cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,066 lines • 77.4 kB
TypeScript
import { AccessLevelList } from '../../shared/access-level';
import { PolicyStatement, Operator } from '../../shared';
import { aws_iam as iam } from "aws-cdk-lib";
/**
* Statement provider for service [apigateway-v2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonapigatewaymanagementv2.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
export declare class ApigatewayV2 extends PolicyStatement {
servicePrefix: string;
/**
* Grants permission to create a Portal
*
* Access Level: Write
*
* Possible conditions:
* - .ifRequestPortalDisplayName()
* - .ifRequestPortalDomainName()
* - .ifRequestCognitoUserPoolArn()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portals.html#portalspost
*/
toCreatePortal(): this;
/**
* Grants permission to create a Portal Product
*
* Access Level: Write
*
* Possible conditions:
* - .ifRequestPortalProductDisplayName()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts.html#portalproductspost
*/
toCreatePortalProduct(): this;
/**
* Grants permission to create a Product Page
*
* Access Level: Write
*
* Possible conditions:
* - .ifRequestProductPageTitle()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid-productpages.html#portalproducts-portalproductid-productpagespost
*/
toCreateProductPage(): this;
/**
* Grants permission to create a Product REST Endpoint Page
*
* Access Level: Write
*
* Possible conditions:
* - .ifRequestRestApiId()
* - .ifRequestStage()
* - .ifRequestMethod()
* - .ifRequestProductRestEndpointPageEndpointPrefix()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid-productrestendpointpages.html#portalproducts-portalproductid-productrestendpointpagespost
*/
toCreateProductRestEndpointPage(): this;
/**
* Grants permission to create a routing rule
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifRequestPriority()
* - .ifRequestConditionBasePaths()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/domainnames-domainname-routingrules.html#domainnames-domainname-routingrulespost
*/
toCreateRoutingRule(): this;
/**
* Grants permission to delete a particular resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/api-reference.html
*/
toDELETE(): this;
/**
* Grants permission to delete a Portal
*
* Access Level: Write
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portals-portalid.html#portals-portaliddelete
*/
toDeletePortal(): this;
/**
* Grants permission to delete a Portal Product
*
* Access Level: Write
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid.html#portalproducts-portalproductiddelete
*/
toDeletePortalProduct(): this;
/**
* Grants permission to delete a Portal Product Sharing Policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid-sharingpolicy.html#portalproducts-portalproductid-sharingpolicydelete
*/
toDeletePortalProductSharingPolicy(): this;
/**
* Grants permission to delete a Product Page
*
* Access Level: Write
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid-productpages-productpageid.html#portalproducts-portalproductid-productpages-productpageiddelete
*/
toDeleteProductPage(): this;
/**
* Grants permission to delete a Product REST Endpoint Page
*
* Access Level: Write
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid-productrestendpointpages-productrestendpointpageid.html#portalproducts-portalproductid-productrestendpointpages-productrestendpointpageiddelete
*/
toDeleteProductRestEndpointPage(): this;
/**
* Grants permission to delete a routing rule
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifResourcePriority()
* - .ifResourceConditionBasePaths()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/domainnames-domainname-routingrules-routingruleid.html#domainnames-domainname-routingrules-routingruleiddelete
*/
toDeleteRoutingRule(): this;
/**
* Grants permission to disable a Portal
*
* Access Level: Write
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portals-portalid-publish.html#portals-portalid-publishdelete
*/
toDisablePortal(): this;
/**
* Grants permission to read a particular resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/api-reference.html
*/
toGET(): this;
/**
* Grants permission to read a Portal
*
* Access Level: Read
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portals-portalid.html#portals-portalidget
*/
toGetPortal(): this;
/**
* Grants permission to read a Portal Product
*
* Access Level: Read
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid.html#portalproducts-portalproductidget
*/
toGetPortalProduct(): this;
/**
* Grants permission to read a Portal Product Sharing Policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid-sharingpolicy.html#portalproducts-portalproductid-sharingpolicyget
*/
toGetPortalProductSharingPolicy(): this;
/**
* Grants permission to read a Product Page
*
* Access Level: Read
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid-productpages-productpageid.html#portalproducts-portalproductid-productpages-productpageidget
*/
toGetProductPage(): this;
/**
* Grants permission to read a Product REST Endpoint Page
*
* Access Level: Read
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid-productrestendpointpages-productrestendpointpageid.html#portalproducts-portalproductid-productrestendpointpages-productrestendpointpageidget
*/
toGetProductRestEndpointPage(): this;
/**
* Grants permission to read a routing rule
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/domainnames-domainname-routingrules-routingruleid.html#domainnames-domainname-routingrules-routingruleidget
