cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
976 lines • 190 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Apigateway = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [apigateway](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonapigatewaymanagement.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class Apigateway extends shared_1.PolicyStatement {
/**
* Grants permission to add certificates for mutual TLS authentication to a domain name. This is an additional authorization control for managing the DomainName resource due to the sensitive nature of mTLS
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Operations.html
*/
toAddCertificateToDomain() {
return this.to('AddCertificateToDomain');
}
/**
* Grants permission to create an access association from an access association source to a custom domain name for private APIs
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Operations.html
*/
toCreateAccessAssociation() {
return this.to('CreateAccessAssociation');
}
/**
* Grants permission to delete a particular resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Operations.html
*/
toDELETE() {
return this.to('DELETE');
}
/**
* Grants permission to read a particular resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Operations.html
*/
toGET() {
return this.to('GET');
}
/**
* Grants permission to update a particular resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Operations.html
*/
toPATCH() {
return this.to('PATCH');
}
/**
* Grants permission to create a particular resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Operations.html
*/
toPOST() {
return this.to('POST');
}
/**
* Grants permission to update a particular resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Operations.html
*/
toPUT() {
return this.to('PUT');
}
/**
* Grants permission to reject an existing access association owned by another account to a custom domain name for private APIs
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Operations.html
*/
toRejectAccessAssociation() {
return this.to('RejectAccessAssociation');
}
/**
* Grants permission to remove certificates for mutual TLS authentication from a domain name. This is an additional authorization control for managing the DomainName resource due to the sensitive nature of mTLS
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Operations.html
*/
toRemoveCertificateFromDomain() {
return this.to('RemoveCertificateFromDomain');
}
/**
* Grants permission to set a WAF access control list (ACL). This is an additional authorization control for managing the Stage resource due to the sensitive nature of WebAcl's
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Operations.html
*/
toSetWebACL() {
return this.to('SetWebACL');
}
/**
* Grants permission to update the management policy of a custom domain name for private APIs
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Operations.html
*/
toUpdateDomainNameManagementPolicy() {
return this.to('UpdateDomainNameManagementPolicy');
}
/**
* Grants permission to update the invoke policy of a custom domain name for private APIs
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Operations.html
*/
toUpdateDomainNamePolicy() {
return this.to('UpdateDomainNamePolicy');
}
/**
* Grants permission to manage the IAM resource policy for an API. This is an additional authorization control for managing an API due to the sensitive nature of the resource policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Operations.html
*/
toUpdateRestApiPolicy() {
return this.to('UpdateRestApiPolicy');
}
/**
* Adds a resource of type Account to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onAccount(region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/account`);
}
/**
* Adds a resource of type ApiKey to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_ApiKey.html
*
* @param apiKeyId - Identifier for the apiKeyId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onApiKey(apiKeyId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/apikeys/${apiKeyId}`);
}
/**
* Adds a resource of type ApiKeys to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_ApiKey.html
*
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onApiKeys(region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/apikeys`);
}
/**
* Adds a resource of type Authorizer to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Authorizer.html
*
* @param restApiId - Identifier for the restApiId.
* @param authorizerId - Identifier for the authorizerId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestAuthorizerType()
* - .ifResourceAuthorizerType()
* - .ifAwsResourceTag()
*/
onAuthorizer(restApiId, authorizerId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/authorizers/${authorizerId}`);
}
/**
* Adds a resource of type Authorizers to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Authorizer.html
*
* @param restApiId - Identifier for the restApiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestAuthorizerType()
* - .ifAwsResourceTag()
*/
onAuthorizers(restApiId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/authorizers`);
}
/**
* Adds a resource of type BasePathMapping to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_BasePathMapping.html
*
* @param domainName - Identifier for the domainName.
* @param basePath - Identifier for the basePath.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onBasePathMapping(domainName, basePath, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/domainnames/${domainName}/basepathmappings/${basePath}`);
}
/**
* Adds a resource of type BasePathMappings to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_BasePathMapping.html
*
* @param domainName - Identifier for the domainName.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onBasePathMappings(domainName, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/domainnames/${domainName}/basepathmappings`);
}
/**
* Adds a resource of type ClientCertificate to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_ClientCertificate.html
*
* @param clientCertificateId - Identifier for the clientCertificateId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onClientCertificate(clientCertificateId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/clientcertificates/${clientCertificateId}`);
}
/**
* Adds a resource of type ClientCertificates to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_ClientCertificate.html
*
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onClientCertificates(region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/clientcertificates`);
}
/**
* Adds a resource of type Deployment to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Deployment.html
*
* @param restApiId - Identifier for the restApiId.
