cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,377 lines • 55.1 kB
TypeScript
import { AccessLevelList } from '../../shared/access-level';
import { PolicyStatement, Operator } from '../../shared';
import { aws_iam as iam } from "aws-cdk-lib";
/**
* Statement provider for service [vpc-lattice](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonvpclattice.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
export declare class VpcLattice extends PolicyStatement {
servicePrefix: string;
/**
* Grants permission to associate a resource configuration through any AWS service managed networks
*
* Access Level: Permissions management
*/
toAssociateViaAWSService(): this;
/**
* Grants permission to associate a resource configuration through Amazon EventBridge and AWS Step Functions service networks
*
* Access Level: Permissions management
*/
toAssociateViaAWSServiceEventsAndStates(): this;
/**
* Grants permission to create an access log subscription
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifCreateAction()
*
* Dependent actions:
* - logs:CreateLogDelivery
* - logs:GetLogDelivery
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateAccessLogSubscription.html
*/
toCreateAccessLogSubscription(): this;
/**
* Grants permission to create a listener
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifProtocol()
* - .ifTargetGroupArns()
* - .ifCreateAction()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateListener.html
*/
toCreateListener(): this;
/**
* Grants permission to create a resource configuration
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifCreateAction()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateResourceConfiguration.html
*/
toCreateResourceConfiguration(): this;
/**
* Grants permission to create a resource gateway
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifVpcId()
* - .ifCreateAction()
*
* Dependent actions:
* - ec2:DescribeSecurityGroups
* - ec2:DescribeSubnets
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateResourceGateway.html
*/
toCreateResourceGateway(): this;
/**
* Grants permission to create a rule
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifTargetGroupArns()
* - .ifCreateAction()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateRule.html
*/
toCreateRule(): this;
/**
* Grants permission to create a service
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifAuthType()
* - .ifCreateAction()
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateService.html
*/
toCreateService(): this;
/**
* Grants permission to create a service network
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifAuthType()
* - .ifCreateAction()
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateServiceNetwork.html
*/
toCreateServiceNetwork(): this;
/**
* Grants permission to create an association between a service network and a resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifResourceConfigurationArn()
* - .ifServiceNetworkArn()
* - .ifCreateAction()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateServiceNetworkResourceAssociation.html
*/
toCreateServiceNetworkResourceAssociation(): this;
/**
* Grants permission to create a service network and service association
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifServiceArn()
* - .ifServiceNetworkArn()
* - .ifCreateAction()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateServiceNetworkServiceAssociation.html
*/
toCreateServiceNetworkServiceAssociation(): this;
/**
* Grants permission to create a service network and VPC association
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifPrivateDnsPreference()
* - .ifPrivateDnsSpecifiedDomains()
* - .ifSecurityGroupIds()
* - .ifServiceNetworkArn()
* - .ifVpcId()
* - .ifCreateAction()
*
* Dependent actions:
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateServiceNetworkVpcAssociation.html
*/
toCreateServiceNetworkVpcAssociation(): this;
/**
* Grants permission to create an association between a service network and VPC endpoint
*
* Access Level: Permissions management
*/
toCreateServiceNetworkVpcEndpointAssociation(): this;
/**
* Grants permission to create a target group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifVpcId()
* - .ifCreateAction()
*
* Dependent actions:
* - iam:CreateServiceLinkedRole
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateTargetGroup.html
*/
toCreateTargetGroup(): this;
/**
* Grants permission to delete an access log subscription
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* Dependent actions:
* - logs:DeleteLogDelivery
* - logs:GetLogDelivery
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteAccessLogSubscription.html
*/
toDeleteAccessLogSubscription(): this;
/**
* Grants permission to delete an auth policy
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteAuthPolicy.html
*/
toDeleteAuthPolicy(): this;
/**
* Grants permission to delete a domain verification
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteDomainVerification.html
*/
toDeleteDomainVerification(): this;
/**
