import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [securityagent](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityagent.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Securityagent extends PolicyStatement { servicePrefix: string; /** * Grants permission to add an Artifact for the given Agent Space * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_AddArtifact.html */ toAddArtifact(): this; /** * Grants permission to delete multiple code reviews in a single request * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchDeleteCodeReviews.html */ toBatchDeleteCodeReviews(): this; /** * Grants permission to delete multiple penetration tests in a single request * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchDeletePentests.html */ toBatchDeletePentests(): this; /** * Grants permission to delete multiple threat models in a single request * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchDeleteThreatModels.html */ toBatchDeleteThreatModels(): this; /** * Grants permission to delete multiple threats * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchDeleteThreats.html */ toBatchDeleteThreats(): this; /** * Grants permission to retrieve multiple agent spaces in a single request * * Access Level: Read * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchGetAgentSpaces.html */ toBatchGetAgentSpaces(): this; /** * Grants permission to retrieve one or more Artifact Metadata records for the given Agent Space * * Access Level: Read * * https://docs.aws.amazon.com/securityagent/API_BatchGetArtifactMetadata.html */ toBatchGetArtifactMetadata(): this; /** * Grants permission to retrieve multiple code review job tasks in a single request * * Access Level: Read * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchGetCodeReviewJobTasks.html */ toBatchGetCodeReviewJobTasks(): this; /** * Grants permission to retrieve multiple code review jobs in a single request * * Access Level: Read * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchGetCodeReviewJobs.html */ toBatchGetCodeReviewJobs(): this; /** * Grants permission to retrieve multiple code reviews in a single request * * Access Level: Read * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchGetCodeReviews.html */ toBatchGetCodeReviews(): this; /** * Grants permission to retrieve multiple security testing findings in a single request * * Access Level: Read * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchGetFindings.html */ toBatchGetFindings(): this; /** * Grants permission to retrieve multiple pentest job contents metadata in a single request * * Access Level: Read * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchGetPentestJobContentMetadata.html */ toBatchGetPentestJobContentMetadata(): this; /** * Grants permission to retrieve multiple pentest job tasks in a single request * * Access Level: Read * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchGetPentestJobTasks.html */ toBatchGetPentestJobTasks(): this; /** * Grants permission to retrieve multiple security testing jobs in a single request * * Access Level: Read * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchGetPentestJobs.html */ toBatchGetPentestJobs(): this; /** * Grants permission to retrieve multiple penetration tests in a single request * * Access Level: Read * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchGetPentests.html */ toBatchGetPentests(): this; /** * Grants permission to retrieve multiple target domains in a single request * * Access Level: Read * * https://docs.aws.amazon.com/securityagent/API_BatchGetTargetDomains.html */ toBatchGetTargetDomains(): this; /** * Grants permission to retrieve multiple tasks for a threat model job in a single request * * Access Level: Read * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchGetThreatModelJobTasks.html */ toBatchGetThreatModelJobTasks(): this; /** * Grants permission to retrieve details for one or more threat model jobs * * Access Level: Read * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchGetThreatModelJobs.html */ toBatchGetThreatModelJobs(): this; /** * Grants permission to retrieve multiple threat models in a single request * * Access Level: Read * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchGetThreatModels.html */ toBatchGetThreatModels(): this; /** * Grants permission to retrieve details for one or more threats * * Access Level: Read * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_BatchGetThreats.html */ toBatchGetThreats(): this; /** * Grants permission to create an agent space record * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - kms:Decrypt * - kms:DescribeKey * - kms:GenerateDataKeyWithoutPlaintext * * https://docs.aws.amazon.com/securityagent/API_CreateAgentSpace.html */ toCreateAgentSpace(): this; /** * Grants permission to create a new application * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:PassRole * - kms:DescribeKey * - sso:CreateApplication * * https://docs.aws.amazon.com/securityagent/API_CreateApplication.html */ toCreateApplication(): this; /** * Grants permission to create a new code review configuration * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_CreateCodeReview.html */ toCreateCodeReview(): this; /** * Grants permission to create a design review * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_CreateDesignReview.html */ toCreateDesignReview(): this; /** * Grants permission to create a security testing integration * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/securityagent/API_CreateIntegration.html */ toCreateIntegration(): this; /** * Grants permission to add a single member to a agent space with specified role * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_CreateMembership.html */ toCreateMembership(): this; /** * Grants permission to create a one time login session * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_CreateOneTimeLoginSession.html */ toCreateOneTimeLoginSession(): this; /** * Grants permission to create a new penetration test configuration * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_CreatePentest.html */ toCreatePentest(): this; /** * Grants permission to add a customer managed Security Requirement * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_CreateSecurityRequirement.html */ toCreateSecurityRequirement(): this; /** * Grants permission to create a target domain record * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_CreateTargetDomain.html */ toCreateTargetDomain(): this; /** * Grants permission to create a threat in a threat model * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_CreateThreat.html */ toCreateThreat(): this; /** * Grants permission to create a new threat model configuration * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_CreateThreatModel.html */ toCreateThreatModel(): this; /** * Grants permission to delete an agent space record * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_DeleteAgentSpace.html */ toDeleteAgentSpace(): this; /** * Grants permission to delete application * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_DeleteApplication.html */ toDeleteApplication(): this; /** * Grants permission to delete an Artifact * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_DeleteArtifact.html */ toDeleteArtifact(): this; /** * Grants permission to delete a design review * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_DeleteDesignReview.html */ toDeleteDesignReview(): this; /** * Grants permission to delete the integration of an application * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_DeleteIntegration.html */ toDeleteIntegration(): this; /** * Grants permission to remove a single member associated to an agent space * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_DeleteMembership.html */ toDeleteMembership(): this; /** * Grants permission to delete a customer managed Security Requirement * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_DeleteSecurityRequirement.html */ toDeleteSecurityRequirement(): this; /** * Grants permission to delete a target domain record * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_DeleteTargetDomain.html */ toDeleteTargetDomain(): this; /** * Grants permission to get application details by application ID * * Access Level: Read * * https://docs.aws.amazon.com/securityagent/API_GetApplication.html */ toGetApplication(): this; /** * Grants permission to retrieve an Artifact for the given Agent Space * * Access Level: Read * * https://docs.aws.amazon.com/securityagent/API_GetArtifact.html */ toGetArtifact(): this; /** * Grants permission to get the status of the associated agent space design review * * Access Level: Read * * https://docs.aws.amazon.com/securityagent/API_GetDesignReview.html */ toGetDesignReview(): this; /** * Grants permission to get design review artifact for a specific document * * Access Level: Read * * https://docs.aws.amazon.com/securityagent/API_GetDesignReviewArtifact.html */ toGetDesignReviewArtifact(): this; /** * Grants permission to get feedback for a design review comment * * Access Level: Read * * https://docs.aws.amazon.com/securityagent/API_GetDesignReviewFeedback.html */ toGetDesignReviewFeedback(): this; /** * Grants permission to get the integration metadata by ID * * Access Level: Read * * https://docs.aws.amazon.com/securityagent/API_GetIntegration.html */ toGetIntegration(): this; /** * Grants permission to retrieve a Security Requirement * * Access Level: Read * * https://docs.aws.amazon.com/securityagent/API_GetSecurityRequirement.html */ toGetSecurityRequirement(): this; /** * Grants permission to initiate the registration of Security Agent App for the given provider (eg: GitHub) * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_InitiateProviderRegistration.html */ toInitiateProviderRegistration(): this; /** * Grants permission to list agent spaces * * Access Level: List * * https://docs.aws.amazon.com/securityagent/API_ListAgentSpaces.html */ toListAgentSpaces(): this; /** * Grants permission to list all applications in the account * * Access Level: List * * https://docs.aws.amazon.com/securityagent/API_ListApplications.html */ toListApplications(): this; /** * Grants permission to list all artifacts for the given agent space * * Access Level: List * * https://docs.aws.amazon.com/securityagent/API_ListArtifacts.html */ toListArtifacts(): this; /** * Grants permission to list tasks associated with a code review job * * Access Level: List * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_ListCodeReviewJobTasks.html */ toListCodeReviewJobTasks(): this; /** * Grants permission to list code review jobs associated with a code review * * Access Level: List * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_ListCodeReviewJobsForCodeReview.html */ toListCodeReviewJobsForCodeReview(): this; /** * Grants permission to list code reviews with optional filtering by status * * Access Level: List * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_ListCodeReviews.html */ toListCodeReviews(): this; /** * Grants permission to list design review comments * * Access Level: List * * https://docs.aws.amazon.com/securityagent/API_ListDesignReviewComments.html */ toListDesignReviewComments(): this; /** * Grants permission to list all design reviews for the given agent space * * Access Level: List * * https://docs.aws.amazon.com/securityagent/API_ListDesignReviews.html */ toListDesignReviews(): this; /** * Grants permission to list discovered endpoints associated with a pentest job with optional URI prefix filtering * * Access Level: List * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_ListDiscoveredEndpoints.html */ toListDiscoveredEndpoints(): this; /** * Grants permission to list findings with filtering and pagination support * * Access Level: List * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_ListFindings.html */ toListFindings(): this; /** * Grants permission to list integrated resources for an agent space * * Access Level: List * * https://docs.aws.amazon.com/securityagent/API_ListIntegratedResources.html */ toListIntegratedResources(): this; /** * Grants permission to get the integrations owned by the caller's AWS account * * Access Level: List * * https://docs.aws.amazon.com/securityagent/API_ListIntegrations.html */ toListIntegrations(): this; /** * Grants permission to list all members associated to an agent space with pagination support * * Access Level: List * * https://docs.aws.amazon.com/securityagent/API_ListMemberships.html */ toListMemberships(): this; /** * Grants permission to list pentest job tasks associated with a pentest job * * Access Level: List * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_ListPentestJobTasks.html */ toListPentestJobTasks(): this; /** * Grants permission to list penetration test jobs associated with a penetration test * * Access Level: List * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_ListPentestJobsForPentest.html */ toListPentestJobsForPentest(): this; /** * Grants permission to list penetration tests with optional filtering by status * * Access Level: List * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_ListPentests.html */ toListPentests(): this; /** * Grants permission to list resources from Integration * * Access Level: List * * https://docs.aws.amazon.com/securityagent/API_ListResourcesFromIntegration.html */ toListResourcesFromIntegration(): this; /** * Grants permission to list all Security Requirements * * Access Level: List * * https://docs.aws.amazon.com/securityagent/API_ListSecurityRequirements.html */ toListSecurityRequirements(): this; /** * Grants permission to list the tags for a resource * * Access Level: Read * * https://docs.aws.amazon.com/securityagent/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to list target domains * * Access Level: List * * https://docs.aws.amazon.com/securityagent/API_ListTargetDomains.html */ toListTargetDomains(): this; /** * Grants permission to list tasks associated with a specific threat model job * * Access Level: List * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_ListThreatModelJobTasks.html */ toListThreatModelJobTasks(): this; /** * Grants permission to list threat model jobs for a threat model * * Access Level: List * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_ListThreatModelJobs.html */ toListThreatModelJobs(): this; /** * Grants permission to list threat models for an agent space * * Access Level: List * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_ListThreatModels.html */ toListThreatModels(): this; /** * Grants permission to list threats for a threat model job with filtering and pagination support * * Access Level: List * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_ListThreats.html */ toListThreats(): this; /** * Grants permission to submit feedback for a design review comment * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_PutDesignReviewFeedback.html */ toPutDesignReviewFeedback(): this; /** * Grants permission to start code remediation for the findings * * Access Level: Write * * Dependent actions: * - kms:Decrypt * - kms:GenerateDataKey * * https://docs.aws.amazon.com/securityagent/API_StartCodeRemediation.html */ toStartCodeRemediation(): this; /** * Grants permission to initiate the execution of a code review * * Access Level: Write * * Dependent actions: * - kms:Decrypt * - kms:GenerateDataKey * * https://docs.aws.amazon.com/securityagent/API_StartCodeReviewJob.html */ toStartCodeReviewJob(): this; /** * Grants permission to initiate the execution of a penetration test * * Access Level: Write * * Dependent actions: * - kms:Decrypt * - kms:GenerateDataKey * * https://docs.aws.amazon.com/securityagent/API_StartPentestJob.html */ toStartPentestJob(): this; /** * Grants permission to initiate the execution of a threat model job * * Access Level: Write * * Dependent actions: * - kms:Decrypt * - kms:GenerateDataKey * * https://docs.aws.amazon.com/securityagent/API_StartThreatModelJob.html */ toStartThreatModelJob(): this; /** * Grants permission to stop the execution of a running code review * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_StopCodeReviewJob.html */ toStopCodeReviewJob(): this; /** * Grants permission to stop the execution of a running penetration test * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_StopPentestJob.html */ toStopPentestJob(): this; /** * Grants