import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [securityhub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Securityhub extends PolicyStatement { servicePrefix: string; /** * Grants permission to accept Security Hub invitations to become a member account * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AcceptAdministratorInvitation.html */ toAcceptAdministratorInvitation(): this; /** * Grants permission to accept Security Hub invitations to become a member account * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AcceptInvitation.html */ toAcceptInvitation(): this; /** * Grants permission to log delivery for resources * * Access Level: Permissions management * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AllowVendedLogDeliveryForResource.html */ toAllowVendedLogDeliveryForResource(): this; /** * Grants permission to delete one or more automation rules in Security Hub * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules */ toBatchDeleteAutomationRules(): this; /** * Grants permission to disable standards in Security Hub * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchDisableStandards.html */ toBatchDisableStandards(): this; /** * Grants permission to enable standards in Security Hub * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchEnableStandards.html */ toBatchEnableStandards(): this; /** * Grants permission to retrieve a list of details for automation rules from Security Hub based on rule Amazon Resource Names (ARNs) * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules */ toBatchGetAutomationRules(): this; /** * Grants permission to retrieve information about configuration policies associated with a specific list of member accounts and organizational units of the calling account's organization * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchGetConfigurationPolicyAssociations.html */ toBatchGetConfigurationPolicyAssociations(): this; /** * Grants permission to get the enablement and compliance status of controls, the findings count for controls, and the overall security score for controls on the Security Hub console * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/latest/userguide/iam-permissions-controls-standards.html */ toBatchGetControlEvaluations(): this; /** * Grants permission to get details about specific security controls identified by ID or ARN * * Access Level: Read * * Dependent actions: * - securityhub:DescribeStandardsControls * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchGetSecurityControls.html */ toBatchGetSecurityControls(): this; /** * Grants permission to get the enablement status of a batch of security controls in standards * * Access Level: Read * * Dependent actions: * - securityhub:DescribeStandardsControls * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchGetStandardsControlAssociations.html */ toBatchGetStandardsControlAssociations(): this; /** * Grants permission to import findings into Security Hub from an integrated product * * Access Level: Write * * Possible conditions: * - .ifTargetAccount() * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html */ toBatchImportFindings(): this; /** * Grants permission to update one or more automation rules from Security Hub based on rule Amazon Resource Names (ARNs) and input parameters * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules */ toBatchUpdateAutomationRules(): this; /** * Grants permission to update customer-controlled fields for a selected set of Security Hub findings * * Access Level: Write * * Possible conditions: * - .ifASFFSyntaxPath() * - .ifOCSFSyntaxPath() * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindingsV2.html */ toBatchUpdateFindings(): this; /** * Grants permission to update the enablement status of a batch of security controls in standards * * Access Level: Write * * Dependent actions: * - securityhub:UpdateStandardsControl * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html */ toBatchUpdateStandardsControlAssociations(): this; /** * Grants permission to complete the OAuth 2.0 authorization code flow based on input parameters * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ConnectorRegistrationsV2.html */ toConnectorRegistrationsV2(): this; /** * Grants permission to create custom actions in Security Hub * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateActionTarget.html */ toCreateActionTarget(): this; /** * Grants permission to create an aggregatorV2, which configures data aggregation across Regions * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateAggregatorV2.html */ toCreateAggregatorV2(): this; /** * Grants permission to create an automation rule based on input parameters * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules */ toCreateAutomationRule(): this; /** * Grants permission to create an automation rule V2 based on input parameters * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules */ toCreateAutomationRuleV2(): this; /** * Grants permission to create a configuration policy to manage organization member settings in Security Hub * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateConfigurationPolicy.html */ toCreateConfigurationPolicy(): this; /** * Grants permission to create a connector V2 based on input parameters * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateConnectorV2.html */ toCreateConnectorV2(): this; /** * Grants permission to create a finding aggregator, which contains the cross-Region finding aggregation configuration * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateFindingAggregator.html */ toCreateFindingAggregator(): this; /** * Grants permission to create insights in Security Hub. Insights are collections of related findings * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateInsight.html */ toCreateInsight(): this; /** * Grants permission to create member accounts in Security Hub * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateMembers.html */ toCreateMembers(): this; /** * Grants permission to create ticket for a selected OCSF finding * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateTicketV2.html */ toCreateTicketV2(): this; /** * Grants permission to decline Security Hub invitations to become a