import * as cxapi from '@aws-cdk/cx-api';
import * as AWS from 'aws-sdk';
import { ConfigurationOptions } from 'aws-sdk/lib/config';
import { Mode } from '../aws-auth/credentials';
import { ISDK, SDK } from './sdk';
/**
 * Options for the default SDK provider
 */
export interface SdkProviderOptions {
    /**
     * Profile to read from ~/.aws
     *
     * @default - No profile
     */
    readonly profile?: string;
    /**
     * Whether we should check for EC2 credentials
     *
     * @default - Autodetect
     */
    readonly ec2creds?: boolean;
    /**
     * Whether we should check for container credentials
     *
     * @default - Autodetect
     */
    readonly containerCreds?: boolean;
    /**
     * HTTP options for SDK
     */
    readonly httpOptions?: SdkHttpOptions;
}
/**
 * Options for individual SDKs
 */
export interface SdkHttpOptions {
    /**
     * Proxy address to use
     *
     * @default No proxy
     */
    readonly proxyAddress?: string;
    /**
     * A path to a certificate bundle that contains a cert to be trusted.
     *
     * @default No certificate bundle
     */
    readonly caBundlePath?: string;
    /**
     * The custom user agent to use.
     *
     * @default - <package-name>/<package-version>
     */
    readonly userAgent?: string;
}
/**
 * Creates instances of the AWS SDK appropriate for a given account/region
 *
 * If an environment is given and the current credentials are NOT for the indicated
 * account, will also search the set of credential plugin providers.
 *
 * If no environment is given, the default credentials will always be used.
 */
export declare class SdkProvider {
    private readonly defaultChain;
    /**
     * Default region
     */
    readonly defaultRegion: string;
    private readonly sdkOptions;
    /**
     * Create a new SdkProvider which gets its defaults in a way that behaves like the AWS CLI does
     *
     * The AWS SDK for JS behaves slightly differently from the AWS CLI in a number of ways; see the
     * class `AwsCliCompatible` for the details.
     */
    static withAwsCliCompatibleDefaults(options?: SdkProviderOptions): Promise<SdkProvider>;
    private readonly plugins;
    constructor(defaultChain: AWS.CredentialProviderChain, 
    /**
     * Default region
     */
    defaultRegion: string, sdkOptions?: ConfigurationOptions);
    /**
     * Return an SDK which can do operations in the given environment
     *
     * The `environment` parameter is resolved first (see `resolveEnvironment()`).
     */
    forEnvironment(environment: cxapi.Environment, mode: Mode): Promise<ISDK>;
    /**
     * Return an SDK which uses assumed role credentials
     *
     * The base credentials used to retrieve the assumed role credentials will be the
     * current credentials (no plugin lookup will be done!).
     *
     * If `region` is undefined, the default value will be used.
     */
    withAssumedRole(roleArn: string, externalId: string | undefined, region: string | undefined): Promise<SDK>;
    /**
     * Resolve the environment for a stack
     *
     * Replaces the magic values `UNKNOWN_REGION` and `UNKNOWN_ACCOUNT`
     * with the defaults for the current SDK configuration (`~/.aws/config` or
     * otherwise).
     *
     * It is an error if `UNKNOWN_ACCOUNT` is used but the user hasn't configured
     * any SDK credentials.
     */
    resolveEnvironment(env: cxapi.Environment): Promise<cxapi.Environment>;
    /**
     * The account we'd auth into if we used default credentials.
     *
     * Default credentials are the set of ambiently configured credentials using
     * one of the environment variables, or ~/.aws/credentials, or the *one*
     * profile that was passed into the CLI.
     *
     * Might return undefined if there are no default/ambient credentials
     * available (in which case the user should better hope they have
     * credential plugins configured).
     *
     * Uses a cache to avoid STS calls if we don't need 'em.
     */
    defaultAccount(): Promise<Account | undefined>;
    /**
     * Get credentials for the given account ID in the given mode
     *
     * Use the current credentials if the destination account matches the current credentials' account.
     * Otherwise try all credential plugins.
     */
    protected obtainCredentials(accountId: string, mode: Mode): Promise<AWS.Credentials>;
    /**
     * Resolve the default chain to the first set of credentials that is available
     */
    private defaultCredentials;
}
/**
 * An AWS account
 *
 * An AWS account always exists in only one partition. Usually we don't care about
 * the partition, but when we need to form ARNs we do.
 */
export interface Account {
    /**
     * The account number
     */
    readonly accountId: string;
    /**
     * The partition ('aws' or 'aws-cn' or otherwise)
     */
    readonly partition: string;
}