* Grants permission to delete a listener
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteListener.html
*/
toDeleteListener(): this;
/**
* Grants permission to delete a resource configuration
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteResourceConfiguration.html
*/
toDeleteResourceConfiguration(): this;
/**
* Grants permission to delete a resource endpoint association
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteResourceEndpointAssociation.html
*/
toDeleteResourceEndpointAssociation(): this;
/**
* Grants permission to delete a resource gateway
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteResourceGateway.html
*/
toDeleteResourceGateway(): this;
/**
* Grants permission to delete a resource policy
*
* Access Level: Write
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteResourcePolicy.html
*/
toDeleteResourcePolicy(): this;
/**
* Grants permission to delete a rule
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteRule.html
*/
toDeleteRule(): this;
/**
* Grants permission to delete a service
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteService.html
*/
toDeleteService(): this;
/**
* Grants permission to delete a service network
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteServiceNetwork.html
*/
toDeleteServiceNetwork(): this;
/**
* Grants permission to delete the association between a service network and resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteServiceNetworkResourceAssociation.html
*/
toDeleteServiceNetworkResourceAssociation(): this;
/**
* Grants permission to delete a service network service association
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifServiceArn()
* - .ifServiceNetworkArn()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteServiceNetworkServiceAssociation.html
*/
toDeleteServiceNetworkServiceAssociation(): this;
/**
* Grants permission to delete a service network and VPC association
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifServiceNetworkArn()
* - .ifVpcId()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteServiceNetworkVpcAssociation.html
*/
toDeleteServiceNetworkVpcAssociation(): this;
/**
* Grants permission to delete a target group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteTargetGroup.html
*/
toDeleteTargetGroup(): this;
/**
* Grants permission to deregister targets from a target group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeregisterTargets.html
*/
toDeregisterTargets(): this;
/**
* Grants permission to get information about an access log subscription
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* Dependent actions:
* - logs:GetLogDelivery
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetAccessLogSubscription.html
*/
toGetAccessLogSubscription(): this;
/**
* Grants permission to get information about an auth policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetAuthPolicy.html
*/
toGetAuthPolicy(): this;
/**
* Grants permission to get information about a domain verification
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetDomainVerification.html
*/
toGetDomainVerification(): this;
/**
* Grants permission to get information about a listener
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetListener.html
*/
toGetListener(): this;
/**
* Grants permission to get information about a resource configuration
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetResourceConfiguration.html
*/
toGetResourceConfiguration(): this;
/**
* Grants permission to get information about a resource gateway
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetResourceGateway.html
*/
toGetResourceGateway(): this;
/**
* Grants permission to get information about a resource policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetResourcePolicy.html
*/
toGetResourcePolicy(): this;
/**
* Grants permission to get information about a rule
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetRule.html
*/
toGetRule(): this;
/**
* Grants permission to get information about a service
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetService.html
*/
toGetService(): this;
/**
* Grants permission to get information about a service network
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetServiceNetwork.html
*/
toGetServiceNetwork(): this;
/**
* Grants permission to get information about an association between a service network and resource configuration
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetServiceNetworkResourceAssociation.html
*/
toGetServiceNetworkResourceAssociation(): this;
/**
* Grants permission to get information about a service network and service association
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifServiceArn()
* - .ifServiceNetworkArn()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetServiceNetworkServiceAssociation.html
*/
toGetServiceNetworkServiceAssociation(): this;
/**
* Grants permission to get information about a service network and VPC association
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifServiceNetworkArn()