*/
toGetRoutingRule(): this;
/**
* Grants permission to list Portal Products
*
* Access Level: List
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts.html#portalproductsget
*/
toListPortalProducts(): this;
/**
* Grants permission to list Portals
*
* Access Level: List
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portals.html#portalsget
*/
toListPortals(): this;
/**
* Grants permission to list Product Pages
*
* Access Level: List
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid-productpages.html#portalproducts-portalproductid-productpagesget
*/
toListProductPages(): this;
/**
* Grants permission to list Product REST Endpoint Pages
*
* Access Level: List
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid-productrestendpointpages.html#portalproducts-portalproductid-productrestendpointpagesget
*/
toListProductRestEndpointPages(): this;
/**
* Grants permission to list routing rules under a domain name
*
* Access Level: List
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/domainnames-domainname-routingrules.html#domainnames-domainname-routingrulesget
*/
toListRoutingRules(): this;
/**
* Grants permission to update a particular resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/api-reference.html
*/
toPATCH(): this;
/**
* Grants permission to create a particular resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/api-reference.html
*/
toPOST(): this;
/**
* Grants permission to update a particular resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/api-reference.html
*/
toPUT(): this;
/**
* Grants permission to preview a Portal
*
* Access Level: Write
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portals-portalid-preview.html#portals-portalid-previewpost
*/
toPreviewPortal(): this;
/**
* Grants permission to publish a Portal
*
* Access Level: Write
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portals-portalid-publish.html#portals-portalid-publishpost
*/
toPublishPortal(): this;
/**
* Grants permission to put a Portal Product Sharing Policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid-sharingpolicy.html#portalproducts-portalproductid-sharingpolicyput
*/
toPutPortalProductSharingPolicy(): this;
/**
* Grants permission to update a Portal
*
* Access Level: Write
*
* Possible conditions:
* - .ifRequestPortalDisplayName()
* - .ifRequestPortalDomainName()
* - .ifRequestCognitoUserPoolArn()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portals-portalid.html#portals-portalidpatch
*/
toUpdatePortal(): this;
/**
* Grants permission to update a Portal Product
*
* Access Level: Write
*
* Possible conditions:
* - .ifRequestPortalProductDisplayName()
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid.html#portalproducts-portalproductidpatch
*/
toUpdatePortalProduct(): this;
/**
* Grants permission to update a Product Page
*
* Access Level: Write
*
* Possible conditions:
* - .ifRequestProductPageTitle()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid-productpages-productpageid.html#portalproducts-portalproductid-productpages-productpageidpatch
*/
toUpdateProductPage(): this;
/**
* Grants permission to update a Product REST Endpoint Page
*
* Access Level: Write
*
* Possible conditions:
* - .ifRequestProductRestEndpointPageEndpointPrefix()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/portalproducts-portalproductid-productrestendpointpages-productrestendpointpageid.html#portalproducts-portalproductid-productrestendpointpages-productrestendpointpageidpatch
*/
toUpdateProductRestEndpointPage(): this;
/**
* Grants permission to update a routing rule using the PutRoutingRule API
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifRequestPriority()
* - .ifRequestConditionBasePaths()
* - .ifResourcePriority()
* - .ifResourceConditionBasePaths()
*
* https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/domainnames-domainname-routingrules-routingruleid.html#domainnames-domainname-routingrules-routingruleidput
*/
toUpdateRoutingRule(): this;
protected accessLevelList: AccessLevelList;
/**
* Adds a resource of type AccessLogSettings to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param stageName - Identifier for the stageName.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onAccessLogSettings(apiId: string, stageName: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Api to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestApiKeyRequired()
* - .ifRequestApiName()
* - .ifRequestAuthorizerType()
* - .ifRequestAuthorizerUri()
* - .ifRequestDisableExecuteApiEndpoint()
* - .ifRequestEndpointType()
* - .ifRequestRouteAuthorizationType()
* - .ifResourceApiKeyRequired()
* - .ifResourceApiName()
* - .ifResourceAuthorizerType()
* - .ifResourceAuthorizerUri()
* - .ifResourceDisableExecuteApiEndpoint()
* - .ifResourceEndpointType()
* - .ifResourceRouteAuthorizationType()
* - .ifAwsResourceTag()
*/
onApi(apiId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Apis to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestApiKeyRequired()
* - .ifRequestApiName()
* - .ifRequestAuthorizerType()
* - .ifRequestAuthorizerUri()
* - .ifRequestDisableExecuteApiEndpoint()
* - .ifRequestEndpointType()
* - .ifRequestRouteAuthorizationType()
* - .ifAwsResourceTag()
*/
onApis(region?: string, partition?: string): this;
/**
* Adds a resource of type ApiMapping to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param domainName - Identifier for the domainName.
