/**
 * HashiCorp Vault API
 * HTTP API that gives you full access to Vault. All API routes are prefixed with `/v1/`.
 *
 * The version of the OpenAPI document: 1.20.0
 *
 *
 * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
 * https://openapi-generator.tech
 * Do not edit the class manually.
 */
/**
 *
 * @export
 * @interface AwsWriteRoleRequest
 */
export interface AwsWriteRoleRequest {
    /**
     * Use role_arns or policy_arns instead.
     * @type {string}
     * @memberof AwsWriteRoleRequest
     * @deprecated
     */
    arn?: string;
    /**
     * Type of credential to retrieve. Must be one of assumed_role, iam_user, federation_token, or session_token
     * @type {string}
     * @memberof AwsWriteRoleRequest
     */
    credentialType?: string;
    /**
     * Default TTL for assumed_role, federation_token, and session_token credential types when no TTL is explicitly requested with the credentials
     * @type {string}
     * @memberof AwsWriteRoleRequest
     */
    defaultStsTtl?: string;
    /**
     * External ID to set when assuming the role; only valid when credential_type is assumed_role
     * @type {string}
     * @memberof AwsWriteRoleRequest
     */
    externalId?: string;
    /**
     * Names of IAM groups that generated IAM users will be added to. For a credential type of assumed_role or federation_token, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in iam_groups combined with the policy_document and policy_arns parameters.
     * @type {Array<string>}
     * @memberof AwsWriteRoleRequest
     */
    iamGroups?: Array<string>;
    /**
     * IAM tags to be set for any users created by this role. These must be presented as Key-Value pairs. This can be represented as a map or a list of equal sign delimited key pairs.
     * @type {object}
     * @memberof AwsWriteRoleRequest
     */
    iamTags?: object;
    /**
     * Max allowed TTL for assumed_role, federation_token, and session_token credential types
     * @type {string}
     * @memberof AwsWriteRoleRequest
     */
    maxStsTtl?: string;
    /**
     * Identification number or ARN of the MFA device associated with the root config user. Only valid when credential_type is session_token. This is only required when the IAM user has an MFA device configured.
     * @type {string}
     * @memberof AwsWriteRoleRequest
     */
    mfaSerialNumber?: string;
    /**
     * ARN of an IAM policy to attach as a permissions boundary on IAM user credentials; only valid when credential_type isiam_user
     * @type {string}
     * @memberof AwsWriteRoleRequest
     */
    permissionsBoundaryArn?: string;
    /**
     * Use policy_document instead.
     * @type {string}
     * @memberof AwsWriteRoleRequest
     * @deprecated
     */
    policy?: string;
    /**
     * ARNs of AWS policies. Behavior varies by credential_type. When credential_type is iam_user, then it will attach the specified policies to the generated IAM user. When credential_type is assumed_role or federation_token, the policies will be passed as the PolicyArns parameter, acting as a filter on permissions available.
     * @type {Array<string>}
     * @memberof AwsWriteRoleRequest
     */
    policyArns?: Array<string>;
    /**
     * JSON-encoded IAM policy document. Behavior varies by credential_type. When credential_type is iam_user, then it will attach the contents of the policy_document to the IAM user generated. When credential_type is assumed_role or federation_token, this will be passed in as the Policy parameter to the AssumeRole or GetFederationToken API call, acting as a filter on permissions available.
     * @type {string}
     * @memberof AwsWriteRoleRequest
     */
    policyDocument?: string;
    /**
     * ARNs of AWS roles allowed to be assumed. Only valid when credential_type is assumed_role
     * @type {Array<string>}
     * @memberof AwsWriteRoleRequest
     */
    roleArns?: Array<string>;
    /**
     * Session tags to be set for "assumed_role" creds created by this role. These must be presented as Key-Value pairs. This can be represented as a map or a list of equal sign delimited key pairs.
     * @type {object}
     * @memberof AwsWriteRoleRequest
     */
    sessionTags?: object;
    /**
     * Path for IAM User. Only valid when credential_type is iam_user
     * @type {string}
     * @memberof AwsWriteRoleRequest
     */
    userPath?: string;
}
/**
 * Check if a given object implements the AwsWriteRoleRequest interface.
 */
export declare function instanceOfAwsWriteRoleRequest(value: object): value is AwsWriteRoleRequest;
export declare function AwsWriteRoleRequestFromJSON(json: any): AwsWriteRoleRequest;
export declare function AwsWriteRoleRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean): AwsWriteRoleRequest;
export declare function AwsWriteRoleRequestToJSON(json: any): AwsWriteRoleRequest;
export declare function AwsWriteRoleRequestToJSONTyped(value?: AwsWriteRoleRequest | null, ignoreDiscriminator?: boolean): any;