import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [workspaces-web](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonworkspacessecurebrowser.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class WorkspacesWeb extends PolicyStatement { servicePrefix: string; /** * Grants permission to associate browser settings to web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_AssociateBrowserSettings.html */ toAssociateBrowserSettings(): this; /** * Grants permission to associate data protection settings with web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_AssociateDataProtectionSettings.html */ toAssociateDataProtectionSettings(): this; /** * Grants permission to associate ip access settings with web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_AssociateIpAccessSettings.html */ toAssociateIpAccessSettings(): this; /** * Grants permission to associate network settings to web portals * * Access Level: Write * * Dependent actions: * - ec2:CreateNetworkInterface * - ec2:CreateNetworkInterfacePermission * - ec2:CreateTags * - ec2:DeleteNetworkInterface * - ec2:DeleteNetworkInterfacePermission * - ec2:ModifyNetworkInterfaceAttribute * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_AssociateNetworkSettings.html */ toAssociateNetworkSettings(): this; /** * Grants permission to associate session logger with web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_AssociateSessionLogger.html */ toAssociateSessionLogger(): this; /** * Grants permission to associate trust stores with web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_AssociateTrustStore.html */ toAssociateTrustStore(): this; /** * Grants permission to associate user access logging settings with web portals * * Access Level: Write * * Dependent actions: * - kinesis:PutRecord * - kinesis:PutRecords * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_AssociateUserAccessLoggingSettings.html */ toAssociateUserAccessLoggingSettings(): this; /** * Grants permission to associate user settings with web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_AssociateUserSettings.html */ toAssociateUserSettings(): this; /** * Grants permission to create browser settings * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * Dependent actions: * - kms:CreateGrant * - kms:Decrypt * - kms:DescribeKey * - kms:GenerateDataKey * - workspaces-web:TagResource * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateBrowserSettings.html */ toCreateBrowserSettings(): this; /** * Grants permission to create data protection settings * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * Dependent actions: * - workspaces-web:TagResource * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateDataProtectionSettings.html */ toCreateDataProtectionSettings(): this; /** * Grants permission to create identity providers * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateIdentityProvider.html */ toCreateIdentityProvider(): this; /** * Grants permission to create ip access settings * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * Dependent actions: * - workspaces-web:TagResource * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateIpAccessSettings.html */ toCreateIpAccessSettings(): this; /** * Grants permission to create network settings * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * Dependent actions: * - iam:CreateServiceLinkedRole * - workspaces-web:TagResource * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateNetworkSettings.html */ toCreateNetworkSettings(): this; /** * Grants permission to create web portals * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * Dependent actions: * - iam:CreateServiceLinkedRole * - kms:CreateGrant * - kms:Decrypt * - kms:DescribeKey * - kms:GenerateDataKey * - workspaces-web:TagResource * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreatePortal.html */ toCreatePortal(): this; /** * Grants permission to create session logger * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * Dependent actions: * - s3:PutObject * - workspaces-web:TagResource * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateSessionLogger.html */ toCreateSessionLogger(): this; /** * Grants permission to create trust stores * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * Dependent actions: * - workspaces-web:TagResource * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateTrustStore.html */ toCreateTrustStore(): this; /** * Grants permission to create user access logging settings * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * Dependent actions: * - workspaces-web:TagResource * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateUserAccessLoggingSettings.html */ toCreateUserAccessLoggingSettings(): this; /** * Grants permission to create user settings * * Access Level: Write * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * Dependent actions: * - workspaces-web:TagResource * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateUserSettings.html */ toCreateUserSettings(): this; /** * Grants permission to delete browser settings * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DeleteBrowserSettings.html */ toDeleteBrowserSettings(): this; /** * Grants permission to delete data protection settings * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DeleteDataProtectionSettings.html */ toDeleteDataProtectionSettings(): this; /** * Grants permission to delete identity providers * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DeleteIdentityProvider.html */ toDeleteIdentityProvider(): this; /** * Grants permission to delete ip access settings * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DeleteIpAccessSettings.html */ toDeleteIpAccessSettings(): this; /** * Grants permission to delete network settings * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DeleteNetworkSettings.html */ toDeleteNetworkSettings(): this; /** * Grants permission to delete web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DeletePortal.html */ toDeletePortal(): this; /** * Grants permission to delete session logger * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DeleteSessionLogger.html */ toDeleteSessionLogger(): this; /** * Grants permission to delete trust stores * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DeleteTrustStore.html */ toDeleteTrustStore(): this; /** * Grants permission to delete user access logging settings * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DeleteUserAccessLoggingSettings.html */ toDeleteUserAccessLoggingSettings(): this; /** * Grants permission to delete user settings * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DeleteUserSettings.html */ toDeleteUserSettings(): this; /** * Grants permission to disassociate browser settings from web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DisassociateBrowserSettings.html */ toDisassociateBrowserSettings(): this; /** * Grants permission to disassociate data protection logging from web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DisassociateDataProtectionSettings.html */ toDisassociateDataProtectionSettings(): this; /** * Grants permission to disassociate ip access logging from web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DisassociateIpAccessSettings.html */ toDisassociateIpAccessSettings(): this; /** * Grants permission to disassociate network settings from web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DisassociateNetworkSettings.html */ toDisassociateNetworkSettings(): this; /** * Grants permission to disassociate session logger from web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DisassociateSessionLogger.html */ toDisassociateSessionLogger(): this; /** * Grants permission to disassociate trust stores from web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DisassociateTrustStore.html */ toDisassociateTrustStore(): this; /** * Grants permission to disassociate user access logging settings from web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DisassociateUserAccessLoggingSettings.html */ toDisassociateUserAccessLoggingSettings(): this; /** * Grants permission to disassociate user settings from web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_DisassociateUserSettings.html */ toDisassociateUserSettings(): this; /** * Grants permission to expire a session from a specific portal * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ExpireSession.html */ toExpireSession(): this; /** * Grants permission to get details on browser settings * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_GetBrowserSettings.html */ toGetBrowserSettings(): this; /** * Grants permission to get details on data protection settings * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_GetDataProtectionSettings.html */ toGetDataProtectionSettings(): this; /** * Grants permission to get details on identity providers * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_GetIdentityProvider.html */ toGetIdentityProvider(): this; /** * Grants permission to get details on ip access settings * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_GetIpAccessSettings.html */ toGetIpAccessSettings(): this; /** * Grants permission to get details on network settings * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_GetNetworkSettings.html */ toGetNetworkSettings(): this; /** * Grants permission to get details on web portals * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_GetPortal.html */ toGetPortal(): this; /** * Grants permission to get service provider metadata information for web portals * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_GetPortalServiceProviderMetadata.html */ toGetPortalServiceProviderMetadata(): this; /** * Grants permission to get information about a particular session for a portal * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_GetSession.html */ toGetSession(): this; /** * Grants permission to get details on session logger * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_GetSessionLogger.html */ toGetSessionLogger(): this; /** * Grants permission to get details on trust stores * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_GetTrustStore.html */ toGetTrustStore(): this; /** * Grants permission to get certificates from trust stores * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_GetTrustStoreCertificate.html */ toGetTrustStoreCertificate(): this; /** * Grants permission to get details on user access logging settings * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_GetUserAccessLoggingSettings.html */ toGetUserAccessLoggingSettings(): this; /** * Grants permission to get details on user settings * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_GetUserSettings.html */ toGetUserSettings(): this; /** * Grants permission to list browser settings * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ListBrowserSettings.html */ toListBrowserSettings(): this; /** * Grants permission to list data protection settings * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ListDataProtectionSettings.html */ toListDataProtectionSettings(): this; /** * Grants permission to list identity providers * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ListIdentityProviders.html */ toListIdentityProviders(): this; /** * Grants permission to list ip access settings * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ListIpAccessSettings.html */ toListIpAccessSettings(): this; /** * Grants permission to list network settings * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ListNetworkSettings.html */ toListNetworkSettings(): this; /** * Grants permission to list web portals * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ListPortals.html */ toListPortals(): this; /** * Grants permission to list session loggers * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ListSessionLoggers.html */ toListSessionLoggers(): this; /** * Grants permission to list sessions for a Portal using optional filters * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ListSessions.html */ toListSessions(): this; /** * Grants permission to list tags for a resource * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to list certificates in a trust store * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ListTrustStoreCertificates.html */ toListTrustStoreCertificates(): this; /** * Grants permission to list trust stores * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ListTrustStores.html */ toListTrustStores(): this; /** * Grants permission to list user access logging settings * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ListUserAccessLoggingSettings.html */ toListUserAccessLoggingSettings(): this; /** * Grants permission to list user settings * * Access Level: Read * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_ListUserSettings.html */ toListUserSettings(): this; /** * Grants permission to add one or more tags to a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to remove one or more tags from a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update browser settings * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_UpdateBrowserSettings.html */ toUpdateBrowserSettings(): this; /** * Grants permission to update data protection settings * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_UpdateDataProtectionSettings.html */ toUpdateDataProtectionSettings(): this; /** * Grants permission to update identity provider * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_UpdateIdentityProvider.html */ toUpdateIdentityProvider(): this; /** * Grants permission to update ip access settings * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_UpdateIpAccessSettings.html */ toUpdateIpAccessSettings(): this; /** * Grants permission to update network settings * * Access Level: Write * * Dependent actions: * - ec2:CreateNetworkInterface * - ec2:CreateNetworkInterfacePermission * - ec2:CreateTags * - ec2:DeleteNetworkInterface * - ec2:DeleteNetworkInterfacePermission * - ec2:ModifyNetworkInterfaceAttribute * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_UpdateNetworkSettings.html */ toUpdateNetworkSettings(): this; /** * Grants permission to update web portals * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_UpdatePortal.html */ toUpdatePortal(): this; /** * Grants permission to update session logger * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_UpdateSessionLogger.html */ toUpdateSessionLogger(): this; /** * Grants permission to update trust stores * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_UpdateTrustStore.html */ toUpdateTrustStore(): this; /** * Grants permission to update user access logging settings * * Access Level: Write * * Dependent actions: * - kinesis:PutRecord * - kinesis:PutRecords * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_UpdateUserAccessLoggingSettings.html */ toUpdateUserAccessLoggingSettings(): this; /** * Grants permission to update user settings * * Access Level: Write * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_UpdateUserSettings.html */ toUpdateUserSettings(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type browserSettings to the statement * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateBrowserSettings.html * * @param browserSettingsId - Identifier for the browserSettingsId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onBrowserSettings(browserSettingsId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type identityProvider to the statement * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateIdentityProvider.html * * @param portalId - Identifier for the portalId. * @param identityProviderId - Identifier for the identityProviderId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onIdentityProvider(portalId: string, identityProviderId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type networkSettings to the statement * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateNetworkSettings.html * * @param networkSettingsId - Identifier for the networkSettingsId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onNetworkSettings(networkSettingsId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type portal to the statement * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreatePortal.html * * @param portalId - Identifier for the portalId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onPortal(portalId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type trustStore to the statement * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateTrustStore.html * * @param trustStoreId - Identifier for the trustStoreId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onTrustStore(trustStoreId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type userSettings to the statement * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateUserSettings.html * * @param userSettingsId - Identifier for the userSettingsId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onUserSettings(userSettingsId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type userAccessLoggingSettings to the statement * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateUserAccessLoggingSettings.html * * @param userAccessLoggingSettingsId - Identifier for the userAccessLoggingSettingsId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onUserAccessLoggingSettings(userAccessLoggingSettingsId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type ipAccessSettings to the statement * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateIpAccessSettings.html * * @param ipAccessSettingsId - Identifier for the ipAccessSettingsId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onIpAccessSettings(ipAccessSettingsId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type dataProtectionSettings to the statement * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateDataProtectionSettings.html * * @param dataProtectionSettingsId - Identifier for the dataProtectionSettingsId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onDataProtectionSettings(dataProtectionSettingsId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type sessionLogger to the statement * * https://docs.aws.amazon.com/workspaces-web/latest/APIReference/API_CreateSessionLogger.html * * @param sessionLoggerId - Identifier for the sessionLoggerId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onSessionLogger(sessionLoggerId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the tags that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateBrowserSettings() * - .toCreateDataProtectionSettings() * - .toCreateIdentityProvider() * - .toCreateIpAccessSettings() * - .toCreateNetworkSettings() * - .toCreatePortal() * - .toCreateSessionLogger() * - .toCreateTrustStore() * - .toCreateUserAccessLoggingSettings() * - .toCreateUserSettings() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tags associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - browserSettings * - identityProvider * - networkSettings * - portal * - trustStore * - userSettings * - userAccessLoggingSettings * - ipAccessSettings * - dataProtectionSettings * - sessionLogger * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag keys that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateBrowserSettings() * - .toCreateDataProtectionSettings() * - .toCreateIdentityProvider() * - .toCreateIpAccessSettings() * - .toCreateNetworkSettings() * - .toCreatePortal() * - .toCreateSessionLogger() * - .toCreateTrustStore() * - .toCreateUserAccessLoggingSettings() * - .toCreateUserSettings() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [workspaces-web](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonworkspacessecurebrowser.html). * */ constructor(props?: iam.PolicyStatementProps); }