* - .ifVpcId()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetServiceNetworkVpcAssociation.html
*/
toGetServiceNetworkVpcAssociation(): this;
/**
* Grants permission to get information about a target group
*
* Access Level: Read
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetTargetGroup.html
*/
toGetTargetGroup(): this;
/**
* Grants permission to list some or all access log subscriptions about a service network or a service
*
* Access Level: List
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListAccessLogSubscriptions.html
*/
toListAccessLogSubscriptions(): this;
/**
* Grants permission to list some or all domain verifications
*
* Access Level: List
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListDomainVerifications.html
*/
toListDomainVerifications(): this;
/**
* Grants permission to list some or all listeners
*
* Access Level: List
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListListeners.html
*/
toListListeners(): this;
/**
* Grants permission to list some or all resource configurations
*
* Access Level: List
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListResourceConfigurations.html
*/
toListResourceConfigurations(): this;
/**
* Grants permission to list some or all associations between a resource configuration and VPC endpoint
*
* Access Level: List
*
* Possible conditions:
* - .ifResourceConfigurationArn()
* - .ifVpcEndpointId()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListResourceEndpointAssociations.html
*/
toListResourceEndpointAssociations(): this;
/**
* Grants permission to list some or all resource gateways
*
* Access Level: List
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListResourceGateways.html
*/
toListResourceGateways(): this;
/**
* Grants permission to list some or all rules
*
* Access Level: List
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListRules.html
*/
toListRules(): this;
/**
* Grants permission to list some or all associations between a service network and resource configuration
*
* Access Level: List
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListServiceNetworkResourceAssociations.html
*/
toListServiceNetworkResourceAssociations(): this;
/**
* Grants permission to list some or all service network and service associations
*
* Access Level: List
*
* Possible conditions:
* - .ifServiceArn()
* - .ifServiceNetworkArn()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListServiceNetworkServiceAssociations.html
*/
toListServiceNetworkServiceAssociations(): this;
/**
* Grants permission to list some or all service network and VPC associations
*
* Access Level: List
*
* Possible conditions:
* - .ifServiceNetworkArn()
* - .ifVpcId()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListServiceNetworkVpcAssociations.html
*/
toListServiceNetworkVpcAssociations(): this;
/**
* Grants permission to list some or all associations between a service network and VPC endpoint
*
* Access Level: List
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListServiceNetworkVpcEndpointAssociations.html
*/
toListServiceNetworkVpcEndpointAssociations(): this;
/**
* Grants permission to list the service networks owned by a caller account or shared with the caller account
*
* Access Level: List
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListServiceNetworks.html
*/
toListServiceNetworks(): this;
/**
* Grants permission to list the services owned by a caller account or shared with the caller account
*
* Access Level: List
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListServices.html
*/
toListServices(): this;
/**
* Grants permission to list tags for a vpc-lattice resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource(): this;
/**
* Grants permission to list some or all target groups
*
* Access Level: List
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListTargetGroups.html
*/
toListTargetGroups(): this;
/**
* Grants permission to list some or all targets in a target group
*
* Access Level: List
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListTargets.html
*/
toListTargets(): this;
/**
* Grants permission to create or update the auth policy for a service network or a service
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_PutAuthPolicy.html
*/
toPutAuthPolicy(): this;
/**
* Grants permission to create a resource policy for a resource configuration, service, or service network
*
* Access Level: Write
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_PutResourcePolicy.html
*/
toPutResourcePolicy(): this;
/**
* Grants permission to register targets to a target group
*
* Access Level: Write
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_RegisterTargets.html
*/
toRegisterTargets(): this;
/**
* Grants permission to start a domain verification
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifDomainName()
* - .ifCreateAction()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_StartDomainVerification.html
*/
toStartDomainVerification(): this;
/**
* Grants permission to tag a vpc-lattice resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_TagResource.html