member account * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeclineInvitations.html */ toDeclineInvitations(): this; /** * Grants permission to delete custom actions in Security Hub * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteActionTarget.html */ toDeleteActionTarget(): this; /** * Grants permission to delete an aggregatorV2, which configures data aggregation across Regions * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteAggregatorV2.html */ toDeleteAggregatorV2(): this; /** * Grants permission to delete an automation rule V2 in Security Hub * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules */ toDeleteAutomationRuleV2(): this; /** * Grants permission to delete an existing configuration policy * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteConfigurationPolicy.html */ toDeleteConfigurationPolicy(): this; /** * Grants permission to delete a connector V2 in Security Hub * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteConnectorV2.html */ toDeleteConnectorV2(): this; /** * Grants permission to delete a finding aggregator, which disables finding aggregation across Regions * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteFindingAggregator.html */ toDeleteFindingAggregator(): this; /** * Grants permission to delete insights from Security Hub * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteInsight.html */ toDeleteInsight(): this; /** * Grants permission to delete Security Hub invitations to become a member account * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteInvitations.html */ toDeleteInvitations(): this; /** * Grants permission to delete Security Hub member accounts * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DeleteMembers.html */ toDeleteMembers(): this; /** * Grants permission to retrieve a list of custom actions using the API * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeActionTargets.html */ toDescribeActionTargets(): this; /** * Grants permission to retrieve information about the hub resource in your account * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeHub.html */ toDescribeHub(): this; /** * Grants permission to describe the organization configuration for Security Hub * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeOrganizationConfiguration.html */ toDescribeOrganizationConfiguration(): this; /** * Grants permission to retrieve information about the available Security Hub product integrations * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeProducts.html */ toDescribeProducts(): this; /** * Grants permission to retrieve information about the available Security Hub V2 product integrations * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeProductsV2.html */ toDescribeProductsV2(): this; /** * Grants permission to retrieve information about the hub V2 resource in your account * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeSecurityHubV2.html */ toDescribeSecurityHubV2(): this; /** * Grants permission to retrieve information about Security Hub standards * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html */ toDescribeStandards(): this; /** * Grants permission to retrieve information about Security Hub standards controls * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandardsControls.html */ toDescribeStandardsControls(): this; /** * Grants permission to disable the findings importing for a Security Hub integrated product * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableImportFindingsForProduct.html */ toDisableImportFindingsForProduct(): this; /** * Grants permission to remove the Security Hub administrator account for your organization * * Access Level: Write * * Dependent actions: * - organizations:DeregisterDelegatedAdministrator * - organizations:DescribeOrganization * - organizations:ListDelegatedAdministrators * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableOrganizationAdminAccount.html */ toDisableOrganizationAdminAccount(): this; /** * Grants permission to disable Security Hub * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableSecurityHub.html */ toDisableSecurityHub(): this; /** * Grants permission to disable Security Hub V2 * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableSecurityHubV2.html */ toDisableSecurityHubV2(): this; /** * Grants permission to a Security Hub member account to disassociate from the associated administrator account * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisassociateFromAdministratorAccount.html */ toDisassociateFromAdministratorAccount(): this; /** * Grants permission to a Security Hub member account to disassociate from the associated master account * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisassociateFromMasterAccount.html */ toDisassociateFromMasterAccount(): this; /** * Grants permission to disassociate Security Hub member accounts from the associated administrator account * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisassociateMembers.html */ toDisassociateMembers(): this; /** * Grants permission to enable the findings importing for a Security Hub integrated product * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableImportFindingsForProduct.html */ toEnableImportFindingsForProduct(): this; /** * Grants permission to designate a Security Hub administrator account for your organization * * Access Level: Write * * Dependent actions: * - organizations:DescribeOrganization * - organizations:EnableAWSServiceAccess * - organizations:ListAWSServiceAccessForOrganization * - organizations:ListDelegatedAdministrators * - organizations:RegisterDelegatedAdministrator * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableOrganizationAdminAccount.html */ toEnableOrganizationAdminAccount(): this; /** * Grants permission to enable Security Hub * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableSecurityHub.html */ toEnableSecurityHub(): this; /** * Grants permission to enable Security Hub V2 * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableSecurityHubV2.html */ toEnableSecurityHubV2(): this; /** * Grants permission to generate policy recommendations for an OCSF finding * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GenerateRecommendedPolicyV2.html */ toGenerateRecommendedPolicyV2(): this; /** * Grants permission to retrieve aggregated statistical data about the findings * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingStatisticsV2.html */ toGetAdhocInsightResults(): this; /** * Grants permission to retrieve details about the Security Hub administrator account * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetAdministratorAccount.html */ toGetAdministratorAccount(): this; /** * Grants permission to retrieve details for an aggregatorV2, which configures data aggregation across Regions * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetAggregatorV2.html */ toGetAggregatorV2(): this; /** * Grants permission to retrieve details for an automation rule V2 from Security Hub based on rule Amazon Resource Name (ARN) * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules */ toGetAutomationRuleV2(): this; /** * Grants permission to get a complete overview of one configuration policy created by the calling account * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetConfigurationPolicy.html */ toGetConfigurationPolicy(): this; /** * Grants permission to retrieve information about a configuration policy associated with a member account or organizational unit of the calling account's organization * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetConfigurationPolicyAssociation.html */ toGetConfigurationPolicyAssociation(): this; /** * Grants permission to retrieve details for a connector V2 from Security Hub based on connector id * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetConnectorV2.html */ toGetConnectorV2(): this; /** * Grants permission to retrieve a security score and counts of finding and control statuses for a security standard * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetControlFindingSummary.html */ toGetControlFindingSummary(): this; /** * Grants permission to retrieve a list of the standards that are enabled in Security Hub * * Access Level: List * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetEnabledStandards.html */ toGetEnabledStandards(): this; /** * Grants permission to retrieve details for a finding aggregator, which configures finding aggregation across Regions * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingAggregator.html */ toGetFindingAggregator(): this; /** * Grants permission to retrieve a list of finding history from Security Hub * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingHistory.html */ toGetFindingHistory(): this; /** * Grants permission to retrieve a list of findings from Security Hub * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingsV2.html */ toGetFindings(): this; /** * Grants permission to retrieve findings trends * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingsTrendsV2.html */ toGetFindingsTrendsV2(): this; /** * Grants permission to retrieve the end date for an account's free trial of Security Hub * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFreeTrialEndDate.html */ toGetFreeTrialEndDate(): this; /** * Grants permission to retrieve information about Security Hub usage during the free trial period * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFreeTrialUsage.html */ toGetFreeTrialUsage(): this; /** * Grants permission to retrieve an insight finding trend from Security Hub in order to generate a graph * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInsightFindingTrend.html */ toGetInsightFindingTrend(): this; /** * Grants permission to retrieve insight results from Security Hub * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInsightResults.html */ toGetInsightResults(): this; /** * Grants permission to retrieve Security Hub insights * * Access Level: List * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInsights.html */ toGetInsights(): this; /** * Grants permission to retrieve the count of Security Hub membership invitations sent to the account * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInvitationsCount.html */ toGetInvitationsCount(): this; /** * Grants permission to retrieve details about the Security Hub master account * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetMasterAccount.html */ toGetMasterAccount(): this; /** * Grants permission to retrieve the details of Security Hub member accounts * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetMembers.html */ toGetMembers(): this; /** * Grants permission to retrieve policy recommendations for an OCSF finding * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetRecommendedPolicyV2.html */ toGetRecommendedPolicyV2(): this; /** * Grants permission to retrieve aggregate statistics about resources * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetResourcesStatisticsV2.html */ toGetResourcesStatisticsV2(): this; /** * Grants permission to retrieve resources trends * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetResourcesTrendsV2.html */ toGetResourcesTrendsV2(): this; /** * Grants permission to retrieve a list of resources * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetResourcesV2.html */ toGetResourcesV2(): this; /** * Grants permission to get the definition details of a specific security control identified by ID * * Access Level: Read * * Dependent actions: * - securityhub:DescribeStandardsControls * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetSecurityControlDefinition.html */ toGetSecurityControlDefinition(): this; /** * Grants permission to retrieve information about Security Hub usage by accounts * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetUsage.html */ toGetUsage(): this; /** * Grants permission to retrieve information about Security Hub usage for an account * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetUsageV2.html */ toGetUsageV2(): this; /** * Grants permission to invite other AWS accounts to become Security Hub member accounts * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_InviteMembers.html */ toInviteMembers(): this; /** * Grants permission to retrieve a list of Security Hub usage for accounts in an organization * * Access Level: List * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListAccountUsageV2.html */ toListAccountUsageV2(): this; /** * Grants