iam-floyd

import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; /** * Statement provider for service [lambda](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslambda.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Lambda extends PolicyStatement { servicePrefix: string; /** * Statement provider for service [lambda](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslambda.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ constructor(sid?: string); /** * Grants permission to add permissions to the resource-based policy of a version of an AWS Lambda layer * * Access Level: Permissions management * * https://docs.aws.amazon.com/lambda/latest/dg/API_AddLayerVersionPermission.html */ toAddLayerVersionPermission(): this; /** * Grants permission to give an AWS service or another account permission to use an AWS Lambda function * * Access Level: Permissions management * * Possible conditions: * - .ifPrincipal() * - .ifFunctionUrlAuthType() * - .ifInvokedViaFunctionUrl() * * https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html */ toAddPermission(): this; /** * Grants permission to save the progress of an AWS Lambda durable execution * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_CheckpointDurableExecution.html */ toCheckpointDurableExecution(): this; /** * Grants permission to create an alias for a Lambda function version * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_CreateAlias.html */ toCreateAlias(): this; /** * Grants permission to create an AWS Lambda capacity provider * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * - .ifSecurityGroupIds() * - .ifSubnetIds() * * Dependent actions: * - iam:CreateServiceLinkedRole * - iam:PassRole * - kms:DescribeKey * * https://docs.aws.amazon.com/lambda/latest/dg/API_CreateCapacityProvider.html */ toCreateCapacityProvider(): this; /** * Grants permission to create an AWS Lambda code signing config * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/lambda/latest/dg/API_CreateCodeSigningConfig.html */ toCreateCodeSigningConfig(): this; /** * Grants permission to create a mapping between an event source and an AWS Lambda function * * Access Level: Write * * Possible conditions: * - .ifFunctionArn() * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/lambda/latest/dg/API_CreateEventSourceMapping.html */ toCreateEventSourceMapping(): this; /** * Grants permission to create an AWS Lambda function * * Access Level: Write * * Possible conditions: * - .ifLayer() * - .ifVpcIds() * - .ifSubnetIds() * - .ifSecurityGroupIds() * - .ifCodeSigningConfigArn() * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:PassRole * - lambda:PassCapacityProvider * * https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html */ toCreateFunction(): this; /** * Grants permission to create a function url configuration for a Lambda function * * Access Level: Write * * Possible conditions: * - .ifFunctionUrlAuthType() * - .ifFunctionArn() * * https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunctionUrlConfig.html */ toCreateFunctionUrlConfig(): this; /** * Grants permission to delete an AWS Lambda function alias * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteAlias.html */ toDeleteAlias(): this; /** * Grants permission to delete an AWS Lambda capacity provider * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteCapacityProvider.html */ toDeleteCapacityProvider(): this; /** * Grants permission to delete an AWS Lambda code signing config * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteCodeSigningConfig.html */ toDeleteCodeSigningConfig(): this; /** * Grants permission to delete an AWS Lambda event source mapping * * Access Level: Write * * Possible conditions: * - .ifFunctionArn() * * https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteEventSourceMapping.html */ toDeleteEventSourceMapping(): this; /** * Grants permission to delete an AWS Lambda function * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteFunction.html */ toDeleteFunction(): this; /** * Grants permission to detach a code signing config from an AWS Lambda function * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteFunctionCodeSigningConfig.html */ toDeleteFunctionCodeSigningConfig(): this; /** * Grants permission to remove a concurrent execution limit from an AWS Lambda function * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteFunctionConcurrency.html */ toDeleteFunctionConcurrency(): this; /** * Grants permission to delete the configuration for asynchronous invocation for an AWS Lambda function, version, or alias * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteFunctionEventInvokeConfig.html */ toDeleteFunctionEventInvokeConfig(): this; /** * Grants permission to delete function url configuration for a Lambda function * * Access Level: Write * * Possible conditions: * - .ifFunctionUrlAuthType() * - .ifFunctionArn() * * https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteFunctionUrlConfig.html */ toDeleteFunctionUrlConfig(): this; /** * Grants permission to delete a version of an AWS Lambda layer * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteLayerVersion.html */ toDeleteLayerVersion(): this; /** * Grants permission to delete the provisioned concurrency configuration for an AWS Lambda function * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteProvisionedConcurrencyConfig.html */ toDeleteProvisionedConcurrencyConfig(): this; /** * Grants permission to disable replication for a Lambda@Edge function * * Access Level: Permissions management * * https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html */ toDisableReplication(): this; /** * Grants permission to enable replication for a Lambda@Edge function * * Access Level: Permissions management * * https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html */ toEnableReplication(): this; /** * Grants permission to view details about an account's limits and usage in an AWS Region * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetAccountSettings.html */ toGetAccountSettings(): this; /** * Grants permission to view details about an AWS Lambda function alias * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetAlias.html */ toGetAlias(): this; /** * Grants permission to view details about an AWS Lambda capacity provider * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetCapacityProvider.html */ toGetCapacityProvider(): this; /** * Grants permission to view details about an AWS Lambda code signing config * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetCodeSigningConfig.html */ toGetCodeSigningConfig(): this; /** * Grants permission to view details of an AWS Lambda durable execution * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetDurableExecution.html */ toGetDurableExecution(): this; /** * Grants permission to view execution history of an AWS Lambda durable execution * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetDurableExecutionHistory.html */ toGetDurableExecutionHistory(): this; /** * Grants permission to view current state of an AWS Lambda durable execution * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetDurableExecutionState.html */ toGetDurableExecutionState(): this; /** * Grants permission to view details about an AWS Lambda event source mapping * * Access Level: Read * * Possible conditions: * - .ifFunctionArn() * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetEventSourceMapping.html */ toGetEventSourceMapping(): this; /** * Grants permission to view details about an AWS Lambda function * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunction.html */ toGetFunction(): this; /** * Grants permission to view the code signing config arn attached to an AWS Lambda function * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionCodeSigningConfig.html */ toGetFunctionCodeSigningConfig(): this; /** * Grants permission to view details about the reserved concurrency configuration for a function * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionConcurrency.html */ toGetFunctionConcurrency(): this; /** * Grants permission to view details about the version-specific settings of an AWS Lambda function or version * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionConfiguration.html */ toGetFunctionConfiguration(): this; /** * Grants permission to view the configuration for asynchronous invocation for a function, version, or alias * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionEventInvokeConfig.html */ toGetFunctionEventInvokeConfig(): this; /** * Grants permission to view the recursion configuration of an AWS Lambda function * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionRecursionConfig.html */ toGetFunctionRecursionConfig(): this; /** * Grants permission to view the scaling configuration of an AWS Lambda function running on a capacity provider * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionScalingConfig.html */ toGetFunctionScalingConfig(): this; /** * Grants permission to read function url configuration for a Lambda function * * Access Level: Read * * Possible conditions: * - .ifFunctionUrlAuthType() * - .ifFunctionArn() * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionUrlConfig.html */ toGetFunctionUrlConfig(): this; /** * Grants permission to view details about a version of an AWS Lambda layer. Note this action also supports GetLayerVersionByArn API * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersion.html */ toGetLayerVersion(): this; /** * Grants permission to view the resource-based policy for a version of an AWS Lambda layer * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersionPolicy.html */ toGetLayerVersionPolicy(): this; /** * Grants permission to view the resource-based policy for an AWS Lambda function, version, or alias * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetPolicy.html */ toGetPolicy(): this; /** * Grants permission to view the provisioned concurrency configuration for an AWS Lambda function's alias or version * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetProvisionedConcurrencyConfig.html */ toGetProvisionedConcurrencyConfig(): this; /** * Grants permission to view the runtime management configuration of an AWS Lambda function * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_GetRuntimeManagementConfig.html */ toGetRuntimeManagementConfig(): this; /** * Grants permission to invoke a function asynchronously (Deprecated) * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_InvokeAsync.html */ toInvokeAsync(): this; /** * Grants permission to invoke an AWS Lambda function * * Access Level: Write * * Possible conditions: * - .ifEventSourceToken() * - .ifInvokedViaFunctionUrl() * * https://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html */ toInvokeFunction(): this; /** * Grants permission to invoke an AWS Lambda function through url * * Access Level: Write * * Possible conditions: * - .ifFunctionUrlAuthType() * - .ifFunctionArn() * - .ifEventSourceToken() * * https://docs.aws.amazon.com/lambda/latest/dg/API_InvokeFunctionUrl.html */ toInvokeFunctionUrl(): this; /** * Grants permission to retrieve a list of aliases for an AWS Lambda function * * Access Level: List * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListAliases.html */ toListAliases(): this; /** * Grants permission to retrieve a list of AWS Lambda capacity providers * * Access Level: List * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListCapacityProviders.html */ toListCapacityProviders(): this; /** * Grants permission to retrieve a list of AWS