import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [waf-regional](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswafregional.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class WafRegional extends PolicyStatement { servicePrefix: string; /** * Grants permission to associate a web ACL with a resource * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_AssociateWebACL.html */ toAssociateWebACL(): this; /** * Grants permission to create a ByteMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateByteMatchSet.html */ toCreateByteMatchSet(): this; /** * Grants permission to create a GeoMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateGeoMatchSet.html */ toCreateGeoMatchSet(): this; /** * Grants permission to create an IPSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateIPSet.html */ toCreateIPSet(): this; /** * Grants permission to create a RateBasedRule * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateRateBasedRule.html */ toCreateRateBasedRule(): this; /** * Grants permission to create a RegexMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateRegexMatchSet.html */ toCreateRegexMatchSet(): this; /** * Grants permission to create a RegexPatternSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateRegexPatternSet.html */ toCreateRegexPatternSet(): this; /** * Grants permission to create a Rule * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateRule.html */ toCreateRule(): this; /** * Grants permission to create a RuleGroup * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateRuleGroup.html */ toCreateRuleGroup(): this; /** * Grants permission to create a SizeConstraintSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateSizeConstraintSet.html */ toCreateSizeConstraintSet(): this; /** * Grants permission to create an SqlInjectionMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateSqlInjectionMatchSet.html */ toCreateSqlInjectionMatchSet(): this; /** * Grants permission to create a WebACL * * Access Level: Permissions management * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateWebACL.html */ toCreateWebACL(): this; /** * Grants permission to create a CloudFormation web ACL template in an S3 bucket for the purposes of migrating the web ACL from AWS WAF Classic to AWS WAF v2 * * Access Level: Write * * Dependent actions: * - s3:PutObject * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateWebACLMigrationStack.html */ toCreateWebACLMigrationStack(): this; /** * Grants permission to create an XssMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateXssMatchSet.html */ toCreateXssMatchSet(): this; /** * Grants permission to delete a ByteMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteByteMatchSet.html */ toDeleteByteMatchSet(): this; /** * Grants permission to delete a GeoMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteGeoMatchSet.html */ toDeleteGeoMatchSet(): this; /** * Grants permission to delete an IPSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteIPSet.html */ toDeleteIPSet(): this; /** * Grants permission to delete a LoggingConfiguration from a web ACL * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteLoggingConfiguration.html */ toDeleteLoggingConfiguration(): this; /** * Grants permission to delete an IAM policy from a rule group * * Access Level: Permissions management * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeletePermissionPolicy.html */ toDeletePermissionPolicy(): this; /** * Grants permission to delete a RateBasedRule * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteRateBasedRule.html */ toDeleteRateBasedRule(): this; /** * Grants permission to delete a RegexMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteRegexMatchSet.html */ toDeleteRegexMatchSet(): this; /** * Grants permission to delete a RegexPatternSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteRegexPatternSet.html */ toDeleteRegexPatternSet(): this; /** * Grants permission to delete a Rule * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteRule.html */ toDeleteRule(): this; /** * Grants permission to delete a RuleGroup * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteRuleGroup.html */ toDeleteRuleGroup(): this; /** * Grants permission to delete a SizeConstraintSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteSizeConstraintSet.html */ toDeleteSizeConstraintSet(): this; /** * Grants permission to delete an SqlInjectionMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteSqlInjectionMatchSet.html */ toDeleteSqlInjectionMatchSet(): this; /** * Grants permission to delete a WebACL * * Access Level: Permissions management * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteWebACL.html */ toDeleteWebACL(): this; /** * Grants permission to delete an XssMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteXssMatchSet.html */ toDeleteXssMatchSet(): this; /** * Grants permission to delete an association between a web ACL and a resource * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DisassociateWebACL.html */ toDisassociateWebACL(): this; /** * Grants permission to retrieve a ByteMatchSet * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetByteMatchSet.html */ toGetByteMatchSet(): this; /** * Grants permission to retrieve a change token to use in create, update, and delete requests * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetChangeToken.html */ toGetChangeToken(): this; /** * Grants permission to retrieve the status of a change token * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetChangeTokenStatus.html */ toGetChangeTokenStatus(): this; /** * Grants permission to retrieve a GeoMatchSet * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetGeoMatchSet.html */ toGetGeoMatchSet(): this; /** * Grants permission to retrieve an IPSet * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetIPSet.html */ toGetIPSet(): this; /** * Grants permission to retrieve a LoggingConfiguration * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetLoggingConfiguration.html */ toGetLoggingConfiguration(): this; /** * Grants permission to retrieve an