import * as iam from 'aws-cdk-lib/aws-iam';
import { Construct } from 'constructs';
/**
 * Stack information
 */
export interface LambdaIamUtilsStackInfo {
    readonly region: string;
    readonly account: string;
}
/**
 * Configuration options for Lambda CloudWatch Logs permissions
 */
export interface LambdaLogsPermissionsProps {
    /**
     * The construct scope (used to generate unique names)
     */
    readonly scope: Construct;
    /**
     * The base name of the Lambda function
     */
    readonly functionName: string;
    /**
     * Custom log group name pattern
     * @default '/aws/lambda/{uniqueFunctionName}'
     */
    readonly logGroupName?: string;
    /**
     * AWS region for the log group ARN
     */
    readonly region: string;
    /**
     * AWS account ID for the log group ARN
     */
    readonly account: string;
    /**
     * Whether observability is enabled or not. This would have an impact
     * on the result IAM policy for the LogGroup for the Lambda function
     *
     * @default false
     */
    readonly enableObservability?: boolean;
}
/**
 * Result of creating Lambda logs permissions
 */
export interface LambdaLogsPermissionsResult {
    /**
     * The policy statements for CloudWatch Logs
     */
    readonly policyStatements: iam.PolicyStatement[];
    /**
     * The unique function name that was generated
     */
    readonly uniqueFunctionName: string;
}
/**
 * Utility class for creating secure Lambda IAM policy statements with minimal permissions
 */
export declare class LambdaIamUtils {
    static readonly OBSERVABILITY_SUFFIX = "-secured";
    /**
     * Creates CloudWatch Logs policy statements for Lambda execution
     *
     * @param props Configuration properties
     * @returns Object containing policy statements and the unique function name
     */
    static createLogsPermissions(props: LambdaLogsPermissionsProps): LambdaLogsPermissionsResult;
    static generateLambdaVPCPermissions(): iam.PolicyStatement;
    /**
     * Generates a unique function name using CDK's built-in functionality
     *
     * @param scope The construct scope
     * @param baseName The base name for the function
     * @returns Unique function name
     */
    static generateUniqueFunctionName(scope: Construct, baseName: string): string;
    /**
     * Creates VPC permissions for Lambda functions running in VPC
     *
     * @returns Array of IAM PolicyStatements for VPC access
     */
    static createVpcPermissions(): iam.PolicyStatement[];
    /**
     * Creates X-Ray tracing permissions for Lambda functions
     *
     * @returns Array of IAM PolicyStatements for X-Ray tracing
     */
    static createXRayPermissions(): iam.PolicyStatement[];
    /**
     * Helper method to get region and account from a construct
     *
     * @param scope The construct scope
     * @returns LambdaIamUtilsStackInfo
     */
    static getStackInfo(scope: Construct): LambdaIamUtilsStackInfo;
    /**
     * Creates a policy statement for DynamoDB table access
     *
     * @param tableArn The ARN of the DynamoDB table
     * @param actions The DynamoDB actions to allow
     * @returns PolicyStatement for DynamoDB access
     */
    static createDynamoDbPolicyStatement(tableArn: string, actions?: string[]): iam.PolicyStatement;
    /**
     * Creates a policy statement for S3 bucket access
     *
     * @param bucketArn The ARN of the S3 bucket
     * @param actions The S3 actions to allow
     * @param includeObjects Whether to include object-level permissions
     * @returns PolicyStatement for S3 access
     */
    static createS3PolicyStatement(bucketArn: string, actions?: string[], includeObjects?: boolean): iam.PolicyStatement;
    /**
     * Creates a policy statement for SQS queue access
     *
     * @param queueArn The ARN of the SQS queue
     * @param actions The SQS actions to allow
     * @returns PolicyStatement for SQS access
     */
    static createSqsPolicyStatement(queueArn: string, actions?: string[]): iam.PolicyStatement;
    /**
     * Creates a policy statement for SNS topic access
     *
     * @param topicArn The ARN of the SNS topic
     * @param actions The SNS actions to allow
     * @returns PolicyStatement for SNS access
     */
    static createSnsPolicyStatement(topicArn: string, actions?: string[]): iam.PolicyStatement;
    /**
     * Creates a policy statement for Step Functions execution
     *
     * @param stateMachineArn The ARN of the Step Functions state machine
     * @param actions The Step Functions actions to allow
     * @returns PolicyStatement for Step Functions access
     */
    static createStepFunctionsPolicyStatement(stateMachineArn: string, actions?: string[]): iam.PolicyStatement;
    /**
     * Creates a policy statement for Secrets Manager access
     *
     * @param secretArn The ARN of the secret
     * @param actions The Secrets Manager actions to allow
     * @returns PolicyStatement for Secrets Manager access
     */
    static createSecretsManagerPolicyStatement(secretArn: string, actions?: string[]): iam.PolicyStatement;
    /**
     * Creates a policy statement for KMS key access
     *
     * @param keyArn The ARN of the KMS key
     * @param actions The KMS actions to allow
     * @returns PolicyStatement for KMS access
     */
    static createKmsPolicyStatement(keyArn: string, actions?: string[]): iam.PolicyStatement;
}