import { type HostHeaderInputConfig, type HostHeaderResolvedConfig, type UserAgentInputConfig, type UserAgentResolvedConfig } from "@aws-sdk/core/client"; import { type DefaultsMode as __DefaultsMode, type SmithyConfiguration as __SmithyConfiguration, type SmithyResolvedConfiguration as __SmithyResolvedConfiguration, Client as __Client } from "@smithy/core/client"; import { type RegionInputConfig, type RegionResolvedConfig } from "@smithy/core/config"; import { type EndpointInputConfig, type EndpointResolvedConfig } from "@smithy/core/endpoints"; import { type HttpHandlerUserInput as __HttpHandlerUserInput } from "@smithy/core/protocols"; import { type RetryInputConfig, type RetryResolvedConfig } from "@smithy/core/retry"; import type { AwsCredentialIdentityProvider, BodyLengthCalculator as __BodyLengthCalculator, CheckOptionalClientConfig as __CheckOptionalClientConfig, ChecksumConstructor as __ChecksumConstructor, Decoder as __Decoder, Encoder as __Encoder, HashConstructor as __HashConstructor, HttpHandlerOptions as __HttpHandlerOptions, Logger as __Logger, Provider as __Provider, StreamCollector as __StreamCollector, UrlParser as __UrlParser, UserAgent as __UserAgent } from "@smithy/types"; import { type HttpAuthSchemeInputConfig, type HttpAuthSchemeResolvedConfig } from "./auth/httpAuthSchemeProvider"; import type { BatchGetPolicyCommandInput, BatchGetPolicyCommandOutput } from "./commands/BatchGetPolicyCommand"; import type { BatchIsAuthorizedCommandInput, BatchIsAuthorizedCommandOutput } from "./commands/BatchIsAuthorizedCommand"; import type { BatchIsAuthorizedWithTokenCommandInput, BatchIsAuthorizedWithTokenCommandOutput } from "./commands/BatchIsAuthorizedWithTokenCommand"; import type { CreateIdentitySourceCommandInput, CreateIdentitySourceCommandOutput } from "./commands/CreateIdentitySourceCommand"; import type { CreatePolicyCommandInput, CreatePolicyCommandOutput } from "./commands/CreatePolicyCommand"; import type { CreatePolicyStoreAliasCommandInput, CreatePolicyStoreAliasCommandOutput } from "./commands/CreatePolicyStoreAliasCommand"; import type { CreatePolicyStoreCommandInput, CreatePolicyStoreCommandOutput } from "./commands/CreatePolicyStoreCommand"; import type { CreatePolicyTemplateCommandInput, CreatePolicyTemplateCommandOutput } from "./commands/CreatePolicyTemplateCommand"; import type { DeleteIdentitySourceCommandInput, DeleteIdentitySourceCommandOutput } from "./commands/DeleteIdentitySourceCommand"; import type { DeletePolicyCommandInput, DeletePolicyCommandOutput } from "./commands/DeletePolicyCommand"; import type { DeletePolicyStoreAliasCommandInput, DeletePolicyStoreAliasCommandOutput } from "./commands/DeletePolicyStoreAliasCommand"; import type { DeletePolicyStoreCommandInput, DeletePolicyStoreCommandOutput } from "./commands/DeletePolicyStoreCommand"; import type { DeletePolicyTemplateCommandInput, DeletePolicyTemplateCommandOutput } from "./commands/DeletePolicyTemplateCommand"; import type { GetIdentitySourceCommandInput, GetIdentitySourceCommandOutput } from "./commands/GetIdentitySourceCommand"; import type { GetPolicyCommandInput, GetPolicyCommandOutput } from "./commands/GetPolicyCommand"; import type { GetPolicyStoreAliasCommandInput, GetPolicyStoreAliasCommandOutput } from "./commands/GetPolicyStoreAliasCommand"; import type { GetPolicyStoreCommandInput, GetPolicyStoreCommandOutput } from "./commands/GetPolicyStoreCommand"; import type { GetPolicyTemplateCommandInput, GetPolicyTemplateCommandOutput } from "./commands/GetPolicyTemplateCommand"; import type { GetSchemaCommandInput, GetSchemaCommandOutput } from "./commands/GetSchemaCommand"; import type { IsAuthorizedCommandInput, IsAuthorizedCommandOutput } from "./commands/IsAuthorizedCommand"; import type { IsAuthorizedWithTokenCommandInput, IsAuthorizedWithTokenCommandOutput } from "./commands/IsAuthorizedWithTokenCommand"; import type { ListIdentitySourcesCommandInput, ListIdentitySourcesCommandOutput } from "./commands/ListIdentitySourcesCommand"; import type { ListPoliciesCommandInput, ListPoliciesCommandOutput } from "./commands/ListPoliciesCommand"; import type { ListPolicyStoreAliasesCommandInput, ListPolicyStoreAliasesCommandOutput } from "./commands/ListPolicyStoreAliasesCommand"; import type { ListPolicyStoresCommandInput, ListPolicyStoresCommandOutput } from "./commands/ListPolicyStoresCommand"; import type { ListPolicyTemplatesCommandInput, ListPolicyTemplatesCommandOutput } from "./commands/ListPolicyTemplatesCommand"; import type { ListTagsForResourceCommandInput, ListTagsForResourceCommandOutput } from "./commands/ListTagsForResourceCommand"; import type { PutSchemaCommandInput, PutSchemaCommandOutput } from "./commands/PutSchemaCommand"; import type { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand"; import type { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand"; import type { UpdateIdentitySourceCommandInput, UpdateIdentitySourceCommandOutput } from "./commands/UpdateIdentitySourceCommand"; import type { UpdatePolicyCommandInput, UpdatePolicyCommandOutput } from "./commands/UpdatePolicyCommand"; import type { UpdatePolicyStoreCommandInput, UpdatePolicyStoreCommandOutput } from "./commands/UpdatePolicyStoreCommand"; import type { UpdatePolicyTemplateCommandInput, UpdatePolicyTemplateCommandOutput } from "./commands/UpdatePolicyTemplateCommand"; import { type ClientInputEndpointParameters, type ClientResolvedEndpointParameters, type EndpointParameters } from "./endpoint/EndpointParameters"; import { type RuntimeExtension, type RuntimeExtensionsConfig } from "./runtimeExtensions"; export { __Client }; /** * @public */ export type ServiceInputTypes = BatchGetPolicyCommandInput | BatchIsAuthorizedCommandInput | BatchIsAuthorizedWithTokenCommandInput | CreateIdentitySourceCommandInput | CreatePolicyCommandInput | CreatePolicyStoreAliasCommandInput | CreatePolicyStoreCommandInput | CreatePolicyTemplateCommandInput | DeleteIdentitySourceCommandInput | DeletePolicyCommandInput | DeletePolicyStoreAliasCommandInput | DeletePolicyStoreCommandInput | DeletePolicyTemplateCommandInput | GetIdentitySourceCommandInput | GetPolicyCommandInput | GetPolicyStoreAliasCommandInput | GetPolicyStoreCommandInput | GetPolicyTemplateCommandInput | GetSchemaCommandInput | IsAuthorizedCommandInput | IsAuthorizedWithTokenCommandInput | ListIdentitySourcesCommandInput | ListPoliciesCommandInput | ListPolicyStoreAliasesCommandInput | ListPolicyStoresCommandInput | ListPolicyTemplatesCommandInput | ListTagsForResourceCommandInput | PutSchemaCommandInput | TagResourceCommandInput | UntagResourceCommandInput | UpdateIdentitySourceCommandInput | UpdatePolicyCommandInput | UpdatePolicyStoreCommandInput | UpdatePolicyTemplateCommandInput; /** * @public */ export type ServiceOutputTypes = BatchGetPolicyCommandOutput | BatchIsAuthorizedCommandOutput | BatchIsAuthorizedWithTokenCommandOutput | CreateIdentitySourceCommandOutput | CreatePolicyCommandOutput | CreatePolicyStoreAliasCommandOutput | CreatePolicyStoreCommandOutput | CreatePolicyTemplateCommandOutput | DeleteIdentitySourceCommandOutput | DeletePolicyCommandOutput | DeletePolicyStoreAliasCommandOutput | DeletePolicyStoreCommandOutput | DeletePolicyTemplateCommandOutput | GetIdentitySourceCommandOutput | GetPolicyCommandOutput | GetPolicyStoreAliasCommandOutput | GetPolicyStoreCommandOutput | GetPolicyTemplateCommandOutput | GetSchemaCommandOutput | IsAuthorizedCommandOutput | IsAuthorizedWithTokenCommandOutput | ListIdentitySourcesCommandOutput | ListPoliciesCommandOutput | ListPolicyStoreAliasesCommandOutput | ListPolicyStoresCommandOutput | ListPolicyTemplatesCommandOutput | ListTagsForResourceCommandOutput | PutSchemaCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput | UpdateIdentitySourceCommandOutput | UpdatePolicyCommandOutput | UpdatePolicyStoreCommandOutput | UpdatePolicyTemplateCommandOutput; /** * @public */ export interface ClientDefaults extends Partial<__SmithyConfiguration<__HttpHandlerOptions>> { /** * The HTTP handler to use or its constructor options. Fetch in browser and Https in Nodejs. */ requestHandler?: __HttpHandlerUserInput; /** * A constructor for a class implementing the {@link @smithy/types#ChecksumConstructor} interface * that computes the SHA-256 HMAC or checksum of a string or binary buffer. * @internal */ sha256?: __ChecksumConstructor | __HashConstructor; /** * The function that will be used to convert