import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; /** * Statement provider for service [signin](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssignin.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Signin extends PolicyStatement { servicePrefix: string; /** * Statement provider for service [signin](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssignin.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ constructor(sid?: string); /** * Grants permission to authenticate to the AWS Management Console * * Access Level: Read * * Possible conditions: * - .ifPrincipalArn() * * https://docs.aws.amazon.com/signin/latest/APIReference/API_Authenticate.html */ toAuthenticate(): this; /** * Grants permission to authenticate through a browser and obtain an OAuth 2.0 authorization code for credential exchange * * Access Level: Read * * https://docs.aws.amazon.com/signin/latest/APIReference/API_AuthorizeOAuth2Access.html */ toAuthorizeOAuth2Access(): this; /** * Grants permission to create an AWS account through the AWS Management Console sign-up flow * * Access Level: Write * * https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/console-private-access.html */ toCreateAccount(): this; /** * Grants permission to exchange an authorization code for OAuth 2.0 access token and refresh token that can be used to access AWS services from developer tools and applications * * Access Level: Read * * https://docs.aws.amazon.com/signin/latest/APIReference/API_CreateOAuth2Token.html */ toCreateOAuth2Token(): this; /** * Grants permission to create an Identity Center application that represents the AWS Management Console on an Identity Center organization instance * * Access Level: Write * * Dependent actions: * - sso:CreateApplication * - sso:GetSharedSsoConfiguration * - sso:ListApplications * - sso:PutApplicationAccessScope * - sso:PutApplicationAssignmentConfiguration * - sso:PutApplicationAuthenticationMethod * - sso:PutApplicationGrant * * https://docs.aws.amazon.com/signin/latest/APIReference/API_CreateTrustedIdentityPropagationApplicationForConsole.html */ toCreateTrustedIdentityPropagationApplicationForConsole(): this; /** * Grants permission to disable console authorization configuration for an AWS account or organization * * Access Level: Write * * https://docs.aws.amazon.com/signin/latest/APIReference/API_DeleteConsoleAuthorizationConfiguration.html */ toDeleteConsoleAuthorizationConfiguration(): this; /** * Grants permission to remove a permission statement from the account's SignIn Resource Based Policy * * Access Level: Write * * https://docs.aws.amazon.com/signin/latest/APIReference/API_DeleteResourcePermissionStatement.html */ toDeleteResourcePermissionStatement(): this; /** * Grants permission to retrieve console authorization configuration for an AWS account or organization * * Access Level: Read * * https://docs.aws.amazon.com/signin/latest/APIReference/API_GetConsoleAuthorizationConfiguration.html */ toGetConsoleAuthorizationConfiguration(): this; /** * Grants permission to retrieve SignIn Resource Based Policy document that is attached with your account * * Access Level: Read * * https://docs.aws.amazon.com/signin/latest/APIReference/API_GetResourcePolicy.html */ toGetResourcePolicy(): this; /** * Grants permission to list the SignIn Resource Based Policy statements in your account * * Access Level: List * * https://docs.aws.amazon.com/signin/latest/APIReference/API_ListResourcePermissionStatements.html */ toListResourcePermissionStatements(): this; /** * Grants permission to list all Identity Center applications that represent the AWS Management Console * * Access Level: List * * Dependent actions: * - sso:GetSharedSsoConfiguration * - sso:ListApplications * * https://docs.aws.amazon.com/signin/latest/APIReference/API_ListTrustedIdentityPropagationApplicationsForConsole.html */ toListTrustedIdentityPropagationApplicationsForConsole(): this; /** * Grants permission to enable console authorization configuration for an AWS account or organization * * Access Level: Write * * https://docs.aws.amazon.com/signin/latest/APIReference/API_PutConsoleAuthorizationConfiguration.html */ toPutConsoleAuthorizationConfiguration(): this; /** * Grants permission to create a permission statement in the account's SignIn resource-based policy * * Access Level: Write * * https://docs.aws.amazon.com/signin/latest/APIReference/API_PutResourcePermissionStatement.html */ toPutResourcePermissionStatement(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type oauth2-public-client-localhost to the statement * * https://docs.aws.amazon.com/signin/latest/APIReference * * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onOauth2PublicClientLocalhost(account?: string, region?: string, partition?: string): this; /** * Adds a resource of type oauth2-public-client-remote to the statement * * https://docs.aws.amazon.com/signin/latest/APIReference * * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onOauth2PublicClientRemote(account?: string, region?: string, partition?: string): this; /** * Adds a resource of type console to the statement * * https://docs.aws.amazon.com/signin/latest/APIReference * * @param consoleName - Identifier for the consoleName. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onConsole(consoleName: string, partition?: string): this; /** * Filters access by the principal ARN during pre-authentication console sign-in * * https://docs.aws.amazon.com/signin/latest/userguide/reference-signin-condition-keys.html * * Applies to actions: * - .toAuthenticate() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifPrincipalArn(value: string | string[], operator?: Operator | string): this; }