import { Environment, Stack } from 'aws-cdk-lib';
import { Role } from 'aws-cdk-lib/aws-iam';
import { Construct } from 'constructs';
export interface RunnerRoleProps {
    readonly env: Environment;
}
/**
 * This construct provides a set of base roles for gitlab runners in order to build, test, validate and deploy applications
 * on RIO. The roles need to be assumed during job runtime to perform more permissive actions, such as creating certificates to
 * authenticate towards the RIO MSK, pushing docker images to ECR, performing a secrets backup, deploying stacks,
 * or to publish an SPA to a S3 bucket. Do not assume the deployment role unless needed.
 * The base role can be the default role attached to GitLab runners.
 * The role allows to read various basic parameters such as the NIST data mirror, the OSS license bucket, DataDog keys
 * and to pull ECR images form public Gallery or the specified account in the environment.
 * The Role ARNs are export using CFNOutputs. Use the outputs to configure environment variables in your GitLab group.
 */
export declare class RunnerRoles extends Construct {
    readonly runnerBaseRole: Role;
    constructor(scope: Stack, id: string, props: RunnerRoleProps);
}