IAM policy attached to a RuleGroup * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetPermissionPolicy.html */ toGetPermissionPolicy(): this; /** * Grants permission to retrieve a RateBasedRule * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetRateBasedRule.html */ toGetRateBasedRule(): this; /** * Grants permission to retrieve the array of IP addresses that are currently being blocked by a RateBasedRule * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetRateBasedRuleManagedKeys.html */ toGetRateBasedRuleManagedKeys(): this; /** * Grants permission to retrieve a RegexMatchSet * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetRegexMatchSet.html */ toGetRegexMatchSet(): this; /** * Grants permission to retrieve a RegexPatternSet * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetRegexPatternSet.html */ toGetRegexPatternSet(): this; /** * Grants permission to retrieve a Rule * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetRule.html */ toGetRule(): this; /** * Grants permission to retrieve a RuleGroup * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetRuleGroup.html */ toGetRuleGroup(): this; /** * Grants permission to retrieve detailed information for a sample set of web requests * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetSampledRequests.html */ toGetSampledRequests(): this; /** * Grants permission to retrieve a SizeConstraintSet * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetSizeConstraintSet.html */ toGetSizeConstraintSet(): this; /** * Grants permission to retrieve an SqlInjectionMatchSet * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetSqlInjectionMatchSet.html */ toGetSqlInjectionMatchSet(): this; /** * Grants permission to retrieve a WebACL * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetWebACL.html */ toGetWebACL(): this; /** * Grants permission to retrieve a WebACL that's associated with a specified resource * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetWebACLForResource.html */ toGetWebACLForResource(): this; /** * Grants permission to retrieve an XssMatchSet * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GetXssMatchSet.html */ toGetXssMatchSet(): this; /** * Grants permission to retrieve an array of ActivatedRule objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListActivatedRulesInRuleGroup.html */ toListActivatedRulesInRuleGroup(): this; /** * Grants permission to retrieve an array of ByteMatchSetSummary objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListByteMatchSets.html */ toListByteMatchSets(): this; /** * Grants permission to retrieve an array of GeoMatchSetSummary objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListGeoMatchSets.html */ toListGeoMatchSets(): this; /** * Grants permission to retrieve an array of IPSetSummary objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListIPSets.html */ toListIPSets(): this; /** * Grants permission to retrieve an array of LoggingConfiguration objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListLoggingConfigurations.html */ toListLoggingConfigurations(): this; /** * Grants permission to retrieve an array of RuleSummary objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListRateBasedRules.html */ toListRateBasedRules(): this; /** * Grants permission to retrieve an array of RegexMatchSetSummary objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListRegexMatchSets.html */ toListRegexMatchSets(): this; /** * Grants permission to retrieve an array of RegexPatternSetSummary objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListRegexPatternSets.html */ toListRegexPatternSets(): this; /** * Grants permission to retrieve an array of resources associated with a specified WebACL * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListResourcesForWebACL.html */ toListResourcesForWebACL(): this; /** * Grants permission to retrieve an array of RuleGroup objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListRuleGroups.html */ toListRuleGroups(): this; /** * Grants permission to retrieve an array of RuleSummary objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListRules.html */ toListRules(): this; /** * Grants permission to retrieve an array of SizeConstraintSetSummary objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListSizeConstraintSets.html */ toListSizeConstraintSets(): this; /** * Grants permission to retrieve an array of SqlInjectionMatchSet objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListSqlInjectionMatchSets.html */ toListSqlInjectionMatchSets(): this; /** * Grants permission to retrieve an array of RuleGroup objects that you are subscribed to * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListSubscribedRuleGroups.html */ toListSubscribedRuleGroups(): this; /** * Grants permission to lists the Tags for a resource * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to retrieve an array of WebACLSummary objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListWebACLs.html */ toListWebACLs(): this; /** * Grants permission to retrieve an array of XssMatchSet objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListXssMatchSets.html */ toListXssMatchSets(): this; /** * Grants permission to associates a LoggingConfiguration with a web ACL * * Access Level: Write * * Dependent actions: * - iam:CreateServiceLinkedRole * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_PutLoggingConfiguration.html */ toPutLoggingConfiguration(): this; /** * Grants permission to attach an IAM policy to a specified rule group, to support rule group sharing between accounts * * Access Level: Permissions management * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_PutPermissionPolicy.html */ toPutPermissionPolicy(): this; /** * Grants permission to add a Tag to a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_TagResource.html */ toTagResource(): this; /** * Grants permission to remove a Tag from a resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_UntagResource.html */ toUntagResource(): this; /** * Grants permission to insert or delete ByteMatchTuple objects in a ByteMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_UpdateByteMatchSet.html */ toUpdateByteMatchSet(): this; /** * Grants permission to insert or delete GeoMatchConstraint objects in a GeoMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_UpdateGeoMatchSet.html */ toUpdateGeoMatchSet(): this; /** * Grants permission to insert or delete IPSetDescriptor objects in an IPSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_UpdateIPSet.html */ toUpdateIPSet(): this; /** * Grants permission to insert or delete predicate objects in a rate based rule and update the RateLimit in the rule * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_UpdateRateBasedRule.html */ toUpdateRateBasedRule(): this; /** * Grants permission to insert or delete RegexMatchTuple objects in a RegexMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_UpdateRegexMatchSet.html */ toUpdateRegexMatchSet(): this; /** * Grants permission to insert or delete RegexPatternStrings in a RegexPatternSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_UpdateRegexPatternSet.html */ toUpdateRegexPatternSet(): this; /** * Grants permission to insert or delete predicate objects in a Rule * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_UpdateRule.html */ toUpdateRule(): this; /** * Grants permission to insert or delete ActivatedRule objects in a RuleGroup * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_UpdateRuleGroup.html */ toUpdateRuleGroup(): this; /** * Grants permission to insert or delete SizeConstraint objects in a SizeConstraintSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_UpdateSizeConstraintSet.html */ toUpdateSizeConstraintSet(): this; /** * Grants permission to insert or delete SqlInjectionMatchTuple objects in an SqlInjectionMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_UpdateSqlInjectionMatchSet.html */ toUpdateSqlInjectionMatchSet(): this; /** * Grants permission to insert or delete ActivatedRule objects in a WebACL * * Access Level: Permissions management * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_UpdateWebACL.html */ toUpdateWebACL(): this; /** * Grants permission to insert or delete XssMatchTuple objects in an XssMatchSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_UpdateXssMatchSet.html */ toUpdateXssMatchSet(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type bytematchset to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ByteMatchSet.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onBytematchset(id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type ipset to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_IPSet.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onIpset(id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type loadbalancer/app/ to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_WebACL.html * * @param loadBalancerName - Identifier for the loadBalancerName. * @param loadBalancerId - Identifier for the loadBalancerId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onLoadbalancerApp(loadBalancerName: string, loadBalancerId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type ratebasedrule to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_RateBasedRule.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onRatebasedrule(id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type rule to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_Rule.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onRule(id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type sizeconstraintset to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_SizeConstraintSet.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onSizeconstraintset(id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type sqlinjectionmatchset to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_SqlInjectionMatchSet.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onSqlinjectionmatchset(id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type webacl to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_WebACL.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onWebacl(id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type xssmatchset to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_XssMatchSet.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onXssmatchset(id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type regexmatchset to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_RegexMatchSet.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onRegexmatchset(id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type regexpatternset to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_RegexPatternSet.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onRegexpatternset(id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type geomatchset to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_GeoMatchSet.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onGeomatchset(id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type rulegroup to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_RuleGroup.html * * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onRulegroup(id: string, account?: string, region?: string, partition?: string): this; /** * Filters actions based on the allowed set of values for each of the tags * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateRateBasedRule() * - .toCreateRule() * - .toCreateRuleGroup() * - .toCreateWebACL() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters actions based on tag-value assoicated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to resource types: * - ratebasedrule * - rule * - webacl * - rulegroup * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters actions based on the presence of mandatory tags in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateRateBasedRule() * - .toCreateRule() * - .toCreateRuleGroup() * - .toCreateWebACL() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [waf-regional](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswafregional.html). * */ constructor(props?: iam.PolicyStatementProps); }