/*!
Provides the structures and enumerations that define the IAM Rust model.
# Mapping from AWS Names
A JSON policy document includes these elements:
* Optional policy-wide information at the top of the document
* One or more individual statements
Each statement includes information about a single permission. If a policy includes multiple
statements, AWS applies a logical OR across the statements when evaluating them. If multiple
policies apply to a request, AWS applies a logical OR across all of those policies when
evaluating them. The information in a statement is contained within a series of elements.
* **Version** – Specify the version of the policy language that you want to use. As a best
practice, use the latest 2012-10-17 version.
* **Statement** – Use this main policy element as a container for the following elements. You
can include more than one statement in a policy.
* **Sid** (Optional) – Include an optional statement ID to differentiate between your statements.
* **Effect** – Use Allow or Deny to indicate whether the policy allows or denies access.
* **Principal** (Required in only some circumstances) – If you create a resource-based policy,
you must indicate the account, user, role, or federated user to which you would like to allow
or deny access. If you are creating an IAM permissions policy to attach to a user or role, you
cannot include this element. The principal is implied as that user or role.
* **Action** – Include a list of actions that the policy allows or denies.
* **Resource** (Required in only some circumstances) – If you create an IAM permissions policy,
you must specify a list of resources to which the actions apply. If you create a resource-based
policy, this element is optional. If you do not include this element, then the resource to which
the action applies is the resource to which the policy is attached.
* **Condition** (Optional) – Specify the circumstances under which the policy grants permission.
From [Overview of JSON Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json).
*/
use crate*;
use crate QString;
use ;
use HashMap;
// ------------------------------------------------------------------------------------------------
// Public Types
// ------------------------------------------------------------------------------------------------
///
/// An IAM policy resource.
///
///
/// The Version policy element is used within a policy and defines the version of
/// the policy language.
///
/// If you do not include a Version element, the value defaults to 2008-10-17,
/// but newer features, such as policy variables, will not work with your policy.
/// For example, variables such as ${aws:username} aren't recognized as variables
/// and are instead treated as literal strings in the policy.
///
/// From [IAM JSON Policy Elements: Version](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_version.html).
///
///
/// The Statement element is the main element for a policy. This element is required. It can
/// include multiple elements (see the subsequent sections in this page). The Statement element
/// contains an array of individual statements. Each individual statement is a JSON block
/// enclosed in braces `{ }`.
///
/// From [IAM JSON Policy Elements: Statement](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_statement.html).
///
///
/// The Effect element is required and specifies whether the statement results in an allow or an
/// explicit deny. Valid values for Effect are Allow and Deny.
///
/// From [IAM JSON Policy Elements: Effect](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_effect.html).
///
///
/// The Action element describes the specific action or actions that will be allowed or denied.
/// Statements must include either an Action or NotAction element. Each AWS service has its own
/// set of actions that describe tasks that you can perform with that service.
///
/// You specify a value using a service namespace as an action prefix (`iam`, `ec2`, `sqs`,
/// `sns`, `s3`, etc.) followed by the name of the action to allow or deny. The name must match
/// an action that is supported by the service. The prefix and the action name are case
/// insensitive. For example, `iam:ListAccessKeys` is the same as `IAM:listaccesskeys`.
///
/// From [IAM JSON Policy Elements: Action](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html)
/// and [IAM JSON Policy Elements: NotAction](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html).
///
///
/// Use the Principal element to specify the IAM user, federated user, IAM role, AWS account,
/// AWS service, or other principal entity that is allowed or denied access to a resource. You
/// cannot use the Principal element in an IAM identity-based policy. You can use it in the
/// trust policies for IAM roles and in resource-based policies. Resource-based policies are
/// policies that you embed directly in an IAM resource.
///
/// From [AWS JSON Policy Elements: Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html)
/// and [AWS JSON Policy Elements: NotPrincipal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html).
///
///
/// This describes the way in which the condition ARNs should be understood.
///
///
/// The Resource element specifies the object or objects that the statement covers. Statements
/// must include either a Resource or a NotResource element. You specify a resource using an ARN.
///
/// From [IAM JSON Policy Elements: Resource](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html)
/// and [IAM JSON Policy Elements: NotResource](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html).
///
///
/// You can use the Condition element of a policy to test multiple keys or multiple
/// values for a single key in a request. You can use condition keys to test the
/// values of the matching keys in the request. For example, you can use a condition
/// key to control access to specific attributes of a DynamoDB table or to an Amazon
/// EC2 instance based on tags.
///
/// From [Creating a Condition with Multiple Keys or Values](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_multi-value-conditions.html).
///
///
/// Pulls apart the string form of an operator used by IAM. It identifies the
/// quantifiers which are used as string prefixes and recognizes the _if exist_
/// suffix as well.
///
///
/// Use condition operators in the `Condition` element to match the condition
/// key and value in the policy against values in the request context.
///
/// The condition operator that you can use in a policy depends on the condition
/// key you choose. You can choose a global condition key or a service-specific
/// condition key.
///
/// From [IAM JSON Policy Elements: Condition Operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html).
///
///
/// The value to test an operator against.
///