* @param deploymentId - Identifier for the deploymentId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDeployment(restApiId, deploymentId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/deployments/${deploymentId}`);
}
/**
* Adds a resource of type Deployments to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Deployment.html
*
* @param restApiId - Identifier for the restApiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestStageName()
* - .ifAwsResourceTag()
*/
onDeployments(restApiId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/deployments`);
}
/**
* Adds a resource of type DocumentationPart to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_DocumentationPart.html
*
* @param restApiId - Identifier for the restApiId.
* @param documentationPartId - Identifier for the documentationPartId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDocumentationPart(restApiId, documentationPartId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/documentation/parts/${documentationPartId}`);
}
/**
* Adds a resource of type DocumentationParts to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_DocumentationPart.html
*
* @param restApiId - Identifier for the restApiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDocumentationParts(restApiId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/documentation/parts`);
}
/**
* Adds a resource of type DocumentationVersion to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_DocumentationVersion.html
*
* @param restApiId - Identifier for the restApiId.
* @param documentationVersionId - Identifier for the documentationVersionId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDocumentationVersion(restApiId, documentationVersionId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/documentation/versions/${documentationVersionId}`);
}
/**
* Adds a resource of type DocumentationVersions to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_DocumentationVersion.html
*
* @param restApiId - Identifier for the restApiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDocumentationVersions(restApiId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/documentation/versions`);
}
/**
* Adds a resource of type DomainName to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_DomainName.html
*
* @param domainName - Identifier for the domainName.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestEndpointType()
* - .ifRequestMtlsTrustStoreUri()
* - .ifRequestMtlsTrustStoreVersion()
* - .ifRequestSecurityPolicy()
* - .ifResourceEndpointType()
* - .ifResourceMtlsTrustStoreUri()
* - .ifResourceMtlsTrustStoreVersion()
* - .ifResourceRoutingMode()
* - .ifResourceSecurityPolicy()
* - .ifAwsResourceTag()
*/
onDomainName(domainName, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/domainnames/${domainName}`);
}
/**
* Adds a resource of type DomainNames to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_DomainName.html
*
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestEndpointType()
* - .ifRequestMtlsTrustStoreUri()
* - .ifRequestMtlsTrustStoreVersion()
* - .ifRequestSecurityPolicy()
* - .ifResourceRoutingMode()
* - .ifAwsResourceTag()
*/
onDomainNames(region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/domainnames`);
}
/**
* Adds a resource of type DomainNameAccessAssociation to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_DomainNameAccessAssociation.html
*
* @param domainName - Identifier for the domainName.
* @param sourceType - Identifier for the sourceType.
* @param sourceId - Identifier for the sourceId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onDomainNameAccessAssociation(domainName, sourceType, sourceId, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:/domainnameaccessassociations/domainname/${domainName}/${sourceType}/${sourceId}`);
}
/**
* Adds a resource of type DomainNameAccessAssociations to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_DomainNameAccessAssociation.html
*
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestAccessAssociationSource()
* - .ifRequestDomainNameArn()
* - .ifAwsResourceTag()
*/
onDomainNameAccessAssociations(account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:/domainnameaccessassociations`);
}
/**
* Adds a resource of type GatewayResponse to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_GatewayResponse.html
*
* @param restApiId - Identifier for the restApiId.
* @param responseType - Identifier for the responseType.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onGatewayResponse(restApiId, responseType, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/gatewayresponses/${responseType}`);
}
/**
* Adds a resource of type GatewayResponses to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_GatewayResponse.html
*
* @param restApiId - Identifier for the restApiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onGatewayResponses(restApiId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/gatewayresponses`);
}
/**
* Adds a resource of type Integration to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Integration.html
*
* @param restApiId - Identifier for the restApiId.
* @param resourceId - Identifier for the resourceId.
* @param httpMethodType - Identifier for the httpMethodType.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onIntegration(restApiId, resourceId, httpMethodType, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/resources/${resourceId}/methods/${httpMethodType}/integration`);
}
/**
* Adds a resource of type IntegrationResponse to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_IntegrationResponse.html
*
* @param restApiId - Identifier for the restApiId.
* @param resourceId - Identifier for the resourceId.
* @param httpMethodType - Identifier for the httpMethodType.