permission to retrieve a list of aggregatorsV2, which configures data aggregation across Regions * * Access Level: List * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListAggregatorsV2.html */ toListAggregatorsV2(): this; /** * Grants permission to retrieve a list of automation rules and their metadata for the calling account from Security Hub * * Access Level: List * * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules */ toListAutomationRules(): this; /** * Grants permission to retrieve a list of automation rules V2 and their metadata for the calling account from Security Hub * * Access Level: List * * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules */ toListAutomationRulesV2(): this; /** * Grants permission to list the summaries of all configuration policies created by the calling account * * Access Level: List * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListConfigurationPolicies.html */ toListConfigurationPolicies(): this; /** * Grants permission to retrieve information about all configuration policies associationed with all member accounts and organizational units of the calling account's organization * * Access Level: List * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListConfigurationPolicyAssociations.html */ toListConfigurationPolicyAssociations(): this; /** * Grants permission to retrieve a list of connectors V2 and their metadata for the calling account from Security Hub * * Access Level: List * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListConnectorsV2.html */ toListConnectorsV2(): this; /** * Grants permission to retrieve a list of controls for a standard, including the control IDs, statuses and finding counts * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListControlEvaluationSummaries.html */ toListControlEvaluationSummaries(): this; /** * Grants permission to retrieve the Security Hub integrated products that are currently enabled * * Access Level: List * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListEnabledProductsForImport.html */ toListEnabledProductsForImport(): this; /** * Grants permission to retrieve a list of finding aggregators, which contain the cross-Region finding aggregation configuration * * Access Level: List * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListFindingAggregators.html */ toListFindingAggregators(): this; /** * Grants permission to retrieve the Security Hub invitations sent to the account * * Access Level: List * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListInvitations.html */ toListInvitations(): this; /** * Grants permission to retrieve details about Security Hub member accounts associated with the administrator account * * Access Level: List * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListMembers.html */ toListMembers(): this; /** * Grants permission to list the Security Hub administrator accounts for your organization * * Access Level: List * * Dependent actions: * - organizations:DescribeOrganization * - organizations:ListDelegatedAdministrators * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListOrganizationAdminAccounts.html */ toListOrganizationAdminAccounts(): this; /** * Grants permission to retrieve a list of security control definitions, which contain details for security controls in the current region * * Access Level: List * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListSecurityControlDefinitions.html */ toListSecurityControlDefinitions(): this; /** * Grants permission to list the enablement status of a security control in standards * * Access Level: List * * Dependent actions: * - securityhub:DescribeStandardsControls * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListStandardsControlAssociations.html */ toListStandardsControlAssociations(): this; /** * Grants permission to list of tags associated with a resource * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to use a custom action to send Security Hub findings to Amazon EventBridge * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_SendFindingEvents.html */ toSendFindingEvents(): this; /** * Grants permission to use a custom action to send Security Hub insights to Amazon EventBridge * * Access Level: Read * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_SendInsightEvents.html */ toSendInsightEvents(): this; /** * Grants permission to associate a configuration policy with a member account or organizational unit in the calling account's organization * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_StartConfigurationPolicyAssociation.html */ toStartConfigurationPolicyAssociation(): this; /** * Grants permission to remove a configuration policy association from a member account or organizational unit in the calling account's organization * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_StartConfigurationPolicyDisassociation.html */ toStartConfigurationPolicyDisassociation(): this; /** * Grants permission to add tags to a Security Hub resource * * Access Level: Tagging * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to remove tags from a Security Hub resource * * Access Level: Tagging * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update custom actions in Security Hub * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateActionTarget.html */ toUpdateActionTarget(): this; /** * Grants permission to update an aggregatorV2, which configures data aggregation across Regions * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateAggregatorV2.html */ toUpdateAggregatorV2(): this; /** * Grants permission to update an automation rule V2 in Security Hub based on rule Amazon Resource Name (ARN) and input parameters * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules */ toUpdateAutomationRuleV2(): this; /** * Grants permission to update an existing configuration policy * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateConfigurationPolicy.html */ toUpdateConfigurationPolicy(): this; /** * Grants permission to update a connector V2 in Security Hub based on connector id and input parameters * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateConnectorV2.html */ toUpdateConnectorV2(): this; /** * Grants permission to update a finding