* @param apiMappingId - Identifier for the apiMappingId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onApiMapping(domainName: string, apiMappingId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type ApiMappings to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param domainName - Identifier for the domainName.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onApiMappings(domainName: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Authorizer to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param authorizerId - Identifier for the authorizerId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestAuthorizerType()
* - .ifRequestAuthorizerUri()
* - .ifResourceAuthorizerType()
* - .ifResourceAuthorizerUri()
* - .ifAwsResourceTag()
*/
onAuthorizer(apiId: string, authorizerId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Authorizers to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestAuthorizerType()
* - .ifRequestAuthorizerUri()
* - .ifAwsResourceTag()
*/
onAuthorizers(apiId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type AuthorizersCache to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param stageName - Identifier for the stageName.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onAuthorizersCache(apiId: string, stageName: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Cors to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onCors(apiId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Deployment to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param deploymentId - Identifier for the deploymentId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onDeployment(apiId: string, deploymentId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Deployments to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestStageName()
* - .ifAwsResourceTag()
*/
onDeployments(apiId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type ExportedAPI to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param specification - Identifier for the specification.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onExportedAPI(apiId: string, specification: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Integration to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param integrationId - Identifier for the integrationId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onIntegration(apiId: string, integrationId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Integrations to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onIntegrations(apiId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type IntegrationResponse to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param integrationId - Identifier for the integrationId.
* @param integrationResponseId - Identifier for the integrationResponseId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onIntegrationResponse(apiId: string, integrationId: string, integrationResponseId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type IntegrationResponses to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param integrationId - Identifier for the integrationId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onIntegrationResponses(apiId: string, integrationId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Model to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param modelId - Identifier for the modelId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onModel(apiId: string, modelId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Models to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onModels(apiId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type ModelTemplate to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param modelId - Identifier for the modelId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onModelTemplate(apiId: string, modelId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Route to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param routeId - Identifier for the routeId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestApiKeyRequired()
* - .ifRequestRouteAuthorizationType()
* - .ifResourceApiKeyRequired()
* - .ifResourceRouteAuthorizationType()
* - .ifAwsResourceTag()
*/
onRoute(apiId: string, routeId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Routes to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestApiKeyRequired()
* - .ifRequestRouteAuthorizationType()
* - .ifAwsResourceTag()
*/
onRoutes(apiId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type RouteResponse to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param routeId - Identifier for the routeId.
* @param routeResponseId - Identifier for the routeResponseId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRouteResponse(apiId: string, routeId: string, routeResponseId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type RouteResponses to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param routeId - Identifier for the routeId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRouteResponses(apiId: string, routeId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type RouteRequestParameter to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param routeId - Identifier for the routeId.
* @param requestParameterKey - Identifier for the requestParameterKey.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRouteRequestParameter(apiId: string, routeId: string, requestParameterKey: string, region?: string, partition?: string): this;
/**
* Adds a resource of type RouteSettings to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param stageName - Identifier for the stageName.
* @param routeKey - Identifier for the routeKey.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onRouteSettings(apiId: string, stageName: string, routeKey: string, region?: string, partition?: string): this;
/**
* Adds a resource of type RoutingRule to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param domainName - Identifier for the domainName.