* @param statusCode - Identifier for the statusCode.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onIntegrationResponse(restApiId, resourceId, httpMethodType, statusCode, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/resources/${resourceId}/methods/${httpMethodType}/integration/responses/${statusCode}`);
}
/**
* Adds a resource of type Method to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Method.html
*
* @param restApiId - Identifier for the restApiId.
* @param resourceId - Identifier for the resourceId.
* @param httpMethodType - Identifier for the httpMethodType.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestApiKeyRequired()
* - .ifRequestRouteAuthorizationType()
* - .ifResourceApiKeyRequired()
* - .ifResourceRouteAuthorizationType()
* - .ifAwsResourceTag()
*/
onMethod(restApiId, resourceId, httpMethodType, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/resources/${resourceId}/methods/${httpMethodType}`);
}
/**
* Adds a resource of type MethodResponse to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_MethodResponse.html
*
* @param restApiId - Identifier for the restApiId.
* @param resourceId - Identifier for the resourceId.
* @param httpMethodType - Identifier for the httpMethodType.
* @param statusCode - Identifier for the statusCode.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onMethodResponse(restApiId, resourceId, httpMethodType, statusCode, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/resources/${resourceId}/methods/${httpMethodType}/responses/${statusCode}`);
}
/**
* Adds a resource of type Model to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Model.html
*
* @param restApiId - Identifier for the restApiId.
* @param modelName - Identifier for the modelName.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onModel(restApiId, modelName, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/models/${modelName}`);
}
/**
* Adds a resource of type Models to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Model.html
*
* @param restApiId - Identifier for the restApiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onModels(restApiId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/models`);
}
/**
* Adds a resource of type PrivateBasePathMapping to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_BasePathMapping.html
*
* @param domainName - Identifier for the domainName.
* @param domainIdentifier - Identifier for the domainIdentifier.
* @param basePath - Identifier for the basePath.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onPrivateBasePathMapping(domainName, domainIdentifier, basePath, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/domainnames/${domainName}+${domainIdentifier}/basepathmappings/${basePath}`);
}
/**
* Adds a resource of type PrivateBasePathMappings to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_BasePathMapping.html
*
* @param domainName - Identifier for the domainName.
* @param domainIdentifier - Identifier for the domainIdentifier.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onPrivateBasePathMappings(domainName, domainIdentifier, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/domainnames/${domainName}+${domainIdentifier}/basepathmappings`);
}
/**
* Adds a resource of type PrivateDomainName to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_DomainName.html
*
* @param domainName - Identifier for the domainName.
* @param domainIdentifier - Identifier for the domainIdentifier.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestEndpointType()
* - .ifResourceEndpointType()
* - .ifResourceRoutingMode()
* - .ifAwsResourceTag()
*/
onPrivateDomainName(domainName, domainIdentifier, account, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}:${account ?? this.defaultAccount}:/domainnames/${domainName}+${domainIdentifier}`);
}
/**
* Adds a resource of type RequestValidator to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_RequestValidator.html
*
* @param restApiId - Identifier for the restApiId.
* @param requestValidatorId - Identifier for the requestValidatorId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRequestValidator(restApiId, requestValidatorId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/requestvalidators/${requestValidatorId}`);
}
/**
* Adds a resource of type RequestValidators to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_RequestValidator.html
*
* @param restApiId - Identifier for the restApiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRequestValidators(restApiId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/requestvalidators`);
}
/**
* Adds a resource of type Resource to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Resource.html
*
* @param restApiId - Identifier for the restApiId.
* @param resourceId - Identifier for the resourceId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onResource(restApiId, resourceId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/resources/${resourceId}`);
}
/**
* Adds a resource of type Resources to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Resource.html
*
* @param restApiId - Identifier for the restApiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onResources(restApiId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/resources`);
}
/**
* Adds a resource of type RestApi to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_RestApi.html
*
* @param restApiId - Identifier for the restApiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestApiKeyRequired()
* - .ifRequestApiName()
* - .ifRequestAuthorizerType()
* - .ifRequestDisableExecuteApiEndpoint()
* - .ifRequestEndpointType()
* - .ifRequestRouteAuthorizationType()
* - .ifRequestSecurityPolicy()
* - .ifResourceApiKeyRequired()
* - .ifResourceApiName()
* - .ifResourceAuthorizerType()
* - .ifResourceDisableExecuteApiEndpoint()
* - .ifResourceEndpointType()
* - .ifResourceRouteAuthorizationType()
* - .ifResourceSecurityPolicy()
* - .ifAwsResourceTag()
*/
onRestApi(restApiId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}`);
}
/**
* Adds a resource of type RestApis to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_RestApi.html
*
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestApiKeyRequired()
* - .ifRequestApiName()
* - .ifRequestAuthorizerType()
* - .ifRequestDisableExecuteApiEndpoint()
* - .ifRequestEndpointType()
* - .ifRequestRouteAuthorizationType()
* - .ifRequestSecurityPolicy()
* - .ifAwsResourceTag()
*/
onRestApis(region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis`);
}
/**
* Adds a resource of type Sdk to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param restApiId - Identifier for the restApiId.