Lambda code signing configs * * Access Level: List * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListCodeSigningConfigs.html */ toListCodeSigningConfigs(): this; /** * Grants permission to retrieve a list of AWS Lambda durable executions of an AWS Lambda function * * Access Level: List * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListDurableExecutionsByFunction.html */ toListDurableExecutionsByFunction(): this; /** * Grants permission to retrieve a list of AWS Lambda event source mappings * * Access Level: List * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListEventSourceMappings.html */ toListEventSourceMappings(): this; /** * Grants permission to retrieve a list of configurations for asynchronous invocation for a function * * Access Level: List * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctionEventInvokeConfigs.html */ toListFunctionEventInvokeConfigs(): this; /** * Grants permission to read function url configurations for a function * * Access Level: List * * Possible conditions: * - .ifFunctionUrlAuthType() * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctionUrlConfigs.html */ toListFunctionUrlConfigs(): this; /** * Grants permission to retrieve a list of AWS Lambda function versions by the capacity provider assigned * * Access Level: List * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctionVersionsByCapacityProvider.html */ toListFunctionVersionsByCapacityProvider(): this; /** * Grants permission to retrieve a list of AWS Lambda functions, with the version-specific configuration of each function * * Access Level: List * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctions.html */ toListFunctions(): this; /** * Grants permission to retrieve a list of AWS Lambda functions by the code signing config assigned * * Access Level: List * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctionsByCodeSigningConfig.html */ toListFunctionsByCodeSigningConfig(): this; /** * Grants permission to retrieve a list of versions of an AWS Lambda layer * * Access Level: List * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListLayerVersions.html */ toListLayerVersions(): this; /** * Grants permission to retrieve a list of AWS Lambda layers, with details about the latest version of each layer * * Access Level: List * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListLayers.html */ toListLayers(): this; /** * Grants permission to retrieve a list of provisioned concurrency configurations for an AWS Lambda function * * Access Level: List * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListProvisionedConcurrencyConfigs.html */ toListProvisionedConcurrencyConfigs(): this; /** * Grants permission to retrieve a list of tags for an AWS Lambda function, event source mapping, capacity provider, or code signing configuration resource * * Access Level: Read * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListTags.html */ toListTags(): this; /** * Grants permission to retrieve a list of versions for an AWS Lambda function * * Access Level: List * * https://docs.aws.amazon.com/lambda/latest/dg/API_ListVersionsByFunction.html */ toListVersionsByFunction(): this; /** * Grants permission to pass an AWS Lambda capacity provider to a service * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-permissions.html */ toPassCapacityProvider(): this; /** * Grants permission to create an AWS Lambda layer * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_PublishLayerVersion.html */ toPublishLayerVersion(): this; /** * Grants permission to create an AWS Lambda function version * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_PublishVersion.html */ toPublishVersion(): this; /** * Grants permission to attach a code signing config to an AWS Lambda function * * Access Level: Write * * Possible conditions: * - .ifCodeSigningConfigArn() * * https://docs.aws.amazon.com/lambda/latest/dg/API_PutFunctionCodeSigningConfig.html */ toPutFunctionCodeSigningConfig(): this; /** * Grants permission to configure reserved concurrency for an AWS Lambda function * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_PutFunctionConcurrency.html */ toPutFunctionConcurrency(): this; /** * Grants permission to configures options for asynchronous invocation on an AWS Lambda function, version, or alias * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_PutFunctionEventInvokeConfig.html */ toPutFunctionEventInvokeConfig(): this; /** * Grants permission to update the recursion configuration of an AWS Lambda function * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_PutFunctionRecursionConfig.html */ toPutFunctionRecursionConfig(): this; /** * Grants permission to update the scaling configuration of an AWS Lambda function running on a capacity provider * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_PutFunctionScalingConfig.html */ toPutFunctionScalingConfig(): this; /** * Grants permission to configure provisioned concurrency for an AWS Lambda function's alias or version * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_PutProvisionedConcurrencyConfig.html */ toPutProvisionedConcurrencyConfig(): this; /** * Grants permission to update the runtime management configuration of an AWS Lambda function * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_PutRuntimeManagementConfig.html */ toPutRuntimeManagementConfig(): this; /** * Grants permission to remove a statement from the permissions policy for a version of an AWS Lambda layer * * Access Level: Permissions management * * https://docs.aws.amazon.com/lambda/latest/dg/API_RemoveLayerVersionPermission.html */ toRemoveLayerVersionPermission(): this; /** * Grants permission to revoke function-use permission from an AWS service or another account * * Access Level: Permissions management * * Possible conditions: * - .ifPrincipal() * - .ifFunctionUrlAuthType() * * https://docs.aws.amazon.com/lambda/latest/dg/API_RemovePermission.html */ toRemovePermission(): this; /** * Grants permission to send a failure response for a callback operation in an AWS Lambda durable execution * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_SendDurableExecutionCallbackFailure.html */ toSendDurableExecutionCallbackFailure(): this; /** * Grants permission to send a heartbeat for a callback operation in an AWS Lambda durable execution * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_SendDurableExecutionCallbackHeartbeat.html */ toSendDurableExecutionCallbackHeartbeat(): this; /** * Grants permission to send a successful response for a callback operation in an AWS Lambda durable execution * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_SendDurableExecutionCallbackSuccess.html */ toSendDurableExecutionCallbackSuccess(): this; /** * Grants permission to stop an AWS Lambda durable execution * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_StopDurableExecution.html */ toStopDurableExecution(): this; /** * Grants permission to add tags to an AWS Lambda function, event source mapping, capacity provider, or code signing configuration resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/lambda/latest/dg/API_TagResources.html */ toTagResource(): this; /** * Grants permission to remove tags from an AWS Lambda function, event source mapping, capacity provider, or code signing configuration resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/lambda/latest/dg/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update the configuration of an AWS Lambda function's alias * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateAlias.html */ toUpdateAlias(): this; /** * Grants permission to update an AWS Lambda capacity provider * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateCapacityProvider.html */ toUpdateCapacityProvider(): this; /** * Grants permission to update an AWS Lambda code signing config * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateCodeSigningConfig.html */ toUpdateCodeSigningConfig(): this; /** * Grants permission to update the configuration of an AWS Lambda event source mapping * * Access Level: Write * * Possible conditions: * - .ifFunctionArn() * * https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateEventSourceMapping.html */ toUpdateEventSourceMapping(): this; /** * Grants permission to update the code of an AWS Lambda function * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateFunctionCode.html */ toUpdateFunctionCode(): this; /** * Grants permission to update the code signing config of an AWS Lambda function * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateFunctionCodeSigningConfig.html */ toUpdateFunctionCodeSigningConfig(): this; /** * Grants permission to modify the version-specific settings of an AWS Lambda function * * Access Level: Write * * Possible conditions: * - .ifLayer() * - .ifVpcIds() * - .ifSubnetIds() * - .ifSecurityGroupIds() * * https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateFunctionConfiguration.html */ toUpdateFunctionConfiguration(): this; /** * Grants permission to modify the configuration for asynchronous invocation for an AWS Lambda function, version, or alias * * Access Level: Write * * https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateFunctionEventInvokeConfig.html */ toUpdateFunctionEventInvokeConfig(): this; /** * Grants permission to update a function url configuration for a Lambda function * * Access Level: Write * * Possible conditions: * - .ifFunctionUrlAuthType() * - .ifFunctionArn() * * https://docs.aws.amazon.com/lambda/latest/dg/API_UpdateFunctionUrlConfig.html */ toUpdateFunctionUrlConfig(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type capacityProvider to the statement * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * @param capacityProviderName - Identifier for the capacityProviderName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCapacityProvider(capacityProviderName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type code signing config to the statement * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * @param codeSigningConfigId - Identifier for the codeSigningConfigId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onCodeSigningConfig(codeSigningConfigId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type durable execution to the statement * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * @param functionName - Identifier for the functionName. * @param version - Identifier for the version. * @param executionName - Identifier for the executionName. * @param executionId - Identifier for the executionId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onDurableExecution(functionName: string, version: string, executionName: string, executionId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type eventSourceMapping to the statement * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * @param uUID - Identifier for the uUID. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onEventSourceMapping(uUID: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type function to the statement * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * @param functionName - Identifier for the functionName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFunction(functionName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type function alias to the statement * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * @param functionName - Identifier for the functionName. * @param alias - Identifier for the alias. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFunctionAlias(functionName: string, alias: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type function version to the statement * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * @param functionName - Identifier for the functionName. * @param version - Identifier for the version. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFunctionVersion(functionName: string, version: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type layer to the statement * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * @param layerName - Identifier for the layerName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onLayer(layerName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type layerVersion to the statement * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * @param layerName - Identifier for the layerName. * @param layerVersion - Identifier for the layerVersion. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onLayerVersion(layerName: string, layerVersion: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the tags that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateCapacityProvider() * - .toCreateCodeSigningConfig() * - .toCreateEventSourceMapping() * - .toCreateFunction() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tags associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - capacityProvider * - code signing config * - eventSourceMapping * - function * - function alias * - function version * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag keys that are passed in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateCapacityProvider() * - .toCreateCodeSigningConfig() * - .toCreateEventSourceMapping() * - .toCreateFunction() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ARN of an AWS Lambda code signing config * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * Applies to actions: * - .toCreateFunction() * - .toPutFunctionCodeSigningConfig() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifCodeSigningConfigArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ID from a non-AWS event source configured for the AWS Lambda function * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * Applies to actions: * - .toInvokeFunction() * - .toInvokeFunctionUrl() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifEventSourceToken(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ARN of an AWS Lambda function * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * Applies to actions: * - .toCreateEventSourceMapping() * - .toCreateFunctionUrlConfig() * - .toDeleteEventSourceMapping() * - .toDeleteFunctionUrlConfig() * - .toGetEventSourceMapping() * - .toGetFunctionUrlConfig() * - .toInvokeFunctionUrl() * - .toUpdateEventSourceMapping() * - .toUpdateFunctionUrlConfig() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifFunctionArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by authorization type specified in request. Available during CreateFunctionUrlConfig, UpdateFunctionUrlConfig, DeleteFunctionUrlConfig, GetFunctionUrlConfig, ListFunctionUrlConfig, AddPermission and RemovePermission operations * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * Applies to actions: * - .toAddPermission() * - .toCreateFunctionUrlConfig() * - .toDeleteFunctionUrlConfig() * - .toGetFunctionUrlConfig() * - .toInvokeFunctionUrl() * - .toListFunctionUrlConfigs() * - .toRemovePermission() * - .toUpdateFunctionUrlConfig() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifFunctionUrlAuthType(value: string | string[], operator?: Operator | string): this; /** * Limits the scope of lambda:InvokeFunction action to Function URLs only. Available during AddPermission operation * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * Applies to actions: * - .toAddPermission() * - .toInvokeFunction() * * @param value `true` or `false`. **Default:** `true` */ ifInvokedViaFunctionUrl(value?: boolean): this; /** * Filters access by the ARN of a version of an AWS Lambda layer * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * Applies to actions: * - .toCreateFunction() * - .toUpdateFunctionConfiguration() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifLayer(value: string | string[], operator?: Operator | string): this; /** * Filters access by restricting the AWS service or account that can invoke a function * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * Applies to actions: * - .toAddPermission() * - .toRemovePermission() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifPrincipal(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ID of security groups configured for the AWS Lambda function * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * Applies to actions: * - .toCreateCapacityProvider() * - .toCreateFunction() * - .toUpdateFunctionConfiguration() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifSecurityGroupIds(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ARN of the AWS Lambda function from which the request originated * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifSourceFunctionArn(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ID of subnets configured for the AWS Lambda function * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * Applies to actions: * - .toCreateCapacityProvider() * - .toCreateFunction() * - .toUpdateFunctionConfiguration() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifSubnetIds(value: string | string[], operator?: Operator | string): this; /** * Filters access by the ID of the VPC configured for the AWS Lambda function * * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html * * Applies to actions: * - .toCreateFunction() * - .toUpdateFunctionConfiguration() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifVpcIds(value: string | string[], operator?: Operator | string): this; }