAssociation(): this; /** * Grants permission to delete a redshift-managed vpc endpoint * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteEndpointAccess.html */ toDeleteEndpointAccess(): this; /** * Grants permission to delete an Amazon Redshift event notification subscription * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteEventSubscription.html */ toDeleteEventSubscription(): this; /** * Grants permission to delete an HSM client certificate * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteHsmClientCertificate.html */ toDeleteHsmClientCertificate(): this; /** * Grants permission to delete an Amazon Redshift HSM configuration * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteHsmConfiguration.html */ toDeleteHsmConfiguration(): this; /** * Grants permission to delete an Amazon Redshift zero-ETL integration * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteIntegration.html */ toDeleteIntegration(): this; /** * Grants permission to delete a partner integration from a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeletePartner.html */ toDeletePartner(): this; /** * Grants permission to delete a qev2 idc application * * Access Level: Write * * Dependent actions: * - sso:DeleteApplication * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html */ toDeleteQev2IdcApplication(): this; /** * Grants permission to delete a redshift idc application * * Access Level: Write * * Dependent actions: * - sso:DeleteApplication * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteRedshiftIdcApplication.html */ toDeleteRedshiftIdcApplication(): this; /** * Grants permission to delete the resource policy for a specified resource * * Access Level: Permissions management * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteResourcePolicy.html */ toDeleteResourcePolicy(): this; /** * Grants permission to delete saved SQL queries through the Amazon Redshift console * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toDeleteSavedQueries(): this; /** * Grants permission to delete an Amazon Redshift scheduled action * * Access Level: Write */ toDeleteScheduledAction(): this; /** * Grants permission to delete a snapshot copy grant * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteSnapshotCopyGrant.html */ toDeleteSnapshotCopyGrant(): this; /** * Grants permission to delete a snapshot schedule * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteSnapshotSchedule.html */ toDeleteSnapshotSchedule(): this; /** * Grants permission to delete a tag or tags from a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteTags.html */ toDeleteTags(): this; /** * Grants permission to delete a usage limit * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteUsageLimit.html */ toDeleteUsageLimit(): this; /** * Grants permission to deregister the specified namespace from a consumer * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeregisterNamespace.html */ toDeregisterNamespace(): this; /** * Grants permission to describe attributes attached to the specified AWS account * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeAccountAttributes.html */ toDescribeAccountAttributes(): this; /** * Grants permission to describe created Amazon Redshift authentication profiles * * Access Level: Read */ toDescribeAuthenticationProfiles(): this; /** * Grants permission to describe the list of resources that are denylisted from global autonomics decisions for a specified cluster * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/dg/t_Manage_workload_exclusion.html */ toDescribeAutonomicsDenylist(): this; /** * Grants permission to describe database revisions for a cluster * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterDbRevisions.html */ toDescribeClusterDbRevisions(): this; /** * Grants permission to describe Amazon Redshift parameter groups, including parameter groups you created and the default parameter group * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterParameterGroups.html */ toDescribeClusterParameterGroups(): this; /** * Grants permission to describe parameters contained within an Amazon Redshift parameter group * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterParameters.html */ toDescribeClusterParameters(): this; /** * Grants permission to describe Amazon Redshift security groups * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterSecurityGroups.html */ toDescribeClusterSecurityGroups(): this; /** * Grants permission to describe one or more snapshot objects, which contain metadata about your cluster snapshots * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterSnapshots.html */ toDescribeClusterSnapshots(): this; /** * Grants permission to describe one or more cluster subnet group objects, which contain metadata about your cluster subnet groups * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterSubnetGroups.html */ toDescribeClusterSubnetGroups(): this; /** * Grants permission to describe available maintenance tracks * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterTracks.html */ toDescribeClusterTracks(): this; /** * Grants permission to describe available Amazon Redshift cluster versions * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusterVersions.html */ toDescribeClusterVersions(): this; /** * Grants permission to describe properties of provisioned clusters * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusters.html */ toDescribeClusters(): this; /** * Grants permission to describe custom domain names for a cluster * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeCustomDomainAssociations.html */ toDescribeCustomDomainAssociations(): this; /** * Grants permission to describe datashares created and consumed by your clusters * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDataShares.html */ toDescribeDataShares(): this; /** * Grants permission to describe only datashares consumed by your clusters * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDataSharesForConsumer.html */ toDescribeDataSharesForConsumer(): this; /** * Grants permission to describe only datashares created by your clusters * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDataSharesForProducer.html */ toDescribeDataSharesForProducer(): this; /** * Grants permission to describe parameter settings for a