* @param routingRuleId - Identifier for the routingRuleId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifResourceConditionBasePaths()
* - .ifResourcePriority()
* - .ifAwsResourceTag()
*/
onRoutingRule(domainName: string, routingRuleId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Stage to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param stageName - Identifier for the stageName.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestAccessLoggingDestination()
* - .ifRequestAccessLoggingFormat()
* - .ifResourceAccessLoggingDestination()
* - .ifResourceAccessLoggingFormat()
* - .ifAwsResourceTag()
*/
onStage(apiId: string, stageName: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Stages to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param apiId - Identifier for the apiId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifRequestAccessLoggingDestination()
* - .ifRequestAccessLoggingFormat()
* - .ifAwsResourceTag()
*/
onStages(apiId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type VpcLink to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param vpcLinkId - Identifier for the vpcLinkId.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onVpcLink(vpcLinkId: string, region?: string, partition?: string): this;
/**
* Adds a resource of type VpcLinks to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
onVpcLinks(region?: string, partition?: string): this;
/**
* Adds a resource of type Portal to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param portalId - Identifier for the portalId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifResourceCognitoUserPoolArn()
* - .ifResourcePortalDisplayName()
* - .ifResourcePortalDomainName()
* - .ifResourcePortalPublishStatus()
* - .ifAwsResourceTag()
*/
onPortal(portalId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type PortalProduct to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param portalProductId - Identifier for the portalProductId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifResourcePortalProductDisplayName()
* - .ifAwsResourceTag()
*/
onPortalProduct(portalProductId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type ProductPage to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param portalProductId - Identifier for the portalProductId.
* @param productPageId - Identifier for the productPageId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifResourceProductPageTitle()
* - .ifAwsResourceTag()
*/
onProductPage(portalProductId: string, productPageId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type ProductRestEndpointPage to the statement
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param portalProductId - Identifier for the portalProductId.
* @param productRestEndpointPageId - Identifier for the productRestEndpointPageId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifResourceMethod()
* - .ifResourceProductRestEndpointPageEndpointPrefix()
* - .ifResourceRestApiId()
* - .ifResourceStage()
* - .ifAwsResourceTag()
*/
onProductRestEndpointPage(portalProductId: string, productRestEndpointPageId: string, account?: string, region?: string, partition?: string): this;
/**
* Filters access by access log destination. Available during the CreateStage and UpdateStage operations
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* Applies to resource types:
* - Stage
* - Stages
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestAccessLoggingDestination(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by access log format. Available during the CreateStage and UpdateStage operations
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* Applies to resource types:
* - Stage
* - Stages
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestAccessLoggingFormat(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the requirement of API. Available during the CreateRoute and UpdateRoute operations. Also available as a collection during import and reimport
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* Applies to resource types:
* - Api
* - Apis
* - Route
* - Routes
*
* @param value `true` or `false`. **Default:** `true`
*/
ifRequestApiKeyRequired(value?: boolean): this;
/**
* Filters access by API name. Available during the CreateApi and UpdateApi operations
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* Applies to resource types:
* - Api
* - Apis
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestApiName(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by type of authorizer in the request, for example REQUEST or JWT. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* Applies to resource types:
* - Api
* - Apis
* - Authorizer
* - Authorizers
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestAuthorizerType(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by URI of a Lambda authorizer function. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* Applies to resource types:
* - Api
* - Apis
* - Authorizer
* - Authorizers
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestAuthorizerUri(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by a Portal's CognitoUserPoolArn that is passed in the request
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* Applies to actions:
* - .toCreatePortal()
* - .toUpdatePortal()
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifRequestCognitoUserPoolArn(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by base paths defined on the condition of a routing rule. Available during the CreateRoutingRule and UpdateRoutingRule operations
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_id-based-policy-examples.html#security_iam_id-based-policy-examples-routing-mode
*
* Applies to actions:
* - .toCreateRoutingRule()
* - .toUpdateRoutingRule()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestConditionBasePaths(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by status of the default execute-api endpoint. Available during the CreateApi and UpdateApi operations
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* Applies to resource types:
* - Api
* - Apis
*
* @param value `true` or `false`. **Default:** `true`
*/
ifRequestDisableExecuteApiEndpoint(value?: boolean): this;
/**
* Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateApi, and UpdateApi operations
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* Applies to resource types:
* - Api
* - Apis
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestEndpointType(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by a ProductRestEndpointPage's HTTP Method that is passed in the request
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* Applies to actions:
* - .toCreateProductRestEndpointPage()
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestMethod(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by URI of the truststore used for mutual TLS authentication. Available during the CreateDomainName and UpdateDomainName operations
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestMtlsTrustStoreUri(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by version of the truststore used for mutual TLS authentication. Available during the CreateDomainName and UpdateDomainName operations
*
* https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifRequestMtlsTrustStoreVersion(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by a Portal's Display Name that is passed in the request
*
* https