strings into HTTP endpoints. * @internal */ urlParser?: __UrlParser; /** * A function that can calculate the length of a request body. * @internal */ bodyLengthChecker?: __BodyLengthCalculator; /** * A function that converts a stream into an array of bytes. * @internal */ streamCollector?: __StreamCollector; /** * The function that will be used to convert a base64-encoded string to a byte array. * @internal */ base64Decoder?: __Decoder; /** * The function that will be used to convert binary data to a base64-encoded string. * @internal */ base64Encoder?: __Encoder; /** * The function that will be used to convert a UTF8-encoded string to a byte array. * @internal */ utf8Decoder?: __Decoder; /** * The function that will be used to convert binary data to a UTF-8 encoded string. * @internal */ utf8Encoder?: __Encoder; /** * The runtime environment. * @internal */ runtime?: string; /** * Disable dynamically changing the endpoint of the client based on the hostPrefix * trait of an operation. */ disableHostPrefix?: boolean; /** * Unique service identifier. * @internal */ serviceId?: string; /** * Enables IPv6/IPv4 dualstack endpoint. */ useDualstackEndpoint?: boolean | __Provider; /** * Enables FIPS compatible endpoints. */ useFipsEndpoint?: boolean | __Provider; /** * The AWS region to which this client will send requests */ region?: string | __Provider; /** * Setting a client profile is similar to setting a value for the * AWS_PROFILE environment variable. Setting a profile on a client * in code only affects the single client instance, unlike AWS_PROFILE. * * When set, and only for environments where an AWS configuration * file exists, fields configurable by this file will be retrieved * from the specified profile within that file. * Conflicting code configuration and environment variables will * still have higher priority. * * For client credential resolution that involves checking the AWS * configuration file, the client's profile (this value) will be * used unless a different profile is set in the credential * provider options. * */ profile?: string; /** * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header * @internal */ defaultUserAgentProvider?: __Provider<__UserAgent>; /** * Default credentials provider; Not available in browser runtime. * @deprecated * @internal */ credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider; /** * Value for how many times a request will be made at most in case of retry. */ maxAttempts?: number | __Provider; /** * Specifies which retry algorithm to use. * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-smithy-util-retry/Enum/RETRY_MODES/ * */ retryMode?: string | __Provider; /** * Optional logger for logging debug/info/warn/error. */ logger?: __Logger; /** * Optional extensions */ extensions?: RuntimeExtension[]; /** * The {@link @smithy/smithy-client#DefaultsMode} that will be used to determine how certain default configuration options are resolved in the SDK. */ defaultsMode?: __DefaultsMode | __Provider<__DefaultsMode>; } /** * @public */ export type VerifiedPermissionsClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & ClientDefaults & UserAgentInputConfig & RetryInputConfig & RegionInputConfig & HostHeaderInputConfig & EndpointInputConfig & HttpAuthSchemeInputConfig & ClientInputEndpointParameters; /** * @public * * The configuration interface of VerifiedPermissionsClient class constructor that set the region, credentials and other options. */ export interface VerifiedPermissionsClientConfig extends VerifiedPermissionsClientConfigType { } /** * @public */ export type VerifiedPermissionsClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> & Required & RuntimeExtensionsConfig & UserAgentResolvedConfig & RetryResolvedConfig & RegionResolvedConfig & HostHeaderResolvedConfig & EndpointResolvedConfig & HttpAuthSchemeResolvedConfig & ClientResolvedEndpointParameters; /** * @public * * The resolved configuration interface of VerifiedPermissionsClient class. This is resolved and normalized from the {@link VerifiedPermissionsClientConfig | constructor configuration interface}. */ export interface VerifiedPermissionsClientResolvedConfig extends VerifiedPermissionsClientResolvedConfigType { } /** *

