import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [route53globalresolver](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsroute53globalresolver.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Route53globalresolver extends PolicyStatement { servicePrefix: string; /** * Grants permission to deliver logs for a global resolver * * Access Level: Permissions management */ toAllowVendedLogDeliveryForResource(): this; /** * Grants permission to associate a resource to a hosted zone * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_AssociateHostedZone */ toAssociateHostedZone(): this; /** * Grants permission to create multiple firewall rules * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_BatchCreateFirewallRule */ toBatchCreateFirewallRule(): this; /** * Grants permission to delete multiple firewall rules * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_BatchDeleteFirewallRule */ toBatchDeleteFirewallRule(): this; /** * Grants permission to update multiple firewall rules * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_BatchUpdateFirewallRule */ toBatchUpdateFirewallRule(): this; /** * Grants permission to create an access source * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_CreateAccessSource */ toCreateAccessSource(): this; /** * Grants permission to create an access token * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_CreateAccessToken */ toCreateAccessToken(): this; /** * Grants permission to create a dns view * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_CreateDNSView */ toCreateDNSView(): this; /** * Grants permission to create a firewall domain list * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_CreateFirewallDomainList */ toCreateFirewallDomainList(): this; /** * Grants permission to create a firewall rule * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_CreateFirewallRule */ toCreateFirewallRule(): this; /** * Grants permission to create a global resolver * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_CreateGlobalResolver */ toCreateGlobalResolver(): this; /** * Grants permission to delete an access source * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DeleteAccessSource */ toDeleteAccessSource(): this; /** * Grants permission to delete an access token * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DeleteAccessToken */ toDeleteAccessToken(): this; /** * Grants permission to delete a dns view * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DeleteDNSView */ toDeleteDNSView(): this; /** * Grants permission to delete a firewall domain list * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DeleteFirewallDomainList */ toDeleteFirewallDomainList(): this; /** * Grants permission to delete a firewall rule * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DeleteFirewallRule */ toDeleteFirewallRule(): this; /** * Grants permission to delete a global resolver * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DeleteGlobalResolver */ toDeleteGlobalResolver(): this; /** * Grants permission to disable a dns view * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DisableDNSView */ toDisableDNSView(): this; /** * Grants permission to disassociate a hosted zone from a resource * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DisassociateHostedZone */ toDisassociateHostedZone(): this; /** * Grants permission to enable a dns view * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_EnableDNSView */ toEnableDNSView(): this; /** * Grants permission to get an access source * * Access Level: Read * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetAccessSource */ toGetAccessSource(): this; /** * Grants permission to get an access token * * Access Level: Read * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetAccessToken */ toGetAccessToken(): this; /** * Grants permission to get a dns view * * Access Level: Read * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetDNSView */ toGetDNSView(): this; /** * Grants permission to get a firewall domain list * * Access Level: Read * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetFirewallDomainList */ toGetFirewallDomainList(): this; /** * Grants permission to get a firewall rule * * Access Level: Read * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetFirewallRule */ toGetFirewallRule(): this; /** * Grants permission to get a global resolver * * Access Level: Read * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetGlobalResolver */ toGetGlobalResolver(): this; /** * Grants permission to get a hosted zone association * * Access Level: Read * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetHostedZoneAssociation */ toGetHostedZoneAssociation(): this; /** * Grants permission to get a managed firewall domain list * * Access Level: Read * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GetManagedFirewallDomainList */ toGetManagedFirewallDomainList(): this; /** * Grants permission to import firewall domains from an S3 bucket * * Access Level: Write * * Dependent actions: * - s3:GetObject * - s3:ListBucket * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ImportFirewallDomains */ toImportFirewallDomains(): this; /** * Grants permission to list access sources * * Access Level: List * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListAccessSources */ toListAccessSources(): this; /** * Grants permission to list access tokens * * Access Level: List * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListAccessTokens */ toListAccessTokens(): this; /** * Grants permission to list dns views * * Access Level: List * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListDNSViews */ toListDNSViews(): this; /** * Grants permission to list firewall domain lists * * Access Level: List * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListFirewallDomainLists */ toListFirewallDomainLists(): this; /** * Grants permission to list firewall domains * * Access Level: Read * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListFirewallDomains */ toListFirewallDomains(): this; /** * Grants permission to list firewall rules * * Access Level: List * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListFirewallRules */ toListFirewallRules(): this; /** * Grants permission to list global resolvers * * Access Level: List * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListGlobalResolvers */ toListGlobalResolvers(): this; /** * Grants permission to list hosted zone associations * * Access Level: List * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListHostedZoneAssociations */ toListHostedZoneAssociations(): this; /** * Grants permission to list managed firewall domain lists * * Access Level: List * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListManagedFirewallDomainLists */ toListManagedFirewallDomainLists(): this; /** * Grants permission to list tags for a resource * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_ListTagsForResource */ toListTagsForResource(): this; /** * Grants permission to tag a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_TagResource */ toTagResource(): this; /** * Grants permission to untag a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UntagResource */ toUntagResource(): this; /** * Grants permission to update an access source * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateAccessSource */ toUpdateAccessSource(): this; /** * Grants permission to update an access token * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateAccessToken */ toUpdateAccessToken(): this; /** * Grants permission to update a dns view * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateDNSView */ toUpdateDNSView(): this; /** * Grants permission to update firewall domains * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateFirewallDomains */ toUpdateFirewallDomains(): this; /** * Grants permission to update an firewall rule * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateFirewallRule */ toUpdateFirewallRule(): this; /** * Grants permission to update a global resolver * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateGlobalResolver */ toUpdateGlobalResolver(): this; /** * Grants permission to update a hosted zone association * * Access Level: Write * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_UpdateHostedZoneAssociation */ toUpdateHostedZoneAssociation(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type access-source to the statement * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_AccessSource.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAccessSource(id: string, account?: string, partition?: string): this; /** * Adds a resource of type access-token to the statement * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_AccessToken.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAccessToken(id: string, account?: string, partition?: string): this; /** * Adds a resource of type dns-view to the statement * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_DNSView.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDnsView(id: string, account?: string, partition?: string): this; /** * Adds a resource of type firewall-domain-list to the statement * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_FirewallDomainList.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFirewallDomainList(id: string, account?: string, partition?: string): this; /** * Adds a resource of type global-resolver to the statement * * https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53globalresolver_GlobalResolver.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onGlobalResolver(id: string, account?: string, partition?: string): this; /** * Filters access by a tag key and value pair that is allowed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateAccessSource() * - .toCreateAccessToken() * - .toCreateDNSView() * - .toCreateFirewallDomainList() * - .toCreateGlobalResolver() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by a tag key and value pair of a resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to actions: * - .toAllowVendedLogDeliveryForResource() * * Applies to resource types: * - access-source * - access-token * - dns-view * - firewall-domain-list * - global-resolver * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by a list of tag keys that are allowed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateAccessSource() * - .toCreateAccessToken() * - .toCreateDNSView() * - .toCreateFirewallDomainList() * - .toCreateGlobalResolver() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [route53globalresolver](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsroute53globalresolver.html). * */ constructor(props?: iam.PolicyStatementProps); }