*/
toTagResource(): this;
/**
* Grants permission to untag a vpc-lattice resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_UntagResource.html
*/
toUntagResource(): this;
/**
* Grants permission to update an access log subscription
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* Dependent actions:
* - logs:GetLogDelivery
* - logs:UpdateLogDelivery
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_UpdateAccessLogSubscription.html
*/
toUpdateAccessLogSubscription(): this;
/**
* Grants permission to update a listener
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifTargetGroupArns()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_UpdateListener.html
*/
toUpdateListener(): this;
/**
* Grants permission to update a resource configuration
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_UpdateResourceConfiguration.html
*/
toUpdateResourceConfiguration(): this;
/**
* Grants permission to update a resource gateway
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifSecurityGroupIds()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_UpdateResourceGateway.html
*/
toUpdateResourceGateway(): this;
/**
* Grants permission to update a rule
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifTargetGroupArns()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_UpdateRule.html
*/
toUpdateRule(): this;
/**
* Grants permission to update a service
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAuthType()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_UpdateService.html
*/
toUpdateService(): this;
/**
* Grants permission to update a service network
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAuthType()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_UpdateServiceNetwork.html
*/
toUpdateServiceNetwork(): this;
/**
* Grants permission to update a service network and VPC association
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifSecurityGroupIds()
* - .ifServiceNetworkArn()
* - .ifVpcId()
*
* Dependent actions:
* - ec2:DescribeSecurityGroups
* - ec2:DescribeVpcs
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_UpdateServiceNetworkVpcAssociation.html
*/
toUpdateServiceNetworkVpcAssociation(): this;
/**
* Grants permission to update a target group
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsResourceTag()
*
* https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_UpdateTargetGroup.html
*/
toUpdateTargetGroup(): this;
protected accessLevelList: AccessLevelList;
/**
* Adds a resource of type AccessLogSubscription to the statement
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/monitoring-access-logs.html
*
* @param accessLogSubscriptionId - Identifier for the accessLogSubscriptionId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifCreateAction()
*/
onAccessLogSubscription(accessLogSubscriptionId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type DomainVerification to the statement
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/domain-verification.html
*
* @param domainVerificationId - Identifier for the domainVerificationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifCreateAction()
* - .ifDomainName()
*/
onDomainVerification(domainVerificationId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Listener to the statement
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/listeners.html
*
* @param serviceId - Identifier for the serviceId.
* @param listenerId - Identifier for the listenerId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifCreateAction()
* - .ifProtocol()
* - .ifTargetGroupArns()
*/
onListener(serviceId: string, listenerId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type ResourceConfiguration to the statement
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/resource-configurations.html
*
* @param resourceConfigurationId - Identifier for the resourceConfigurationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifCreateAction()
*/
onResourceConfiguration(resourceConfigurationId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type ResourceEndpointAssociation to the statement
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/resource-endpoint-associations.html
*
* @param resourceEndpointAssociationId - Identifier for the resourceEndpointAssociationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifResourceConfigurationArn()
* - .ifVpcEndpointId()
*/
onResourceEndpointAssociation(resourceEndpointAssociationId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type ResourceGateway to the statement
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/resource-gateways.html
*
* @param resourceGatewayId - Identifier for the resourceGatewayId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifCreateAction()
* - .ifVpcId()
*/
onResourceGateway(resourceGatewayId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Rule to the statement
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/listeners.html#listener-rules
*
* @param serviceId - Identifier for the serviceId.
* @param listenerId - Identifier for the listenerId.