parameter group family * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeDefaultClusterParameters.html */ toDescribeDefaultClusterParameters(): this; /** * Grants permission to describe redshift-managed vpc endpoints * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEndpointAccess.html */ toDescribeEndpointAccess(): this; /** * Grants permission to authorize describe activity for redshift-managed vpc endpoint * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEndpointAuthorization.html */ toDescribeEndpointAuthorization(): this; /** * Grants permission to describe event categories for all event source types, or for a specified source type * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEventCategories.html */ toDescribeEventCategories(): this; /** * Grants permission to describe Amazon Redshift event notification subscriptions for the specified AWS account * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEventSubscriptions.html */ toDescribeEventSubscriptions(): this; /** * Grants permission to describe events related to clusters, security groups, snapshots, and parameter groups for the past 14 days * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeEvents.html */ toDescribeEvents(): this; /** * Grants permission to describe HSM client certificates * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeHsmClientCertificates.html */ toDescribeHsmClientCertificates(): this; /** * Grants permission to describe Amazon Redshift HSM configurations * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeHsmConfigurations.html */ toDescribeHsmConfigurations(): this; /** * Grants permission to list the inbound integrations * * Access Level: List * * Possible conditions: * - .ifInboundIntegrationArn() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeInboundIntegrations.html */ toDescribeInboundIntegrations(): this; /** * Grants permission to describe an Amazon Redshift zero-ETL integration * * Access Level: List * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeIntegrations.html */ toDescribeIntegrations(): this; /** * Grants permission to describe whether information, such as queries and connection attempts, is being logged for a cluster * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeLoggingStatus.html */ toDescribeLoggingStatus(): this; /** * Grants permission to describe properties of possible node configurations such as node type, number of nodes, and disk usage for the specified action type * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeNodeConfigurationOptions.html */ toDescribeNodeConfigurationOptions(): this; /** * Grants permission to describe orderable cluster options * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeOrderableClusterOptions.html */ toDescribeOrderableClusterOptions(): this; /** * Grants permission to retrieve information about the partner integrations defined for a cluster * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribePartners.html */ toDescribePartners(): this; /** * Grants permission to describe qev2 idc applications * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html */ toDescribeQev2IdcApplications(): this; /** * Grants permission to describe a query through the Amazon Redshift console * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toDescribeQuery(): this; /** * Grants permission to describe redshift idc applications * * Access Level: List * * Dependent actions: * - sso:GetApplicationGrant * - sso:ListApplicationAccessScopes * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeRedshiftIdcApplications.html */ toDescribeRedshiftIdcApplications(): this; /** * Grants permission to describe exchange status details and associated metadata for a reserved-node exchange. Statuses include such values as in progress and requested * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeReservedNodeExchangeStatus.html */ toDescribeReservedNodeExchangeStatus(): this; /** * Grants permission to describe available reserved node offerings by Amazon Redshift * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeReservedNodeOfferings.html */ toDescribeReservedNodeOfferings(): this; /** * Grants permission to describe the reserved nodes * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeReservedNodes.html */ toDescribeReservedNodes(): this; /** * Grants permission to describe the last resize operation for a cluster * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeResize.html */ toDescribeResize(): this; /** * Grants permission to describe saved queries through the Amazon Redshift console * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toDescribeSavedQueries(): this; /** * Grants permission to describe created Amazon Redshift scheduled actions * * Access Level: Read */ toDescribeScheduledActions(): this; /** * Grants permission to describe snapshot copy grants owned by the specified AWS account in the destination AWS Region * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeSnapshotCopyGrants.html */ toDescribeSnapshotCopyGrants(): this; /** * Grants permission to describe snapshot schedules * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeSnapshotSchedules.html */ toDescribeSnapshotSchedules(): this; /** * Grants permission to describe account level backups storage size and provisional storage * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeStorage.html */ toDescribeStorage(): this; /** * Grants permission to describe a table through the Amazon Redshift console * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toDescribeTable(): this; /** * Grants permission to describe status of one or more table restore requests made using the RestoreTableFromClusterSnapshot API action * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeTableRestoreStatus.html */ toDescribeTableRestoreStatus(): this; /** * Grants permission to describe tags * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeTags.html */ toDescribeTags(): this; /** * Grants permission to describe usage limits * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeUsageLimits.html */ toDescribeUsageLimits(): this; /** * Grants permission to disable logging information, such as queries and connection attempts, for a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DisableLogging.html */ toDisableLogging(): this; /** * Grants permission to disable the automatic copy of snapshots for a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DisableSnapshotCopy.html */ toDisableSnapshotCopy(): this; /** * Grants permission to disassociate a consumer from a datashare * * Access Level: Write * * Possible conditions: * - .ifConsumerArn() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_DisassociateDataShareConsumer.html */ toDisassociateDataShareConsumer(): this; /** * Grants permission to enable logging information, such as queries and connection attempts, for a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_EnableLogging.html */ toEnableLogging(): this; /** * Grants permission to enable the automatic copy of snapshots for a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_EnableSnapshotCopy.html */ toEnableSnapshotCopy(): this; /** * Grants permission to execute a query through the Amazon Redshift console * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toExecuteQuery(): this; /** * Grants permission to failover the primary compute of an Multi-AZ cluster to another AZ * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_FailoverPrimaryCompute.html */ toFailoverPrimaryCompute(): this; /** * Grants permission to fetch query results through the Amazon Redshift console * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toFetchResults(): this; /** * Grants permission to get temporary credentials to access an Amazon Redshift database by the specified AWS account * * Access Level: Write * * Possible conditions: * - .ifDbName() * - .ifDbUser() * - .ifDurationSeconds() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html */ toGetClusterCredentials(): this; /** * Grants permission to get enhanced temporary credentials to access an Amazon Redshift database by the specified AWS account * * Access Level: Write * * Possible conditions: * - .ifDbName() * - .ifDurationSeconds() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentialsWithIAM.html */ toGetClusterCredentialsWithIAM(): this; /** * Grants permission to get an authorized token for Identity Center users to access Redshift clusters * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/mgmt/identity-center-authentication.html */ toGetIdentityCenterAuthToken(): this; /** * Grants permission to get the configuration options for the reserved-node exchange * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetReservedNodeExchangeConfigurationOptions.html */ toGetReservedNodeExchangeConfigurationOptions(): this; /** * Grants permission to get an array of DC2 ReservedNodeOfferings that matches the payment type, term, and usage price of the given DC1 reserved node * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetReservedNodeExchangeOfferings.html */ toGetReservedNodeExchangeOfferings(): this; /** * Grants permission to get the resource policy for a specified resource * * Access Level: Read * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetResourcePolicy.html */ toGetResourcePolicy(): this; /** * Grants permission to join the specified Amazon Redshift group * * Access Level: Permissions management * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html */ toJoinGroup(): this; /** * Grants permission to list databases through the Amazon Redshift console * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toListDatabases(): this; /** * Grants permission to list Advisor recommendations * * Access Level: List */ toListRecommendations(): this; /** * Grants permission to list saved queries through the Amazon Redshift console * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toListSavedQueries(): this; /** * Grants permission to list schemas through the Amazon Redshift console * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toListSchemas(): this; /** * Grants permission to list tables through the Amazon Redshift console * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toListTables(): this; /** * Grants permission to modify the AQUA configuration of a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyAquaConfiguration.html */ toModifyAquaConfiguration(): this; /** * Grants permission to modify an existing Amazon Redshift authentication profile * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyAuthenticationProfile.html */ toModifyAuthenticationProfile(): this; /** * Grants permission to add or remove resources from the global autonomics denylist for a specified cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/dg/t_Manage_workload_exclusion.html */ toModifyAutonomicsDenylist(): this; /** * Grants permission to modify the settings of a cluster * * Access Level: Write * * Dependent actions: * - acm:DescribeCertificate * - kms:CreateGrant * - kms:Decrypt * - kms:DescribeKey * - kms:GenerateDataKey * - kms:RetireGrant * - secretsmanager:CreateSecret * - secretsmanager:DeleteSecret * - secretsmanager:DescribeSecret * - secretsmanager:GetRandomPassword * - secretsmanager:RotateSecret * - secretsmanager:TagResource * - secretsmanager:UpdateSecret * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyCluster.html */ toModifyCluster(): this; /** * Grants permission to modify the database revision of a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterDbRevision.html */ toModifyClusterDbRevision(): this; /** * Grants permission to modify the list of AWS Identity and Access Management (IAM) roles that can be used by a cluster to access other AWS services * * Access Level: Permissions management * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterIamRoles.html */ toModifyClusterIamRoles(): this; /** * Grants permission to modify the maintenance settings of a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterMaintenance.html */ toModifyClusterMaintenance(): this; /** * Grants permission to modify the parameters of a parameter group * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterParameterGroup.html */ toModifyClusterParameterGroup(): this; /** * Grants permission to modify the settings of a snapshot * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterSnapshot.html */ toModifyClusterSnapshot(): this; /** * Grants permission to modify a snapshot schedule for a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterSnapshotSchedule.html */ toModifyClusterSnapshotSchedule(): this; /** * Grants