export interface AwsConfig {
    /**
     * The API id
     * example xxxxxxxxxx
     * defaults to "*"
     */
    apiId?: string;
    /**
     * The API AWS region
     * example eu-west-1
     * defaults to "*"
     */
    region?: string;
    /**
     * The stage for your api
     * example production
     * defaults to "*"
     */
    stage?: string;
}
export declare type Condition = {
    [conditionOperator: string]: {
        [conditionKey: string]: string | string[];
    };
};
export declare enum HttpVerb {
    GET = "GET",
    POST = "POST",
    PUT = "PUT",
    PATCH = "PATCH",
    HEAD = "HEAD",
    DELETE = "DELETE",
    OPTIONS = "OPTIONS",
    ALL = "*"
}
export declare enum Effect {
    Allow = "Allow",
    Deny = "Deny"
}
export interface Statement {
    Action: 'execute-api:Invoke';
    Effect: Effect;
    Resource: string[];
    Condition?: Condition;
}
export interface PolicyDocument {
    Version: string;
    Statement: Statement[];
}
export declare type Context = {
    [prop: string]: string | boolean | number;
};
export interface AuthResponse {
    principalId: string;
    policyDocument: PolicyDocument;
    context?: Context;
}
/**
 * A Policy generator for API Gateway authorizers.
 *
 * new ApiGatewayAuthPolicy('12345')
 *  .allowMethod(HttpVerb.GET, '/media')
 *  .allowMethod(HttpVerb.PATCH, '/media', {
 *    IpAddress: {
 *     'aws:SourceIp': ['203.0.113.0/24', '2001:DB8:1234:5678::/64'],
 *   },
 *  })
 *  .render('*');
 */
export default class ApiGatewayAuthPolicy {
    private readonly _accountId;
    private readonly _apiVersion;
    private readonly _config;
    private readonly _methods;
    private _context;
    constructor(accountId: string, config?: AwsConfig);
    private getResourceArn;
    private addMethod;
    private getStatement;
    private getStatementsForEffect;
    /**
     * Adds an API Gateway method to the list of allowed
     * methods for the policy, can be used in chain
     */
    allowMethod(verb: HttpVerb, resource: string, condition?: Condition | null): this;
    /**
     * Adds an API Gateway method to the list of denied
     * methods for the policy, can be used in chain
     */
    denyMethod(verb: HttpVerb, resource: string, condition?: Condition | null): this;
    /**
     * Adds an context key value pair that will later be added into the auth response
     */
    addValueToContext(key: string, value: string | number | boolean): this;
    /**
     * Renders a auth response based on the provided principal id and the lists of allowed and denied methods
     * This will generate a policy with two main statements for the effect:
     * One statement for Allow and one statement for Deny.
     * Methods that includes conditions will have their own statement in the policy.
     */
    render(principalId: string): AuthResponse;
}