* @param ruleId - Identifier for the ruleId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifCreateAction()
* - .ifTargetGroupArns()
*/
onRule(serviceId: string, listenerId: string, ruleId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type Service to the statement
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/services.html
*
* @param serviceId - Identifier for the serviceId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifAuthType()
* - .ifCreateAction()
*/
onService(serviceId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type ServiceNetwork to the statement
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-networks.html
*
* @param serviceNetworkId - Identifier for the serviceNetworkId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifAuthType()
* - .ifCreateAction()
*/
onServiceNetwork(serviceNetworkId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type ServiceNetworkResourceAssociation to the statement
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-network-associations.html#service-network-resource-configuration
*
* @param serviceNetworkResourceAssociationId - Identifier for the serviceNetworkResourceAssociationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifCreateAction()
* - .ifResourceConfigurationArn()
* - .ifServiceNetworkArn()
*/
onServiceNetworkResourceAssociation(serviceNetworkResourceAssociationId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type ServiceNetworkServiceAssociation to the statement
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-network-associations.html#service-network-service-associations
*
* @param serviceNetworkServiceAssociationId - Identifier for the serviceNetworkServiceAssociationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifCreateAction()
* - .ifServiceArn()
* - .ifServiceNetworkArn()
*/
onServiceNetworkServiceAssociation(serviceNetworkServiceAssociationId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type ServiceNetworkVpcAssociation to the statement
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-network-associations.html#service-network-vpc-associations
*
* @param serviceNetworkVpcAssociationId - Identifier for the serviceNetworkVpcAssociationId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifCreateAction()
* - .ifPrivateDnsPreference()
* - .ifPrivateDnsSpecifiedDomains()
* - .ifSecurityGroupIds()
* - .ifServiceNetworkArn()
* - .ifVpcId()
*/
onServiceNetworkVpcAssociation(serviceNetworkVpcAssociationId: string, account?: string, region?: string, partition?: string): this;
/**
* Adds a resource of type TargetGroup to the statement
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/target-groups.html
*
* @param targetGroupId - Identifier for the targetGroupId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
* - .ifCreateAction()
* - .ifVpcId()
*/
onTargetGroup(targetGroupId: string, account?: string, region?: string, partition?: string): this;
/**
* Filters access by the presence of tag key-value pairs in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateAccessLogSubscription()
* - .toCreateListener()
* - .toCreateResourceConfiguration()
* - .toCreateResourceGateway()
* - .toCreateRule()
* - .toCreateService()
* - .toCreateServiceNetwork()
* - .toCreateServiceNetworkResourceAssociation()
* - .toCreateServiceNetworkServiceAssociation()
* - .toCreateServiceNetworkVpcAssociation()
* - .toCreateTargetGroup()
* - .toStartDomainVerification()
* - .toTagResource()
*
* Applies to resource types:
* - AccessLogSubscription
* - DomainVerification
* - Listener
* - ResourceConfiguration
* - ResourceEndpointAssociation
* - ResourceGateway
* - Rule
* - Service
* - ServiceNetwork
* - ServiceNetworkResourceAssociation
* - ServiceNetworkServiceAssociation
* - ServiceNetworkVpcAssociation
* - TargetGroup
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by tag key-value pairs attached to the resource
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
*
* Applies to actions:
* - .toDeleteAccessLogSubscription()
* - .toDeleteDomainVerification()
* - .toDeleteListener()
* - .toDeleteResourceConfiguration()
* - .toDeleteResourceEndpointAssociation()
* - .toDeleteResourceGateway()
* - .toDeleteRule()
* - .toDeleteService()
* - .toDeleteServiceNetwork()
* - .toDeleteServiceNetworkResourceAssociation()
* - .toDeleteServiceNetworkServiceAssociation()
* - .toDeleteServiceNetworkVpcAssociation()
* - .toDeleteTargetGroup()
* - .toGetAccessLogSubscription()
* - .toGetDomainVerification()
* - .toGetListener()
* - .toGetResourceConfiguration()
* - .toGetResourceGateway()
* - .toGetRule()
* - .toGetService()
* - .toGetServiceNetwork()
* - .toGetServiceNetworkResourceAssociation()
* - .toGetServiceNetworkServiceAssociation()
* - .toGetServiceNetworkVpcAssociation()
* - .toGetTargetGroup()
* - .toTagResource()
* - .toUpdateAccessLogSubscription()
* - .toUpdateListener()
