import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [network-firewall](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsnetworkfirewall.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class NetworkFirewall extends PolicyStatement { servicePrefix: string; /** * Grants permission to create an association between a firewall policy and a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_AssociateFirewallPolicy.html */ toAssociateFirewallPolicy(): this; /** * Grants permission to associate VPC subnets to a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_AssociateSubnets.html */ toAssociateSubnets(): this; /** * Grants permission to create an AWS Network Firewall firewall * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:CreateServiceLinkedRole * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_CreateFirewall.html */ toCreateFirewall(): this; /** * Grants permission to create an AWS Network Firewall firewall policy * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_CreateFirewallPolicy.html */ toCreateFirewallPolicy(): this; /** * Grants permission to create an AWS Network Firewall rule group * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_CreateRuleGroup.html */ toCreateRuleGroup(): this; /** * Grants permission to create an AWS Network Firewall tls inspection configuration * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - iam:CreateServiceLinkedRole * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_CreateTLSInspectionConfiguration.html */ toCreateTLSInspectionConfiguration(): this; /** * Grants permission to delete a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteFirewall.html */ toDeleteFirewall(): this; /** * Grants permission to delete a firewall policy * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteFirewallPolicy.html */ toDeleteFirewallPolicy(): this; /** * Grants permission to delete a resource policy for a firewall policy or rule group * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteResourcePolicy.html */ toDeleteResourcePolicy(): this; /** * Grants permission to delete a rule group * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteRuleGroup.html */ toDeleteRuleGroup(): this; /** * Grants permission to delete a tls inspection configuration * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DeleteTLSInspectionConfiguration.html */ toDeleteTLSInspectionConfiguration(): this; /** * Grants permission to retrieve the data objects that define a firewall * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeFirewall.html */ toDescribeFirewall(): this; /** * Grants permission to retrieve the data objects that define a firewall policy * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeFirewallPolicy.html */ toDescribeFirewallPolicy(): this; /** * Grants permission to describe a flow operation performed on a firewall * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeFlowOperation.html */ toDescribeFlowOperation(): this; /** * Grants permission to describe the logging configuration of a firewall * * Access Level: Read * * Dependent actions: * - logs:GetLogDelivery * - logs:ListLogDeliveries * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeLoggingConfiguration.html */ toDescribeLoggingConfiguration(): this; /** * Grants permission to describe a resource policy for a firewall policy or rule group * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeResourcePolicy.html */ toDescribeResourcePolicy(): this; /** * Grants permission to retrieve the data objects that define a rule group * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html */ toDescribeRuleGroup(): this; /** * Grants permission to retrieve the high-level information about a rule group * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroupMetadata.html */ toDescribeRuleGroupMetadata(): this; /** * Grants permission to retrieve the data objects that define a tls inspection configuration * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeTLSInspectionConfiguration.html */ toDescribeTLSInspectionConfiguration(): this; /** * Grants permission to disassociate VPC subnets from a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DisassociateSubnets.html */ toDisassociateSubnets(): this; /** * Grants permission to retrieve analysis report results of a firewall * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_GetAnalysisReportResults.html */ toGetAnalysisReportResults(): this; /** * Grants permission to list firewall analysis reports * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListAnalysisReports.html */ toListAnalysisReports(): this; /** * Grants permission to retrieve the metadata for firewall policies * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListFirewallPolicies.html */ toListFirewallPolicies(): this; /** * Grants permission to retrieve the metadata for firewalls * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListFirewalls.html */ toListFirewalls(): this; /** * Grants permission to list results from a flow operation performed on a firewall * * Access Level: Read * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListFlowOperationResults.html */ toListFlowOperationResults(): this; /** * Grants permission to list flow operations performed on a firewall * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListFlowOperations.html */ toListFlowOperations(): this; /** * Grants permission to retrieve the metadata for rule groups * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListRuleGroups.html */ toListRuleGroups(): this; /** * Grants permission to retrieve the metadata for tls inspection configurations * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListTLSInspectionConfigurations.html */ toListTLSInspectionConfigurations(): this; /** * Grants permission to retrieve the tags for a resource * * Access Level: List * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to put a resource policy for a firewall policy or rule group * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_PutResourcePolicy.html */ toPutResourcePolicy(): this; /** * Grants permission to start an analysis report on a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_GetAnalysisReportResults.html */ toStartAnalysisReport(): this; /** * Grants permission to start capture operation on a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_StartFlowCapture.html */ toStartFlowCapture(): this; /** * Grants permission to start flush operation on a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_StartFlowFlush.html */ toStartFlowFlush(): this; /** * Grants permission to attach tags to a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to remove tags from a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to modify firewall analysis settings of a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateFirewallAnalysisSettings.html */ toUpdateFirewallAnalysisSettings(): this; /** * Grants permission to add or remove delete protection for a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateFirewallDeleteProtection.html */ toUpdateFirewallDeleteProtection(): this; /** * Grants permission to modify the description for a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateFirewallDescription.html */ toUpdateFirewallDescription(): this; /** * Grants permission to modify the encryption configuration of a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateFirewallEncryptionConfiguration.html */ toUpdateFirewallEncryptionConfiguration(): this; /** * Grants permission to modify a firewall policy * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateFirewallPolicy.html */ toUpdateFirewallPolicy(): this; /** * Grants permission to add or remove firewall policy change protection for a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateFirewallPolicyChangeProtection.html */ toUpdateFirewallPolicyChangeProtection(): this; /** * Grants permission to modify the logging configuration of a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateLoggingConfiguration.html */ toUpdateLoggingConfiguration(): this; /** * Grants permission to modify a rule group * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateRuleGroup.html */ toUpdateRuleGroup(): this; /** * Grants permission to add or remove subnet change protection for a firewall * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateSubnetChangeProtection.html */ toUpdateSubnetChangeProtection(): this; /** * Grants permission to modify a tls inspection configuration * * Access Level: Write * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateTLSInspectionConfiguration.html */ toUpdateTLSInspectionConfiguration(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type Firewall to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_Firewall.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFirewall(name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type FirewallPolicy to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_FirewallPolicyResponse.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onFirewallPolicy(name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type StatefulRuleGroup to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_RuleGroupResponse.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onStatefulRuleGroup(name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type StatelessRuleGroup to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_RuleGroupResponse.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onStatelessRuleGroup(name: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type TLSInspectionConfiguration to the statement * * https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_TLSInspectionConfigurationResponse.html * * @param name - Identifier for the name. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onTLSInspectionConfiguration(name: string, account?: string, region?: string, partition?: string): this; /** * Filters access by on the allowed set of values for each of the tags * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateFirewall() * - .toCreateFirewallPolicy() * - .toCreateRuleGroup() * - .toCreateTLSInspectionConfiguration() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the tag value associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - Firewall * - FirewallPolicy * - StatefulRuleGroup * - StatelessRuleGroup * - TLSInspectionConfiguration * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the presence of mandatory tags in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateFirewall() * - .toCreateFirewallPolicy() * - .toCreateRuleGroup() * - .toCreateTLSInspectionConfiguration() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [network-firewall](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsnetworkfirewall.html). * */ constructor(props?: iam.PolicyStatementProps); }