permission to modify a cluster subnet group to include the specified list of VPC subnets * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyClusterSubnetGroup.html */ toModifyClusterSubnetGroup(): this; /** * Grants permission to modify a custom domain name for a cluster * * Access Level: Write * * Dependent actions: * - acm:DescribeCertificate * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyCustomDomainAssociation.html */ toModifyCustomDomainAssociation(): this; /** * Grants permission to modify a redshift-managed vpc endpoint * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyEndpointAccess.html */ toModifyEndpointAccess(): this; /** * Grants permission to modify an existing Amazon Redshift event notification subscription * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyEventSubscription.html */ toModifyEventSubscription(): this; /** * Grants permission to modify an Amazon Redshift zero-ETL integration * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyIntegration.html */ toModifyIntegration(): this; /** * Grants permission to modify a qev2 idc application * * Access Level: Write * * Dependent actions: * - sso:UpdateApplication * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html */ toModifyQev2IdcApplication(): this; /** * Grants permission to modify a redshift idc application * * Access Level: Write * * Dependent actions: * - sso:DeleteApplicationAccessScope * - sso:DeleteApplicationGrant * - sso:GetApplicationGrant * - sso:ListApplicationAccessScopes * - sso:PutApplicationAccessScope * - sso:PutApplicationGrant * - sso:UpdateApplication * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyRedshiftIdcApplication.html */ toModifyRedshiftIdcApplication(): this; /** * Grants permission to modify an existing saved query through the Amazon Redshift console * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toModifySavedQuery(): this; /** * Grants permission to modify an existing Amazon Redshift scheduled action * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyScheduledAction.html */ toModifyScheduledAction(): this; /** * Grants permission to modify the number of days to retain snapshots in the destination AWS Region after they are copied from the source AWS Region * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifySnapshotCopyRetentionPeriod.html */ toModifySnapshotCopyRetentionPeriod(): this; /** * Grants permission to modify a snapshot schedule * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifySnapshotSchedule.html */ toModifySnapshotSchedule(): this; /** * Grants permission to modify a usage limit * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyUsageLimit.html */ toModifyUsageLimit(): this; /** * Grants permission to pause a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_PauseCluster.html */ toPauseCluster(): this; /** * Grants permission to purchase a reserved node * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_PurchaseReservedNodeOffering.html */ toPurchaseReservedNodeOffering(): this; /** * Grants permission to update the resource policy for a specified resource * * Access Level: Permissions management * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_PutResourcePolicy.html */ toPutResourcePolicy(): this; /** * Grants permission to reboot a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_RebootCluster.html */ toRebootCluster(): this; /** * Grants permission to register the specified namespace to a consumer * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_RegisterNamespace.html */ toRegisterNamespace(): this; /** * Grants permission to decline a datashare shared from another account * * Access Level: Permissions management * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_RejectDataShare.html */ toRejectDataShare(): this; /** * Grants permission to set one or more parameters of a parameter group to their default values and set the source values of the parameters to "engine-default" * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ResetClusterParameterGroup.html */ toResetClusterParameterGroup(): this; /** * Grants permission to change the size of a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ResizeCluster.html */ toResizeCluster(): this; /** * Grants permission to create a cluster from a snapshot * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * * Dependent actions: * - kms:CreateGrant * - kms:Decrypt * - kms:DescribeKey * - kms:GenerateDataKey * - kms:RetireGrant * - secretsmanager:CreateSecret * - secretsmanager:DeleteSecret * - secretsmanager:DescribeSecret * - secretsmanager:GetRandomPassword * - secretsmanager:RotateSecret * - secretsmanager:TagResource * - secretsmanager:UpdateSecret * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_RestoreFromClusterSnapshot.html */ toRestoreFromClusterSnapshot(): this; /** * Grants permission to create a table from a table in an Amazon Redshift cluster snapshot * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_RestoreTableFromClusterSnapshot.html */ toRestoreTableFromClusterSnapshot(): this; /** * Grants permission to resume a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_ResumeCluster.html */ toResumeCluster(): this; /** * Grants permission to revoke an ingress rule in an Amazon Redshift security group for a previously authorized IP range or Amazon EC2 security group * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_RevokeClusterSecurityGroupIngress.html */ toRevokeClusterSecurityGroupIngress(): this; /** * Grants permission to revoke access for endpoint related activities for redshift-managed vpc endpoint * * Access Level: Permissions management * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_RevokeEndpointAccess.html */ toRevokeEndpointAccess(): this; /** * Grants permission to revoke access from the specified AWS account to restore a snapshot * * Access Level: Permissions management * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_RevokeSnapshotAccess.html */ toRevokeSnapshotAccess(): this; /** * Grants permission to rotate an encryption key for a cluster * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_RotateEncryptionKey.html */ toRotateEncryptionKey(): this; /** * Grants permission to update the status of a partner integration * * Access Level: Write * * https://docs.aws.amazon.com/redshift/latest/APIReference/API_UpdatePartnerStatus.html */ toUpdatePartnerStatus(): this; /** * Grants permission to view query results through the Amazon Redshift console * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toViewQueriesFromConsole(): this; /** * Grants permission to terminate running queries and loads through the Amazon Redshift console * * Access Level: List * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-policy-resources.resource-permissions.html */ toViewQueriesInConsole(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type cluster to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html * * @param clusterName - Identifier for the clusterName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCluster(clusterName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type datashare to the statement * * https://docs.aws.amazon.com/redshift/latest/dg/datashare-overview.html * * @param producerClusterNamespace - Identifier for the producerClusterNamespace. * @param dataShareName - Identifier for the dataShareName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDatashare(producerClusterNamespace: string, dataShareName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type dbgroup to the statement * * https://docs.aws.amazon.com/redshift/latest/dg/r_CREATE_GROUP.html * * @param clusterName - Identifier for the clusterName. * @param dbGroup - Identifier for the dbGroup. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onDbgroup(clusterName: string, dbGroup: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type dbname to the statement * * https://docs.aws.amazon.com/redshift/latest/dg/t_creating_database.html * * @param clusterName - Identifier for the clusterName. * @param dbName - Identifier for the dbName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onDbname(clusterName: string, dbName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type dbuser to the statement * * https://docs.aws.amazon.com/redshift/latest/dg/r_Users.html * * @param clusterName - Identifier for the clusterName. * @param dbUser - Identifier for the dbUser. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onDbuser(clusterName: string, dbUser: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type eventsubscription to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-events.html * * @param eventSubscriptionName - Identifier for the eventSubscriptionName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onEventsubscription(eventSubscriptionName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type hsmclientcertificate to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html#working-with-HSM * * @param hSMClientCertificateId - Identifier for the hSMClientCertificateId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onHsmclientcertificate(hSMClientCertificateId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type hsmconfiguration to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html#working-with-HSM * * @param hSMConfigurationId - Identifier for the hSMConfigurationId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onHsmconfiguration(hSMConfigurationId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type integration to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/zero-etl-using.html * * @param integrationIdentifier - Identifier for the integrationIdentifier. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onIntegration(integrationIdentifier: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type namespace to the statement * * https://docs.aws.amazon.com/redshift/latest/dg/concepts.html * * @param clusterNamespace - Identifier for the clusterNamespace. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onNamespace(clusterNamespace: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type parametergroup to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-parameter-groups.html * * @param parameterGroupName - Identifier for the parameterGroupName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onParametergroup(parameterGroupName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type securitygroup to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-security-groups.html * * @param securityGroupName - Identifier for the securityGroupName. * @param owner - Identifier for the owner. * @param ec2SecurityGroupId - Identifier for the ec2SecurityGroupId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSecuritygroup(securityGroupName: string, owner: string, ec2SecurityGroupId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type securitygroupingress-cidr to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-security-groups.html * * @param securityGroupName - Identifier for the securityGroupName. * @param ipRange - Identifier for the ipRange. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSecuritygroupingressCidr(securityGroupName: string, ipRange: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type securitygroupingress-ec2securitygroup to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-security-groups.html * * @param securityGroupName - Identifier for the securityGroupName. * @param owner - Identifier for the owner. * @param ece2SecuritygroupId - Identifier for the ece2SecuritygroupId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSecuritygroupingressEc2securitygroup(securityGroupName: string, owner: string, ece2SecuritygroupId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type snapshot to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-snapshots.html * * @param clusterName - Identifier for the clusterName. * @param snapshotName - Identifier for the snapshotName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSnapshot(clusterName: string, snapshotName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type snapshotcopygrant to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html#configure-snapshot-copy-grant * * @param snapshotCopyGrantName - Identifier for the snapshotCopyGrantName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSnapshotcopygrant(snapshotCopyGrantName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type snapshotschedule to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-snapshots.html * * @param scheduleIdentifier - Identifier for the scheduleIdentifier. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSnapshotschedule(scheduleIdentifier: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type subnetgroup to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-cluster-subnet-groups.html * * @param subnetGroupName - Identifier for the subnetGroupName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSubnetgroup(subnetGroupName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type usagelimit to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/managing-cluster-usage-limits.html * * @param usageLimitId - Identifier for the usageLimitId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onUsagelimit(usageLimitId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type redshiftidcapplication to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html * * @param redshiftIdcApplicationId - Identifier for the redshiftIdcApplicationId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onRedshiftidcapplication(redshiftIdcApplicationId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type qev2idcapplication to the statement * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html * * @param qev2IdcApplicationId - Identifier for the qev2IdcApplicationId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onQev2idcapplication(qev2IdcApplicationId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by actions based on the allowed set of values for each of the tags * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions * * Applies to actions: * - .toCopyClusterSnapshot() * - .toCreateCluster() * - .toCreateClusterParameterGroup() * - .toCreateClusterSecurityGroup() * - .toCreateClusterSnapshot() * - .toCreateClusterSubnetGroup() * - .toCreateEventSubscription() * - .toCreateHsmClientCertificate() * - .toCreateHsmConfiguration() * - .toCreateIntegration() * - .toCreateSnapshotCopyGrant() * - .toCreateSnapshotSchedule() * - .toCreateTags() * - .toCreateUsageLimit() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by actions based on tag-value associated with the resource * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions * * Applies to actions: * - .toDeleteIntegration() * - .toDescribeIntegrations() * - .toModifyIntegration() * * Applies to resource types: * - cluster * - datashare * - eventsubscription * - hsmclientcertificate * - hsmconfiguration * - integration * - parametergroup * - securitygroup * - securitygroupingress-cidr * - securitygroupingress-ec2securitygroup * - snapshot * - snapshotcopygrant * - snapshotschedule * - subnetgroup * - usagelimit * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by actions based on the presence of mandatory tags in the request * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions * * Applies to actions: * - .toCopyClusterSnapshot() * - .toCreateCluster() * - .toCreateClusterParameterGroup() * - .toCreateClusterSecurityGroup() * - .toCreateClusterSnapshot() * - .toCreateClusterSubnetGroup() * - .toCreateEventSubscription() * - .toCreateHsmClientCertificate() * - .toCreateHsmConfiguration() * - .toCreateIntegration() * - .toCreateSnapshotCopyGrant() * - .toCreateSnapshotSchedule() * - .toCreateTags() * - .toCreateUsageLimit() * - .toDeleteTags() * - .toRestoreFromClusterSnapshot() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by the allowWrites input parameter * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions * * Applies to actions: * - .toAssociateDataShareConsumer() * - .toAuthorizeDataShare() * * @param value `true` or `false`. **Default:** `true` */ ifAllowWrites(value?: boolean): this; /** * Filters access by the datashare consumer arn * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions * * Applies to actions: * - .toAssociateDataShareConsumer() * - .toDisassociateDataShareConsumer() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifConsumerArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by the datashare consumer * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions * * Applies to actions: * - .toAuthorizeDataShare() * - .toDeauthorizeDataShare() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifConsumerIdentifier(value: string | string[], operator?: Operator | string): this; /** * Filters access by the database name * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions * * Applies to actions: * - .toGetClusterCredentials() * - .toGetClusterCredentialsWithIAM() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifDbName(value: string | string[], operator?: Operator | string): this; /** * Filters access by the database user name * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions * * Applies to actions: * - .toCreateClusterUser() * - .toGetClusterCredentials() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifDbUser(value: string | string[], operator?: Operator | string): this; /** * Filters access by the number of seconds until a temporary credential set expires * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions * * Applies to actions: * - .toGetClusterCredentials() * - .toGetClusterCredentialsWithIAM() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifDurationSeconds(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ARN of an inbound zero-ETL Integration resource * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions * * Applies to actions: * - .toDescribeInboundIntegrations() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifInboundIntegrationArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ARN of a zero-ETL Integration source * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions * * Applies to actions: * - .toCreateIntegration() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifIntegrationSourceArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ARN of a zero-ETL Integration target * * https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-overview.html#redshift-policy-resources.conditions * * Applies to actions: * - .toCreateIntegration() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifIntegrationTargetArn(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [redshift](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonredshift.html). * */ constructor(props?: iam.PolicyStatementProps); }