* - .toUpdateResourceConfiguration()
* - .toUpdateResourceGateway()
* - .toUpdateRule()
* - .toUpdateService()
* - .toUpdateServiceNetwork()
* - .toUpdateServiceNetworkVpcAssociation()
* - .toUpdateTargetGroup()
*
* Applies to resource types:
* - AccessLogSubscription
* - DomainVerification
* - Listener
* - ResourceConfiguration
* - ResourceEndpointAssociation
* - ResourceGateway
* - Rule
* - Service
* - ServiceNetwork
* - ServiceNetworkResourceAssociation
* - ServiceNetworkServiceAssociation
* - ServiceNetworkVpcAssociation
* - TargetGroup
*
* @param tagKey The tag key to check
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the presence of tag keys in the request
*
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateAccessLogSubscription()
* - .toCreateListener()
* - .toCreateResourceConfiguration()
* - .toCreateResourceGateway()
* - .toCreateRule()
* - .toCreateService()
* - .toCreateServiceNetwork()
* - .toCreateServiceNetworkResourceAssociation()
* - .toCreateServiceNetworkServiceAssociation()
* - .toCreateServiceNetworkVpcAssociation()
* - .toCreateTargetGroup()
* - .toStartDomainVerification()
* - .toTagResource()
* - .toUntagResource()
* - .toUpdateServiceNetworkVpcAssociation()
*
* Applies to resource types:
* - AccessLogSubscription
* - DomainVerification
* - Listener
* - ResourceConfiguration
* - ResourceEndpointAssociation
* - ResourceGateway
* - Rule
* - Service
* - ServiceNetwork
* - ServiceNetworkResourceAssociation
* - ServiceNetworkServiceAssociation
* - ServiceNetworkVpcAssociation
* - TargetGroup
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAwsTagKeys(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the auth type specified in the request
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/
*
* Applies to actions:
* - .toCreateService()
* - .toCreateServiceNetwork()
* - .toUpdateService()
* - .toUpdateServiceNetwork()
*
* Applies to resource types:
* - Service
* - ServiceNetwork
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifAuthType(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the name of a resource-creating API action
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/
*
* Applies to actions:
* - .toCreateAccessLogSubscription()
* - .toCreateListener()
* - .toCreateResourceConfiguration()
* - .toCreateResourceGateway()
* - .toCreateRule()
* - .toCreateService()
* - .toCreateServiceNetwork()
* - .toCreateServiceNetworkResourceAssociation()
* - .toCreateServiceNetworkServiceAssociation()
* - .toCreateServiceNetworkVpcAssociation()
* - .toCreateTargetGroup()
* - .toStartDomainVerification()
*
* Applies to resource types:
* - AccessLogSubscription
* - DomainVerification
* - Listener
* - ResourceConfiguration
* - ResourceGateway
* - Rule
* - Service
* - ServiceNetwork
* - ServiceNetworkResourceAssociation
* - ServiceNetworkServiceAssociation
* - ServiceNetworkVpcAssociation
* - TargetGroup
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifCreateAction(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the domain name
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/
*
* Applies to actions:
* - .toStartDomainVerification()
*
* Applies to resource types:
* - DomainVerification
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifDomainName(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the private dns preference
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/
*
* Applies to actions:
* - .toCreateServiceNetworkVpcAssociation()
*
* Applies to resource types:
* - ServiceNetworkVpcAssociation
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifPrivateDnsPreference(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the private dns domains
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/
*
* Applies to actions:
* - .toCreateServiceNetworkVpcAssociation()
*
* Applies to resource types:
* - ServiceNetworkVpcAssociation
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifPrivateDnsSpecifiedDomains(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the protocol specified in the request
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/
*
* Applies to actions:
* - .toCreateListener()
*
* Applies to resource types:
* - Listener
*
* @param value The value(s) to check
* @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
*/
ifProtocol(value: string | string[], operator?: Operator | string): this;
/**
* Filters access by the ARN of a resource configuration
*
* https://docs.aws.amazon.com/vpc-lattice/latest/ug/
*
* Applies to actions:
* - .toCreateServiceNetworkResourceAssociation()
* - .toListResourceEndpointAssociations()
*
* Applies to resource types:
* - ResourceEndpointAssociation
* - ServiceNetworkResourceAssociation
*
* @param value The value(s) to check
* @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike`
*/
ifResourceConfigurationArn(value: string | string[], operator?: Operator | string): this;
/**
* Filters