import { AccessLevelList } from '../../shared/access-level'; import { PolicyStatement, Operator } from '../../shared'; import { aws_iam as iam } from "aws-cdk-lib"; /** * Statement provider for service [wafv2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswafv2.html). * * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement */ export declare class Wafv2 extends PolicyStatement { servicePrefix: string; /** * Grants permission to associate a WebACL with a resource * * Access Level: Write * * Dependent actions: * - amplify:AssociateWebACL * - apigateway:SetWebACL * - apprunner:AssociateWebAcl * - appsync:SetWebACL * - cognito-idp:AssociateWebACL * - ec2:AssociateVerifiedAccessInstanceWebAcl * - elasticloadbalancing:SetWebAcl * - wafv2:GetPermissionPolicy * - wafv2:PutPermissionPolicy * * https://docs.aws.amazon.com/waf/latest/APIReference/API_AssociateWebACL.html */ toAssociateWebACL(): this; /** * Grants permission to calculate web ACL capacity unit (WCU) requirements for a specified scope and set of rules * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_CheckCapacity.html */ toCheckCapacity(): this; /** * Grants permission to create an API key for use in the integration of the CAPTCHA API in your JavaScript client applications * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateAPIKey.html */ toCreateAPIKey(): this; /** * Grants permission to create an IPSet * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - wafv2:TagResource * * https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateIPSet.html */ toCreateIPSet(): this; /** * Grants permission to create a RegexPatternSet * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - wafv2:TagResource * * https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateRegexPatternSet.html */ toCreateRegexPatternSet(): this; /** * Grants permission to create a RuleGroup * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - wafv2:TagResource * * https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateRuleGroup.html */ toCreateRuleGroup(): this; /** * Grants permission to create a WebACL * * Access Level: Write * * Possible conditions: * - .ifAwsRequestTag() * - .ifAwsTagKeys() * * Dependent actions: * - wafv2:TagResource * * https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateWebACL.html */ toCreateWebACL(): this; /** * Grants permission to delete an API key * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteAPIKey.html */ toDeleteAPIKey(): this; /** * Grants permission to delete FirewallManagedRulesGroups from a WebACL if not managed by Firewall Manager anymore * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteFirewallManagerRuleGroups.html */ toDeleteFirewallManagerRuleGroups(): this; /** * Grants permission to delete an IPSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteIPSet.html */ toDeleteIPSet(): this; /** * Grants permission to delete the LoggingConfiguration from a WebACL * * Access Level: Write * * Possible conditions: * - .ifLogScope() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteLoggingConfiguration.html */ toDeleteLoggingConfiguration(): this; /** * Grants permission to delete the PermissionPolicy on a RuleGroup * * Access Level: Permissions management * * https://docs.aws.amazon.com/waf/latest/APIReference/API_DeletePermissionPolicy.html */ toDeletePermissionPolicy(): this; /** * Grants permission to delete a RegexPatternSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteRegexPatternSet.html */ toDeleteRegexPatternSet(): this; /** * Grants permission to delete a RuleGroup * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteRuleGroup.html */ toDeleteRuleGroup(): this; /** * Grants permission to delete a WebACL * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_DeleteWebACL.html */ toDeleteWebACL(): this; /** * Grants permission to retrieve product information for a managed rule group * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_DescribeAllManagedProducts.html */ toDescribeAllManagedProducts(): this; /** * Grants permission to retrieve product information for a managed rule group by a given vendor * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_DescribeManagedProductsByVendor.html */ toDescribeManagedProductsByVendor(): this; /** * Grants permission to retrieve high-level information for a managed rule group * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_DescribeManagedRuleGroup.html */ toDescribeManagedRuleGroup(): this; /** * Grants permission to disassociate Firewall Manager from a WebACL * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_DisassociateFirewallManager.html */ toDisassociateFirewallManager(): this; /** * Grants permission to disassociate a WebACL from an application resource * * Access Level: Write * * Dependent actions: * - amplify:DisassociateWebACL * - apigateway:SetWebACL * - apprunner:DisassociateWebAcl * - appsync:SetWebACL * - cognito-idp:DisassociateWebACL * - ec2:DisassociateVerifiedAccessInstanceWebAcl * - elasticloadbalancing:SetWebAcl * - wafv2:PutPermissionPolicy * * https://docs.aws.amazon.com/waf/latest/APIReference/API_DisassociateWebACL.html */ toDisassociateWebACL(): this; /** * Grants permission to generate a presigned download URL for the specified release of the mobile SDK * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_GenerateMobileSdkReleaseUrl.html */ toGenerateMobileSdkReleaseUrl(): this; /** * Grants permission to return your API key in decrypted form. Use this to check the token domains that you have defined for the key * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_GetDecryptedAPIKey.html */ toGetDecryptedAPIKey(): this; /** * Grants permission to retrieve details about an IPSet * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_GetIPSet.html */ toGetIPSet(): this; /** * Grants permission to retrieve LoggingConfiguration for a WebACL * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * - .ifLogScope() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_GetLoggingConfiguration.html */ toGetLoggingConfiguration(): this; /** * Grants permission to retrieve details about a ManagedRuleSet * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_GetManagedRuleSet.html */ toGetManagedRuleSet(): this; /** * Grants permission to retrieve information for the specified mobile SDK release, including release notes and tags * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_GetMobileSdkRelease.html */ toGetMobileSdkRelease(): this; /** * Grants permission to retrieve a PermissionPolicy for a RuleGroup * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_GetPermissionPolicy.html */ toGetPermissionPolicy(): this; /** * Grants permission to retrieve the keys that are currently blocked by a rate-based rule * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_GetRateBasedStatementManagedKeys.html */ toGetRateBasedStatementManagedKeys(): this; /** * Grants permission to retrieve details about a RegexPatternSet * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_GetRegexPatternSet.html */ toGetRegexPatternSet(): this; /** * Grants permission to retrieve details about a RuleGroup * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_GetRuleGroup.html */ toGetRuleGroup(): this; /** * Grants permission to retrieve detailed information about a sampling of web requests * * Access Level: Read * * https://docs.aws.amazon.com/waf/latest/APIReference/API_GetSampledRequests.html */ toGetSampledRequests(): this; /** * Grants permission to retrieve details about a WebACL * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_GetWebACL.html */ toGetWebACL(): this; /** * Grants permission to retrieve the WebACL that's associated with a resource * * Access Level: Read * * Dependent actions: * - amplify:GetWebACLForResource * - apprunner:DescribeWebAclForService * - cognito-idp:GetWebACLForResource * - ec2:GetVerifiedAccessInstanceWebAcl * - wafv2:GetWebACL * * https://docs.aws.amazon.com/waf/latest/APIReference/API_GetWebACLForResource.html */ toGetWebACLForResource(): this; /** * Grants permission to retrieve a list of the API keys that you've defined for the specified scope * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_ListAPIKeys.html */ toListAPIKeys(): this; /** * Grants permission to retrieve an array of managed rule group versions that are available for you to use * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_ListAvailableManagedRuleGroupVersions.html */ toListAvailableManagedRuleGroupVersions(): this; /** * Grants permission to retrieve an array of managed rule groups that are available for you to use * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_ListAvailableManagedRuleGroups.html */ toListAvailableManagedRuleGroups(): this; /** * Grants permission to retrieve an array of IPSetSummary objects for the IP sets that you manage * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_ListIPSets.html */ toListIPSets(): this; /** * Grants permission to retrieve an array of your LoggingConfiguration objects * * Access Level: List * * Possible conditions: * - .ifLogScope() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_ListLoggingConfigurations.html */ toListLoggingConfigurations(): this; /** * Grants permission to retrieve an array of your ManagedRuleSet objects * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_ListManagedRuleSets.html */ toListManagedRuleSets(): this; /** * Grants permission to retrieve a list of the available releases for the mobile SDK and the specified device platform * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_ListMobileSdkReleases.html */ toListMobileSdkReleases(): this; /** * Grants permission to retrieve an array of RegexPatternSetSummary objects for the regex pattern sets that you manage * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_ListRegexPatternSets.html */ toListRegexPatternSets(): this; /** * Grants permission