aggregator, which contains the cross-Region finding aggregation configuration * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateFindingAggregator.html */ toUpdateFindingAggregator(): this; /** * Grants permission to update Security Hub findings * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateFindings.html */ toUpdateFindings(): this; /** * Grants permission to update insights in Security Hub * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateInsight.html */ toUpdateInsight(): this; /** * Grants permission to update the organization configuration for Security Hub * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateOrganizationConfiguration.html */ toUpdateOrganizationConfiguration(): this; /** * Grants permission to update properties of a specific security control identified by ID or ARN * * Access Level: Write * * Dependent actions: * - securityhub:UpdateStandardsControl * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateSecurityControl.html */ toUpdateSecurityControl(): this; /** * Grants permission to update Security Hub configuration * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateSecurityHubConfiguration.html */ toUpdateSecurityHubConfiguration(): this; /** * Grants permission to update Security Hub standards controls * * Access Level: Write * * https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateStandardsControl.html */ toUpdateStandardsControl(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type hub to the statement * * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources * * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onHub(account?: string, region?: string, partition?: string): this; /** * Adds a resource of type hubv2 to the statement * * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources * * @param hubV2Id - Identifier for the hubV2Id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onHubv2(hubV2Id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type product to the statement * * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources * * @param company - Identifier for the company. * @param productId - Identifier for the productId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onProduct(company: string, productId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type finding-aggregator to the statement * * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources * * @param findingAggregatorId - Identifier for the findingAggregatorId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onFindingAggregator(findingAggregatorId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type aggregatorv2 to the statement * * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources * * @param aggregatorV2Id - Identifier for the aggregatorV2Id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAggregatorv2(aggregatorV2Id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type automation-rule to the statement * * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules * * @param automationRuleId - Identifier for the automationRuleId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAutomationRule(automationRuleId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type automation-rulev2 to the statement * * https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules * * @param automationRuleV2Id - Identifier for the automationRuleV2Id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onAutomationRulev2(automationRuleV2Id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type configuration-policy to the statement * * https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html * * @param configurationPolicyId - Identifier for the configurationPolicyId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onConfigurationPolicy(configurationPolicyId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type connectorv2 to the statement * * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#resources * * @param connectorV2Id - Identifier for the connectorV2Id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onConnectorv2(connectorV2Id: string, account?: string, region?: string, partition?: string): this; /** * Filters access by actions based on the presence of tag key-value pairs in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateAutomationRule() * - .toCreateAutomationRuleV2() * - .toCreateConfigurationPolicy() * - .toCreateConnectorV2() * - .toEnableSecurityHub() * - .toEnableSecurityHubV2() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by actions based on tag key-value pairs attached to the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - hub * - hubv2 * - aggregatorv2 * - automation-rule * - automation-rulev2 * - configuration-policy * - connectorv2 * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by actions based on the presence of tag keys in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateAutomationRule() * - .toCreateAutomationRuleV2() * - .toCreateConfigurationPolicy() * - .toCreateConnectorV2() * - .toEnableSecurityHub() * - .toEnableSecurityHubV2() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by the specified fields and values in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-asffsyntaxpath * * Applies to actions: * - .toBatchUpdateFindings() * * @param aSFFSyntaxPath The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifASFFSyntaxPath(aSFFSyntaxPath: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the specified fields and values in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-ocsfsyntaxpath * * Applies to actions: * - .toBatchUpdateFindings() * * @param oCSFSyntaxPath The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifOCSFSyntaxPath(oCSFSyntaxPath: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the AwsAccountId field that is specified in the request * * https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-access.html#conditions * * Applies to actions: * - .toBatchImportFindings() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifTargetAccount(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [securityhub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html). * */ constructor(props?: iam.PolicyStatementProps); }