permission to stop a running threat model job * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_StopThreatModelJob.html */ toStopThreatModelJob(): this; /** * Grants permission to add tags to a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/securityagent/API_TagResource.html */ toTagResource(): this; /** * Grants permission to toggle the status of a managed Security Requirement * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_ToggleManagedSecurityRequirement.html */ toToggleManagedSecurityRequirement(): this; /** * Grants permission to remove tags from a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/securityagent/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update an agent space record * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_UpdateAgentSpace.html */ toUpdateAgentSpace(): this; /** * Grants permission to update application configuration * * Access Level: Write * * Dependent actions: * - iam:PassRole * - kms:DescribeKey * * https://docs.aws.amazon.com/securityagent/API_UpdateApplication.html */ toUpdateApplication(): this; /** * Grants permission to update an existing code review with new configuration or settings * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_UpdateCodeReview.html */ toUpdateCodeReview(): this; /** * Grants permission to update an existing security finding with new details or status * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_UpdateFinding.html */ toUpdateFinding(): this; /** * Grants permission to update integrated resources for an agent space * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_UpdateIntegratedResources.html */ toUpdateIntegratedResources(): this; /** * Grants permission to update an existing penetration test with new configuration or settings * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_UpdatePentest.html */ toUpdatePentest(): this; /** * Grants permission to update a customer managed Security Requirement * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_UpdateSecurityRequirement.html */ toUpdateSecurityRequirement(): this; /** * Grants permission to update a target domain record * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_UpdateTargetDomain.html */ toUpdateTargetDomain(): this; /** * Grants permission to update a threat * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_UpdateThreat.html */ toUpdateThreat(): this; /** * Grants permission to update an existing threat model with new configuration * * Access Level: Write * * Dependent actions: * - kms:Decrypt * * https://docs.aws.amazon.com/securityagent/API_UpdateThreatModel.html */ toUpdateThreatModel(): this; /** * Grants permission to verify ownership for a registered target domain * * Access Level: Write * * https://docs.aws.amazon.com/securityagent/API_VerifyTargetDomain.html */ toVerifyTargetDomain(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type Application to the statement * * https://docs.aws.amazon.com/securityagent/latest/userguide/auth-and-access-control-iam-access-control-identity-based.html#arn-formats * * @param applicationId - Identifier for the applicationId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onApplication(applicationId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type SecurityRequirementPack to the statement * * https://docs.aws.amazon.com/securityagent/latest/userguide/auth-and-access-control-iam-access-control-identity-based.html#arn-formats * * @param securityRequirementPackId - Identifier for the securityRequirementPackId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSecurityRequirementPack(securityRequirementPackId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type Integration to the statement * * https://docs.aws.amazon.com/securityagent/latest/userguide/auth-and-access-control-iam-access-control-identity-based.html#arn-formats * * @param integrationId - Identifier for the integrationId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onIntegration(integrationId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type AgentSpace to the statement * * https://docs.aws.amazon.com/securityagent/latest/userguide/auth-and-access-control-iam-access-control-identity-based.html#arn-formats * * @param agentId - Identifier for the agentId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAgentSpace(agentId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type TargetDomain to the statement * * https://docs.aws.amazon.com/securityagent/latest/userguide/auth-and-access-control-iam-access-control-identity-based.html#arn-formats * * @param targetDomainId - Identifier for the targetDomainId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onTargetDomain(targetDomainId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the tags that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateAgentSpace() * - .toCreateApplication() * - .toCreateIntegration() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tags associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - Application * - SecurityRequirementPack * - Integration * - AgentSpace * - TargetDomain * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag keys that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateAgentSpace() * - .toCreateApplication() * - .toCreateIntegration() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [securityagent](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityagent.html). * */ constructor(props?: iam.PolicyStatementProps); }