to retrieve an array of the Amazon Resource Names (ARNs) for the resources that are associated with a web ACL * * Access Level: List * * Dependent actions: * - amplify:ListResourcesForWebACL * - apprunner:ListAssociatedServicesForWebAcl * - cognito-idp:ListResourcesForWebACL * - ec2:DescribeVerifiedAccessInstanceWebAclAssociations * * https://docs.aws.amazon.com/waf/latest/APIReference/API_ListResourcesForWebACL.html */ toListResourcesForWebACL(): this; /** * Grants permission to retrieve an array of RuleGroupSummary objects for the rule groups that you manage * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_ListRuleGroups.html */ toListRuleGroups(): this; /** * Grants permission to list tags for a resource * * Access Level: Read * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_ListTagsForResource.html */ toListTagsForResource(): this; /** * Grants permission to retrieve an array of WebACLSummary objects for the web ACLs that you manage * * Access Level: List * * https://docs.aws.amazon.com/waf/latest/APIReference/API_ListWebACLs.html */ toListWebACLs(): this; /** * Grants permission to create FirewallManagedRulesGroups in a WebACL * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_PutFirewallManagerRuleGroups.html */ toPutFirewallManagerRuleGroups(): this; /** * Grants permission to enable a LoggingConfiguration, to start logging for a web ACL * * Access Level: Write * * Possible conditions: * - .ifLogScope() * - .ifLogDestinationResource() * * Dependent actions: * - iam:CreateServiceLinkedRole * * https://docs.aws.amazon.com/waf/latest/APIReference/API_PutLoggingConfiguration.html */ toPutLoggingConfiguration(): this; /** * Grants permission to enable create a new or update an existing version of a ManagedRuleSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_PutManagedRuleSetVersions.html */ toPutManagedRuleSetVersions(): this; /** * Grants permission to attach an IAM policy to a resource, used to share rule groups between accounts * * Access Level: Permissions management * * https://docs.aws.amazon.com/waf/latest/APIReference/API_PutPermissionPolicy.html */ toPutPermissionPolicy(): this; /** * Grants permission to associate tags with a AWS resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * - .ifAwsRequestTag() * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_TagResource.html */ toTagResource(): this; /** * Grants permission to disassociate tags from an AWS resource * * Access Level: Tagging * * Possible conditions: * - .ifAwsTagKeys() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_UntagResource.html */ toUntagResource(): this; /** * Grants permission to update an IPSet * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateIPSet.html */ toUpdateIPSet(): this; /** * Grants permission to update the expiry date of a version in ManagedRuleSet * * Access Level: Write * * https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateManagedRuleSetVersionExpiryDate.html */ toUpdateManagedRuleSetVersionExpiryDate(): this; /** * Grants permission to update a RegexPatternSet * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateRegexPatternSet.html */ toUpdateRegexPatternSet(): this; /** * Grants permission to update a RuleGroup * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateRuleGroup.html */ toUpdateRuleGroup(): this; /** * Grants permission to update a WebACL * * Access Level: Write * * Possible conditions: * - .ifAwsResourceTag() * * https://docs.aws.amazon.com/waf/latest/APIReference/API_UpdateWebACL.html */ toUpdateWebACL(): this; protected accessLevelList: AccessLevelList; /** * Adds a resource of type webacl to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html * * @param scope - Identifier for the scope. * @param name - Identifier for the name. * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onWebacl(scope: string, name: string, id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type ipset to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_IPSet.html * * @param scope - Identifier for the scope. * @param name - Identifier for the name. * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onIpset(scope: string, name: string, id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type managedruleset to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_ManagedRuleSet.html * * @param scope - Identifier for the scope. * @param name - Identifier for the name. * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onManagedruleset(scope: string, name: string, id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type rulegroup to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleGroup.html * * @param scope - Identifier for the scope. * @param name - Identifier for the name. * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onRulegroup(scope: string, name: string, id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type regexpatternset to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_RegexPatternSet.html * * @param scope - Identifier for the scope. * @param name - Identifier for the name. * @param id - Identifier for the id. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. * * Possible conditions: * - .ifAwsResourceTag() */ onRegexpatternset(scope: string, name: string, id: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type loadbalancer/app/ to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html * * @param loadBalancerName - Identifier for the loadBalancerName. * @param loadBalancerId - Identifier for the loadBalancerId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onLoadbalancerApp(loadBalancerName: string, loadBalancerId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type apigateway to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html * * @param apiId - Identifier for the apiId. * @param stageName - Identifier for the stageName. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onApigateway(apiId: string, stageName: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type appsync to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html * * @param graphQLAPIId - Identifier for the graphQLAPIId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onAppsync(graphQLAPIId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type userpool to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html * * @param userPoolId - Identifier for the userPoolId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onUserpool(userPoolId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type apprunner to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html * * @param serviceName - Identifier for the serviceName. * @param serviceId - Identifier for the serviceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onApprunner(serviceName: string, serviceId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type verified-access-instance to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html * * @param verifiedAccessInstanceId - Identifier for the verifiedAccessInstanceId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onVerifiedAccessInstance(verifiedAccessInstanceId: string, account?: string, region?: string, partition?: string): this; /** * Adds a resource of type amplify-app to the statement * * https://docs.aws.amazon.com/waf/latest/APIReference/API_WebACL.html * * @param appId - Identifier for the appId. * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. */ onAmplifyApp(appId: string, account?: string, region?: string, partition?: string): this; /** * Filters access by the allowed set of values for each of the tags * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag * * Applies to actions: * - .toCreateIPSet() * - .toCreateRegexPatternSet() * - .toCreateRuleGroup() * - .toCreateWebACL() * - .toTagResource() * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by tag-value associated with the resource * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag * * Applies to actions: * - .toGetIPSet() * - .toGetLoggingConfiguration() * - .toGetRateBasedStatementManagedKeys() * - .toGetRegexPatternSet() * - .toGetRuleGroup() * - .toGetWebACL() * - .toListTagsForResource() * - .toTagResource() * - .toUpdateIPSet() * - .toUpdateRegexPatternSet() * - .toUpdateRuleGroup() * - .toUpdateWebACL() * * Applies to resource types: * - webacl * - ipset * - rulegroup * - regexpatternset * * @param tagKey The tag key to check * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string): this; /** * Filters access by the presence of mandatory tags in the request * * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys * * Applies to actions: * - .toCreateIPSet() * - .toCreateRegexPatternSet() * - .toCreateRuleGroup() * - .toCreateWebACL() * - .toTagResource() * - .toUntagResource() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifAwsTagKeys(value: string | string[], operator?: Operator | string): this; /** * Filters access by log destination ARN for PutLoggingConfiguration API * * https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies-conditionkeys * * Applies to actions: * - .toPutLoggingConfiguration() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` */ ifLogDestinationResource(value: string | string[], operator?: Operator | string): this; /** * Filters access by log scope for Logging Configuration API * * https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies-conditionkeys * * Applies to actions: * - .toDeleteLoggingConfiguration() * - .toGetLoggingConfiguration() * - .toListLoggingConfigurations() * - .toPutLoggingConfiguration() * * @param value The value(s) to check * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` */ ifLogScope(value: string | string[], operator?: Operator | string): this; /** * Statement provider for service [wafv2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswafv2.html). * */ constructor(props?: iam.PolicyStatementProps); }