* @param stageName - Identifier for the stageName.
* @param sdkType - Identifier for the sdkType.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onSdk(restApiId, stageName, sdkType, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/stages/${stageName}/sdks/${sdkType}`);
}
/**
* Adds a resource of type Stage to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Stage.html
*
* @param restApiId - Identifier for the restApiId.
* @param stageName - Identifier for the stageName.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestAccessLoggingDestination()
* - .ifRequestAccessLoggingFormat()
* - .ifResourceAccessLoggingDestination()
* - .ifResourceAccessLoggingFormat()
* - .ifAwsResourceTag()
*/
onStage(restApiId, stageName, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/stages/${stageName}`);
}
/**
* Adds a resource of type Stages to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_Stage.html
*
* @param restApiId - Identifier for the restApiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestAccessLoggingDestination()
* - .ifRequestAccessLoggingFormat()
* - .ifAwsResourceTag()
*/
onStages(restApiId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/${restApiId}/stages`);
}
/**
* Adds a resource of type Template to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param modelName - Identifier for the modelName.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onTemplate(modelName, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/restapis/models/${modelName}/template`);
}
/**
* Adds a resource of type UsagePlan to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_UsagePlan.html
*
* @param usagePlanId - Identifier for the usagePlanId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onUsagePlan(usagePlanId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/usageplans/${usagePlanId}`);
}
/**
* Adds a resource of type UsagePlans to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_UsagePlan.html
*
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onUsagePlans(region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/usageplans`);
}
/**
* Adds a resource of type UsagePlanKey to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_UsagePlanKey.html
*
* @param usagePlanId - Identifier for the usagePlanId.
* @param id - Identifier for the id.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onUsagePlanKey(usagePlanId, id, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/usageplans/${usagePlanId}/keys/${id}`);
}
/**
* Adds a resource of type UsagePlanKeys to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_UsagePlanKey.html
*
* @param usagePlanId - Identifier for the usagePlanId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onUsagePlanKeys(usagePlanId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/usageplans/${usagePlanId}/keys`);
}
/**
* Adds a resource of type VpcLink to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_VpcLink.html
*
* @param vpcLinkId - Identifier for the vpcLinkId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onVpcLink(vpcLinkId, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/vpclinks/${vpcLinkId}`);
}
/**
* Adds a resource of type VpcLinks to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/api/API_VpcLink.html
*
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onVpcLinks(region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/vpclinks`);
}
/**
* Adds a resource of type Tags to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-tagging.html
*
* @param urlEncodedResourceARN - Identifier for the urlEncodedResourceARN.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
onTags(urlEncodedResourceARN, region, partition) {
return this.on(`arn:${partition ?? this.defaultPartition}:apigateway:${region ?? this.defaultRegion}::/tags/${urlEncodedResourceARN}`);
}
/**
* Filters access by access association source. Available during the CreateDomainNameAccessAssociation operation
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* Applies to resource types:
* - DomainNameAccessAssociations
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestAccessAssociationSource(value, operator) {
return this.if(`Request/AccessAssociationSource`, value, operator ?? 'StringLike');
}
/**
* Filters access by access log destination. Available during the CreateStage and UpdateStage operations
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* Applies to resource types:
* - Stage
* - Stages
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestAccessLoggingDestination(value, operator) {
return this.if(`Request/AccessLoggingDestination`, value, operator ?? 'StringLike');
}
/**
* Filters access by access log format. Available during the CreateStage and UpdateStage operations
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* Applies to resource types:
* - Stage
* - Stages
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestAccessLoggingFormat(value, operator) {
return this.if(`Request/AccessLoggingFormat`, value, operator ?? 'StringLike');
}
/**
* Filters access by whether an API key is required or not. Available during the CreateMethod and PutMethod