Amazon Verified Permissions is a permissions management service from Amazon Web Services. You can use Verified Permissions to manage permissions for your application, and authorize user access based on those permissions. Using Verified Permissions, application developers can grant access based on information about the users, resources, and requested actions. You can also evaluate additional information like group membership, attributes of the resources, and session context, such as time of request and IP addresses. Verified Permissions manages these permissions by letting you create and store authorization policies for your applications, such as consumer-facing web sites and enterprise business systems.

Verified Permissions uses Cedar as the policy language to express your permission requirements. Cedar supports both role-based access control (RBAC) and attribute-based access control (ABAC) authorization models.

For more information about configuring, administering, and using Amazon Verified Permissions in your applications, see the Amazon Verified Permissions User Guide.

For more information about the Cedar policy language, see the Cedar Policy Language Guide.

When you write Cedar policies that reference principals, resources and actions, you can define the unique identifiers used for each of those elements. We strongly recommend that you follow these best practices:

  • Use values like universally unique identifiers (UUIDs) for all principal and resource identifiers.

    For example, if user jane leaves the company, and you later let someone else use the name jane, then that new user automatically gets access to everything granted by policies that still reference User::"jane". Cedar can’t distinguish between the new user and the old. This applies to both principal and resource identifiers. Always use identifiers that are guaranteed unique and never reused to ensure that you don’t unintentionally grant access because of the presence of an old identifier in a policy.

    Where you use a UUID for an entity, we recommend that you follow it with the // comment specifier and the ‘friendly’ name of your entity. This helps to make your policies easier to understand. For example: principal == User::"a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111", // alice

  • Do not include personally identifying, confidential, or sensitive information as part of the unique identifier for your principals or resources. These identifiers are included in log entries shared in CloudTrail trails.

Several operations return structures that appear similar, but have different purposes. As new functionality is added to the product, the structure used in a parameter of one operation might need to change in a way that wouldn't make sense for the same parameter in a different operation. To help you understand the purpose of each, the following naming convention is used for the structures:

  • Parameter type structures that end in Detail are used in Get operations.

  • Parameter type structures that end in Item are used in List operations.

  • Parameter type structures that use neither suffix are used in the mutating (create and update) operations.

* @public */ export declare class VerifiedPermissionsClient extends __Client<__HttpHandlerOptions, ServiceInputTypes, ServiceOutputTypes, VerifiedPermissionsClientResolvedConfig> { /** * The resolved configuration of VerifiedPermissionsClient class. This is resolved and normalized from the {@link VerifiedPermissionsClientConfig | constructor configuration interface}. */ readonly config: VerifiedPermissionsClientResolvedConfig; constructor(...[configuration]: __CheckOptionalClientConfig); /** * Destroy underlying resources, like sockets. It's usually not necessary to do this. * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. * Otherwise, sockets might stay open for quite a long time before the server terminates them. */ destroy(): void; }